If we gave you three wishes, what would you wish for? Do the tools you use help or hinder you? What would happen if you lost one or two of your experts?You will need to JOIN this community to participate in this discussion.
NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
8 replies Latest Post - 2013-03-25T17:58:52Z by Graham Bleakley
Pinned topic Virtual Roundtable - Compliance: Capability
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
This topic covers the capabilities to help you with compliance to standards; is this tool, process or people focused?
Updated on 2013-03-25T17:58:52Z at 2013-03-25T17:58:52Z by Graham Bleakley
emayer 270001TCDG1 PostACCEPTED ANSWER
Re: Virtual Roundtable - Compliance: Capability2013-03-19T14:16:00Z in response to HazelWoodcockI am interested in knowing if there's more we should be doing with the integration between RQM and Rhapsody TestConductor. The current integration allows RQM to invoke tests that are executed by TestConductor. With TestConductor's new "fit for purpose" certification for ISO 26262 and IEC 61508, there's new interest in it from customers, even those following DO178 guidelines. But RQM and TestConductor do not have a tight integration. Example1 - a TestConductor "test case" appears in the Rhapsody model, and is not shown as a test case in RQM. Example2 - a sequence diagram that is used as a test specification, does not appear as a linked "requirement" in RQM. There are surely other examples, and opportunities. We're investing in TestConductor, that's good, but should we be investing more, and should the TestConductor/RQM integration be improved to provide greater value to our customers (and help us sell more)?
Re: Virtual Roundtable - Compliance: Capability2013-03-19T17:15:27Z in response to emayerEd,I think you bring up a valuable point. However, just to be clear, automation is just that - it assists in the execution of tasks that you would perform anyway by some other means. The integration between RQM and TC can - and should - be improved but you can still get the job done by referencing by name the TC test case and describing where it lives. Still, I agree it would be nice to have tighter integration here.
SteveDiCamillo 270001TTY215 PostsACCEPTED ANSWER
Re: Virtual Roundtable - Compliance: Capability2013-03-25T14:10:26Z in response to bDouglassI agree there is an opportunity for improvement in automation here within the IBM Rational Family of tools, but I think we need to make sure we look at the process first to make sure what we automate is the right thing. And we need to consider the implication this has on tool qualification, if we determine that to provide real value, the automated capability needs to be delivered through qualified tools. Another area to consider is integration with other verification and testing tools that are prevalent in the safety critical space. I think we can also consider integration with tools that are used for fleet management and used to troubleshoot, diagnose, and repair equipment in the field...and extending the use of test cases beyond the development lifecycle into service and maintenance.
DarrellSchrag 120000MK4C2 PostsACCEPTED ANSWER
Re: Virtual Roundtable - Compliance: Capability2013-03-19T14:53:09Z in response to HazelWoodcockMy three wishes:1. Pick an industry or two and build some industry-specific tooling/marketing to target the industry.2. Invest in those industries by putting a dedicated resource into the standard body.3. (this one is a personal request) - Move the telecom industry out of Systems and into IT. 90% of the solution space is IT focused and not Systems focused.
Re: Virtual Roundtable - Compliance: Capability2013-03-20T15:52:00Z in response to HazelWoodcockFor me, process is the tail that wags the dog. The metaprocess for project success is
- Identify the requirement work products, lifecycle data and evidence required
- Identify the work tasks that create and manage those elements
- Decide on the best orchestration of those tasks (process) and how to best perform those tasks (practices)
For agile methods - in which I'm a big believer - there is little literature on how to achieve these goals with agile methods and practices. I've tried to add my thoughts into the mix in webcasts, white papers and books, such as Real-Time Agility.How are others of you addressing the ostensibly conflicting goals of agility and rigor?
takehiko.amano 120000C34W2 PostsACCEPTED ANSWER
Re: Virtual Roundtable - Compliance: Capability2013-03-22T03:54:01Z in response to HazelWoodcockOne of the topic I hear in Japan is standard proposed to OMG.Consumer Device Safety Standardshttp://www.omg.org/hot-topics/cdss.htmToyota says that just comply to ISO-26262 is not enough to meet their quality goal (reference: http://www.dependable-os.net/osddeos/event/201211/ET2012C802.pdf written in Japanese).
It is just a starting point, or too basic so to speak. For example, ISO-26262 does not address "engine stale" problem. Or the problem of pressing "accel pedal" in stead of "break pedal". One of capability that IBM should support is modeling of dependability case or assurance case (in either DOORS or Rhapsody). I prefer DOORS (or RRC). Assurance case info can be found in various location such as this:http://www.dependable-os.net/osddeos/en/concept.htmlWhat is your opinion ?
Re: Virtual Roundtable - Compliance: Capability2013-03-22T13:40:53Z in response to takehiko.amanoISO 26262 is purely a safety standard, and a fairly rigorous one at that. It doesn't address the other aspects of dependability however, which typically includes safety, reliability and security (incl. information assurance). So in that sense, yes, compliance to ISO 26262 is not enough. The DEOS link is interesting - it looks like they are supporting the notion of a Structured Assurance Case (see http://www.omg.org/spec/SACM/1.0/ for the standard).I created a Safety Analysis Profile for Rhapsody (since renamed to the FTA profile) that does 2/3 of this - safety analysis and assessment and reliability with FMEAs. I also created a Security Analysis Profile to perform model-based threat and security analyses. There has been the suggestion made for me to add structured assurance case diagram to the FTA profile as well.BTW, Rhapsody also has an interface with Medini Analyze for safety analysis. Medini Analyze is a stand alone safety analysis tool that is much more capable than the safety profile that I wrote.
Graham Bleakley 2700029WTU8 PostsACCEPTED ANSWER
Re: Virtual Roundtable - Compliance: Capability2013-03-25T17:58:52Z in response to takehiko.amanoThe content in the link looks similar to Goal Structured Notation, this is a means to further rationalise and validate the safety case and in the UK has been mentioned a number of times WRT ISO 26262. So in response to Amano's view that Toyota do not think ISO 26262 is rigourous enough he is right, as the UK companies and MIRA would like this to be an integral part of the standard instead of just being something that should be done in the spirit of the standard. There is a big difference and i think many companies will do the minimum porsisble to reach compliance.In a similar vein to Bruce i have been asked a couple of times by customers to create a profile in Rhapsody to do this but to be honest there is only some much we can add to the tool and sensibly maintain. It would be better to use the proper tools for the job and link into them to provide the safety case.As an aside we are looking at the Canadian Governments Security and Assurance views (from DNDAF which are similar to this) to be included in what will be the Unified Architecture Framework Profile 1.0 (this is the next step in the evolution of the OMGs Unified Profile for DoDAF and MODAF).