Software QA

advertisement
QA Requirements for DOE
Accelerator Safety System Software
K. Mahoney
Group Leader, Safety Systems
TJNAF
Presented at the 2008 DOE Accelerator Safety Workshop
August 13, 2008
“Musts”
• DOE O 414.1C ‘QA ORDER’
– Updated in 2005 to incorporate Software QA (SQA)
for DOE Nuclear Facilities
– Scope – Required for all DOE organizations, field
elements, and contractors with two exceptions:
• Naval rector program
• Bonneville Power Administration
– Requires Contractor QA Program (QAP)
• Part 5 of contractor requirements give requirements
for “Safety Software Quality Requirements”
“Safety Software”
Safety System Software.
Software for a nuclear facility that performs a safety
function…
Safety and Hazard Analysis Software and Design
Software.
Software that is used to classify, design, or analyze
nuclear facilities.
Safety Management and Administrative Controls
Software.
Software that performs a hazard control function in support
of a nuclear facility… necessary to provide adequate
protection from nuclear facility or radiological hazards.
QA Order Contractor QAP Requirements for
“Safety Software”
Work processes involving safety software must be developed
and implemented using national or international consensus
standards and must include the following elements:
a. Facility design authority involvement in the [lifecycle of
a safety software application]
b. Identify, document, and maintain safety software
inventory.
QA Order Contractor QAP Requirements for
“Safety Software”
c. Establish grading levels for safety software. Document
those grading levels in the QAP.
d. Using the grading levels established and approved above,
select and implement the applicable software QA work
activities from the following list to ensure that safety
software performs its intended functions.
Software QA Activities ‘Menu’ from
414.1C Contractor Requirements
•
•
•
•
•
•
•
•
•
Project Management
Risk Management
Procurement and supplier management
Requirements identification and management
Design and Implementation
Safety
Verification and Validation
Problem Reporting and Corrective Action
Training of personnel in design, development, use, and
evaluation of safety software
DOE Standards with ‘Software’ in the
Title
• DOE-STD-1172-2003 Safety Software Quality Assurance
Functional Area Qualification Standard
– Qualification of Software QA people
• DOE-STD-4001-2000 Design Criteria Standard for
Electronic Records Management Software Applications
Guidance
• DOE G 414.1-4 “Safety Software Guide…”
– Not bad in generic guidance
– Does not hit the mark with respect to hazards and mitigation usign
programmable systems at accelerator facilities
– Written meet the needs of nuclear facilities
– Tries to be non-committal but really ends up with ANSI/ASME
NQA-1 2000 (QAPs for Nuclear Facilities) Note: this includes
reactor and non-reactor facilities.
– Defines levels based on 10CFR830 and by reference DOE STD
1027 “Hazard Categorization and Accident Analysis Techniques
for Compliance with DOE Order 5480.23, Nuclear Safety Analysis
Reports”
1027 NF Hazard Category
3 DEFINITION
– Hazard Analysis shows the potential for only significant localized
consequences.
• INTERPRETATION
– Facilities with quantities of hazardous radioactive materials which meet or
exceed Table A.1 values [Radionuclides]
2 DEFINITION
– Hazard Analysis shows the potential for significant on-site consequences.
• INTERPRETATION
– Facilities with the potential for nuclear criticality events or with sufficient
quantities of hazardous material and energy, which would require on-site
emergency planning activities (see Attachment 1).
1 DEFINITION
– Hazard Analysis shows the potential for significant off-site consequences.
• INTERPRETATION
– Category A reactors and facilities designated by PSO.
Accelerator Safety Systems
• Multiple safety functions mitigating hazards from:
– Prompt Ionizing Radiation
– Radioactive Materials
– RF Power
– Laser
– Electrical Systems
– Machinery
– Chemical Processing Systems
What? No Nuclear?
Accelerator Safety System Software –
Scope
Application software program used to implement a safety
function
Embedded software used to execute the application software
program
Utility software used to code and compile the application
software
Software QA
• QA
– Process or methods to ensure desired result or outcome
is implemented in an efficient manner
• Software
– Instructions for the implementation of desired
functional relation
• Software QA is
– process or methods to ensure efficient implementation
of desired functional relation
– Note: inferred Safety QA requirement is complement –
not to implement undesired functions
Software QA
• Focus of safety software QA should be on the desired
function
Requirements
– What is the intended function?
– How should the function be carried out?
– What are constraints and assumptions?
Accelerators and Programmable
Safety Systems
• Using Systems approach where:
– Safety functions are identified and ranked
– Ranking triggers performance requirements for:
• Management
• Technical Staff
• Hardware
• Software Lifecycle
• Testing
• Management of Change
• End of Life
ISA/IEC Standards
• IEC61511/ISA S84 Defined from a safety function
perspective.
• Performance based consensus standards
• Extensive requirements and guidance on software
Incorporation of System Safety
Engineering
• Higher level than Functional Safety standards
– ISO/IEC 15288:2002(E) – Systems engineering –
system life cycle processes.
– Defines processes for ‘system of systems’
– Incorporates human element
Continuing Continuing Continuing Continuing Continuing Continuing
Resolution Resolution Resolution Resolution Resolution Resolution
From: INCOSE Systems Engineering Handbook v3.1
Traditional QA applied to the
Program
• Process and methods to ensure program is:
– Free from defects
– Dependable
– Maintainable
– Reviewable
– Testable
This has to do with requirements for implementation, not the
function
- Do not confuse quality programming with quality software
Issues 1
• Can consensus standards like ISA S84/IEC61511 be used
to meet requirements of QA order? (in the context of the
accelerator safety order)
• Are there common hazard ranking levels at accelerator
facilities?
• What are appropriate levels of review for accelerator safety
system software?
• Should this issue be addressed in the ASO Guidance?
Issues 2
• What is an acceptable level of competency at various
lifecycle stages?
• Is Functional Safety requirements enough? System
Safety?
• What are implications of General Standard – IEC61508?
• How does one handle reconfigurable devices like Field
Programmable Gate Arrays (FPGA)?
Download