Assessing safety cases for programmable electronic systems

A number of safety assessments have been carried out for programmable electronic systems over the last seven years at ERA. In the course of this work, significant problems have been observed with the construction of an appropriate safety case. Some of the problems have been of a philosophical nature, while in some cases they have been of a detailed nature. The author has been involved in developing a systematic approach to collecting and using such evidence to justify the safety of systems. Typically, this approach involves three main stages: (1) to identify that appropriate safety targets have been defined; (2) to identify the logical argument which shows how the architecture and behaviour of the system function together so as to meet the necessary targets; and (3) to establish whether the quality of implementation is adequate to uphold the assumptions made in the logical argument