A Product-Based Assurance Model for Mixed-Integrity Markets

Many markets use a Commercial-Off-The-Shelf (COTS) or product-based approach to engineering in order to reduce project cost, schedule and risk, take advantage of product maturity and secure long-term support. The product-based approach presents challenges for both product developers and project engineers when applied to safety-related applications. Project engineers are obliged to present evidence of product integrity to support the overall safety argument. In such cases, the safety integrity requirements for a product may not be known until a safety analysis of a specific system architecture in its target environment is performed. Once determined, evidence of integrity needs to be obtained and presented to suit the customer requirements and industry standards. Concurrently, product developers need to engineer products and assurance evidence to support the requirements of high-integrity markets in the face of constant product change and the competing demands of different markets. This paper discusses the issues involved in engineering products for use in Supervisory Control and Data Acquisition (SCADA) systems in a diverse range of applications, both safety-related and non-safety-related. In particular, we address the issue of how to provide a base level of product assurance that can be used, if it ultimately proves necessary, to support system safety cases.