The need for regulation for saftey-critical software

After the Blackpool rollercoaster crash, Tony Collins asks who regulates safety-critical software systems.

After the Blackpool rollercoaster crash, Tony Collins asks who regulates safety-critical software systems.

The accident involving the Pepsi Max Big One rollercoaster in Blackpool last week has raised questions over whether there are inherent weaknesses in the regulation of safety-related software. In the crash, 14 people were injured, two seriously.

Although there is a legal framework governing fairground safety, Computer Weekly has learned that regulation of control systems relies largely on trust and the professionalism of the system manufacturers, subcontractors and the fairground's owner.

As in air crashes, major improvements in fairground safety tend to happen after serious accidents.

With aircraft, safety-critical software must be passed by a state regulator before it comes into service. With fairground systems this is not the case. So, although the Big One's computerised systems are responsible directly for the safety of passengers, they are not subject to the scrutiny of the Health & Safety Executive (HSE) unless there is an accident.

Even after an accident, the HSE relies to some extent on the assurances of the parties involved that recommendations on safety improvements have been made without compromise.

Inspectors cannot guarantee a safety system will always perform faultlessly after a single set of tests. Trust is put in the reports and assurances of independent inspectors, who are appointed by the fairground's owner, that show the required safety improvements have been made and that the modifications are tested fully.

That the regulatory system relies to some extent on trust is not a criticism of the HSE but a reflection on the limitation of their powers and resources.

However, an HSE report said, "the safety of fairground rides is increasingly becoming reliant on complex programmable electronic control systems".

This means that passengers in fairground rides may increasingly have to put their trust in the integrity and professionalism of the fairground's owner. To some extent, also, the fairground will also have to rely on the assurances of the manufacturers and subcontractors because only they have expertise to understand the systems fully.

After an accident on the Big One in 1994, in which 26 people were injured, the HSE required an upgrade in the braking and control systems, a back-up to the main computer system and a non-computerised means of stopping carriages in an emergency.

All the evidence points to the fact that, after the 1994 accident, the fairground's owner implemented all of the recommendations and requirements to the full.

Yet after the latest accident, the fairground pointed to the computers as a factor, leaving two questions unanswered. Why did the systems allow one train to run into another? Has there been a degradation in the computer systems' performance since the ride reopened after the 1994 crash, or is regulation based on faith and trust sufficient to ensure public safety?

Read more on IT legislation and regulation