350 likes | 456 Views
CSE International Ltd. Data Integrity: The use of data by safety-related systems. Alastair Faulkner CEng CSE International Ltd Tel: +44 (0)1724 862169 email: agf@cse-euro.com. Contents. Brief introduction Introduction to safety Data integrity Data provision Data origination Conclusions.
E N D
CSE International Ltd Data Integrity:The use of data by safety-related systems Alastair Faulkner CEng CSE International LtdTel: +44 (0)1724 862169 email: agf@cse-euro.com
Contents • Brief introduction • Introduction to safety • Data integrity • Data provision • Data origination • Conclusions
Brief introduction • Safety concepts • Hazard, opportunity, accident • Risk, Risk reduction • Generalised safety process
Error – Fault - Failure [Engineering Safety Management: Yellow Book 3]
Hazard, opportunity, accident [Engineering Safety Management: Yellow Book 3]
Risk and ALARP [HSE: Reducing Risks, Protecting People]
Risk reduction [IEC 61508-5]
Generalised safety process • List system functions (operational requirements) • Find out how they can go wrong • Functional Hazard Analysis • Calculate tolerable failure rates (safety requirements) • consequence analysis to assess mitigation • Design system to meet safety requirements • Show that system will meet safety requirements • provide safety arguments and evidence in safety case • Maintain safe operation
Data integrity • Data in air navigation • Data integrity • Data provision
Problem description • The use of data by safety-related systems is becoming more common. • In such systems data is often a significant (if not the major) component • Data is not commonly treated as a separate system component and hence is largely ignored. • Safety of the system may rely on the correctness of the data
Data-driven systems • The data used by a data-driven system may have extensive influence over both the normal and abnormal behaviour of the system • Typical examples of large-scale data-driven systems are transportation control systems. These systems use several different types of data • Static configuration data • Instantaneous status information • Operational information • Command Schedule – Timetable
Data integrity requirements • Hazard and risk analysis process are used to establish system integrity requirements • These requirements are then apportioned between components of the design, including people, process, hardware, software and data components of the system. • The integrity requirements apportioned to the data component of the system are termed in this presentation ‘data integrity requirements’.
Apportionment of ‘error budget’ [IEC 61508]
A question of scale? “Things get bigger and bigger, pushing the boundaries, until you’ve had a change of scale” Peter Elliott BP, Keynote Speaker ESAS-02
Data Quality • DO 200A identifies a number of ‘data quality’ criteria • the accuracy of the data • the resolution of the data • the confidence that the data is not corrupted while stored or in transit (assurance level) • the ability to determine the origin of the data (traceability) • the level of confidence that the data is applicable to the period of (its) intended use (timeliness) • all of the data needed to support the function is provided (completeness) • the format of the data meets the users requirements
Data development • In data-driven systems the data is often developed separately from the software • However, it is clearly an integral part of the system • Safety of the overall system will normally depend on the correctness of the data • Presumably the SIL of the data will be similar to that of the executable software • One would expect similar levels of rigour
Data ownership • Ownership may itself be a complex issue as data may originate from within a number of organisational and political bodies and include any consolidations required to produce a higher data abstraction. • Organisational responsibilities are not only concerned with the supply of data, but also the ownership and in some cases the liabilities associated data errors. • Ownership may also be passed across the data supply chain.
Data Provision • Data provision is dependant upon the integrity of the data source • Data provision has two main components • Data source (Either data production or Origination) • Data supply chain
Integrity of the data source • Data may be produced by a number of means, from simple data entry to complex and diverse automated toolsets. • The integrity of the data origin will be a significant influence upon the integrity required from the supply chain. • Low integrity at the data source may render the source unusable. • All data of a particular type may not be provided from a single source
Data production • Small-scale systems may use data entry to create a validated dataset. • As the scale and volume of data increases the nature of the data required changes. • Data production may require vertical or horizontal datasets (or a combination of both) • Data production may consider data extracted from enabling products such as middleware or data mining or data warehouses.
Data supply chain • Properties required from a data supply chain • Origination (data of suitable integrity) - Identifies a point at which the data originates • Data then progresses across a series of elements such as transmission, preparation, formatting and finally consumed by the data-driven system. • Each element will not be perfect and therefore, each element in the chain may introduce error of faults. • Data supply chain errors must be less than the data integrity requirements for the safe operation of the system
Conclusions • The safe operation of the data-driven system is likely to depend upon the correctness of the data • However, data and its production, use and maintenance rarely are treated as the subject of integrity requirements • All too often • data is not subject to any systematic hazard or risk analysis • data is poorly structured, making errors more likely to be produced, and more difficult to detect • data is not subjected to any form of verification
A final quote “You would think that before they let people use these systems, they'd ensure they're safe” Hiram K. Hackenbacker (Brains) International Rescue, Thunderbirds 1966 (1972 in UK)