Good safety management means that continuous attempts are made to improve all aspects of safety engineering practice. This includes the work required to assure the safe contribution of software to acceptable system safety (software safety practice). These improvements are often through creating interventions to perceived problems with software safety practice.
Historically, improvements to software safety practice have resulted in interventions which seem to have been largely ineffective. This suggests that they may not be addressing the real impediments to good software safety practice. It
is not argued that existing tools for improving software safety practice are necessarily deficient, rather that the notion of whether they are being employed to correct the actual causes of impediments to better practice is challenged.
Software safety practice ‘As Observed’ (the actual software safety engineering activities performed) is informed by defined processes (software safety practice ‘As Required’). These processes aim to ensure practice achieves the best
safety outcomes (software safety practice ‘As Desired’). For many different and complex reasons ‘As Observed’ software safety practice may not be equivalent to software safety practice ‘As Required’. Similarly, software safety practice ‘As Required’ may not be equivalent to software safety practice ‘As Desired’. Any, or all of these discrepancies could play a significant role in poor software safety practice. By exploring these discrepancies it becomes possible to understand the causes of deficiencies in practice, and to start to propose effective interventions.
This thesis defines a framework and process for understanding and assessing software safety practice based around modelling software safety practice ‘As Desired’, ‘As Required’, and ‘As Observed’, and the interactions between these
elements. The process is defined, described, instantiated and evaluated. Use of this framework and process for understanding software safety practice is an effective means by which an organization can identify currently existing impediments to the achievement of software safety best practice.