Abstract :
Rolls-Royce and Associates Limited design and procure nuclear steam raising plant. In defining the methods to be used for safety critical software, and subsequently implementing them, RR and A has reviewed the approach required to subcontract detailed design of electronic systems. It has become evident that the requirements which are imposed by the need to develop safety critical software will have significant influence on decisions as to the most effective project organisation. The author reviews the methods used in each of the two projects so far undertaken, and examines the lessons learnt, both in terms of technical methods and project organisation
