SlideShare a Scribd company logo

Dependability requirements for LSCITS

Download as PPTX, PDF
Ian Sommerville
Ian Sommerville

Explains the important of understanding dependability issues when designing an LSCITS

Technology
1 of 33
Dependability requirements engineering, York EngD programme, 2010 Slide 1 Dependability requirements engineering
Dependability requirements engineering, York EngD programme, 2010 Slide 2 Objectives • To introduce dependability requirements, which are of particular significance for large-scale systems • To discuss the notion of safety-critical information systems and to introduce an exemplar system concerned with healthcare records management • To discuss an approach to dependability requirements derivation based on viewpoints and concerns that is geared to discovering requirements conflicts
Dependability requirements engineering, York EngD programme, 2010 Slide 3 System dependability • A system may be considered to be dependable if it operates without interruption, delivers the services that are expected by stakeholders, does not have adverse effects on the system’s environment and does not damage its data or the system itself. • Dependability covers: – Reliability – Availability – Safety – Security
Dependability requirements engineering, York EngD programme, 2010 Slide 4 Dependability requirement types • Non-functional requirements – Requirements that specify the dependability properties of the system – The Probability of Failure on Demand of the Protection system shall be 0.0001 • Functional requirements – Requirements that are introduced in order to achieve dependability as distinct from requirements that reflect the functionality that is used by system stakeholders – All data that is maintained on local disks must be encrypted
Dependability requirements engineering, York EngD programme, 2010 Slide 5 Integrated requirements engineering • Dependability requirements are business requirements so dependability requirements engineering should not be a separate process but should be part of the system requirements engineering process • Dependability issues should be considered alongside other business requirements – dependability should not be compromised but the best way to improve dependability might be to change other system requirements • In this lecture, I will focus on safety requirements engineering but the approach proposed is equally applicable to other dependability requirements
Dependability requirements engineering, York EngD programme, 2010 Slide 6 Rationale • Safety is not an isolated system property but must be considered in conjunction with other properties such as integrity and timeliness • Requirements conflicts and trade-offs are harder to make when safety requirements are distinguished in some way • Risks and hazards, especially for information systems, cannot be identified until you have some knowledge of the system requirements
Dependability requirements engineering, York EngD programme, 2010 Slide 7 Safety-critical information systems • The safety-critical systems community has focused its attention on safety-critical control systems • In those systems, the actual damage that is caused results from undesirable behaviour of the equipment that is being controlled • Increasingly, however, information systems are safety-critical in that system failure results in indirect risks to people • Other systems (not necessarily equipment but also human systems) may rely on an information system for their correct functioning. Failure of these systems may then lead to damage
Dependability requirements engineering, York EngD programme, 2010 Slide 8 Examples • Design systems – Failure of CAD systems that are used to design critical hardware and software may lead to the failure of the systems that have been designed – A story in the 1970s suggested that a number of plane crashes were a result of errors in a structural analysis program which resulted in structural weaknesses in the airframe • Records systems – Incorrect information or unavailability of records systems may mean that users of these systems take actions that are potentially dangerous – If a maintenance record for an aircraft is incorrect, parts that have reached the end of their design life may not be replaced • Simulation systems – Simulation systems that do not match the real environment may result in incorrect design decisions or misplaced confidence in the integrity of the system
Dependability requirements engineering, York EngD programme, 2010 Slide 9 Secondary risks • In control systems, the risks (primary risks) are determined from the characteristics of the equipment that is being controlled • This doesn’t mean that risk assessment is easy but it does provide boundaries for the risk assessment and helps identify information sources • In information systems, the risks are secondary risks (ie they result from the use of some other dependent system) • As there may be many dependent systems, identifying risks is consequently more difficult
Dependability requirements engineering, York EngD programme, 2010 Slide 10 Hazard classes • Data hazards, namely hazards that are associated with the data processed by the system, are the major type of hazard in information systems • Control hazards, hazards that are associated with the software controlling the system are also significant
Dependability requirements engineering, York EngD programme, 2010 Slide 11 Secondary risk example • An electronic health record in a hospital may be used in: – Diagnostic processes – Anaesthetic processes – Treatment processes – Discharge processes • A failure in that system associated with an individual record may be non-critical for some of these processes but critical for others
Dependability requirements engineering, York EngD programme, 2010 Slide 12 Control systems and information systems • Control systems are becoming increasingly data intensive as more and more operational data is stored and used • Control systems are increasingly being directly connected to information systems so that failure of the information system is a hazard for the control system. This type of hazard can be difficult to manage
Dependability requirements engineering, York EngD programme, 2010 Slide 13 The MHCPMS • This system (not its real name but a real system) is a generic medical information system that is configured for use in different regional health trusts • It supports the management of patients suffering from mental health problems and provides information on their treatment to health service managers
Dependability requirements engineering, York EngD programme, 2010 Slide 14 System goals • To provide management information that allows health service managers to assess performance against local and government targets • To provide medical staff with timely information to facilitate the treatment of patients
Dependability requirements engineering, York EngD programme, 2010 Slide 15 Mental health care • Patients do not always attend the same clinic but may attend in different hospitals and local health centres • Patients may be confused and disorganised, miss appointments, deliberately or accidentally lose medication, forget instructions and make unreasonable demands on staff • Mental health care is safety-critical as a small number of patients may be a danger to themselves and others
Dependability requirements engineering, York EngD programme, 2010 Slide 16 Concerns • Safety should be considered as an organisational goal and should be considered in conjunction with other organisational goals and business requirements • Concerns are a general mechanism that we have devised that are used to reflect organisational goals • They also reflect constraints on the organisation that reflect the environment in which the organisation operates • They help focus the requirements engineering process and provide a basis for conflict analysis
Dependability requirements engineering, York EngD programme, 2010 Slide 17 Concerns • Are issues that an organisation must pay attention to and that are systemic ie they apply to the system as a whole • They are cross-cutting issues that may affect all system stakeholders • Help bridge the gap between organisational goals and system requirements • May exist at a number of levels so may be decomposed into more specific sub-concerns
Dependability requirements engineering, York EngD programme, 2010 Slide 18 Concerns Software and hardware Safety Cost Security Operators Society The organisation
Dependability requirements engineering, York EngD programme, 2010 Slide 19 Concerns and safety analysis • Concerns are completely compatible with safety analysis as discussed earlier • However, they provide a mechanism where safety can be integrated with other critical system requirements • They help highlight trade-offs that may have to be made and conflicts that may arise
Dependability requirements engineering, York EngD programme, 2010 Slide 20 Concerns in the MHCPMS • The principal concerns in the MHCPMS are: – Safety - the system should help reduce the number of occasions where patients cause harm to themselves and others – Privacy - patient privacy must be maintained according to the provisions of the Data Protection Act and local ethical guidelines – Information quality - the information maintained by the system must be accurate and up-to date – Operational costs - the operational costs of the system must be ‘reasonable’
Dependability requirements engineering, York EngD programme, 2010 Slide 21 Concern decomposition • Concerns are decomposed into sub-concerns: Information quality Information integrity Information accuracy Information timeliness
Dependability requirements engineering, York EngD programme, 2010 Slide 22 The safety concern Safety Patient safety Staff safety Public safety Mental Health Act Accidental self-harm Deliberate self-harm Incorrect treatment Adverse reaction to medication
Dependability requirements engineering, York EngD programme, 2010 Slide 23 Concern identification • The process of establishing concerns is probably best done in a series of meetings involving business managers and technical staff • Brainstorming or a similar technique may be used • Analysis of concerns between meetings is essential and someone should take an explicit action to do this • Several meetings over a relatively short period of time are required for this stage
Dependability requirements engineering, York EngD programme, 2010 Slide 24 From concerns to questions • A problem that I find with hazard analysis is the ‘requirements gap’. You identify the hazards and possible root causes but there is no method for going from there to requirements • To address this, we proposed that, after sub- concerns are identified, you should then explicitly identify questions and sub-questions associated with each concern • Answers to these questions come from system stakeholders and help generate system requirements
Dependability requirements engineering, York EngD programme, 2010 Slide 25 Generic questions • What information relates to the sub-concern being considered? • Who requires the information and when do they require it? • How is the information delivered? • What constraints does the (sub) concern impose? • What are the consequences of failing to deliver this information?
Dependability requirements engineering, York EngD programme, 2010 Slide 26 Deliberate self-harm sub- concern • Information about previous history of self-harm or threats of self-harm • Medical staff during consultations. Relatives and carers • Can be delivered to medical staff directly through the system. Delivered to relatives and carers through a message from the clinic • No obvious constraints imposed • Failing to deliver may mean an incident of preventable self-harm occurs
Dependability requirements engineering, York EngD programme, 2010 Slide 27 Concern-cross checking • A generic problem in complex systems is requirements conflicts where different system requirements are mutually contradictory • In my view, separating safety analysis in the RE process increases the likelihood of conflict and the costs of resolving that conflict • Concerns partially address this problem as it allows cross-checking at a higher level of abstraction than the requirements themselves
Dependability requirements engineering, York EngD programme, 2010 Slide 28 Concern comparison • Concerns should be compared in pairs to assess the likelihood of of potential conflicts • Safety and information quality – Conflicts only likely if the requirements allow erroneous or out of date information to be maintained in the system • Safety and privacy – Privacy may impose limits on what information can be shared and who can access that information. Requirements on information sharing and access should be checked • Safety and operational costs – Operational processes that require extensive staff time may be problematic
Dependability requirements engineering, York EngD programme, 2010 Slide 29 The privacy concern • All information in the system that relates to identifiable individuals is covered by the Data Protection Act • All staff need to be aware of the requirements imposed by the Act • There are no information delivery requirements • Personal information may only be disclosed to accredited information users • Failure to address the concern could result in legal action against the Trust
Dependability requirements engineering, York EngD programme, 2010 Slide 30 A requirements conflict • To reduce the likelihood of deliverate self-harm, the patient’s relatives should be informed of incidents or threats of self-harm • Information may only be disclosed to accredited information users • The privacy concern conflicts with the safety concern
Dependability requirements engineering, York EngD programme, 2010 Slide 31 Requirements derivation • Requirements are derived from the answers to the questions associated with concerns. • However, there is not a simple 1:1 relationship between answers and requirements • By using answers to questions, the problem of stakeholders suggesting requirements that are too specific is reduced
Dependability requirements engineering, York EngD programme, 2010 Slide 32 MHCPMS requirements • The system shall provide fields in each patient record that allow details of incidents or threats of deliberate self-harm to be maintained • The records of patients with a record of deliberate self-harm shall be highlighted to bring them to the attention of clinical system users • The system shall only permit the transmission of personal patient information to accredited staff and to the patient themselves
Dependability requirements engineering, York EngD programme, 2010 Slide 33 Key points • Dependability requirements focus on the safety, reliability, availability and security of an LSCITS • An increasing number of information systems of various kinds are safety critical systems • Concerns are a mechanism that allows safety to be integrated with other business requirements • Concerns are decomposed to sub-concerns and questions that then drive the requirements engineering process

Recommended

Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)
Ian Sommerville
 
E1804012536
E1804012536E1804012536
E1804012536
IOSR Journals
 
System success and failure
System success and failureSystem success and failure
System success and failuresommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
sommerville-videos
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
sommerville-videos
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
Ian Sommerville
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
sommerville-videos
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependabilitysommerville-videos
 

Recommended

Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)
Ian Sommerville
 
E1804012536
E1804012536E1804012536
E1804012536
IOSR Journals
 
System success and failure
System success and failureSystem success and failure
System success and failuresommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
sommerville-videos
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
sommerville-videos
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
Ian Sommerville
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
sommerville-videos
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependabilitysommerville-videos
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
sommerville-videos
 
Emergent properties
Emergent propertiesEmergent properties
Emergent propertiessommerville-videos
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
sommerville-videos
 
Mis 8
Mis 8Mis 8
Mis 8
Md. Mashiur Rahman
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 
Design a rule based expert system for eia
Design a rule based expert system for eiaDesign a rule based expert system for eia
Design a rule based expert system for eia
Er. rahul abhishek
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Ch10-Software Engineering 9
Ch10-Software Engineering 9Ch10-Software Engineering 9
Ch10-Software Engineering 9Ian Sommerville
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
sivadnolram
 
Software engineering socio-technical systems
Software engineering socio-technical systemsSoftware engineering socio-technical systems
Software engineering socio-technical systems
Dr. Loganathan R
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
Erik Vollebregt
 
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Ian Sommerville
 
Socio-technical System
Socio-technical SystemSocio-technical System
Socio-technical System
Rahul Hada
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 

More Related Content

What's hot

Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
sommerville-videos
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
sommerville-videos
 
Mis 8
Mis 8Mis 8
Mis 8
Md. Mashiur Rahman
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 
Design a rule based expert system for eia
Design a rule based expert system for eiaDesign a rule based expert system for eia
Design a rule based expert system for eia
Er. rahul abhishek
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Ch10-Software Engineering 9
Ch10-Software Engineering 9Ch10-Software Engineering 9
Ch10-Software Engineering 9Ian Sommerville
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
sivadnolram
 
Software engineering socio-technical systems
Software engineering socio-technical systemsSoftware engineering socio-technical systems
Software engineering socio-technical systems
Dr. Loganathan R
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
Erik Vollebregt
 
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Ian Sommerville
 
Socio-technical System
Socio-technical SystemSocio-technical System
Socio-technical System
Rahul Hada
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
 

What's hot (20)

Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Mis 8
Mis 8Mis 8
Mis 8
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Design a rule based expert system for eia
Design a rule based expert system for eiaDesign a rule based expert system for eia
Design a rule based expert system for eia
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
Ch10-Software Engineering 9
Ch10-Software Engineering 9Ch10-Software Engineering 9
Ch10-Software Engineering 9
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Software engineering socio-technical systems
Software engineering socio-technical systemsSoftware engineering socio-technical systems
Software engineering socio-technical systems
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Security policy
Security policySecurity policy
Security policy
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
 
Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)Designing Complex Systems for Recovery (LSCITS EngD 2011)
Designing Complex Systems for Recovery (LSCITS EngD 2011)
 
Socio-technical System
Socio-technical SystemSocio-technical System
Socio-technical System
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013
 

Similar to Dependability requirements for LSCITS

CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
Ian Sommerville
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
Ian Sommerville
 
How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptx
Shandevinda
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
3GDR
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
3GDR
 
Requirement engineering in S/W Engineering
Requirement engineering in S/W EngineeringRequirement engineering in S/W Engineering
Requirement engineering in S/W Engineering
Mikel Raj
 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...
UBMCanon
 
L5 Dependability Requirements
L5 Dependability RequirementsL5 Dependability Requirements
L5 Dependability Requirements
Ian Sommerville
 
7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx
nichal3
 
VET4SBO Level 2 module 5 - unit 1 - v0.9 en
VET4SBO Level 2 module 5 - unit 1 - v0.9 enVET4SBO Level 2 module 5 - unit 1 - v0.9 en
VET4SBO Level 2 module 5 - unit 1 - v0.9 en
Karel Van Isacker
 
A koene un_bias_ieee_ebdvf_nov2017
A koene un_bias_ieee_ebdvf_nov2017A koene un_bias_ieee_ebdvf_nov2017
A koene un_bias_ieee_ebdvf_nov2017
Ansgar Koene
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
SophiaPalmira
 
Mdds sundararaman 12th meeting
Mdds sundararaman 12th meetingMdds sundararaman 12th meeting
Mdds sundararaman 12th meeting
Pankaj Gupta
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
IRJET Journal
 
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
IRJET Journal
 
NANI PPT.pptx
NANI PPT.pptxNANI PPT.pptx
NANI PPT.pptx
MuraliLekkala
 

Similar to Dependability requirements for LSCITS (20)

CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptx
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Requirement engineering in S/W Engineering
Requirement engineering in S/W EngineeringRequirement engineering in S/W Engineering
Requirement engineering in S/W Engineering
 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...
 
L5 Dependability Requirements
L5 Dependability RequirementsL5 Dependability Requirements
L5 Dependability Requirements
 
7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx
 
VET4SBO Level 2 module 5 - unit 1 - v0.9 en
VET4SBO Level 2 module 5 - unit 1 - v0.9 enVET4SBO Level 2 module 5 - unit 1 - v0.9 en
VET4SBO Level 2 module 5 - unit 1 - v0.9 en
 
A koene un_bias_ieee_ebdvf_nov2017
A koene un_bias_ieee_ebdvf_nov2017A koene un_bias_ieee_ebdvf_nov2017
A koene un_bias_ieee_ebdvf_nov2017
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
 
Mdds sundararaman 12th meeting
Mdds sundararaman 12th meetingMdds sundararaman 12th meeting
Mdds sundararaman 12th meeting
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
 
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...
 
NANI PPT.pptx
NANI PPT.pptxNANI PPT.pptx
NANI PPT.pptx
 

More from Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
Ian Sommerville
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
Ian Sommerville
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
Ian Sommerville
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
Ian Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
Ian Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
Ian Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 

More from Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

Dependability requirements for LSCITS

  • 1. Dependability requirements engineering, York EngD programme, 2010 Slide 1 Dependability requirements engineering
  • 2. Dependability requirements engineering, York EngD programme, 2010 Slide 2 Objectives • To introduce dependability requirements, which are of particular significance for large-scale systems • To discuss the notion of safety-critical information systems and to introduce an exemplar system concerned with healthcare records management • To discuss an approach to dependability requirements derivation based on viewpoints and concerns that is geared to discovering requirements conflicts
  • 3. Dependability requirements engineering, York EngD programme, 2010 Slide 3 System dependability • A system may be considered to be dependable if it operates without interruption, delivers the services that are expected by stakeholders, does not have adverse effects on the system’s environment and does not damage its data or the system itself. • Dependability covers: – Reliability – Availability – Safety – Security
  • 4. Dependability requirements engineering, York EngD programme, 2010 Slide 4 Dependability requirement types • Non-functional requirements – Requirements that specify the dependability properties of the system – The Probability of Failure on Demand of the Protection system shall be 0.0001 • Functional requirements – Requirements that are introduced in order to achieve dependability as distinct from requirements that reflect the functionality that is used by system stakeholders – All data that is maintained on local disks must be encrypted
  • 5. Dependability requirements engineering, York EngD programme, 2010 Slide 5 Integrated requirements engineering • Dependability requirements are business requirements so dependability requirements engineering should not be a separate process but should be part of the system requirements engineering process • Dependability issues should be considered alongside other business requirements – dependability should not be compromised but the best way to improve dependability might be to change other system requirements • In this lecture, I will focus on safety requirements engineering but the approach proposed is equally applicable to other dependability requirements
  • 6. Dependability requirements engineering, York EngD programme, 2010 Slide 6 Rationale • Safety is not an isolated system property but must be considered in conjunction with other properties such as integrity and timeliness • Requirements conflicts and trade-offs are harder to make when safety requirements are distinguished in some way • Risks and hazards, especially for information systems, cannot be identified until you have some knowledge of the system requirements
  • 7. Dependability requirements engineering, York EngD programme, 2010 Slide 7 Safety-critical information systems • The safety-critical systems community has focused its attention on safety-critical control systems • In those systems, the actual damage that is caused results from undesirable behaviour of the equipment that is being controlled • Increasingly, however, information systems are safety-critical in that system failure results in indirect risks to people • Other systems (not necessarily equipment but also human systems) may rely on an information system for their correct functioning. Failure of these systems may then lead to damage
  • 8. Dependability requirements engineering, York EngD programme, 2010 Slide 8 Examples • Design systems – Failure of CAD systems that are used to design critical hardware and software may lead to the failure of the systems that have been designed – A story in the 1970s suggested that a number of plane crashes were a result of errors in a structural analysis program which resulted in structural weaknesses in the airframe • Records systems – Incorrect information or unavailability of records systems may mean that users of these systems take actions that are potentially dangerous – If a maintenance record for an aircraft is incorrect, parts that have reached the end of their design life may not be replaced • Simulation systems – Simulation systems that do not match the real environment may result in incorrect design decisions or misplaced confidence in the integrity of the system
  • 9. Dependability requirements engineering, York EngD programme, 2010 Slide 9 Secondary risks • In control systems, the risks (primary risks) are determined from the characteristics of the equipment that is being controlled • This doesn’t mean that risk assessment is easy but it does provide boundaries for the risk assessment and helps identify information sources • In information systems, the risks are secondary risks (ie they result from the use of some other dependent system) • As there may be many dependent systems, identifying risks is consequently more difficult
  • 10. Dependability requirements engineering, York EngD programme, 2010 Slide 10 Hazard classes • Data hazards, namely hazards that are associated with the data processed by the system, are the major type of hazard in information systems • Control hazards, hazards that are associated with the software controlling the system are also significant
  • 11. Dependability requirements engineering, York EngD programme, 2010 Slide 11 Secondary risk example • An electronic health record in a hospital may be used in: – Diagnostic processes – Anaesthetic processes – Treatment processes – Discharge processes • A failure in that system associated with an individual record may be non-critical for some of these processes but critical for others
  • 12. Dependability requirements engineering, York EngD programme, 2010 Slide 12 Control systems and information systems • Control systems are becoming increasingly data intensive as more and more operational data is stored and used • Control systems are increasingly being directly connected to information systems so that failure of the information system is a hazard for the control system. This type of hazard can be difficult to manage
  • 13. Dependability requirements engineering, York EngD programme, 2010 Slide 13 The MHCPMS • This system (not its real name but a real system) is a generic medical information system that is configured for use in different regional health trusts • It supports the management of patients suffering from mental health problems and provides information on their treatment to health service managers
  • 14. Dependability requirements engineering, York EngD programme, 2010 Slide 14 System goals • To provide management information that allows health service managers to assess performance against local and government targets • To provide medical staff with timely information to facilitate the treatment of patients
  • 15. Dependability requirements engineering, York EngD programme, 2010 Slide 15 Mental health care • Patients do not always attend the same clinic but may attend in different hospitals and local health centres • Patients may be confused and disorganised, miss appointments, deliberately or accidentally lose medication, forget instructions and make unreasonable demands on staff • Mental health care is safety-critical as a small number of patients may be a danger to themselves and others
  • 16. Dependability requirements engineering, York EngD programme, 2010 Slide 16 Concerns • Safety should be considered as an organisational goal and should be considered in conjunction with other organisational goals and business requirements • Concerns are a general mechanism that we have devised that are used to reflect organisational goals • They also reflect constraints on the organisation that reflect the environment in which the organisation operates • They help focus the requirements engineering process and provide a basis for conflict analysis
  • 17. Dependability requirements engineering, York EngD programme, 2010 Slide 17 Concerns • Are issues that an organisation must pay attention to and that are systemic ie they apply to the system as a whole • They are cross-cutting issues that may affect all system stakeholders • Help bridge the gap between organisational goals and system requirements • May exist at a number of levels so may be decomposed into more specific sub-concerns
  • 18. Dependability requirements engineering, York EngD programme, 2010 Slide 18 Concerns Software and hardware Safety Cost Security Operators Society The organisation
  • 19. Dependability requirements engineering, York EngD programme, 2010 Slide 19 Concerns and safety analysis • Concerns are completely compatible with safety analysis as discussed earlier • However, they provide a mechanism where safety can be integrated with other critical system requirements • They help highlight trade-offs that may have to be made and conflicts that may arise
  • 20. Dependability requirements engineering, York EngD programme, 2010 Slide 20 Concerns in the MHCPMS • The principal concerns in the MHCPMS are: – Safety - the system should help reduce the number of occasions where patients cause harm to themselves and others – Privacy - patient privacy must be maintained according to the provisions of the Data Protection Act and local ethical guidelines – Information quality - the information maintained by the system must be accurate and up-to date – Operational costs - the operational costs of the system must be ‘reasonable’
  • 21. Dependability requirements engineering, York EngD programme, 2010 Slide 21 Concern decomposition • Concerns are decomposed into sub-concerns: Information quality Information integrity Information accuracy Information timeliness
  • 22. Dependability requirements engineering, York EngD programme, 2010 Slide 22 The safety concern Safety Patient safety Staff safety Public safety Mental Health Act Accidental self-harm Deliberate self-harm Incorrect treatment Adverse reaction to medication
  • 23. Dependability requirements engineering, York EngD programme, 2010 Slide 23 Concern identification • The process of establishing concerns is probably best done in a series of meetings involving business managers and technical staff • Brainstorming or a similar technique may be used • Analysis of concerns between meetings is essential and someone should take an explicit action to do this • Several meetings over a relatively short period of time are required for this stage
  • 24. Dependability requirements engineering, York EngD programme, 2010 Slide 24 From concerns to questions • A problem that I find with hazard analysis is the ‘requirements gap’. You identify the hazards and possible root causes but there is no method for going from there to requirements • To address this, we proposed that, after sub- concerns are identified, you should then explicitly identify questions and sub-questions associated with each concern • Answers to these questions come from system stakeholders and help generate system requirements
  • 25. Dependability requirements engineering, York EngD programme, 2010 Slide 25 Generic questions • What information relates to the sub-concern being considered? • Who requires the information and when do they require it? • How is the information delivered? • What constraints does the (sub) concern impose? • What are the consequences of failing to deliver this information?
  • 26. Dependability requirements engineering, York EngD programme, 2010 Slide 26 Deliberate self-harm sub- concern • Information about previous history of self-harm or threats of self-harm • Medical staff during consultations. Relatives and carers • Can be delivered to medical staff directly through the system. Delivered to relatives and carers through a message from the clinic • No obvious constraints imposed • Failing to deliver may mean an incident of preventable self-harm occurs
  • 27. Dependability requirements engineering, York EngD programme, 2010 Slide 27 Concern-cross checking • A generic problem in complex systems is requirements conflicts where different system requirements are mutually contradictory • In my view, separating safety analysis in the RE process increases the likelihood of conflict and the costs of resolving that conflict • Concerns partially address this problem as it allows cross-checking at a higher level of abstraction than the requirements themselves
  • 28. Dependability requirements engineering, York EngD programme, 2010 Slide 28 Concern comparison • Concerns should be compared in pairs to assess the likelihood of of potential conflicts • Safety and information quality – Conflicts only likely if the requirements allow erroneous or out of date information to be maintained in the system • Safety and privacy – Privacy may impose limits on what information can be shared and who can access that information. Requirements on information sharing and access should be checked • Safety and operational costs – Operational processes that require extensive staff time may be problematic
  • 29. Dependability requirements engineering, York EngD programme, 2010 Slide 29 The privacy concern • All information in the system that relates to identifiable individuals is covered by the Data Protection Act • All staff need to be aware of the requirements imposed by the Act • There are no information delivery requirements • Personal information may only be disclosed to accredited information users • Failure to address the concern could result in legal action against the Trust
  • 30. Dependability requirements engineering, York EngD programme, 2010 Slide 30 A requirements conflict • To reduce the likelihood of deliverate self-harm, the patient’s relatives should be informed of incidents or threats of self-harm • Information may only be disclosed to accredited information users • The privacy concern conflicts with the safety concern
  • 31. Dependability requirements engineering, York EngD programme, 2010 Slide 31 Requirements derivation • Requirements are derived from the answers to the questions associated with concerns. • However, there is not a simple 1:1 relationship between answers and requirements • By using answers to questions, the problem of stakeholders suggesting requirements that are too specific is reduced
  • 32. Dependability requirements engineering, York EngD programme, 2010 Slide 32 MHCPMS requirements • The system shall provide fields in each patient record that allow details of incidents or threats of deliberate self-harm to be maintained • The records of patients with a record of deliberate self-harm shall be highlighted to bring them to the attention of clinical system users • The system shall only permit the transmission of personal patient information to accredited staff and to the patient themselves
  • 33. Dependability requirements engineering, York EngD programme, 2010 Slide 33 Key points • Dependability requirements focus on the safety, reliability, availability and security of an LSCITS • An increasing number of information systems of various kinds are safety critical systems • Concerns are a mechanism that allows safety to be integrated with other business requirements • Concerns are decomposed to sub-concerns and questions that then drive the requirements engineering process