What does a complete set of safety processes look like?

Safety concept

Define the context of the system (that includes Linux)
What does achieving safety mean for this system?
What high level requirements are required to accomplish this?
Safety analysis at this level is focussed on the system

System concept

What else (beyond safety) does the system need to do and how is Linux involved in this?
What parts of the system is Linux responsible for managing?
What goals apply to this (e.g. availability, performance)
- May need to balance these goals against safety goals

Safety requirements

Specifically for the Linux element(s) of the system
What critical functions are we expecting Linux to perform?
What are the responsibilities of other parts of the system in relation to these?
- What are we assuming that other parts of the system need to do (Assumptions of Use)
What must Linux not do

Linux element definition

What is the scope and configuration of our system element that uses Linux?
Which subsystems / features / drivers are actually needed in our system?
What kernel configurations are we going to use?
Pare down the scope of what we mean by 'Linux' in our system context

Software-level safety analysis

How can we show that our Linux element achieves its safety requirements?
What is required here will be specified by the applicable standard
May be number of different aspects to consider:
- Functional analysis: what are we relying on Linux to do as part of the system's safety functions?
- How can we differentiate between safety and non-safety functions of the element
- Freedom from interference: how can we be confident that other functions provided by Linux will not interfere with these?
- Dependent failure analysis: how can we prevent a failure in Linux or another component from cascading to after other elements

Process-level safety analysis

How do my development and management processes contribute to managing the risks associated with using this software?
- Configuration management, change management, requirements management, etc
- Building and integrating the software as part of the system
- Testing the software and systems including it
How do you know when you're done?

Verification

How do we verify that Linux (and the other parts of the system involved) achieve these safety requirements?

What does a complete set of safety processes look like?

Safety concept

System concept

Safety requirements

Linux element definition

Software-level safety analysis

Process-level safety analysis

Verification

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!