Key Safety Challenges for the IIoT – Executive Summary
network and remote analytics. Autonomy
presents at least two safety challenges:
system components, scaling the certification
process is a challenge because the
certification process is not oriented toward
plug & play. For example, the current US
Food and Drug Administration (FDA)
regulatory process for medical devices has
provisions to approve devices designed to
work with other specific devices via the so-
called accessory rule. 6 Each time a
manufacturer (or set of manufacturers)
wants to market a pair of medical devices
composed into a new system, they need to
create a new regulatory submission.
However, in IIoT systems, the number of
possible device combinations explodes
exponentially with respect to the number of
devices in the ecosystem. In general, pair-
wise regulation is hugely burdensome for
both the manufacturers and the regulatory
agency. Each regulatory submission usually
takes significant resources to prepare and
review.
1. Autonomy changes how safety
responsibility is divided between
human operators and the system.
2. Sophisticated autonomy typically
requires responding to dynamically
changing circumstances and often
involves the application of machine
learning and artificial intelligence
techniques that will themselves
present verification challenges.
To meet the first challenge, the stakeholders
of autonomous IIoT systems must engage
with one another and come to a consensus
on which safety judgments and tradeoffs are
appropriate for the autonomous system to
make on its own. To meet the second
challenge, the IIoT community must invest in
research and development for verification of
autonomous systems.
To overcome existing regulatory burdens
and help foster a large and vibrant IIoT
ecosystem, industry and regulatory bodies
should be prepared to move from system
and pair-wise regulatory frameworks to
approaches that scale with a larger number
of
interconnected components.
An
alternative is to have contract-based
regulation, based on well-defined interfaces
and behaviors of devices enabling the
interfaces to be certified rather than the
individual integrations.
CHALLENGE 4: I NADEQUATE R EGULATORY
F RAMEWORKS AND E VOLVING S TANDARDS
One important desired capability of IIoT
system components is plug & play
interoperability. The goal of plug & play
interoperability is to enable systems
operators to assemble and integrate a new
system for use quickly. For example, a
medical provider could combine a set of
medical sensors, actuators and control
algorithms on the cloud to automate the
delivery of certain therapies. Although plug
& play should be possible for certified safety-
6
Medical Device Accessories – Describing Accessories and Classification Pathways - Guidance for Industry and Food and Drug
Administration Staff, FDA-2015-D-0025, December 20, 2017,
https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm429672.pdf
September 2018
- 135 -