High Integrity Software Group
Remit
May 2013
1
Introduction
1.1
This document defines the working arrangements for the High Integrity Software
Group. High integrity software is playing an increasingly important role in a number of
railway applications as the GB railway is modernised. Some areas of application such
as Railway Signalling are mature in this technology, whilst others such as Railway
Energy systems have only a short history but are seeking rapid and extensive
application.
1.2
The establishment of the group proposed in this paper arises from a report produced
by the Railway Industry Association following a workshop on High Integrity Software
that took place in October 2011.
2
Purpose and Scope of the Group
2.1
The purpose of the High Integrity Software group is to establish and share best
practice in the area of software1 in high integrity railway applications.
2.2
The scope of the group’s considerations is software that is used to operate the railway
where safety and/or reliability are important, but excluding systems that are used
primarily for commercial purposes. Thus signalling systems, brake and traction control
systems, route setting systems and train crew and passenger information systems are
within scope, but ticketing systems and off-line performance monitoring systems are
not.
2.3
The group will report to the Strategic Safety Review Group (SSRG).
2.4
The rationale for the establishment of the group arose from discussion at an RSSB
Board meeting in May 2011, in the context of a wrongside signalling failure at Milton
Keynes on 29 December 2008. It was subsequently agreed that the Railway Industry
Association (RIA) would host a cross-industry workshop to enable a focussed
discussion to take place regarding high integrity software in the GB rail sector. The
outcomes from this workshop led to RSSB establishing this group.
3
Objectives of group
3.1
Areas of work
3.1.1 The group will identify and instigate opportunities for the development, application and
transfer of best practice, both between railway disciplines and from other industry
sectors, making use of bodies such as the safety critical software club where
appropriate.
3.1.2 Specifically, the group will define and consider the following areas:
High Priority
a) System requirements definition
b) Verification and validation processes
c) Life-time software development and management.
The term ‘software’ is being used generically, and for this purpose can include any of: firmware/core
operating software, application software; application data
1
High Integrity Software Group remit
Page 1 of 4
Other Priority
d) Opportunities for, and potential benefits of, the automation of testing.
3.1.3 An important facet of the work will be the effective dissemination of the information
listed above to the rail industry in Great Britain.
3.1.4 In delivering the high priority work, the group will oversee development of a guidance
note for the industry.
3.2
Work planning
3.2.1
The group will develop a time-bound work plan, with proposals for resourcing, to cover
the work identified as being high priority. This work will include investigating other
industries for solutions. The plan, proposals and timeline will then be reviewed by
SSRG before the group starts work.
3.2.2
When SSRG concludes that the group has delivered the requirements for the high
priority work, the process described in the paragraph above will be repeated for the
other priority item (unless SSRG concludes that there is no merit in continuing with the
other priority item).
3.3
Conditions under which the sub group will cease activity
3.3.1
The group has been formed to deliver the work areas identified under paragraph 3.1.2
with the presumption that it will disband after the satisfactory delivery of these. The
SSRG may define further work for the group or may (as in 3.2.2) conclude that ‘other
priority’ work is not merited.
4
Membership of group and supporting resources
4.1
There is cross industry interest in this topic, albeit coming from different viewpoints.
There are principally two types of stakeholders:
4.2

Customers - who need intelligence in this area to manage the software-based
products; and

Suppliers - who generally need to have the detailed expertise to develop and
integrate software between systems.
Discussions to date have identified a need for each of the following stakeholder
categories to be represented, and the individuals selected will be expected to have
some understanding of the issues to be addressed, albeit they are not necessarily
expected to be software experts:
a)
b)
c)
d)
e)
Train operators or their representatives
Network Rail
ROSCOs
Suppliers (including both software developers, OEMs and tier 2 suppliers)
ORR (observer)
4.3
It is also proposed to include within the group representation from RSSB and an
independent software expert to provide advice to and drafting of reports for the group.
4.4
Proposals for the initial membership and chairman will be agreed by SSRG.
4.5
Members may nominate alternates from within their constituencies, and be supported
by observers to contribute to specific agenda items.
4.6
If the chairman is not an RSSB representative, then the constituency which the
chairman represents will be invited to nominate a new representative.
High Integrity Software Group remit
Page 2 of 4
4.7
It is considered likely that the group will need to commission work by other experts,
and funding for this and for the independent expert referred to in paragraph 4.3 will be
justified and sought via RSSB research channels.
4.8
The members of the group are expected to have a network of other contacts within
their constituencies whom they can draw upon for additional insight and advice, as
required.
5
Disclosure of Interests
5.1
If a member, or a person for whom that member works, has a direct or indirect
personal interest in a matter to be discussed by the group, as distinct from a common
interest of the industry category as a whole, the member shall declare that interest to
the Chairman of the group of which they are a member at the earliest opportunity:
a)
On the first occasion at which the matter is discussed, or
b)
If a member is not aware of an interest at that time, at the next group meeting after
which they become aware of that interest, regardless of whether the matter is
being discussed at that meeting.
6
Process to elect and appoint new members / chairpersons
6.1
Electing new members
6.1.1
Industry categories may each put in place arrangements for nominating a person to the
HISG and can make a nomination on behalf of the relevant industry category when
notified that a vacancy exists:
a)
ATOC for passenger Railway Undertakings
b)
RIA for suppliers and infrastructure contractors who can each nominate a
member
c)
Rolling stock owners (including rolling stock leasing companies)
d)
Non-passenger Railway Undertakings, and
e)
Network Rail and other Infrastructure Managers.
6.1.2
Alternatively, RSSB may obtain nominations direct from RSSB member companies
when no arrangements have been put in place by industry categories.
6.1.3
All members will consider nominations with reference to the criteria for membership
and confirm the appointment of the member.
6.2
Electing a Chairperson
6.2.1
Members shall make nominations for a new Chairman from the membership of the
group and vote on the nomination(s).
6.2.2
The group will make a recommendation to and seek endorsement from SSRG for the
appointment of a new chairperson, based on the outcome of the vote.
7
Delegation of Authority
7.1
Decision Making
7.1.1
The group has the authority to specify and sponsor research and other fact finding
activities, and to develop drafts of industry guidance documents. Any industry
guidance documents would be endorsed for publication by either Strategic Safety
Review Group and/or the relevant standards committee.
High Integrity Software Group remit
Page 3 of 4
8
Funding and Budget Management
8.1
There is no specific budget allocated to the group, but if it wishes to propose research
activity it can do so directly through the RSSB industry research programme
processes.
9
Organisation / Operation of Meetings
9.1
Meeting Quorum
9.1.1
The meeting shall be considered quorate when the following representatives are
present:




1 x RIA
1 x Network Rail
1 x Passenger Train operators
1 x RoSCos
9.1.2
When a meeting is not quorate absent members will have one week after receipt of the
draft minutes to object to a decision. If no objection is raised the decision taken in the
meeting will stand.
9.2
Administration
9.2.1
The group will be supported by the CCS&ENE delivery unit of RSSB with an identified
Stakeholder Support Manager (SSM) providing meetings management services.
9.2.2
The SSM will:
a)
Call group meetings as required, up to 6 times per year
b)
Facilitate the drafting of a progress report, to be provided to SSRG every 6 months
c)
Agree meeting agendas with the Chairperson
d)
Make papers available electronically at least five working days before each
meeting
e)
Produce minutes recording actions, and circulate within ten working days of the
meeting
f)
Cause an annual review of the group’s remit and membership and propose any
refinements to SSRG for approval.
High Integrity Software Group remit
Page 4 of 4