Undergraduate Course: Standards Compliant Software Development (INFR11214)
|School||School of Informatics
||College||College of Science and Engineering
|Credit level (Normal year taken)||SCQF Level 11 (Year 4 Undergraduate)
||Availability||Available to all students
|Summary||As our societies and economies become increasingly dependent on software-based systems there is a corresponding increase in the development of standards and regulation that aim to ensure such systems are fit for purpose. This course provides an overview of standards and regulation, what is necessary to ensure compliance and, processes to maintain compliance from initial requirements to the eventual decommissioning of the system. We will consider modern architectures and agile, continuous processes, investigating their strengths and weaknesses.
The course provides an overview of standards and regulations affecting software-based systems, concentrating on the way standards and regulations exert control over compliant systems. We will then consider how standards and regulation influence requirements and the requirements gathering process. Then consider tools and techniques that can be deployed to provide evidence of compliance. Finally we consider the full process from the initiation of development to the eventual decommissioning of the system.
- Standards and regulation: Here we consider a range of standards and regulation such as the MISRA C/C++ coding standard, the emerging EU AI regulations, Medical Device Standards such as EN 62304, Avionics (DO-178C), Process Control (IEC 61508) and others, including Security standards
- Requirements gathering: Here we consider practices like hazard and risk analysis, performance requirements, conformance to rules, and how the compliance requirement influences and is incorporated into the more general requirements process
- Evidence supporting compliance: Here we look at tools and techniques that support the generation of evidence that the system complies with these include standard architectures, testing, static analysers, verifiers, and others
- Processes for compliant systems: increasingly systems continuously evolve as they are modified in use (not all standards admit the possibility of evolution). Here we consider the range of approaches to process from the rigid v-model to modern system development practice and how different processes organise the production of compliance evidence
Class members will work in small groups taking a case study as their focus. Groups will be guided to provide a documented analysis of the strengths, weaknesses, potential for improvement and sustainability of the system and associated compliance-demonstrating processes. This work will be available to other class members as part of the learning materials of the course. Each class member will also develop a portfolio demonstrating they have individually achieved the learning outcomes of the course. This will be based on work included in the analysis of the case study augmented by appropriate other evidence. Acceptable kinds of evidence demonstrating achievement of the learning outcomes are diverse so part of the assessment is the design of the portfolio in advance of its construction. There are two or three 'standard' portfolio designs but class members are encouraged to develop their own approaches that take account of their personal strengths and weaknesses. Portfolio designs will include assessment criteria. Each week there will be a group meeting, around 1-2 hours of recorded material covering the lecture material in the course and a guest lecture given by a practitioner on their experience of working with standards compliant systems.
Entry Requirements (not applicable to Visiting Students)
||Other requirements|| Students should have some basic understanding of software engineering and software life-cycle together with experience of programming (e.g. the material covered in the second year SEPP course in Informatics). Some knowledge of testing and verification is also helpful but not essential.
Information for Visiting Students
|Pre-requisites||Students should have some basic understanding of software engineering and software life-cycle together with experience of programming (e.g. the material covered in the second year SEPP course in Informatics). Some knowledge of testing and verification is also helpful but not essential.
|High Demand Course?
Course Delivery Information
|Not being delivered|
On completion of this course, the student will be able to:
- describe the structure of typical standards and regulation for a range of domains of application
- explain and motivate the goals set by regulation and standards and how they influence the requirements for compliant systems
- given an example system and standard or regulation, justify what evidence would be needed to comply with the regulation or standard
- given an example system development process and standard or regulation, evaluate how effective the process can be in generating evidence of compliance to the standard or regulation
|A. Coronato, Engineering High Quality Medical Software: Regulations, standards, methodologies and tools for certification: Regulations, standards, methodologies and tools for certification. Stevenage: The Institution of Engineering and Technology, 2018.|
A. Stavert-Dobson, Health Information Systems: Managing Clinical Risk. Cham: Springer International Publishing AG, 2016.
B. S. Dhillon, Reliability, Quality, and Safety for Engineers. Baton Rouge: CRC Press, 2005. doi: 10.1201/9780203006139.
D. A. Vogel, Medical Device Software Verification, Validation, and Compliance. Norwood: Artech House, 2010.
M. Rausand, Reliability of safety-critical systems: theory and application / Marvin Rausand,; cover image, Marvin Rausand. Hoboken, New Jersey: Wiley, 2014.
T. Myklebust, The Agile Safety Case by Thor Myklebust, Tor Stålhane., 1st ed. 2018. Cham: Springer International Publishing, 2018. doi: 10.1007/978-3-319-70265-0.
M. Ebers and M. Cantero Gamito, Algorithmic governance and governance of algorithms: legal and ethical challenges / Martin Ebers; Marta Cantero Gamito., 1st ed. 2021. Cham, Switzerland: Springer, 2021. doi: 10.1007/978-3-030-50559-2.
T. Wischmeyer and T. Rademacher, Regulating Artificial Intelligence edited by Thomas Wischmeyer, Timo Rademacher., 1st ed. 2020. Cham: Springer International Publishing, 2020. doi: 10.1007/978-3-030-32361-5.
M. Staron, Automotive Software Architectures: An Introduction. Cham: Springer International Publishing AG, 2021.
'ISO/IEC/IEEE Draft International Standard - Systems and software engineering-Systems and software assurance - Part 4: Assurance in the life cycle,- ISO/IEC/IEEE P15026-4/DIS, February 2020, pp. 1-51, Mar. 2020.
L. Rierson, Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance, 1st ed. Bosa Roca: CRC Press, 2013. doi: 10.1201/9781315218168.
G. K. Hanssen, SafeScrum® - Agile Development of Safety-Critical Software by Geir Kjetil Hanssen, Tor Stålhane, Thor Myklebust., 1st ed. 2018. Cham: Springer International Publishing, 2018. doi: 10.1007/978-3-319-99334-8.
M. Debbabi, Verification and Validation in Systems Engineering Assessing UML/SysML Design Models / by Mourad Debbabi, Fawzi Hassaïne, Yosr Jarraya, Andrei Soeanu, Luay Alawneh., 1st ed. 2010. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. doi: 10.1007/978-3-642-15228-3.
|Graduate Attributes and Skills
||Research and enquiry: problem-solving, critical/analytical thinking, handling ambiguity, knowledge integration - these are all developed in building the analysis of the case study in a small group. This will involve identifying strengths and weaknesses in the case study, augmenting and integrating additional material and considering the impact of regulation on the system.
Personal effectiveness: planning and organizing, flexibility and change management - the portfolio design requires planning ahead to see what can be done and adapting to changed circumstances as the work on the case study develops.
Personal responsibility and autonomy: independent learning, self-awareness and reflection, creativity, decision-making - all of these will be required in developing the case study and individual portfolio of evidence of the achievement of the learning outcomes of the course.
Communication: interpersonal/teamwork skills; verbal, written, cross-cultural - all of these will be developed in the small group work where students are encouraged to work as a team to develop the analysis of their case study.
|Keywords||Software Engineering,Development Process,Software Architecture,Standards,Regulation,Compliance
|Course organiser||Mr Stuart Anderson
Tel: (0131 6)50 5191
|Course secretary||Miss Lori Anderson
Tel: (0131 6)51 4164