DEPARTMENT OF DEFENSE JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK ----------------------------------------- DEVELOPED BY THE JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING WORKGROUP Original published December 1999 Version 1.0 Published August 27, 2010 Naval Ordnance Safety and Security Activity 3817 Strauss Avenue, Building D-323 Indian Head, MD 20640-5555 Prepared for: Director of Defense Research and Engineering Distribution Statement A Approved for public release; distribution is unlimited. Software Systems Safety Engineering Handbook Table of Contents Table of Contents 1 Overview ........................................................................................................... 1 2 Introduction to the Handbook ........................................................................... 3 2.1 Introduction ....................................................................................................... 3 2.2 Purpose .............................................................................................................. 4 2.3 Scope ................................................................................................................. 4 2.4 Authority and Standards ................................................................................... 5 2.5 Handbook Overview ......................................................................................... 6 2.5.1 Historical Background ...................................................................................... 6 2.5.2 Management Responsibilities ........................................................................... 7 2.5.3 Introduction to the Systems Approach .............................................................. 7 2.5.3.1 The Hardware Development Lifecycle ............................................................. 8 2.5.3.2 The Software Development Lifecycle .............................................................. 9 2.5.3.2.1 Grand Design and Waterfall Lifecycle Model ................................................ 10 2.5.3.2.2 Modified V Lifecycle Model .......................................................................... 12 2.5.3.2.3 Spiral Lifecycle Model ................................................................................... 13 2.5.3.2.4 Object-Oriented Analysis and Design ............................................................ 16 2.5.3.2.5 Component-Oriented and Package-Oriented Design ...................................... 16 2.5.3.2.6 Extreme Programming .................................................................................... 17 2.5.3.3 The Integration of Hardware and Software Lifecycles ................................... 18 2.5.4 A Team Solution ............................................................................................. 18 2.5.5 Systems of Systems Hazards and Causal Factors ........................................... 20 2.5.5.1 Safety as a System Property ............................................................................ 20 2.5.5.2 Functional Hazard Causal Factors .................................................................. 20 2.5.5.3 Interface-Related Hazard Causal Factors........................................................ 21 2.5.5.4 Zonal Hazard Causes ...................................................................................... 21 2.5.5.5 Data Interfaces ................................................................................................ 22 2.5.5.6 COTS .............................................................................................................. 23 2.5.5.7 Technology Issues ........................................................................................... 23 2.6 Handbook Organization .................................................................................. 23 2.6.1 Planning and Management .............................................................................. 25 2.6.2 Task Implementation ...................................................................................... 26 2.6.3 Residual Safety Risk Assessment and Acceptance ......................................... 26 2.6.4 Supplementary Appendices ............................................................................ 26 3 Introduction to Risk Management and System Safety .................................... 27 3.1 Introduction ..................................................................................................... 27 3.2 A Discussion of Risk ...................................................................................... 27 3.2.1 Risk Perspectives ............................................................................................ 28 3.2.2 Safety Management Risk Review ................................................................... 28 3.3 Types of Risk .................................................................................................. 29 3.4 Areas of Program Risk .................................................................................... 30 3.4.1 Schedule Risk.................................................................................................. 31 3.4.2 Budget Risk ..................................................................................................... 33 3.4.3 Sociopolitical Risk .......................................................................................... 33 i Software Systems Safety Engineering Handbook Table of Contents 3.4.4 Technical Risk ................................................................................................ 34 3.5 System Safety Engineering ............................................................................. 35 3.6 Safety Risk Management ................................................................................ 38 3.6.1 Initial Safety Risk Assessment........................................................................ 39 3.6.1.1 Mishap, Hazard, and Failure Mode Identification .......................................... 39 3.6.1.2 Severity Categories ......................................................................................... 40 3.6.1.3 Probability Levels ........................................................................................... 41 3.6.1.4 Mishap Risk Index .......................................................................................... 42 3.6.2 Safety Order of Precedence ............................................................................ 44 3.6.3 Elimination or Risk Reduction........................................................................ 44 3.6.4 Quantification of Residual Safety Risk........................................................... 46 3.6.5 Managing and Assuming Residual Safety Risk .............................................. 47 4 Software System Safety Engineering.............................................................. 48 4.1 Introduction ..................................................................................................... 48 4.1.1 Section 4 Format ............................................................................................. 50 4.1.2 Process Charts ................................................................................................. 51 4.1.3 Software Safety Engineering Products ........................................................... 52 4.2 Software Safety Planning and Management ................................................... 52 4.2.1 Planning .......................................................................................................... 54 4.2.1.1 Establish the System Safety Program ............................................................. 59 4.2.1.2 Defining Acceptable Levels of Risk ............................................................... 60 4.2.1.3 Planning for Two Distinct Processes .............................................................. 60 4.2.1.3.1 Software Safety Assurance and Integrity Process .......................................... 61 4.2.1.3.2 Software Safety Hazard Analysis Process ...................................................... 63 4.2.1.4 Defining and Using the Software Criticality Matrix....................................... 64 4.2.1.5 Defining the Requirements for Level of Rigor ............................................... 69 4.2.1.6 Program Interfaces .......................................................................................... 73 4.2.1.6.1 Management Interfaces ................................................................................... 75 4.2.1.6.2 Technical Interfaces ........................................................................................ 76 4.2.1.6.3 Contractual Interfaces ..................................................................................... 77 4.2.1.7 Contract Deliverables...................................................................................... 78 4.2.1.8 Development of the Mishap Risk Index ......................................................... 79 4.2.1.8.1 Mishap Severity .............................................................................................. 81 4.2.1.8.2 Mishap Probability .......................................................................................... 81 4.2.2 Managing the Software Safety Program ......................................................... 83 4.3 Software Safety Task Implementation ............................................................ 87