MODUK - DEF STAN 00-055: PART 1
Requirements for Safety of Programmable Elements (PE) in Defence Systems Part 1: Requirements and Guidance
|Publication Date:||29 April 2016|
This Standard specifies the requirements for achieving, assuring and managing the Design Integrity of PE in PSS. This includes PE used by, or on behalf of, the MOD, and covers the whole-life support of the PE, as defined by the scope of contract.
Note. The Standard can be applied to a single or multiple PE as defined in the scope of contract.
Whilst Contract life may be limited, this Standard considers the whole life of the PE including disposal. The disposal procedures are defined in the Defence Logistics Framework, available through the Defence Gateway. Earlier phases in the life of the PSS need only be considered if explicitly included within the scope of analysis. Applicability relates to all situations and scenarios, including but not limited to trials, operations and training for operations as defined in the scope of contract.
This Standard provides for the application of Open Standards supported by Recognised Good Practice (RGP) as an acceptable means of managing compliance of the PE with its Safety Requirements, within the scope of contract.
i. Many definitions of the term Open Standard exist. For the purpose this Standard, the criteria provided in Annex 1, Section 2 of Open Standards Principles apply.
ii. Guidance regarding the choice of standards or the adoption of a PE Open Standard is covered in Annex B to this Standard.
iii. The preferred route of compliance is the application of RGP through an adopted PE Open Standard, with proven pedigree, that meets the objectives and requirement of this Standard. Although this Standard defines RGP, it is the responsibility of the Contractor to propose and justify the use of RGP as an acceptable means of compliance.
It is MOD policy to use civil standards where possible and military standards only as necessary. Due to the specialised operational environment in which the MOD uses PSS, the application of PE Open Standards and RGP may not meet all Design Integrity requirements. Where there is a shortfall in achieving PE Design Integrity requirements, this Standard makes provision for the use of enhanced RGP or augmented PE Open Standards to ensure compliance with Design Integrity requirements. A number of PE Open Standards provide alternative means of compliance, this Standard allows for these alternatives to augment the chosen PE Open Standard to address the identified PE Design Integrity shortfall.
Guidance addressing the unique military risk requirement and impact on PE Open Standards (Military Delta) is contained at Annex C.
PE may be developed separately from the non-PE components of a PSS or supplied as Off the Shelf (OTS), and hence there is a risk of incompatibility and a need for careful consideration of the overall integrated system functionality. It is essential that sufficient PSS information is available to enable PE Failure Assessment to be undertaken.
i. Undertaking PE Failure Assessment is essential for determining the behaviour of the PE that may contribute to PSS hazards and thereby help identify required Design Integrity. This cannot be undertaken without knowledge of the PSS. If the PE will not credibly contribute to a hazard or impair mitigation to a hazard, then the Contractor, with the agreement of the MOD, need take no further action in this Standard.
ii. This Standard is intended for all PE acquisition and its clauses are applicable to developmental as well as OTS PE.
iii. Where knowledge of the PSS is incomplete, it is likely that assumptions will be made. Such assumptions will need to be documented and where possible, validated. This may be accomplished through the use of independent assessment.
iv. It is possible that the PSS system integrator has already undertaken a risk assessment and the resulting PE Design Integrity is provided as Derived Safety Requirements (DSRs).
v. The risk of incompatibility between the PE and PSS can be mitigated by maintaining good communications between the Contractor and the PSS system integrator to enable sufficient access to PSS information. Requirements for the sharing of information are derived from the interfacing clauses of Def Stan 00-056 Part 1 and are covered in more detail in this Standard.
The aim of this Standard is to be technology agnostic and it is intended to be applied to all current and emerging PE related technologies.
Where PE technologies are not covered by this Standard, a mitigation strategy based on the sensible application of the assurance requirements will be used to satisfy the Design Integrity shortfall.
i. For this Standard to be truly technology agnostic, all current and emerging technologies should be in scope. It is unlikely that this can ever be fully achieved, but this Standard has been written with this aspiration and will be reviewed in accordance with current DStan policy.
ii. Any mitigation strategy will be agreed by the Safety Committee.