Using Model-Driven Engineering for Managing Safety Evidence: Challenges, Vision and Experience

Certification is a major prerequisite for most safety-critical systems before they can be put into operation. During certification, system suppliers often have to present a coherent body of evidence demonstrating that the developed systems are safe for operation. Regardless of the certification approach taken (process-based or product-based), collection of proper evidence at the proper stage of development is critical for successful certification. Currently, system suppliers and certification bodies alike are facing various challenges in relation to safety evidence collection. Notably, they find it hard to interpret the evidence requirements imposed by the safety standards within the domain of application; little support exists for recording, querying, and reporting evidence in a structured manner; and there is a general absence of guidelines on how the collected evidence supports the safety objectives. This paper states our position on how safety evidence should be characterized and managed. Specifically, we propose the application of Model-Driven Engineering as an enabler for performing the various tasks related to safety evidence management. We outline our current work on the specification of safety evidence requirements, upfront planning of evidence collection activities, tailoring of evidence information to domain-specific needs, and storage of evidence information. Based on this work, we identify a number of challenges that need further investigation and provide a future research agenda for managing safety evidence for software safety certification.