An assurance case is a structured argument supported by evidence. It can a static safety case referring to static evidence and frozen in a Safety Case Report. And it can a dynamic object referring to dynamic evidence that can evolve. For example the evidence may include Safety Performance Indicators based on measurements during system operation. The key question is how you track the changes of evidence to maintain a valid, consistent and up to date dynamic assurance case.
PREMIS supports four ways in which you can refer to evidence within your assurance case. Each method offers the possibility of creating dynamic assurance cases, but with different levels of automation and technical difficulty.
These four ways are given below and they are presented in the video.
- You can refer to off-line evidence. The evidence will not be available in the application for the user, but you may specify its identification data or summary. This option does not support dynamic arguments unless you manually change the evidence data or you have a software agent that can do this for you.
- You can upload evidence files to PREMIS and use them in the argument. This option also does not support dynamic arguments unless you manually upload new evidence or you have a software agent that can do this for you.
- URL addresses can be used to reference to online evidence items. These are usually static objects, such as PDF files, however you can also use web service addresses for dynamic data.
- The last option is an integrated evidence repository. This can be a SharePoint service for storing technical documentation but this approach can also be used for repositories containing dynamic data. What’s important, this integration includes authentication. This is often required to access sensitive data in any system.
The first step for building dynamic assurance case is to decide how you plan to transfer the dynamic data into the argument. This will depend on the technology used to produce the data, if the result is available online, what type of authentication is required, or maybe your systems can send some notifications?
The next step is the decision how these data are presented in your argument. You will probably have argument claims referring to system operation and maintenance process (for example in SOTIF).
The final design step involves planning information propagation and notifications. The information propagation in the argument is usually based on the assessment mechanism and this allows to affect the top claim when major problems are reported in the dynamic data. The results can also be published in online bulletins or reports, or via email notifications.
A dynamic assurance case could be an effective tool for supporting system safety or reliability monitoring. However, all this depends on the first step, which is the decision on how dynamic data is to be presented as evidence in the argument. Any solution that works is a good one.
