Regulation of software

Regulation is imposed by governments on industry to ensure that standards are upheld and that the society is protected from actions by industry that might cause harm. Airlines are regulated by national aviation authorities such as the FAA (in the US) and the CAA (in the UK). Railway regulators exist to ensure the safety of railways and nuclear regulators must certify the safety of a nuclear plant before it can go on line. In the banking sector, national banks serve as regulators, establishing procedures and practices to reduce the probability of fraud and to protect banking customers from risky banking practices.

Regulators have wide powers - they can fine companies and even imprison directors if regulations are breached. They may have a licensing role (e.g. in aviation and nuclear industries) where they must issue a licence before a new system may be used.

Because of the central role of computer-based systems in all industries, regulators are increasingly concerned with software and with ensuring that the software reflects the regulations imposed on the industry. This is particularly obvious in safety-related systems where the regulator may require evidence that the software is safe before a licence to use the system is granted. Safety-cases for the software have to be examined and approved by the regulator.

However, regulations are not the same in each country and this adds considerable additional costs for systems developers. They may have to go through a regulatory process in each country where the system is to be used. They may have to produce different evidence in each case. This is extremely expensive and the costs of satisfying the regulator is a major component of the cost of many safety-critical systems.

Software certification


(c) Ian Sommerville 2008