More and more software is being developed agile (iterative building and testing at the same time). In a safety environment, where you have to comply with the rules and conditions from the CENELEC standard, you work according to the V-model (first build, then test). "SafeScrum combines the advantages of agile/scrum working with the requirements from the CENELEC standard. So you have the best of both worlds: short and fast iterations that meet the high security requirements."

Agile software development has the advantage of a much shorter time-to-market, reduced risk by delivering small releases frequently, and easy anticipation of changes in specifications. In security projects, you work according to the V-model. That means you have to know at the beginning what you are going to make and then work it out. After that, you start testing. Scrum works differently, where you build and test right away. SafeScrum is a project management framework that incorporates safety as an important component in the scrum way of working. "These are projects where safety is crucial, where human lives are at stake if the software does not function properly," said Hans Heising, Agile Coach at InTraffic.

Safety backlog

One of the big differences with Scrum is that with SafeScrum, for everything you do, you look at the impact it has on safety. That starts in the preliminary phase in which the outline of the design is determined and all safety measures are recorded in a safety backlog. "If, for example, when controlling a signal on the track, the voltage drops and the signal can no longer be set to red or green, you automatically have to return to a safe situation. Driving on can lead to very dangerous situations. A safety backlog states what measures we must take if something goes wrong. Should we do something extra? Go back to the old situation? In short: how do we ensure that a safe situation arises again? By already thinking about this in the preliminary phase, you take it into account throughout the project."

"By thinking about security risks every day, the security aspect becomes part of your DNA. And you see that reflected in the iterations that are delivered."

- Hans Heising, Agile Coach InTraffic

Daily stand-up

A Scrum team starts each day with a daily stand-up. Team members briefly share with each other what they did yesterday, what they are going to do today and what problems they encounter. "At SafeScrum, another daily question is added: what security risks do I see? By consciously working on this every day, the security aspect becomes part of your DNA. And you see that reflected in the iterations that are delivered." To really put safety on the map within the team, there is also a safety manager who continuously monitors safety. "So safety is really woven into the whole process."

RAMS requirements

A sprint consists of a schedule for the next two or three weeks. At the end of a sprint, the results are presented, the team evaluates the past period and agrees on a new schedule. "At the end of each sprint, we do additional testing at SafeScrum to see if what we have delivered meets the RAMS requirements. RAMS stands for reliability, availability, maintainability and safety. In other words, is what we have delivered reliable, available, maintainable and safe?" In addition, traceability is an important aspect, Hans points out. "Of everything we create, it is clear where in the code it is done. We continuously keep track of which piece of code or software changes have been made."

TÜV audit

To ensure that everything done in a safety project meets the requirements of the CENELEC standard, an audit is performed by the TÜV. This independent body examines whether products meet the safety standards, and has participated in the development of SafeScrum. This way we can be sure that this approach meets the requirements of the CENELEC standard.  Only when we can say with 200% certainty that the software is good and safe will we make it operational."