Topic
8 replies Latest Post - ‏2013-03-25T17:58:52Z by Graham Bleakley
HazelWoodcock
HazelWoodcock
15 Posts
ACCEPTED ANSWER

Pinned topic Virtual Roundtable - Compliance: Capability

‏2013-03-18T14:26:26Z |
 
 

This topic covers the capabilities to help you with compliance to standards; is this tool, process or people focused?

If we gave you three wishes, what would you wish for?  Do the tools you use help or hinder you?  What would happen if you lost one or two of your experts?

You will need to JOIN this community to participate in this discussion.

 

Updated on 2013-03-25T17:58:52Z at 2013-03-25T17:58:52Z by Graham Bleakley
  • emayer
    emayer
    1 Post
    ACCEPTED ANSWER

    Re: Virtual Roundtable - Compliance: Capability

    ‏2013-03-19T14:16:00Z  in response to HazelWoodcock
    I am interested in knowing if there's more we should be doing with the integration between RQM and Rhapsody TestConductor.  The current integration allows RQM to invoke tests that are executed by TestConductor.  With TestConductor's new "fit for purpose" certification for ISO 26262 and IEC 61508, there's new interest in it from customers, even those following DO178 guidelines.  But RQM and TestConductor do not have a tight integration.  Example1 - a TestConductor "test case" appears in the Rhapsody model, and is not shown as a test case in RQM.   Example2 - a sequence diagram that is used as a test specification, does not appear as a linked "requirement" in RQM.  There are surely other examples, and opportunities.  We're investing in TestConductor, that's good, but should we be investing more, and should the TestConductor/RQM integration be improved to provide greater value to our customers (and help us sell more)?
    • bDouglass
      bDouglass
      9 Posts
      ACCEPTED ANSWER

      Re: Virtual Roundtable - Compliance: Capability

      ‏2013-03-19T17:15:27Z  in response to emayer
       Ed,
       
      I think you bring up a valuable point. However, just to be clear, automation is just that - it assists in the execution of tasks that you would perform anyway by some other means. The integration between RQM and TC can - and should - be improved but you can still get the job done by referencing by name the TC test case and describing where it lives. Still, I agree it would be nice to have tighter integration here.  
      • SteveDiCamillo
        SteveDiCamillo
        15 Posts
        ACCEPTED ANSWER

        Re: Virtual Roundtable - Compliance: Capability

        ‏2013-03-25T14:10:26Z  in response to bDouglass
         I agree there is an opportunity for improvement in automation here within the IBM Rational Family of tools, but I think we need to make sure we look at the process first to make sure what we automate is the right thing.  And we need to consider the implication this has on tool qualification, if we determine that to provide real value, the automated capability needs to be delivered through qualified tools.  Another area to consider is integration with other verification and testing tools that are prevalent in the safety critical space.  I think we can also consider integration with tools that are used for fleet management and used to troubleshoot, diagnose, and repair equipment in the field...and extending the use of test cases beyond the development lifecycle into service and maintenance.
  • DarrellSchrag
    DarrellSchrag
    2 Posts
    ACCEPTED ANSWER

    Re: Virtual Roundtable - Compliance: Capability

    ‏2013-03-19T14:53:09Z  in response to HazelWoodcock
     My three wishes:
    1.  Pick an industry or two and build some industry-specific tooling/marketing to target the industry.   
    2.  Invest in those industries by putting a dedicated resource into the standard body. 
    3.  (this one is a personal request) - Move the telecom industry out of Systems and into IT.  90% of the solution space is IT focused and not Systems focused. 
     
     
  • bDouglass
    bDouglass
    9 Posts
    ACCEPTED ANSWER

    Re: Virtual Roundtable - Compliance: Capability

    ‏2013-03-20T15:52:00Z  in response to HazelWoodcock
     For me, process is the tail that wags the dog. The metaprocess for project success is
    • Identify the requirement work products, lifecycle data and evidence required
    • Identify the work tasks that create and manage those elements
    • Decide on the best orchestration of those tasks (process) and how to best perform those tasks (practices)

    For agile methods - in which I'm a big believer - there is little literature on how to achieve these goals with agile methods and practices. I've tried to add my thoughts into the mix in webcasts, white papers and books, such as Real-Time Agility.

     How are others of you addressing the ostensibly conflicting goals of agility and rigor? 
  • takehiko.amano
    takehiko.amano
    2 Posts
    ACCEPTED ANSWER

    Re: Virtual Roundtable - Compliance: Capability

    ‏2013-03-22T03:54:01Z  in response to HazelWoodcock
     One of the topic I hear in Japan is standard proposed to OMG.
     
    Consumer Device Safety Standards
      http://www.omg.org/hot-topics/cdss.htm
     
    Toyota says that just comply to ISO-26262 is not enough to meet their quality goal (reference: http://www.dependable-os.net/osddeos/event/201211/ET2012C802.pdf  written in Japanese).

    It is just a starting point, or too basic so to speak. For example, ISO-26262 does not address "engine stale" problem. Or the problem of pressing "accel pedal" in stead of "break pedal".  One of capability that IBM should support is modeling of  dependability case or assurance case (in either DOORS or Rhapsody). I prefer DOORS (or RRC). Assurance case info can be found in various location such as this:
     
      http://www.dependable-os.net/osddeos/en/concept.html
     
    What is your opinion ?
     
     
    • bDouglass
      bDouglass
      9 Posts
      ACCEPTED ANSWER

      Re: Virtual Roundtable - Compliance: Capability

      ‏2013-03-22T13:40:53Z  in response to takehiko.amano
       ISO 26262 is purely a safety standard, and a fairly rigorous one at that. It doesn't address the other aspects of dependability however, which typically includes safety, reliability and security (incl. information assurance). So in that sense, yes, compliance to ISO 26262 is not enough. The DEOS link is interesting - it looks like they are supporting the notion of a Structured Assurance Case (see http://www.omg.org/spec/SACM/1.0/ for the standard).
       
      I created a Safety Analysis Profile for Rhapsody (since renamed to the FTA profile) that does 2/3 of this - safety analysis and assessment and reliability with FMEAs. I also created a Security Analysis Profile to perform model-based threat and security analyses. There has been the suggestion made for me to add structured assurance case diagram to the FTA profile as well.
       
      BTW, Rhapsody also has an interface with Medini Analyze for safety analysis. Medini Analyze is a stand alone safety analysis tool that is much more capable than the safety profile that I wrote. 
    • Graham Bleakley
      Graham Bleakley
      8 Posts
      ACCEPTED ANSWER

      Re: Virtual Roundtable - Compliance: Capability

      ‏2013-03-25T17:58:52Z  in response to takehiko.amano
      The content in the link looks similar to Goal Structured Notation, this is  a means to further rationalise and validate the safety case and in the UK has been mentioned a number of times WRT ISO 26262. So in response to Amano's view that Toyota do not think ISO 26262 is rigourous enough he is right, as the UK companies and MIRA would like this to be an integral part of the standard instead of just being something that should be done in the spirit of the standard. There is a big difference and i think many companies will do the minimum porsisble to reach compliance.
       
      In a similar vein to Bruce i have been asked a couple of times by customers to create a profile in Rhapsody to do this but to be honest there is only some much we can add to the tool and sensibly maintain. It would be better to use the proper tools for the job and link into them to provide the safety case.
       
      As an aside we are looking at the Canadian Governments Security and Assurance views (from DNDAF which are similar to this) to be included in what will be the Unified Architecture Framework Profile 1.0 (this is the next step in the evolution of the OMGs Unified Profile for DoDAF and MODAF).