If you comply with a quality standard does this mean you’ve made a quality product? If you comply with a safety standard is your system is safe? Probably not. To produce quality you’ve got to know what people want and that can take a lifetime of experience. To guarantee safety you must have seen a lot of failures and that’s another lifetime of blowing stuff up. Standards are forms not formulas if you want quality and safety you’ll have to add some creativity and experience to the mix.
Quality and Safety Are a Hard Slog
Quality and safety don’t come easy. I’ve been trying for a lifetime and its a hard slog. I recently had this demonstrated at a hazard analysis session for a motorway intelligent transportation system. A room full of wise men facilitated by a consultant reflected on potentially dangerous failure modes for a variable speed limit sign (VSLS). They determined that, if a VSLS went squirrely, rapidly displaying random speed limits this did not constitute a hazard. When we came to test the signs on a real motorway, the engineers responsible for the motorway (who were not present at the hazard analysis) would not allow us to expose live traffic to a sign that might “go random”. We had to put a bag over it and have a guy climb a ladder and see what was happening under the mask. An aggregate of 100 years of operational experience made them uncomfortable with doing that kind of thing. Score one for gut feel.
So to recap: we followed the form, we performed a hazard analysis as per ISO 61508 Functional safety of electrical/electronic/ programmable electronic safety-related systems  – tick. But the people in the room didn’t have the operational experience to recognise credible hazards so the process failed. A more methodical approach using documented hazard discovery techniques  may have helped but the key missing factor was experience.
If You Really Want Quality Get an Artist
Pure standards compliance adds no value when you venture into those parts of the work that require an artist, someone who creates, not an operator who follows a procedure. The architect Christopher Alexander  studied structures and spaces that people love. His view of quality was:
We need to develop deeper insights into what people perceive as quality.
And they need to be precise …
… the living space you are creating for people’s intellect. It must match the way they want to live in the world. It must become almost organic – part of them.
Alexander found places where people feel alive and documented them in a form he called an “architectural pattern”. This was his definition of quality. He was, by the way, in full compliance with:
ISO-9001 Quality management systems — requirements clause 7.2.1 Determination of requirements related to the product
subclause b) The organisation shall determine … requirements not stated by the customer but necessary for specified or intended use, where known …
If you ask anybody about the places where they feel “alive” they probably won’t be able to tell you. Alexander found these places through a lifetime of observation. Do you get the picture? “Determination of requirements” is easy to say and very hard to do. You need an artist like Alexander.
In those situations where information inputs are obscure, unquantifiable and endlessly variable and where the aggregate of potentially right answers runs into the thousands, the operator, good and true and bent on compliance, opens the operating manual, looks for a policy, a procedure, a formula – anything … and is … well … disappointed … even angry. Faced with the need for independent thought our subject is well and truly flummoxed. In contrast the artist draws on innate creativity and decades of training, observation and experience to develop a course of action. For example, Steve Jobs was famous for his ability to make impossible things seem possible by “distorting reality”. So there you go. An implementable description of a reality distortion machine is probably a bridge to far for a procedure writer.
Standards Do Have a Role
Don’t get me wrong, I’m not suggesting that standards are useless. They are the framework that surrounds, structures and nurtures the creativity and experience that flows from good people and we need to refine them further.
Take for example the safety standards: ISO 61508 and Cenelec 50126/128/129. I think they’re useful. We need them to put “form” into a functional safety program . They give a project’s safety authority a license to operate (especially if functional safety gates are attached to contractor progress payments). Without these standards in the compliance section of a contract I doubt whether much functional safety work would be done at all in large multidisciplinary systems projects (when you’ve got em by the progress payment their hearts and minds tend to follow). In this case safety “function” really does follow “form”.
The Problem with Software
Proclaiming software is “quality” or “safe” because your IT methodology complies with a procedural standard is dangerous. To standards committees I say: Can we come clean guys? Can we write down the fundamental philosophies behind our approach to producing safe, quality software? For example, words to the effect:
We are currently unable to calculate the probability that a body software will perform a target safety function. This is so because software is nearly all design. Very little assembly and replication is involved. We are therefore vulnerable to the systematic errors of human beings and the unfortunate fact that their work products can never be fully tested. However, if software developers are properly trained and follow prescribed processes we will allow the software they produce to be deployed in high integrity applications (we won’t allow them to claim it is that reliable mind you – we just have this warm feeling that it won’t do anything particularly evil).
I spent the first 10 years of my engineering career programming chemical reactor control systems. It was utopia. I was surrounded by wonderful people. We were controlling chemical reactions that could explode. Anyone showing the slightest lack of focus on safety in their work suddenly disappeared. Then they gave me control of the accounting and management information systems at the plant. I noticed a distinct drop in the skill levels of the IT people when compared to the control systems engineers. The accountants told me they could do without their systems for a month. The control systems could not fail for more than two seconds. To develop safe software you need talented people.
When to Give up Writing Procedures
Have you ever written a procedure so complex that it was never used? Did your people throw it away and just apply their common sense and experience? If so you were probably trying to describe an art not a process. When dealing with vagueness and complexity your best option is to employ trained professionals and trust their judgement. Alexander said:
… you rely on the patterns in your mind to be creative. The maturity of these patterns together with the way you combine them determines how good you are.
Modern science seems to agree. Cognitive psychologists view the human brain as a highly effective cryptographic device allowing us to decipher an avalanche of complex inputs in an instant, sometimes without conscious thought. In equal measure our pattern matching capability automatically throws up courses of action for situations we’ve seen before. In an experienced professional this cognitive library runs to thousands of patterns. We therefore should attempt to document only the simplest and most common processes – memory joggers to the less skilled. Even if they could be defined, publishing the rest would generate a massive tome that no one would ever read or value. Instead we must put people in situational harms way and let them be absorbed one by one - a strategy we loosely call: living.
The problem of distinguishing definable process from art is not unique to software development. Others in parallel universes have been equally confounded. For example, in the world of literature, writers have been trying to discover the “form” of a compelling story for some time. Some headway has been made, refer: “Hero with a Thousand Faces” and “The Writer’s Journey”. Hollywood scriptwriters use the structures described in these references to create blockbuster movies. They key into the way our brains are wired. It turns out that human beings engage with stories if they are told using certain forms. The research time frames are daunting though. The first paper on the subject (“The Poetics”) was published by Aristotle circa 350 BC.
It’s autumn 1797 and a young man stands on a hillside in Somerset, Southern England, looking down upon the Bristol Channel. He’d walked 20 miles that day and is feeling ill. He takes a drop of opium to settle his stomach and falls into restless sleep. He later wrote, referring to himself in the third person: “… he has the most vivid confidence that he could not have composed less than from two to three hundred lines – if that indeed can be called composition in which all the images rose up before him as things, with a parallel production of the correspondent expressions, without any sensation or consciousness of effort.”
When he awoke he had the full recollection of his inspiration but was momentarily distracted by a visitor. On returning to his poem his memory failed him. He goes on: “… with the exception of some eight or ten scattered lines and images, all the rest had passed away like the images on the surface of a stream into which a stone has been cast.” Here are some fragments of what remained:
In Xanadu did Kubla Khan
A stately pleasure-dome decree:
Where Alph, the sacred river, ran
Through caverns measureless to man
Down to a sunless sea.
And from this chasm, with ceaseless turmoil seething,
As if this earth in fast thick pants were breathing,
A mighty fountain momently was forced:
Amid whose swift half-intermitted burst
Huge fragments vaulted like rebounding hail,
Or chaffy grain beneath the thresher’s flail:
And ‘mid these dancing rocks at once and ever
It flung up momently the sacred river.
Samuel Taylor Coleridge
Coleridge finally published Kubla Khan in 1816 at the urging of another romantic poet Lord Byron. Byron had a daughter Ada. In 1835, Ada married William King. William and Ada became the Earl and Countess of Lovelace in 1838. The newlyweds had their honeymoon at William’s country estate, Ashley Combe at Porlock Weir, Somerset. The mansion overlooked the Bristol Channel and was surrounded by exotic terraced gardens in the Italian style. Ada cherished her new home and went for many long walks in the hills overlooking the channel. Two hundred yards from her home was the very spot where Coleridge had the restless sleep that brought forth Kubla Khan.
In 1833 at the age of 17 Ada became a regular visitor to the house of Charles Babbage the man credited with building the first computer. She was introduced to Babbage by Mary Somerville the lady who translated into English, the works of the French mathematician Pierre-Simon Laplace. Babbage called his machine The Difference Engine. Ada and Babbage became lifelong friends.
In 1834 Babbage conceived of another computing device he called the Analytical Engine. Ada was transfixed by its potential. She called herself “an Analyst (& Metaphysician)”. She fully understood the machine’s design and rightly saw its potential as the first general-purpose computer. Historians have anointed her the first computer programmer. In the early 1980s the US Department of Defense, concerned by the diversity of programming languages, many of which were hardware dependent and none of which supported safe modular programming, developed a language for military applications. They called it Ada.
If there is a point to this story it is:
True quality emerges from human creativity, it goes around and comes around and we are all connected. It issues forth in floods from “mighty fountains”, it lies dormant in “sacred rivers” but when it does appear we should do our best to capture it and not be distracted like Coleridge. The purpose of the modern quality management system is to nurture and give structure to creative ideas – to provide paths for their rendering into working products. In contrast a QMS that has lost its way over regulates people’s actions to the point where they are so straight jacketed by the demands of compliance that they have no time and little desire for creative thought.
Coleridge’s Rhyme of the Ancient Mariner goes on:
… yet still the sails made on
A pleasant noise till noon
A noise like of a hidden brook
In the leafy month of June,
That to the sleeping woods all night
Singeth a quiet tune …
This passage refers to the slapping of the sails aboard a vessel marooned on a windless sea. This ship is going nowhere. Don’t let this happen to you. The creative voice may be speaking to you now. Listen.
- Christopher Alexander, (1979), The Timeless Way of Building, New York: Oxford University Press
See my review at: http://www.chambers.com.au/forum/view_post.php?frm=2&pstid=181
- Functional Safety Management, [Online], Available: http://www.chambers.com.au/glossary/functional_safety_management.php [7 Mar 2012]
- Hazard Discovery Techniques, [Online], Available: http://www.chambers.com.au/glossary/hazard_discovery_techniques.php [7 Mar 2012]
- The 10 Minute Guide to IEC 61508, [Online], Available: http://www.chambers.com.au/public_resources/functional_safety_unmasked.pdf
- Quality Management, [Online], Available: http://www.chambers.com.au/glossary/quality_management.php [7 Mar 2012]
- Benjamin Woolley, (1999), The Bride of Science: Romance, Reason, and Byron’s Daughter, United Kingdom: McGraw-Hill