NATO - AOP-52
GUIDANCE ON SOFTWARE SAFETY DESIGN AND ASSESSMENT OF MUNITION-RELATED COMPUTING SYSTEMS
|Publication Date:||29 November 2016|
This AOP is both a reference document and management tool for aiding managers and engineers at all levels, in any government or industrial organization. It documents "how to" in the development and implementation of an effective SSS process. Effective implementation should minimize system hazards caused by software in safety-related applications.
The primary responsibility for management of the SSS process lies with the system safety manager/ engineer in both the supplier and acquirer's organizations. However, nearly every functional discipline has a vital role and must be intimately involved in the SSS process. The SSS tasks, techniques, and processes outlined in this AOP are basic enough to apply to any system that uses software or software-like devices in critical areas. It serves the need for all contributing disciplines to understand and apply qualitative and quantitative analysis techniques to ensure the safety of hardware systems controlled by software.
This AOP is a guideline and is not intended to supersede any National Government or Agency policy, standard, or guidance pertaining to system safety (e.g., US MIL-STD-882 series, UK Def-Stan 00-56) or software engineering and development standards. It is written to clarify the SSS requirements and tasks specified in governmental and commercial standards and guideline documents. This AOP is not a compliance document but a reference document. It provides the program management, especially the system safety manager and the software development manager with sufficient information to perform the following:
- Properly scope the SSS effort
- Identify the data needed to effectively monitor the developer's compliance with system safety requirements
- Evaluate the residual risk associated with the software or software-like devices in the overall system context
The AOP is not a tutorial on software engineering. However, it does address some technical aspects of software function and design to assist with understanding software safety. It is an objective of this AOP to provide each member of the SSS team with a basic understanding of sound systems and software safety practices, processes, and techniques. Another objective is to demonstrate the importance of the interaction between technical and managerial disciplines in defining software safety requirements (SSR) for the safety-related software components of the system. A final objective is to show where the team can design safety features into the software to eliminate or control identified hazards.