The Indispensable Role of Rationale in Safety Standards
In this paper, we argue that standards, especially those intended to support critical applications, should define explicitly both the properties expected to accrue from use of the standard and an explicit rationale that justifies the contents of the standard. Current standards do not include an explicit, comprehensive rationale. Without a rationale, the use, maintenance, and revision of standards is unnecessarily difficult. We introduce a new concept for standards, the rationalized standard. A rationalized standard combines: (a) an explicit goal defining a property desired for conformant systems, (b) guidance that, if followed correctly, should yield an entity with the property stated in the goal, and (c) the rationale showing the reasoning why there is assurance with reasonable confidence that a conformant entity will have the property defined by the goal. We illustrate the utility of an explicit rationale using an existing safety standard, ISO 26262.
KeywordsStandards System safety Rigorous argument
This work supported in part by NASA Contract NNL13AA08C.
- 1.SAE International. ARP4754: Guidelines for Development of Civil Aircraft and Systems (2010)Google Scholar
- 2.SAE International. ARP4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)Google Scholar
- 3.IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems, International Electrotechnical Commission (1998)Google Scholar
- 4.Mil-Std-882E. Department of Defense Standard Practice System Safety (2012)Google Scholar
- 6.Knight, J.: Safety standards – a new approach. In: 22nd Safety-Critical Systems Symposium, Brighton, UK (2014)Google Scholar
- 7.Laporte, C.Y., O’Connor, R.V., Paucar, L.H.G., Gerancon, B.: An innovative approach in developing standard professionals by involving software engineering students in implementing and improving international standards. Stand. Eng.: J. Soc. Stand. Prof. 67(2), 1–9 (2015)Google Scholar
- 8.RTCA Inc.: DO-178B, Software Considerations in Airborne Systems and Equipment Certification (1992)Google Scholar
- 9.RTCA Inc.: DO-178C, Software Considerations in Airborne Systems and Equipment Certification (2012)Google Scholar
- 10.RTCA Inc.: DO-248B, Final Annual Report for Clarification of DO-178B Software Considerations in Airborne Systems and Equipment Certification (2001)Google Scholar
- 11.Kelly, T., Weaver, R.: The goal structuring notation–a safety argument notation. In: Proceedings DSN 2004 Workshop on Assurance Cases, Florence, Italy (2004)Google Scholar
- 12.Software Engineering Institute, Assurance cases, Carnegie Mellon University. http://www.sei.cmu.edu/dependability/tools/assurancecase/
- 13.International Organization for Standardization, ISO 26262: Road vehicles–functional safety (2011)Google Scholar