Abstract
In recent years a plan-driven approach traditionally used in safety-critical software development has been put to a test by rapidly changing technologies, more diverse group of clients and volatile market requirements. The need to deliver good quality systems, faster and at lower cost in comparison to competitors encouraged companies to look for more efficient solutions. Agile methodologies are known to successfully address these issues for small, non-critical projects. Presumably agile practices can reduce both cost and time to market when applied to safety-critical projects as well. While benefits can be significant, the main concern are quality and safety assurance. Plan-driven methodologies provide tools for such purpose, which agile methodologies in their pure form lack. The challenge that arises is to elaborate a more easily available and ready-to-use solution that would help safety-critical organizations to streamline their processes with agile practices and to maintain accordance with safety standards and certifications. The goal of the research described in this work was to develop an approach aimed at facilitating the introduction of a more agile approach to the software development process, depending on the characteristics of the project, while maintaining compliance with the required safety standards and regulations, and the AgileSafe method presented in this thesis is the main result of this research. The information about project and about the regulatory context constraining the project and its product are the inputs to the method. User is guided through two main processes of AgileSafe: process which selects the specifications of software development practices to be applied in the Project and a process which results in the set of assurance arguments corresponding to the regulations included in the regulatory context. The two main processes of AgileSafe reflect the main objectives of AgileSafe: to support a hybrid approach to software development based on the tailored practices and to support continuous monitoring of conformance to the mandatory regulatory requirements. In order to further improve the method and tailor its advice to the User’s needs more accurately, the knowledge stored in the method should be reviewed and updated regularly. To validate the proposed AgileSafe method, in the course of the research, three case studies have been conducted in addition to interviews and questionnaires with participation of experts.
Author (1)
Cite as
Full text
- Publication version
- Accepted or Published Version
- License
- Copyright (Author(s))
Keywords
Details
- Category:
- Thesis, nostrification
- Type:
- praca doktorska pracowników zatrudnionych w PG oraz studentów studium doktoranckiego
- Language:
- English
- Publication year:
- 2019
- Bibliography: test
-
- AAIB (Air Accidents Investigation Branch) (2005), Aircraft Accident Report 4/2007 - Airbus A340-642, G-VATL, 9 February 2005, [online] Available at: https://www.gov.uk/aaib-reports/aar-4-2007-airbus-a340-642-g-vatl-9-february- 2005 (Accessed: May 2018) open in new tab
- Abbott (2017), [online] Available at: http://www.abbott.com/ (Accessed: January 2017)
- Abrahamsson, P., Salo, O., Ronkainen, J. & Warsta, J. (2002) Agile software development methods: Review and analysis, VTT publication 478, Espoo, Finland, 107p. open in new tab
- Agile Manifesto, (2001). Manifesto for Agile Software Development. [online] Available at: http://agilemanifesto.org. (Accessed: June 2018) open in new tab
- AgileSafe (2018), List of 50 Practices, [online] Available at: http://agilesafe.eu/ (Accessed: August 2018)
- AgileTek, (2011). [online] Available at: http://www.agiletek.com. (Accessed: April 2016)
- Alleman, G., Henderson, M. and Seggelke, R. (2003). Making Agile Development Work in a Government Contracting Environment -Measuring velocity with Earned Value. In: Agile Development Conference. Washington, DC: IEEE, pp.114 -119. open in new tab
- Ambler, S. (2010). IBM agility@scale: Become as Agile as You Can Be. IBM Global Services.
- Ambler, S. (2012), Summer 2012 DDJ State of the IT Union Survey. [online] Available at: http://www.ambysoft.com/surveys/stateOfITUnion201209.html (Accessed: May 2017) 140 open in new tab
- Animas Insulin Pumps, (2012). OneTouch Ping®. [online] Available at: http://www.animas.com/animas-insulin-pumps/onetouch-ping. (Accessed: November 2012) open in new tab
- Apple.com, Your heart rate. What it means, and where on Apple Watch you'll find it.
- Argevide (2017), [online] Available at: http://www.argevide.com/ (Accessed: December 2017) open in new tab
- Association for the Advancement of Medical Instrumentation, (2011). AAMI open in new tab
- TIR45/Ed.1, Guidance on the use of agile practices in the development of medical device software.
- Astah.net. (2017). Astah GSN Editor Overview | Astah.net. [online] Available at: http://astah.net/editions/gsn . (Accessed: March 2017)
- ATSB (Australian Transport Safety Bureau) (2005), In-flight upset event 240 km north-west of Perth, WA, Boeing Company 777-200, 9M-MRG, 1 August 2005, [online] Available at: http://www.atsb.gov.au/media/24550/aair200503722_001.pdf (Accessed: May 2018) open in new tab
- Autronica Fire and Security AS, (2017) [online] http://www.autronicafire.com/ (Accessed: February 2017) open in new tab
- BABOK: A Guide to the Business Analysis Body of Knowledge, Volume 3. (2015). open in new tab
- IIBA. open in new tab
- Babuscio, J. (2009). How the FBI Learned to Catch Bad Guys One Iteration at a Time. In: Agile Conference. IEEE, pp.96-100. open in new tab
- Banner, M.G., Fenn, J.L., Hawkins, R.D., Kelly, T.P., Oakshott, Y., & Williams, P.J. (2007). The Who, Where, How, Why and When of Modular and Incremental Certification Representing the Industrial Avionics Working Group. 141
- Bishop P.G., Bloomfield R.E. (1995) The SHIP Safety Case Approach. In: Rabe G. (eds) Safe Comp 95. Springer, London Bishop, P. G., Bloomfield, R. E. (1998). A Methodology for Safety Case Development. In: F. Redmill & T. Anderson (Eds.), Industrial Perspectives of Safety- critical Systems: Proceedings of the Sixth Safety-critical Systems Symposium, Birmingham 1998. open in new tab
- Bloomfield, R. and Bishop, P. (2010). Safety and Assurance Cases: Past, Present and Possible Future -an Adelard Perspective. In: Making Systems Safer. Proceedings of the Eighteenth Safety-Critical Systems Symposium. London: Springer, pp.51-67. open in new tab
- Bloomfield, R., Chozos, N. and Cleland, G. (2012). Supplement G: Safety case use within the medical devices industry. Supplements to: Using safety cases in industry and healthcare. [online] London: The Health Foundation, pp.G2-G17. Available at: http://www.health.org.uk/sites/default/files/UsingSafetyCasesInIndustryAndHealthc are_supplements.pdf.
- Boehm, B. & J. Hansen, W. (2000). Spiral Development: Experience, Principles, and Refinements Boehm, B. (2002). Get ready for agile methods, with care. Computer, 35(1), pp.64- 69. open in new tab
- Boehm, B. and Turner, R. (2003). Balancing agility and discipline. Boston: Addison- Wesley. open in new tab
- Bright Inventions (2017), [online] Available at: http://brightinventions.pl/ (Accessed: July 2017) open in new tab
- Brooks, Fred P. (1987). No Silver Bullet Essence and Accidents of Software Engineering. IEE Computer, 20(4), pp.10-19. open in new tab
- Bulska, K. and Miler, J. (2010). Łączenie zwinności metodyki Scrum z dojrzałoścą modelu CMMI (Integration of the agile Scrum practices with the maturity of CMMI).
- In: XII National Conference of Software Engineering (KKIO). Pomorskie Wydawnictwo Naukowo-Techniczne, pp.89-96. open in new tab
- Software Engineering Institute (2006) CMMI-DEV: CMMI for development, V1.2 model, CMU/SEI-2006-TR-008 open in new tab
- Software Engineering Institute (1993) Capability Maturity ModelSM for Software, Version 1.1, CMU/SEI-93-TR-024 open in new tab
- Chen, Y., Lawford, M., Wang, H. and Wassyng, A. (2014). Insulin Pump Software Certification. Foundations of Health Information Engineering and Systems, pp.87- 106. open in new tab
- Cyra, L. and Górski, J. (2011). Support for argument structures review and assessment. Reliability Engineering & System Safety, 96(1), pp.26-37. open in new tab
- Cyra, L. and Gorski, J. (2011). SCF -A framework supporting achieving and assessing conformity with standards. Computer Standards & Interfaces, 33(1), pp.80-95. open in new tab
- Denney E., Pai G., Pohl J. (2012) AdvoCATE: An Assurance Case Automation Toolset. In: Ortmeier F., Daniel P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7613. Springer, Berlin, Heidelberg Designsafe.(2012) Designsafe. [online] Available at: http://www.designsafe.com/. (Accessed: May 2012) open in new tab
- Diaz, J., Garbajosa, J. and Calvo-Manzano, J. (2009). Mapping CMMI Level 2 to Scrum Practices: An Experience Report. In: Proceedings of 16th European Systems and Software Process Improvement and Innovation Conference (EuroSPI). Berlin: Springer Berlin Heidelberg, pp.93-104. open in new tab
- Drobka, J., Noftz, D. and Raghu R., (2004). Piloting XP on four mission-critical projects. IEEE Softw., 21(6), pp.70-75. open in new tab
- Earned Value Management (1967). Earned Value Management. [online] Available at: http://www.earnedvaluemanagement.com/. (Accessed: November 2016)
- Elmqvist, J., Nadjm-Tehrani, S., Forsberg, K. and Nordenbro, S. (2008). open in new tab
- Demonstration of a formal method for incremental qualification of IMA systems. 2008 open in new tab
- IEEE/AIAA 27th Digital Avionics Systems Conference. open in new tab
- Emmet, L. and Cleland, G. (2002). Graphical notations, narratives and persuasion: a Pliant Systems approach to Hypertext Tool Design. Proceedings of the thirteenth ACM conference on Hypertext and hypermedia -HYPERTEXT '02, pp.55-64. open in new tab
- ERM -Workshop on Selected Problems in Environmental Risk Management and Emerging Threats, 2009. Proc. of the Workshop on Selected Problems in Environmental Risk Management and Emerging Threats, June 2009, Gdansk, Poland [online] Available at: http://kio.pg.gda.pl/ERM2009/ Extreme Programming: A gentle introduction. (1999) [online] Available at: http://www.extremeprogramming.org/ (Accessed: July 2018) open in new tab
- Faller R., Goble W. M. (2007). Open IEC 61508 Certification of Products, exida GmbH.
- Fda.gov. (2017). U S Food and Drug Administration Home Page. [online] Available at: http://www.fda.gov/ (Accessed June 2017). open in new tab
- Food and Drug Administration, (2014). Infusion Pumps Total Product Life Cycle. Guidance for Industry and FDA Staff. open in new tab
- Food and Drug Administation (2015) A Mobile Medical Applications. Guidance for Industry and Food and Drug Administration Staff Forsberg, K. and Mooz, H. (1991), The Relationship of System Engineering to the Project Cycle. INCOSE International Symposium, 1: 57-65
- Fritzsche, M. and Keil, P. (2007). Agile Methods and CMMI: Compatibility or Conflict?. e-Informatica, 1(1), pp.9-26.
- Gary, K., Enquobahrie, A., Ibanez, L., Cheng, P., Yaniv, Z., Cleary, K., Kokoori, S., open in new tab
- Muffih, B. and Heidenreich, J. (2011). Agile methods for open source safety-critical software. Softw: Pract. Exper., 41(9), pp.945-962.
- Ge, X., Paige, R. and McDermid, J. (2010). An Iterative Approach for Development of Safety-Critical Software and Safety Arguments. In: Proceedings of the 2010 Agile Conference, IEEE Computer Society, pp.35-43. open in new tab
- Glazer, H., Dalton, J., Anderson, D., Konrad, M. and Shrum, S. (2008). CMMI or Agile: Why Not Embrace Both!. Software Engineering Institute.
- Górski, J., Jarzębowicz, A., Leszczyna, R., Miler, J. and Olszewski, M. (2005). Trust case: justifying trust in an IT solution. Reliability Engineering & System Safety, 89(1), pp.33-47. open in new tab
- Górski, J. (2005). Trust Case-A Case for Trustworthiness of IT Infrastructures. open in new tab
- Cyberspace Security and Defense: Research Issues, 196, pp.125-141. open in new tab
- Górski, J. (2007). Trust-IT -a framework for trust cas. In: Proceedings of DSN 2007 : 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp.204-209. open in new tab
- Górski, J., Jarzębowicz, A. and Miler, J. (2008). Arguing trustworthiness of e-health services with the Trust-IT framework. In: Proceedings of 25th Anniversary Healthcare Computing : Invitation to the Future : Conference & Exhibition (HC 2008). open in new tab
- Górski, J., Jarzębowicz, A. and Miler, J. (2012). Validation of Services Supporting Healthcare Standards Conformance. Metrology and Measurement Systems, 19(2), pp.269-282. open in new tab
- Górski, J., Jarzębowicz, A., Miler, J., Wardziński A. (2014) Challenges in providing support for evidence based argument management. 4th International Symposium on Model Based Safety Assessment IMBSA 2014, October 27-29 2014, Munich, Germany 145 open in new tab
- Górski J., Łukasiewicz K. (2012) Agile development of critical software, can it be justified?, 7th International Conference on Evaluation of Novel Approaches to Software Engineering, Wrocław, Springer open in new tab
- Górski J., Łukasiewicz K. (2012) Assessment of risks introduced to safety critical software by agile practices -a software engineer's perspective, Computer Science 13(3), AGH University of Science and Technology Press
- Górski, J., Łukasiewicz K., (2013) Towards Agile Development of Critical Software", A. Gorbenko, A. Romanovsky, V. Kharchenko (Eds). Software Engineering for Resilient Systems -5th International Workshop, SERENE 2013, 3-4 October, Kiev, Ukraine, 2013. Proceedings. LNCS 8166. Springer open in new tab
- Górski, J. and Łukasiewicz, K. (2017). Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile. Lecture Notes in Computer Science, pp.3-15. open in new tab
- Graydon, PJ & Kelly, TP (2013), Using argumentation to evaluate software assurance standards, vol 55, no. 9, pp. 1551-1562 open in new tab
- Greenwell WS, Knight JC, Holloway CM, Pease J (2006). A taxonomy of fallacies in system safety argument. 24th International System Safety Conference, Albuequerque
- Hanssen, G., Myklebust, T., & Stålhane, T. (2012). The application of Safe Scrum to IEC 61508 certifiable software. open in new tab
- Hanssen G. K., Stålhane T., Myklebust T. (2018) SafeScrum® -Agile Development of Safety-Critical Software. Springer, to be published in November 2018 open in new tab
- Hawkins, R.; Kelly, T. P.; Knight, J. C. & Graydon, P. J. (2011), A New Approach to creating Clear Safety Arguments., in Chris Dale & Tom Anderson, ed., 'SSS' , Springer, , pp. 3-23 open in new tab
- Hillson D. (2009). Managing risk in projects. Gower 146
- International Electrotechnical Commission (2010) IEC 61508:2010 CMV, Available at [online] http://www.iec.ch/functionalsafety/standards/ (Accessed: February 2018) International Organization for Standardization (2006) IEC 62304:2006 Medical device software --Software life cycle processes, [online] Available at: https://www.iso.org/standard/38421.html (Accessed: February 2018) open in new tab
- International Organization for Standardization (2007) ISO 14971:2007 Medical devices --Application of risk management to medical devices, [online] Available at: https://www.iso.org/standard/38193.html (Accessed: March 2018) open in new tab
- International Organization for Standardization (2009) ISO/TS 16949, Available at [online] https://www.iso.org/standard/52844.html (Accessed: February 2018) International Organization for Standardization (2015) IEC 60601-1-11:2015, Available at [online] https://www.iso.org/standard/65529.html (Accessed: March open in new tab
- International Organization for Standardization (2015) IEC 62304:2006+AMD1:2015 open in new tab
- International Organization for Standardization (2015) ISO 9000 -Quality management, Available at [online] https://www.iso.org/iso-9001-quality- management.html (Accessed: February 2018) open in new tab
- International Organization for Standardization (2016) ISO 13485:2016 Medical devices -- Quality management systems, Available at [online] open in new tab
- International Organization for Standardization (2017). About ISO -ISO. [online] open in new tab
- International Society for Pharmaceutical Engineering (2008) GAMP 5 Guide: Compliant GxP Computerized Systems, [online] Available at: open in new tab
- Jones P, Górski J. Abstract of the Research Plan: Evidence-based arguments to support assurance and qualification of medical devices, [online] Available at: http://iag.pg.gda.pl/download/RCA_between_FDA_and_GUT-summary_page.pdf
- Kelly, T.P.(1998). Arguing Safety -A Systematic Approach to Managing Safety Cases. University of York, Department of Computer Science open in new tab
- Knight, J. (2002). Safety critical systems: challenges and directions. In Proceedings of the 24th International Conference on Software Engineering (ICSE '02). ACM, New York, NY, USA, 547-550 open in new tab
- Kromholz, Alfred H. and Ankrum, T. Scott (2005). Structured Assurance Cases: Three Common Standards. Ninth IEEE International Symposium on High-Assurance Systems Engineering (HASE'05), pp. 99-108
- Kruchten, P. (2011). Contextualizing agile software development. Journal of Software: Evolution and Process, 25(4), pp.351-361. open in new tab
- Leveson, N. (1995). Medical Devices: The Therac-25 Accidents. Safeware: System Safety, and Computers (Update of the 1993 IEEE Computer article ed.). Addison- Wesley open in new tab
- Lindvall M., Muthig D., Dagnino A., Wallin C., Stupperich M., Kiefer D., May J. & open in new tab
- Kähkönen T. (2004). Agile Software Development in Large Organizations in Computer, 37(12), pp. 26-34
- Łukasiewicz, K. (2017) Method of selecting programming practices for the safety critical software development projects -a case study. Technical report no. 02/2017, Gdańsk University of Technology
- Łukasiewicz K., Górski J., (2018) Introducing agile practices into development processes of safety-critical software. In Proceedings of ASCS'18, Porto, Portugal, May 21-25, 2018 148 open in new tab
- Marçal, A. C., de Freitas B. C., Furtado Soares F. S., Furtado M. S., Maciel T. M., Belchior A. D. (2008) Blending Scrum practices and CMMI project management process areas. Innovations in Systems and Software Engineering, 4(1), pp. 17-29 open in new tab
- McHugh, M., McCaffery, F., Casey, V. and Pikkarainen, M. (2012). Integrating Agile Practices with a Medical Device Software Development Lifecycle. In: Proceedings of European Systems and Software Process Improvement and Innovation Conference (EuroSPI) open in new tab
- McHugh, M., McCaffery, F. and Coady, G. (2014). An Agile Implementation within a Medical Device Software Organisation. Communications in Computer and Information Science, pp.190-201. open in new tab
- Miszczyszyn M., Naliwajek J. (2016) Documentation of the Group Project
- Musen, M.A. (2015) The Protégé project: A look back and a look forward. AI Matters. Association of Computing Machinery Specific Interest Group in Artificial Intelligence, 1(4), June 2015. DOI: 10.1145/2557001.25757003. open in new tab
- Mycklebust, T., Stålhane, T. and Hanssen, G. (2016). Use of Agile Practices when developing Safety-Critical software. In: Proceedings of The 34th International System Safety Conference (ISSC).
- NOR-STA project Portal (2017). [online] Available at: www.nor-sta.eu (Accessed: Deember 2017)
- Nyfjord, J. (2008). Towards integrating agile development and risk management (PhD dissertation). Kista. 149 open in new tab
- Nyfjord, J., & Kajko-Mattsson, M. (2008). Integrating risk management with software development : state of practice. In: Proceedings of The International MultiConference of Engineers and Computer Scientists 2008 Vol. I open in new tab
- OpenUP (2012) [online] Available at: http://epf.eclipse.org/wikis/openup/ (Accessed: May 2016)
- Paige R., Charalambous R., Ge X., Brooke P. (2008) Towards Agile Engineering of High-Integrity Systems. Proceedings of 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP), Newcastle upon Tyne, UK open in new tab
- Päivärinta, T. and Smolander, K. (2015). Theorizing about software development practices. Science of Computer Programming, 101, pp.124-135. open in new tab
- Palanque, P., Paternò, F. & Wright, P. (1998). Designing user interfaces for safety critical systems. ACM Sigchi Bulletin. 30. 200. open in new tab
- Pellet, [online] https://www.w3.org/2001/sw/wiki/Pellet, 2011 (Accessed: December open in new tab
- Petersen, K., & Wohlin, C. (2010). The effect of moving from a plan-driven to an incremental software development approach with agile practices. Empirical Software Engineering, 15(6), pp. 654-693 open in new tab
- Pikkarainen M., Mantyniemi, A. (2006) An Approach For Using CMMI in Agile Software Development Assessments: Experiences From Three Case Studies. Proceedings of SPICE Conference, Luxembourg
- Poppendieck M. and T. (2003) Lean software development: an agile toolkit, Addison- Wesley Potter, N., Sakry M. (2009). Implementing Scrum (Agile) and CMMI together. Process Group Post Newsletter, 16(2), Available at: http://www.itmpi.org/assets/base/images/itmpi/Potter-ScrumCMMI.pdf
- Pressman R. (2009) Software Engineering: A Practitioner's Approach (7 ed.). open in new tab
- McGraw-Hill, Inc., New York, NY, USA. 150
- Rasmussen, R., Hughes, T., Jenks, J. R., & Skach, J. (2009) Adopting Agile in an FDA Regulated Environment. Agile Conference Proceedings, Chicago, USA, 24-28 open in new tab
- Rottier A., Rodrigues V. (2008) Agile Development in a Medical Device Company, IEEE, Agile Conference open in new tab
- Royce, W. W. (1970) Managing the development of large software systems, Proceedings of IEEE Wescon, pp. 382-338.
- Schwaber, K., Beedle (2001) Agile Software Development with Scrum. Prentice Hall Sentez K., Ferson S., (2002). Combination of evidence in Dempster-Shafer theory. SANDIA National Laboratories.
- Siddique L., Hussein B. A. (2016) Managing risks in Norwegian Agile Software Projects: Project Managers´ perspective, International Journal of Engineering Trends and Technology (IJETT), V41(2),56-65 open in new tab
- Spivey, J. M. (1992). The Z Notation: A reference manual. International Series in Computer Science (2nd ed.). Prentice Hall. open in new tab
- Standish Group (2015) Chaos Report
- Stålhane, T., Myklebust, T. and Hanssen, G. (2013). Safety standards and Scrum - A synopsis of three standards. [article] Available at:
- Stephenson Z., McDermid J., (2006). Ward A. Health Modelling for Agility in Safety- Critical Systems Development. Proceedings of the First IET International Conference on System Safety Engineering, London, UK 151 open in new tab
- Stålhane, T., & Malm, T. (2016). Risk assessment: Experts vs. lay people. In L.
- Walls, M. Revie, & T. Bedford (Eds.), Risk, Reliability and Safety: Innovating Theory and Practice (pp. 1345-1352). CRC Press SWRL: A Semantic Web Rule Language Combining OWL and RuleML,(2004) [online] https://www.w3.org/Submission/SWRL/, (Accessed: July 2017) open in new tab
- Trapp, M., Schneider, D. and Liggesmeyer, P. (2013). A Safety Roadmap to Cyber- Physical Systems. Perspectives on the Future of Software Engineering, pp.81-94. open in new tab
- Toulmin S. E., The Uses of Argument (Updated Edition) (2003), Cambridge University Press Van Solingen, R.; Egon Berghout (1999).The Goal/Question/Metric Method.
- McGraw-Hill Education open in new tab
- VersionOne (2016), 10 th Annual State of Agile Report, [online] open in new tab
- Weiguo L., Xiaomin F. (2009). Software Development Practice for FDA-Compliant Medical Devices. Proceedings of the 2009 International Joint Conference on Computational Sciences and Optimization, Sanya, China
- Weinstock C. and John B. Goodenough. (2009) Towards an Assurance Case Practice for Medical Devices. TECHNICAL NOTE Software Engineering Institute October. Available at: http://www.sei.cmu.edu/reports/09tn018.pdf
- Weinstock, C., Goodenough, J. and Klein, A. (2013). 2013 1st International Workshop on Assurance Cases for Software-Intensive Systems (ASSURE 2013). 1st ed. Piscataway, NJ: IEEE, pp.7-11. open in new tab
- Zhang, Y., Jones, P. L., & Klonoff, D. C..(2010). Second Insulin Pump Safety Meeting: Summary Report. Journal of Diabetes Science and Technology, 4(2), pp open in new tab
- Verified by:
- Gdańsk University of Technology
seen 281 times