16.11.2022 Views

MASS UK Industry Conduct Principles and Code of Practice 2022 (V6)

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

8.10.4 Provision shall be made to protect systems against:<br />

n intentional or unintentional viruses or unauthorised <strong>Code</strong> (Cyber Security is covered in more detail at<br />

paragraph 11.6);<br />

n unauthorised installation, change, or deletion <strong>of</strong> s<strong>of</strong>tware or associated data;<br />

n the installation or use <strong>of</strong> unauthorised s<strong>of</strong>tware, (e.g. running games or <strong>of</strong>fice applications);<br />

n modification <strong>of</strong> the s<strong>of</strong>tware function by additional or modified physical devices.<br />

8.10.5 The system safety justification shall be developed to include the risks posed by the use <strong>of</strong> s<strong>of</strong>tware both afloat<br />

<strong>and</strong> ashore <strong>and</strong> how those risks are reduced to an acceptable level. Consideration should be given to conducting<br />

a Failure Mode Effects <strong>and</strong> Criticality Analysis (FMECA) to identify risks or safety Critical S<strong>of</strong>tware elements.<br />

Any function <strong>of</strong> a <strong>MASS</strong> should be adequately validated in accordance with its consequence to safety <strong>and</strong><br />

performance <strong>of</strong> the <strong>MASS</strong>, <strong>and</strong> any s<strong>of</strong>tware implementation <strong>of</strong> this function adequately verified.<br />

8.10.6 The configuration status <strong>of</strong> the s<strong>of</strong>tware on each platform shall be captured <strong>and</strong> recorded, <strong>and</strong> the record<br />

maintained up-to-date for the life <strong>of</strong> the platform.<br />

8.10.7 The development <strong>and</strong> testing <strong>of</strong> changes to the s<strong>of</strong>tware <strong>and</strong> data, including specific arrangements for on-board<br />

testing, shall be managed so that the safety <strong>of</strong> the system, sub-system or equipment is not compromised.<br />

RNMB Hussar engaged in operational duties with the Royal Navy.<br />

This is a development <strong>of</strong> ATLAS ELEKTRONIK <strong>UK</strong>’s ARCIMS USV.<br />

© ATLAS ELEKTRONIK <strong>UK</strong> 2020<br />

8.10.8 The retention <strong>and</strong> release <strong>of</strong> earlier versions <strong>of</strong> s<strong>of</strong>tware shall be managed to enable restoration <strong>of</strong> a previous<br />

known <strong>and</strong> trusted state when necessary.<br />

8.12 SAFETY STANDARDS<br />

8.10.9 The release <strong>and</strong> installation <strong>of</strong> s<strong>of</strong>tware to each platform shall be appropriately <strong>and</strong> actively managed so<br />

that changes to s<strong>of</strong>tware are controlled. The installation process shall include a strategy for managing a failed<br />

installation.<br />

8.11 IN-SERVICE REQUIREMENTS<br />

8.11.1 Independent verification should be undertaken to provide assurance that the <strong>MASS</strong> complies in all respects with<br />

the provisions <strong>of</strong> this <strong>Code</strong> <strong>and</strong> remains compliant throughout its life.<br />

8.11.2 Construction surveys should be conducted at a periodicity <strong>and</strong> scope appropriate to the design <strong>and</strong> build <strong>and</strong><br />

may include:<br />

n A review <strong>of</strong> the capability, organisation <strong>and</strong> facilities <strong>of</strong> the manufacturer to confirm that acceptable st<strong>and</strong>ards<br />

can be achieved for the construction, <strong>and</strong> fit out <strong>of</strong> the hull structure, systems <strong>and</strong> equipment;<br />

n Certification <strong>of</strong> s<strong>of</strong>tware, equipment <strong>and</strong> components;<br />

n Survey <strong>of</strong> the material state during build to confirm compliance with the appraised design;<br />

n Witness <strong>of</strong> tests <strong>and</strong> trials to demonstrate functionality;<br />

n Details <strong>of</strong> s<strong>of</strong>tware integrity testing <strong>and</strong> cyber-security compliance audits.<br />

8.11.3 Through life survey activities should be conducted at a periodicity appropriate to the design, construction, material<br />

state <strong>and</strong> operation <strong>of</strong> the <strong>MASS</strong>.<br />

8.12.1 There are a number <strong>of</strong> functional safety st<strong>and</strong>ards that should be considered for adoption when providing remote<br />

or autonomous systems using electrical, electronic or s<strong>of</strong>tware based solutions. These include ISO 26262 from<br />

the automotive sector <strong>and</strong> IEC 61508, which detail how to establish the safety integrity level (SIL) for functions<br />

critical to safety in the system <strong>and</strong> the specification, design, implementation <strong>and</strong> testing processes that should<br />

be followed to ensure the required integrity is met.<br />

8.12.2 IEC 61508 is an international st<strong>and</strong>ard published by the International Electrotechnical Commission consisting <strong>of</strong><br />

methods on how to apply, design, deploy <strong>and</strong> maintain automatic protection systems called safety-related<br />

systems. It is titled Functional Safety <strong>of</strong> Electrical/Electronic/Programmable Electronic Safety-related Systems<br />

(E/E/PE, or E/E/PES).<br />

8.12.3 IEC 61508 is a basic functional safety st<strong>and</strong>ard applicable to all industries. It defines functional safety as: “part<br />

<strong>of</strong> the overall safety relating to the EUC (Equipment Under Control) <strong>and</strong> the EUC control system which depends<br />

on the correct functioning <strong>of</strong> the E/E/PE safety-related systems, other technology safety-related systems <strong>and</strong><br />

external risk reduction facilities.” The fundamental concept is that any safety-related system must work correctly<br />

or fail in a predictable (safe) way.<br />

8.12.4 The st<strong>and</strong>ard has two fundamental principles:<br />

n An engineering process called the safety life cycle is defined based on best practices in order to discover <strong>and</strong><br />

eliminate design errors <strong>and</strong> omissions<br />

n A probabilistic failure approach to account for the safety impact <strong>of</strong> device failures<br />

8.12.5 Zero risk can never be reached, only probabilities can be reduced.<br />

8.12.6 Non-tolerable risks must be reduced (ALARP).<br />

8.12.7 Optimal, cost effective safety is achieved when addressed in the entire safety lifecycle.<br />

72<br />

<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6<br />

<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6 73

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!