Part 2 Requirements
3 Safety Objectives
3.1 Prime Objectives
3.1.1 The prime software safety objective to be met for ATS systems that contain software is:
To ensure that the risks associated with deploying any software used in a safety related ATS system have been reduced to a tolerable level (1703).
3.1.2 To achieve this objective it is necessary:
For arguments and assurance evidence to be available which show that the risks associated with deploying any software used in a safety related ATS system are tolerable (1704).
3.2 Sub Objectives
Achievement of the prime software safety objective shall be demonstrated by providing credible arguments and evidence that the following five sub-objectives have been achieved:
A) To ensure that arguments and evidence are available which show that the software safety requirements correctly state what is necessary and sufficient to achieve tolerable safety, in the system context (1705).
NOTE 1:These requirements will include requirements to control hazards identified during implementation.
NOTE 2:It is assumed that the system-level safety requirements are derived from a hazard and risk analysis of the ATS environment in which the system is required to operate.
NOTE 3:It is assumed that a necessary and sufficient set of system-level safety requirements exist, which describe the functionality and performance required of the system in order to support a tolerably safe ATS.
NOTE 4:It is assumed that the failure modes which the software must detect and mitigate in order to meet the system safety requirements have been identified e.g. those failure modes associated with: other systems, system-system interactions, equipments, pre-existing software and all user-system interactions.
NOTE 5:It is assumed that the failure modes identified include generic failures relevant to the safety related ATS application, e.g. security threats, loss of communications, and loss of power.
NOTE 6:It is assumed that the failure modes identified (including human errors) are representative of the operational environment for the system and workload on the system operators.
NOTE 7:During the software development process, functions may be introduced which have repercussions on the safety of the ATS system. These will need to be assessed and if necessary, new or changed safety requirements will have to be generated.
NOTE 8:The set of software safety requirements includes all software safety requirements derived or changed during the requirements determination and design processes.
B) To ensure that arguments and evidence are available which show that the software satisfies its safety requirements (1706).
C) To ensure that arguments and evidence are available which show that each Safety Requirement can be traced to the same level of design at which its satisfaction is demonstrated (1707).
D) To ensure that arguments and evidence are available which show that software implemented as a result of software safety requirements is not interfered with by other software (1708).
NOTE 1:Behaviour implemented as a result of software safety requirements should also not interfere with each other.
E) To ensure that the arguments and evidence, for the safety of the software in the system context, are from: a known executable version of the software, a known range of configuration data and a known set of software products, data and descriptions that have been used in the production of that version (1709).
For a greater understanding of how the sub-objectives achieve the overall safety objective refer to their derivation provided in Appendix D.
Part 3 Guidance
4 Introduction
4.1 All material from this point is non-mandatory and should only be considered as guidance. This guidance has been included in this regulation for two purposes:
a) To assist Service Providers in evaluating the adequacy of the software assurances, provided by their Systems Integrators and/or Equipment Manufacturers, for the purpose of satisfying the safety objectives mandated by this regulation.
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:CAP 670 Air Traffic Services Safety Requirements 1(69)
