SCSD: Standards Compliant Software Development

Welcome to Standards Compliant Software Development

This is the first year of presentation of the course so the class is limited in size and I will be developing materials during the course in to take accout of the response of the class to the material.  The course is a response to the standarisation activity going on around software and systems development in response to the very rapid digitalisation of our economies and societies.  One very striking example of this is the advent of Large Language Model-based systems like co-pilots and the real and imaginary concerns around their widespread use.  We will consider ISO 42001 on the management of AI as a case study in the course.

Although the course considers software development primarily, we will take a socio-technical systems approach where we consider the deployment contexts of software and the arrangements in these contexts.  The people and process in these contexts often need to be considered when we make claims of compliance for some software and associated processes.


Learning Outcomes

On successful completion of this course, you should be able to: 

  1. describe the structure of typical standards and regulation for a range of domains of application
  2. explain and motivate the goals set by regulation and standards and how they influence the requirements for compliant systems
  3. given an example system and standard or regulation, justify what evidence would be needed to comply with the regulation or standard
  4. given an example system development process and standard or regulation, evaluate how effective the process can be in generating evidence of compliance to the standard or regulation

 

Course Outline

The course provides an overview of standards and regulations affecting software-based systems, concentrating on the way standards and regulations exert control over compliant systems. We will then consider how standards and regulation influence requirements and the requirements gathering process. Then consider tools and techniques that can be deployed to provide evidence of compliance. Finally we consider the full process from the initiation of development to the eventual decommissioning of the system.

We consider:
- Standards and regulation: Here we consider a range of standards and regulation such as the MISRA C/C++ coding standard, the emerging EU AI regulations, Medical Device Standards such as EN 62304, Avionics (DO-178C), Process Control (IEC 61508) and others, including Security standards
- Requirements gathering: Here we consider practices like hazard and risk analysis, performance requirements, conformance to rules, and how the compliance requirement influences and is incorporated into the more general requirements process
- Evidence supporting compliance: Here we look at tools and techniques that support the generation of evidence that the system complies with these include standard architectures, testing, static analysers, verifiers, and others
- Processes for compliant systems: increasingly systems continuously evolve as they are modified in use (not all standards admit the possibility of evolution). Here we consider the range of approaches to process from the rigid v-model to modern system development practice and how different processes organise the production of compliance evidence

Class members will work in small groups taking a case study as their focus. Groups will be guided to provide a documented analysis of the strengths, weaknesses, potential for improvement and sustainability of the system and associated compliance-demonstrating processes. This work will be available to other class members as part of the learning materials of the course. Each class member will also develop a portfolio demonstrating they have individually achieved the learning outcomes of the course. This will be based on work included in the analysis of the case study augmented by appropriate other evidence. Acceptable kinds of evidence demonstrating achievement of the learning outcomes are diverse so part of the assessment is the design of the portfolio in advance of its construction. There are two or three 'standard' portfolio designs but class members are encouraged to develop their own approaches that take account of their personal strengths and weaknesses. Portfolio designs will include assessment criteria. Each week there will be a group meeting, around 1-2 hours of recorded material covering the lecture material in the course and a guest lecture given by a practitioner on their experience of working with standards compliant systems.

License
All rights reserved The University of Edinburgh