Safety-Critical: What’s Well Proven?

I’ve worked on more than 20 projects with varying degrees of safety criticality, ranging from relatively benign household items to fly-by-wire systems for airliners. I’ve also seen many project management systems and development processes. What has worked well with regards to safety?

The development processes with the best safety track record have used the spiral development process, whereby the process of requirements, design, implement, and verify is repeated until all known issues are knocked down and well covered and understood. This process was used for one of the critical items of the only two models of airliner with no fatal accidents in more than 1 million flight hours. This project also used earned value scheduling, where the work is broken down to a very high degree of granularity and progress toward completion is tracked in great detail. This prevents items from becoming issues through better visibility than just hitting a milestone or getting something out for a marketing show.

The Radio Technical Commission for Aeronautics specifies many aspects of air transport development, but development and management processes are left open. Similar conditions exist in other industries with regard to safety-critical items. The development and management processes are entirely open. If this is the case, why aren’t companies that develop safety-critical items looking for a better way to deliver a finished product?

Other methods — such as agile development — are faster for knocking out a simple product, but they lack the many sets of eyes needed for a more robust process. They also lack the fully independent QA required for many safety-critical industries. As a result, many items can sneak though the cracks, left to be found by the customer or – worse — a regulator or an expert witness following an accident. The agile process might work for coding up a web page or developing a simple application on non-embedded hardware, but I’ve just not seen it successfully used for something really critical and very complex.

What are your thoughts on all this? What project management and development processes have you seen that work well for safety-critical items?