Defense System Safety

 




One Of Our Defense Contracts


Software Safety For Astute Class Submarine


 HCRQ advised on the software safety case for the Control and Instrumentation System of the Royal Navy's Nuclear Powered Astute Class Submarines.

The Astute Class will undertake a range of tasks including: support to Vanguard Class submarines, anti-submarine warfare, anti-surface ship warfare, surveillance and intelligence gathering, and land attack using Tomahawk Land Attack Missiles (TLAM).

The CAE (now L-3) Platform Management System (PMS) software attracted a Safety Integrity Level (SIL) of 2. Software development was guided by DEF STAN 00-55.

We acted as the chairperson of CAE's software safety committee, and were the software safety liaison between CAE and their immediate client, BAE Systems.




Armored Fighting Vehicle (AFV) Safety Assessments


Are you interested in safety assessments of AFV's (e.g., MRAP {Mine Resistant Ambush Protected}, HMMWV {High Mobility Multipurpose Wheeled Vehicle}, MECV {Modernized Expanded Capacity Vehicle}, JLTV {Joint Light Tactical Vehicle})? Perhaps your client is TACOM.

Safety documents may take the form of a Hazard Log (HL)/Hazard Tracking Log (HTL), Safety Assessment Report (SAR), or Health Hazard Assessment Report (HHAR). How many AFV hazards are there? In excess of 30. Piqued your interest? Want to know what is wrong with the system safety CDRLs you are bidding on?

Contact us!




Defense Safety Standards


Two of the more popular defense safety standards are:

  • MIL-STD-882, and
  • DEF STAN 00-56.

Oops! Did we leave one out? What about SAE ARP4761? Is it a system safety standard? Hmmm.

Need training on MIL-STD-882 or SAE ARP4761?
You came to the right place - the only place worth considering!
Click here for a list of our widely acclaimed training courses and webinars.



MIL-STD-882


Overview

This Military Standard, especially MIL-STD-882C, has been a guiding light in system safety within not only the defense (or defence) sector but also in the areas of:

  • ground-based aviation,
  • rail transportation, and
  • medical devices.

MIL-STD-882 is a mature system safety standard.

Despite its widespread and extensive use, much confusion remains. There are many people who are confused about the differences between:

  • accidents and hazards,
  • PHL and PHA,
  • etc.

Very poor safety products are still being produced such as:

  • Hazard Risk Assessment Matrices,
  • SSPP (fodder for a lawyer),
  • O&SHA,
  • SSHA,
  • etc.

Occasionally, one person has become the definitive source of information on system safety within a company but their approach has been flawed.

Occasionally, clients neglect to specify the desired "tasks" within 882, leaving the door wide open.

All of this has been made evident to us during our consulting and training efforts.


By the way, if you are interested in acquiring excellent MIL-STD-882 DID's click here.


Evolution

MIL-STD-882 evolved as follows:

  • AF BSD Exhibit 62-41 {1962}
  • MIL-S-38130 {1963}
  • MIL-S-381308A {June 1966, March 1967}
  • MIL-STD-882 {July 1969}
  • MIL-STD-882A {June 1977}
  • MIL-STD-882B {March 1984}
  • MIL-STD-882B Notice 1 {July 1987}
  • MIL-STD-882C {January 1993}
  • MIL-STD-882C Notice 1 {January 1996}
  • MIL-STD-882D (Acquisition Reform) {February 2000}
  • MIL-STD-882E (draft) {December 2005}
  • MIL-STD-882D Change 1 (draft) {March 2010}
  • MIL-STD-882E (draft) {July 2011}
  • MIL-STD-882E {spring 2012?}



MIL-STD-882B

Software Hazard Analysis Tasks

The MIL-STD-882B 300 series tasks include:

  • Task 301 - Software Requirements Hazard Analysis
  • Task 302 - Top-Level Design Hazard Analysis
  • Task 303 - Detailed Design Hazard Analysis
  • Task 304 - Code-Level Software Hazard Analysis
  • Task 305 - Software Safety Testing
  • Task 306 - Software/User Interface Analysis
  • Task 307 - Software Change Hazard Analysis




MIL-STD-882C


Overview

"C" is a very "c"omplete system safety standard.

For the time being, a particularly useful combination is MIL-STD-882C Notice 1 sandwiched to the 300 series software tasks from MIL-STD-882B Notice 1. Want some mayonnaise? Add CCA from ED-135/SAE ARP4761.


Software Aspects

MIL-STD-882C defines Software Control Categories as follows:

  • I - Software exercises autonomous control over potentially hazardous hardware systems, subsystems or components without the possibility of intervention to preclude the occurrence of the hazard. Failure of the software or a failure to prevent an event leads directly to a hazard's occurrence.
  • IIa - Software exercises control over potentially hazardous hardware systems, subsystems or components allowing time for intervention by independent safety systems to mitigate the hazard. However, these systems by themselves are not considered adequate.
  • IIb - Software item displays information requiring immediate operator action to mitigate a hazard. Software failures will allow or fail to prevent the hazard's occurrence.
  • IIIa - Software item issues commands over potentially hazardous hardware systems, subsystems or components requiring human action to complete the control function. There are several, redundant, independent safety measures for each hazardous event.
  • IIIb - Software generates information of a safety-critical nature used to make safety-critical decisions. There are several, redundant, independent safety measures for each hazardous event.
  • IV - Software does not control safety-critical hardware systems, subsystems or components and does not provide safety-critical information.

These Software Control Categories are similar in concept, but NOT equivalent to:

  • Software Development Assurance Levels (defined in ED-79A/SAE ARP4754A and utilized by ED-12B/RTCA DO-178B),
  • Software Integrity Levels (defined in and utilized by IEC 15026), and
  • SoftWare Assurance Levels (defined in and utilized by ED-153).

So, if you are using MIL-STD-882C Software Control Categories, can you simply map them to ED-12B/RTCA DO-178B Software Development Assurance Levels?




MIL-STD-882D


Overview

What can we say?

Big mistake! Huge mistake! We went from 116 pages in "C" to 31 pages in "D".




MIL-STD-882E


Overview

It's just around the corner!

MIL-STD-882E introduces new terminology, new requirements pertaining to old tasks, new tasks.

New terminology? Try:

  • Safety-Significant
  • Event Risk
  • etc.

New requirements pertaining to old tasks? Try:

  • SSPP
  • Hazard Tracking System
  • etc.

New tasks? Try:

  • Hazard Management Plan (HMP)
  • Hazardous Materials Management Plan (HMMP)
  • System Requirements Hazard Analysis (SRHA)
  • Functional Hazard Analysis (FHA)
  • System-of-Systems (SoS) Hazard Analysis
  • Environmental Hazard Analysis (EHA)
  • etc.

You are in for a bumpy ride!

In preparation, we are amending all system safety courses and webinars that pertain to MIL-STD-882.

We also offer a new webinar Preparing For MIL-STD-882E.

As aways, you can count on HCRQ to provide you unique and practical insight.