SlideShare uma empresa Scribd logo

L5 Dependability Requirements

Transferir como PPTX, PDF
Ian Sommerville
Ian Sommerville

An introduction to a method that we developed for dependability requirements elicitation

TecnologiaNegócios
1 de 33
Dependability requirements engineering
Objectives To introduce dependability requirements, which are of particular significance for large-scale systems To discuss the notion of safety-critical information systems and to introduce an exemplar system concerned with healthcare records management To discuss an approach to dependability requirements derivation based on viewpoints and concerns that is geared to discovering requirements conflicts
System dependability A system may be considered to be dependable if it operates without interruption, delivers the services that are expected by stakeholders, does not have adverse effects on the system’s environment and does not damage its data or the system itself. Dependability covers: Reliability Availability Safety Security
Dependability requirement types Non-functional requirements Requirements that specify the dependability properties of the system The Probability of Failure on Demand of the Protection system shall be 0.0001 Functional requirements Requirements that are introduced in order to achieve dependability as distinct from requirements that reflect the functionality that is used by system stakeholders All data that is maintained on local disks must be encrypted
Integrated requirements engineering Dependability requirements are business requirements so dependability requirements engineering should not be a separate process but should be part of the system requirements engineering process Dependability issues should be considered alongside other business requirements – dependability should not be compromised but the best way to improve dependability might be to change other system requirements In this lecture, I will focus on safety requirements engineering but the approach proposed is equally applicable to other dependability requirements
Rationale Safety is not an isolated system property but must be considered in conjunction with other properties such as integrity and timeliness Requirements conflicts and trade-offs are harder to make when safety requirements are distinguished in some way Risks and hazards, especially for information systems, cannot be identified until you have some knowledge of the system requirements
Safety-critical information systems The safety-critical systems community has focused its attention on safety-critical control systems In those systems, the actual damage that is caused results from undesirable behaviour of the equipment that is being controlled Increasingly, however, information systems are safety-critical in that system failure results in indirect risks to people Other systems (not necessarily equipment but also human systems) may rely on an information system for their correct functioning. Failure of these systems may then lead to damage
Examples Design systems Failure of CAD systems that are used to design critical hardware and software may lead to the failure of the systems that have been designed A story in the 1970s suggested that a number of plane crashes were a result of errors in a structural analysis program which resulted in structural weaknesses in the airframe Records systems Incorrect information or unavailability of records systems may mean that users of these systems take actions that are potentially dangerous If a maintenance record for an aircraft is incorrect, parts that have reached the end of their design life may not be replaced Simulation systems Simulation systems that do not match the real environment may result in incorrect design decisions or misplaced confidence in the integrity of the system
Secondary risks In control systems, the risks (primary risks) are determined from the characteristics of the equipment that is being controlled This doesn’t mean that risk assessment is easy but it does provide boundaries for the risk assessment and helps identify information sources In information systems, the risks are secondary risks (ie they result from the use of some other dependent system) As there may be many dependent systems, identifying risks is consequently more difficult
Hazard classes Data hazards, namely hazards that are associated with the data processed by the system, are the major type of hazard in information systems Control hazards, hazards that are associated with the software controlling the system are also significant
Secondary risk example An electronic health record in a hospital may be used in: Diagnostic processes Anaesthetic processes Treatment processes Discharge processes A failure in that system associated with an individual record may be non-critical for some of these processes but critical for others
Control systems and information systems Control systems are becoming increasingly data intensive as more and more operational data is stored and used Control systems are increasingly being directly connected to information systems so that failure of the information system is a hazard for the control system. This type of hazard can be difficult to manage
The MHCPMS This system (not its real name but a real system) is a generic medical information system that is configured for use in different regional health trusts It supports the management of patients suffering from mental health problems and provides information on their treatment to health service managers
System goals To provide management information that allows health service managers to assess performance against local and government targets To provide medical staff with timely information to facilitate the treatment of patients
Mental health care Patients do not always attend the same clinic but may attend in different hospitals and local health centres Patients may be confused and disorganised, miss appointments, deliberately or accidentally lose medication, forget instructions and make unreasonable demands on staff Mental health care is safety-critical as a small number of patients may be a danger to themselves and others
Concerns Safety should be considered as an organisational goal and should be considered in conjunction with other organisational goals and business requirements Concerns are a general mechanism that we have devised that are used to reflect organisational goals They also reflect constraints on the organisation that reflect the environment in which the organisation operates They help focus the requirements engineering process and provide a basis for conflict analysis
Concerns Are issues that an organisation must pay attention to and that are systemic ie they apply to the system as a whole They are cross-cutting issues that may affect all system stakeholders Help bridge the gap between organisational goals and system requirements May exist at a number of levels so may be decomposed into more specific sub-concerns
Concerns Software and hardware Operators The organisation Society Safety Security Cost
Concerns and safety analysis Concerns are completely compatible with safety analysis as discussed earlier However, they provide a mechanism where safety can be integrated with other critical system requirements They help highlight trade-offs that may have to be made and conflicts that may arise
Concerns in the MHCPMS The principal concerns in the MHCPMS are: Safety - the system should help reduce the number of occasions where patients cause harm to themselves and others Privacy - patient privacy must be maintained according to the provisions of the Data Protection Act and local ethical guidelines Information quality - the information maintained by the system must be accurate and up-to date Operational costs - the operational costs of the system must be ‘reasonable’
Concern decomposition Concerns are decomposed into sub-concerns: Information integrity Information quality Information accuracy Information timeliness
The safety concern Accidental self-harm Patient safety Deliberate self-harm Staff safety Incorrect treatment Safety Adverse reaction to medication Public safety Mental Health Act
Concern identification The process of establishing concerns is probably best done in a series of meetings involving business managers and technical staff Brainstorming or a similar technique may be used Analysis of concerns between meetings is essential and someone should take an explicit action to do this Several meetings over a relatively short period of time are required for this stage
From concerns to questions A problem that I find with hazard analysis is the ‘requirements gap’. You identify the hazards and possible root causes but there is no method for going from there to requirements To address this, we proposed that, after sub-concerns are identified, you should then explicitly identify questions and sub-questions associated with each concern Answers to these questions come from system stakeholders and help generate system requirements
Generic questions What information relates to the sub-concern being considered? Who requires the information and when do they require it? How is the information delivered? What constraints does the (sub) concern impose? What are the consequences of failing to deliver this information?
Deliberate self-harm sub-concern Information about previous history of self-harm or threats of self-harm Medical staff during consultations. Relatives and carers Can be delivered to medical staff directly through the system. Delivered to relatives and carers through a message from the clinic No obvious constraints imposed Failing to deliver may mean an incident of preventable self-harm occurs
Concern-cross checking A generic problem in complex systems is requirements conflicts where different system requirements are mutually contradictory In my view, separating safety analysis in the RE process increases the likelihood of conflict and the costs of resolving that conflict Concerns partially address this problem as it allows cross-checking at a higher level of abstraction than the requirements themselves
Concern comparison Concerns should be compared in pairs to assess the likelihood of of potential conflicts Safety and information quality Conflicts only likely if the requirements allow erroneous or out of date information to be maintained in the system Safety and privacy Privacy may impose limits on what information can be shared and who can access that information. Requirements on information sharing and access should be checked Safety and operational costs Operational processes that require extensive staff time may be problematic
The privacy concern All information in the system that relates to identifiable individuals is covered by the Data Protection Act All staff need to be aware of the requirements imposed by the Act There are no information delivery requirements Personal information may only be disclosed to accredited information users Failure to address the concern could result in legal action against the Trust
A requirements conflict To reduce the likelihood of deliverate self-harm, the patient’s relatives should be informed of incidents or threats of self-harm Information may only be disclosed to accredited information users The privacy concern conflicts with the safety concern
Requirements derivation Requirements are derived from the answers to the questions associated with concerns. However, there is not a simple 1:1 relationship between answers and requirements By using answers to questions, the problem of stakeholders suggesting requirements that are too specific is reduced
MHCPMS requirements The system shall provide fields in each patient record that allow details of incidents or threats of deliberate self-harm to be maintained The records of patients with a record of deliberate self-harm shall be highlighted to bring them to the attention of clinical system users The system shall only permit the transmission of personal patient information to accredited staff and to the patient themselves
Key points An increasing number of information systems of various kinds are safety critical systems Concerns are a mechanism that allows safety to be integrated with other business requirements Concerns are decomposed to sub-concerns and questions that then drive the requirements engineering process The DISCOS method is a spiral model of requirements engineering for critical systems that integrates concerns, requirements and system architectural design

Recomendados

CMMI
CMMICMMI
CMMI
AHM Pervej Kabir
 
Requirement engineering process
Requirement engineering processRequirement engineering process
Requirement engineering process
Dr. Loganathan R
 
Ch 2 what is software quality
Ch 2 what is software qualityCh 2 what is software quality
Ch 2 what is software quality
Kittitouch Suteeca
 
data resource management
data resource management data resource management
data resource management
soodsurbhi123
 
Software requirements engineering problems and challenges erp implementation ...
Software requirements engineering problems and challenges erp implementation ...Software requirements engineering problems and challenges erp implementation ...
Software requirements engineering problems and challenges erp implementation ...
Dr. Hamdan Al-Sabri
 
Software quality assurance lecture 1
Software quality assurance lecture 1Software quality assurance lecture 1
Software quality assurance lecture 1
Abdul Basit
 
Ch15 software reliability
Ch15 software reliabilityCh15 software reliability
Ch15 software reliability
Abraham Paul
 
Software Reliability
Software ReliabilitySoftware Reliability
Software Reliability
Gurkamal Rakhra
 

Recomendados

CMMI
CMMICMMI
CMMI
AHM Pervej Kabir
 
Requirement engineering process
Requirement engineering processRequirement engineering process
Requirement engineering process
Dr. Loganathan R
 
Ch 2 what is software quality
Ch 2 what is software qualityCh 2 what is software quality
Ch 2 what is software quality
Kittitouch Suteeca
 
data resource management
data resource management data resource management
data resource management
soodsurbhi123
 
Software requirements engineering problems and challenges erp implementation ...
Software requirements engineering problems and challenges erp implementation ...Software requirements engineering problems and challenges erp implementation ...
Software requirements engineering problems and challenges erp implementation ...
Dr. Hamdan Al-Sabri
 
Software quality assurance lecture 1
Software quality assurance lecture 1Software quality assurance lecture 1
Software quality assurance lecture 1
Abdul Basit
 
Ch15 software reliability
Ch15 software reliabilityCh15 software reliability
Ch15 software reliability
Abraham Paul
 
Software Reliability
Software ReliabilitySoftware Reliability
Software Reliability
Gurkamal Rakhra
 
Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24
koolkampus
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality Factors
Usman Khan
 
Architectural structures and views
Architectural structures and viewsArchitectural structures and views
Architectural structures and views
Dr Reeja S R
 
Software Process Models
Software Process ModelsSoftware Process Models
Software Process Models
Atul Karmyal
 
Lecture 02 Software Management Renaissance.ppt
Lecture 02 Software Management Renaissance.pptLecture 02 Software Management Renaissance.ppt
Lecture 02 Software Management Renaissance.ppt
Getahuntigistu5
 
3. use cases
3. use cases3. use cases
3. use cases
APU
 
Project management and information technology context
Project management and information technology contextProject management and information technology context
Project management and information technology context
Dhani Ahmad
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
sommerville-videos
 
SE CHAPTER 1 SOFTWARE ENGINEERING
SE CHAPTER 1 SOFTWARE ENGINEERINGSE CHAPTER 1 SOFTWARE ENGINEERING
SE CHAPTER 1 SOFTWARE ENGINEERING
Abrar ali
 
Systems request
Systems requestSystems request
Systems request
Fajar Baskoro
 
Chapter 5 it infrastructure and emerging technologies
Chapter 5 it infrastructure and emerging technologiesChapter 5 it infrastructure and emerging technologies
Chapter 5 it infrastructure and emerging technologies
Van Chau
 
System dependability
System dependabilitySystem dependability
System dependability
sommerville-videos
 
RUP model
RUP modelRUP model
RUP model
Zoya Abbas
 
The project management and information technology context
The project management and information technology contextThe project management and information technology context
The project management and information technology context
AfdalArifAmandaPutra
 
Introduction to system life cycle
Introduction to system life cycleIntroduction to system life cycle
Introduction to system life cycle
Haa'Meem Mohiyuddin
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1
Mohammed Romi
 
System analysis fundamentals
System analysis fundamentalsSystem analysis fundamentals
System analysis fundamentals
Kiran Ajudiya
 
Architecture business cycle ( abc )
Architecture business cycle ( abc )Architecture business cycle ( abc )
Architecture business cycle ( abc )
Dr Reeja S R
 
Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2
Mohammed Romi
 
Insulin pump overview
Insulin pump overviewInsulin pump overview
Insulin pump overview
software-engineering-book
 
L7 Design For Recovery
L7 Design For RecoveryL7 Design For Recovery
L7 Design For Recovery
Ian Sommerville
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational Approach
Graydon McKee
 

Mais conteúdo relacionado

Mais procurados

Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24
koolkampus
 
3. use cases
3. use cases3. use cases
3. use cases
APU
 

Mais procurados (20)

Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality Factors
 
Architectural structures and views
Architectural structures and viewsArchitectural structures and views
Architectural structures and views
 
Software Process Models
Software Process ModelsSoftware Process Models
Software Process Models
 
Lecture 02 Software Management Renaissance.ppt
Lecture 02 Software Management Renaissance.pptLecture 02 Software Management Renaissance.ppt
Lecture 02 Software Management Renaissance.ppt
 
3. use cases
3. use cases3. use cases
3. use cases
 
Project management and information technology context
Project management and information technology contextProject management and information technology context
Project management and information technology context
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
 
SE CHAPTER 1 SOFTWARE ENGINEERING
SE CHAPTER 1 SOFTWARE ENGINEERINGSE CHAPTER 1 SOFTWARE ENGINEERING
SE CHAPTER 1 SOFTWARE ENGINEERING
 
Systems request
Systems requestSystems request
Systems request
 
Chapter 5 it infrastructure and emerging technologies
Chapter 5 it infrastructure and emerging technologiesChapter 5 it infrastructure and emerging technologies
Chapter 5 it infrastructure and emerging technologies
 
System dependability
System dependabilitySystem dependability
System dependability
 
RUP model
RUP modelRUP model
RUP model
 
The project management and information technology context
The project management and information technology contextThe project management and information technology context
The project management and information technology context
 
Introduction to system life cycle
Introduction to system life cycleIntroduction to system life cycle
Introduction to system life cycle
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1
 
System analysis fundamentals
System analysis fundamentalsSystem analysis fundamentals
System analysis fundamentals
 
Architecture business cycle ( abc )
Architecture business cycle ( abc )Architecture business cycle ( abc )
Architecture business cycle ( abc )
 
Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2
 
Insulin pump overview
Insulin pump overviewInsulin pump overview
Insulin pump overview
 

Semelhante a L5 Dependability Requirements

Depandability in Software Engineering SE16
Depandability in Software Engineering SE16Depandability in Software Engineering SE16
Depandability in Software Engineering SE16
koolkampus
 

Semelhante a L5 Dependability Requirements (20)

L7 Design For Recovery
L7 Design For RecoveryL7 Design For Recovery
L7 Design For Recovery
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational Approach
 
Ch3
Ch3Ch3
Ch3
 
Ch3
Ch3Ch3
Ch3
 
Depandability in Software Engineering SE16
Depandability in Software Engineering SE16Depandability in Software Engineering SE16
Depandability in Software Engineering SE16
 
Modernizing Legacy Systems in Healthcare: A Comprehensive Guide
Modernizing Legacy Systems in Healthcare: A Comprehensive GuideModernizing Legacy Systems in Healthcare: A Comprehensive Guide
Modernizing Legacy Systems in Healthcare: A Comprehensive Guide
 
Ch10
Ch10Ch10
Ch10
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
 
unit 3 information system in healthcare.pptx
unit 3 information system in healthcare.pptxunit 3 information system in healthcare.pptx
unit 3 information system in healthcare.pptx
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Clinical decision support systems
Clinical decision support systemsClinical decision support systems
Clinical decision support systems
 
Health Informatics- Module 3-Chapter 3.pptx
Health Informatics- Module 3-Chapter 3.pptxHealth Informatics- Module 3-Chapter 3.pptx
Health Informatics- Module 3-Chapter 3.pptx
 
Ch9
Ch9Ch9
Ch9
 
Anatomy of an EMR System
Anatomy of an EMR SystemAnatomy of an EMR System
Anatomy of an EMR System
 
Healthcare It Security Risk 0310
Healthcare It Security Risk 0310Healthcare It Security Risk 0310
Healthcare It Security Risk 0310
 
SEPM_MODULE 2 PPT.pptx
SEPM_MODULE 2 PPT.pptxSEPM_MODULE 2 PPT.pptx
SEPM_MODULE 2 PPT.pptx
 
CSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comCSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.com
 
BPM in Healthcare
BPM in HealthcareBPM in Healthcare
BPM in Healthcare
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

L5 Dependability Requirements

  • 2. Objectives To introduce dependability requirements, which are of particular significance for large-scale systems To discuss the notion of safety-critical information systems and to introduce an exemplar system concerned with healthcare records management To discuss an approach to dependability requirements derivation based on viewpoints and concerns that is geared to discovering requirements conflicts
  • 3. System dependability A system may be considered to be dependable if it operates without interruption, delivers the services that are expected by stakeholders, does not have adverse effects on the system’s environment and does not damage its data or the system itself. Dependability covers: Reliability Availability Safety Security
  • 4. Dependability requirement types Non-functional requirements Requirements that specify the dependability properties of the system The Probability of Failure on Demand of the Protection system shall be 0.0001 Functional requirements Requirements that are introduced in order to achieve dependability as distinct from requirements that reflect the functionality that is used by system stakeholders All data that is maintained on local disks must be encrypted
  • 5. Integrated requirements engineering Dependability requirements are business requirements so dependability requirements engineering should not be a separate process but should be part of the system requirements engineering process Dependability issues should be considered alongside other business requirements – dependability should not be compromised but the best way to improve dependability might be to change other system requirements In this lecture, I will focus on safety requirements engineering but the approach proposed is equally applicable to other dependability requirements
  • 6. Rationale Safety is not an isolated system property but must be considered in conjunction with other properties such as integrity and timeliness Requirements conflicts and trade-offs are harder to make when safety requirements are distinguished in some way Risks and hazards, especially for information systems, cannot be identified until you have some knowledge of the system requirements
  • 7. Safety-critical information systems The safety-critical systems community has focused its attention on safety-critical control systems In those systems, the actual damage that is caused results from undesirable behaviour of the equipment that is being controlled Increasingly, however, information systems are safety-critical in that system failure results in indirect risks to people Other systems (not necessarily equipment but also human systems) may rely on an information system for their correct functioning. Failure of these systems may then lead to damage
  • 8. Examples Design systems Failure of CAD systems that are used to design critical hardware and software may lead to the failure of the systems that have been designed A story in the 1970s suggested that a number of plane crashes were a result of errors in a structural analysis program which resulted in structural weaknesses in the airframe Records systems Incorrect information or unavailability of records systems may mean that users of these systems take actions that are potentially dangerous If a maintenance record for an aircraft is incorrect, parts that have reached the end of their design life may not be replaced Simulation systems Simulation systems that do not match the real environment may result in incorrect design decisions or misplaced confidence in the integrity of the system
  • 9. Secondary risks In control systems, the risks (primary risks) are determined from the characteristics of the equipment that is being controlled This doesn’t mean that risk assessment is easy but it does provide boundaries for the risk assessment and helps identify information sources In information systems, the risks are secondary risks (ie they result from the use of some other dependent system) As there may be many dependent systems, identifying risks is consequently more difficult
  • 10. Hazard classes Data hazards, namely hazards that are associated with the data processed by the system, are the major type of hazard in information systems Control hazards, hazards that are associated with the software controlling the system are also significant
  • 11. Secondary risk example An electronic health record in a hospital may be used in: Diagnostic processes Anaesthetic processes Treatment processes Discharge processes A failure in that system associated with an individual record may be non-critical for some of these processes but critical for others
  • 12. Control systems and information systems Control systems are becoming increasingly data intensive as more and more operational data is stored and used Control systems are increasingly being directly connected to information systems so that failure of the information system is a hazard for the control system. This type of hazard can be difficult to manage
  • 13. The MHCPMS This system (not its real name but a real system) is a generic medical information system that is configured for use in different regional health trusts It supports the management of patients suffering from mental health problems and provides information on their treatment to health service managers
  • 14. System goals To provide management information that allows health service managers to assess performance against local and government targets To provide medical staff with timely information to facilitate the treatment of patients
  • 15. Mental health care Patients do not always attend the same clinic but may attend in different hospitals and local health centres Patients may be confused and disorganised, miss appointments, deliberately or accidentally lose medication, forget instructions and make unreasonable demands on staff Mental health care is safety-critical as a small number of patients may be a danger to themselves and others
  • 16. Concerns Safety should be considered as an organisational goal and should be considered in conjunction with other organisational goals and business requirements Concerns are a general mechanism that we have devised that are used to reflect organisational goals They also reflect constraints on the organisation that reflect the environment in which the organisation operates They help focus the requirements engineering process and provide a basis for conflict analysis
  • 17. Concerns Are issues that an organisation must pay attention to and that are systemic ie they apply to the system as a whole They are cross-cutting issues that may affect all system stakeholders Help bridge the gap between organisational goals and system requirements May exist at a number of levels so may be decomposed into more specific sub-concerns
  • 18. Concerns Software and hardware Operators The organisation Society Safety Security Cost
  • 19. Concerns and safety analysis Concerns are completely compatible with safety analysis as discussed earlier However, they provide a mechanism where safety can be integrated with other critical system requirements They help highlight trade-offs that may have to be made and conflicts that may arise
  • 20. Concerns in the MHCPMS The principal concerns in the MHCPMS are: Safety - the system should help reduce the number of occasions where patients cause harm to themselves and others Privacy - patient privacy must be maintained according to the provisions of the Data Protection Act and local ethical guidelines Information quality - the information maintained by the system must be accurate and up-to date Operational costs - the operational costs of the system must be ‘reasonable’
  • 21. Concern decomposition Concerns are decomposed into sub-concerns: Information integrity Information quality Information accuracy Information timeliness
  • 22. The safety concern Accidental self-harm Patient safety Deliberate self-harm Staff safety Incorrect treatment Safety Adverse reaction to medication Public safety Mental Health Act
  • 23. Concern identification The process of establishing concerns is probably best done in a series of meetings involving business managers and technical staff Brainstorming or a similar technique may be used Analysis of concerns between meetings is essential and someone should take an explicit action to do this Several meetings over a relatively short period of time are required for this stage
  • 24. From concerns to questions A problem that I find with hazard analysis is the ‘requirements gap’. You identify the hazards and possible root causes but there is no method for going from there to requirements To address this, we proposed that, after sub-concerns are identified, you should then explicitly identify questions and sub-questions associated with each concern Answers to these questions come from system stakeholders and help generate system requirements
  • 25. Generic questions What information relates to the sub-concern being considered? Who requires the information and when do they require it? How is the information delivered? What constraints does the (sub) concern impose? What are the consequences of failing to deliver this information?
  • 26. Deliberate self-harm sub-concern Information about previous history of self-harm or threats of self-harm Medical staff during consultations. Relatives and carers Can be delivered to medical staff directly through the system. Delivered to relatives and carers through a message from the clinic No obvious constraints imposed Failing to deliver may mean an incident of preventable self-harm occurs
  • 27. Concern-cross checking A generic problem in complex systems is requirements conflicts where different system requirements are mutually contradictory In my view, separating safety analysis in the RE process increases the likelihood of conflict and the costs of resolving that conflict Concerns partially address this problem as it allows cross-checking at a higher level of abstraction than the requirements themselves
  • 28. Concern comparison Concerns should be compared in pairs to assess the likelihood of of potential conflicts Safety and information quality Conflicts only likely if the requirements allow erroneous or out of date information to be maintained in the system Safety and privacy Privacy may impose limits on what information can be shared and who can access that information. Requirements on information sharing and access should be checked Safety and operational costs Operational processes that require extensive staff time may be problematic
  • 29. The privacy concern All information in the system that relates to identifiable individuals is covered by the Data Protection Act All staff need to be aware of the requirements imposed by the Act There are no information delivery requirements Personal information may only be disclosed to accredited information users Failure to address the concern could result in legal action against the Trust
  • 30. A requirements conflict To reduce the likelihood of deliverate self-harm, the patient’s relatives should be informed of incidents or threats of self-harm Information may only be disclosed to accredited information users The privacy concern conflicts with the safety concern
  • 31. Requirements derivation Requirements are derived from the answers to the questions associated with concerns. However, there is not a simple 1:1 relationship between answers and requirements By using answers to questions, the problem of stakeholders suggesting requirements that are too specific is reduced
  • 32. MHCPMS requirements The system shall provide fields in each patient record that allow details of incidents or threats of deliberate self-harm to be maintained The records of patients with a record of deliberate self-harm shall be highlighted to bring them to the attention of clinical system users The system shall only permit the transmission of personal patient information to accredited staff and to the patient themselves
  • 33. Key points An increasing number of information systems of various kinds are safety critical systems Concerns are a mechanism that allows safety to be integrated with other business requirements Concerns are decomposed to sub-concerns and questions that then drive the requirements engineering process The DISCOS method is a spiral model of requirements engineering for critical systems that integrates concerns, requirements and system architectural design