Managing systems and software reliability
Software and systems used in the energy and maritime environments are becoming increasingly complex as they evolve to meet more demanding operational, regulatory and technological requirements. The energy and maritime industries are also facing great product innovation with more embedded software forming part of the safety and business critical systems. DNV has extensive experience working with these industries and with this experience we have identified software and systems development standards and best practices and brought them together to produce a new recommended practice, DNV RP-D201, and an offshore standard, OS-D203 – a new class notation for Integrated Software Dependent Systems (ISDS).
DNV SERVING THE Energy and maritime INDUSTRies integrated software dependent systems managing systems and software reliability the power to Improve system performance 02 I energy and maritime I integrated software dependent systems I GLOBAL SERVICES TO THE ENERGY AND MARITIME INDUSTRIES Safety, health and environmental risk management Enterprise risk management ■■ IT risk management ■■ Asset risk management Technology qualification Verification ■■ Ship classification ■■ Offshore classification ■■ ■■ ■■ ■■ I integrated software dependent systems I energy and maritime I 03 CONTENTS 04 Introducing the world’s first class notation for systems and software reliability 06 Reducing software-related downtime for Seadrill 08 Measuring the quality of software source code Software and systems used in the energy and maritime environments are becoming increasingly complex as they evolve to meet more demanding operational, regulatory and technological requirements. The energy and maritime industries are also facing great product innovation with more embedded software forming part of the safety and business critical systems. DNV has extensive experience working with these industries and with this experience we have identified software and systems development standards and best practices and brought them together to produce a new recommended practice, DNV RP-D201, and an offshore standard, OS-D203 – a new class notation for Integrated Software Dependent Systems (ISDS). ©istock THE POWER TO Improve system performance 04 I energy and maritime I integrated software dependent systems I Introducing the world’s first class notation for systems and software reliability The increasing complexity of onboard software dependent systems represents a significant safety and business risk for owners and operators of advanced offshore units. With renewed industry focus on this critical, but often poorly managed, operational component, DNV has developed the world’s first class notation for Integrated Software Dependent Systems (ISDS). DNV’s optional ISDS notation has been developed in response to industry demand for improved management of risks associated with software malfunctions. ISDS is based on a proven methodology to ensure software integrity from the newbuilding process throughout the lifetime of the unit. Through specific process requirements, ISDS helps prevent software issues that may result in costly delays at the yard, and it helps owners and operators to avoid downtime during operations. MILLIONS OF LINES OF CODE Critical systems onboard offshore units contain high volumes of software code. Dynamic positioning and drilling control systems typically contain about 500,000 lines of programming each. In comparison, an Airbus A380 commercial airplane has about one million lines of code. In terms of software, offshore units tend to be far more complex than airplanes, yet the software on these units is not by far subject to the same controls and testing as seen in the aviation industry. The system components onboard offshore units are manufactured by different suppliers and are integrated at the yard. It is typically during this process that compatibility issues that compromise unit performance are detected. Software is also upgraded more frequently than hardware, introducing a need for well-defined change management processes that can be used through the entire life cycle of the unit. SOFTWARE BUSINESS RISK Software delays at the yard can last for months, and for units in operation, downtime is a significant business risk. With rigs getting day rates of up to USD 500,000, waiting around to repair code or re-boot systems after upgrades or malfunctions is unacceptable. Safe, predictable and profitable operations depend on the development of reliable components, successful integration of these components into systems, and good management and coordination of components and system requirements. The entire software value chain, including development, procurement, testing, validation, integration, commissioning, configuration and operation have to be considered, in order to reduce delays and non-productive time. WORKING TOWARD AN INDUSTRY STANDARD DNV has developed the ISDS methodology to give benefits to all parties involved in a project; owners, operators, yards and suppliers. While reduced risk for delays and downtime are the key benefits for the owners and operators, lasting improvements in system integration capabilities and early finding of potential problems are the key benefits for yards and suppliers. Some of the world-leading yards and suppliers have already expressed that they see ISDS as means to increase their competitive strength. DNV’S TRACK RECORD IN SOFTWARE INTEGRITY DNV has a long history working with software dependent systems. In 1982, DNV became the first class society to issue a classification note on Computer Based Systems, and today DNV has extensive in-house software competence and specialists with experience also from the automotive, telecom and aerospace industries. In 2008, DNV released a I integrated software dependent systems I energy and maritime I 05 Recommended Practice for Integrated Software Dependent Systems (DNV-RP-D201). The ISDS methodology has been built on DNVâ€™s decades of experience working with software integrity for embedded systems, and the methodology represents the industryâ€™s most comprehensive and effective software-related risk manage- ment tool to date. After piloting ISDS in more than 10 offshore projects, the Recommended Practice was promoted to a tentative Offshore Standard in 2010 (DNV-OS-D203). In 2011, the Offshore Standard, and the belonging class notation, are released in their final version ready to be applied in projects globally. 06 I energy and maritime I integrated software dependent systems I REDUCING SOFTWARE-RELATED DOWNTIME for seadrill Seadrill is an offshore deepwater drilling company that operates a fleet of 41 units including drillships, jackup rigs, semisubmersible rigs and tender rigs. Their latest generation newbuilds are highly automated and when software is integrated, care must be taken to ensure that the movements of components such as pipe handlers do not clash with other, equally-automated components. Seadrill undertook a pilot project, applying DNV’s recommended practices retrospectively to a recent newbuild to determine if the practices would have covered the gaps they felt occurred in the software integration process. DNV’s software engineering team in Houston met with Seadrill staff and evaluated procedures and documentation. Although many of the units in Seadrill’s fleet are not classed by DNV, this software integration task falls outside the scope of mandatory class rules and could be supported without conflict by DNV. Seadrill and DNV addressed commissioning, change management, crew competence and transparency issues. After a period of on-site collaboration, Seadrill and DNV planned and delivered recommended practice training, performed gap analysis and risk analysis to prioritise their findings and developed an action plan. Ten major action areas were identified, seven relating to on-going operation and three to future newbuilds. Importantly, external support helped Seadrill to keep the initiative moving so that new practices were implemented and the company was better prepared for future newbuilds. PROJECT FINDINGS The project addressed typical integration problems such as limited local vendor support and long downtimes. One finding was that the rig crew had little or no involvement in the integration testing processes that could have built up their competence to support the system, and they relied on service engineers flown in from overseas. Naturally, it was also recognised that not all the expertise necessary to maintain every system can be kept continuously available onboard every rig. Ref: The full story of this project was published in Offshore Engineer, Oct 2010 Another finding was that the lack of technical documentation limited the understanding of what was being tested, and there was no good means of feedback when equipment design or functionality did not meet operational requirements. It was also difficult to assign problems to a particular vendor as some machines can have up to five vendor control systems involved in their operation. Some equipment manufacturers offered poor training and did not follow up to ensure their equipment was working as designed, and inadequate software revision control led to downtime and the loss of important upgrades. Documentation for fixes and upgrades generally lacked detail on what was being changed, why and how it should be tested. BENEFITS OF ISDS In undertaking the pilot project and by applying the methodologies of ISDS, several benefits were highlighted. These include: ■■ the class notation provides a well-defined framework for the industry on how to work systematically with quality and performance assurance for software dependent systems ■■ in collaboration with DNV specialists, the owner can assess suppliers to ensure they have the pre-requisites for delivering good quality software ■■ owners are able to address potential problems earlier in the project, at a time when it is much cheaper to resolve any problems without causing critical delays ■■ the methodology is not only applicable for the development of the project and commissioning – it is also applicable during operation in order to manage changes throughout the lifetime of the rig/vessel. I integrated software dependent systems I energy and maritime I 07 “ISDS is a great tool to help guide us through new systems and optimisations and we’ll definitely use it going forward.” © Photo: Seadrill Steve O’Leary, Technical Services Director at Seadrill 08 I energy and maritime I integrated software dependent systems I MEASURING THE QUALITY OF SOFTWARE SOURCE CODE As a supplement to the ISDS methodology, DNV has SQALE - a model and tools to assess the quality of software source code. The model is applicable to all programming languages relevant for maritime and offshore control systems. Quality Counts Quality Model Software quality includes both external and internal aspects. ■■ External quality is defined by functionality, usability, amount of faults and performance, usually addressed and under control ■■ Internal quality is about testability, reusability, maintainability and changeability. This is often overlooked since it is less visible, harder to measure and has a long term impact on the life cycle cost. The Quality Model is made up of six quality characteristics based on the software life cycle. Associated to each quality characteristic is a set of sub-characteristics. Each sub-characteristic is defined through at least one quality checkpoint. Each quality checkpoint sets the quality requirement to be satisfied. SQALE SQALE objectively evaluates internal quality in order to understand the life cycle costs. SQALE delivers true value by: ■■ assessing and comparing software quality between different version, subcontractors, applications and sub-systems ■■ strengthening own quality management processes to define and follow-up quality goals SQALE brings added value Code analysis is not new but SQALE delivers results through: ■■ quality model based on a life cycle perspective - quality characteristics are defined and linked to the software life cycle ■■ an analysis model based on a unique aggregation Method - SQALE aggregates all static analysis results in quality indexes based on remediation costs. Examples of SQALE usage: efactoring decisions control outsourced product quality ■■ improvement activities follow-up ■■ evaluate open source projects ■■ due diligence ■■ choose between two similar products ■■ ■■ Analysis Model Analysing the software quality is measuring the gap left to achieve the quality targets. To measure this gap, a remedy factor is introduced to compensate for the specific remedy for each checkpoint. This results in an index that corresponds to the remediation effort to satisfy the quality requirements. Reporting The SQALE reporting is compact and graphical. Different stakeholders receive relevant information based on the same data e.g.: ■■ management gets feedback on quality characteristics and life cycle costs ■■ developers get feedback on adherence to quality checkpoints. Comparing the non compliance distribution related to Testability between Reused, Modified, newly Created, and Outsourced source code files ÂŠNexans I integrated software dependent systems I energy and maritime I 09 10 I energy and maritime I integrated software dependent systems I GLOBAL SERVICES TO THE ENERGY AND MARITIME INDUSTRIES Safety, health and environmental risk management ■■ Enterprise risk management ■■ IT risk management ■■ Asset risk management ■■ Technology qualification ■■ Verification ■■ Ship classification ■■ Offshore classification ■■ I integrated software dependent systems I energy and maritime I 11 Main offices Aberdeen Cromarty House Regent Quay Aberdeen AB11 5AR United Kingdom Phone: +44 1224 335 000 Dubai Bur Juman Office Tower, 14th Floor, Trade Center Road, Dubai United Arab Emirates Phone: +971 4 352 6626 Houston 1400 Ravello Dr Katy, TX 77449 USA Phone: +1 281 396 1000 London Palace House 3 Cathedral Street London SE1 9DE United Kingdom Phone: +44 20 7357 6080 Luanda Edificio Monumental Rua Major Kanhangulo nº 290, 2º Andar Angola Phone: +244 222 391 631 Oslo Veritasveien 1 NO-1322 Høvik Norway Phone: +47 67 57 99 00 Paris 69 rue du Chevaleret 75013 Paris France Phone: +33 144244010 Perth Level 5 216 St Georges Terrace Perth, WA Australia Phone: +61 0408 006339 Pusan Namchon 1-dong Suyong-Gu, Pusan 613011, Republic of Korea Phone: +82 51 610 7700 Rio de Janeiro Rua Sete de Setembro,111/12 Floor 20050006 Rio de Janeiro Brazil Phone: +55 21 3722 7232 Shanghai House No. 9 1591 Hong Qiao Road Shanghai 200336 China Phone: +86 21 3208 4518 Singapore DNV Technology Centre 10 Science Park Drive Singapore 118224 Phone: +65 6508 3750 Det Norske Veritas as NO-1322 Høvik, Norway I Tel: +47 67 57 99 00 I Fax: +47 67 57 99 11 www.dnv.com THIS IS DNV DNV is a global provider of services for managing risk, helping customers to safely and responsibly improve their business performance. Our core competence is to identify. assess and advise on risk management. DNV is an independent foundation with presence in more than 100 countries. the power to Improve system performance © Det Norske Veritas AS. Design: Coor Service Management/Graphic Services 1104-043. Print: 07 Oslo AS xxx/2011. Frontcover: ©Seadrill