Skip to content

Commit

Permalink
Merge branch 'master' into 31-error-handling-in-case-ntp-server-is-un…
Browse files Browse the repository at this point in the history
…reachable
  • Loading branch information
AnnaFeiler authored Jun 22, 2023
2 parents d202420 + 5267e01 commit b9d61e3
Show file tree
Hide file tree
Showing 4 changed files with 154 additions and 7 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,18 @@ Each section shall contain a list of action items of the following format: `<bri

### Added

- Process requirement R1500 for consideration of clock misalignment ([#154](https://github.com/IHE/DEV.SDPi/issues/154)).
- Use cases _Devices are operational in the MD LAN network but cannot access the TS Service_ and _Devices are operational in the MD LAN network but cannot access the TS Service and clock drift is unacceptable_ ([#155](https://github.com/IHE/DEV.SDPi/issues/155)).
- Requirement explicitly forbidding manual TS service configuration ([#30](https://github.com/IHE/DEV.SDPi/issues/30))
- Added safety, security and effectiveness requirements to use case _Devices are operational in the MD LAN network but cannot access the TS Service_ ([#31](https://github.com/IHE/DEV.SDPi/issues/31)).
- Added safety, security and effectiveness requirements for use case _Devices are operational in the MD LAN network but cannot access the TS Service and clock drift is unacceptable_ ([#31](https://github.com/IHE/DEV.SDPi/issues/31)).

### Changed

- Use case _Device is connected to the MD LAN network and a user wants to change the device's time_ to account for the fact, that configuring the TS service manually is always forbidden, not just when TS service is operational. ([#30](https://github.com/IHE/DEV.SDPi/issues/30))
- Changed use case _Devices are operational in the MD LAN network but cannot access the TS Service and clock drift is unacceptable_ so that the decision to continue/discontinue the execution of a System Function while the clocks become less accurate lies with the consumer.


### Removed

### Editorial Fixes
Expand Down
39 changes: 32 additions & 7 deletions asciidoc/volume1/use-cases/tf1-ch-c-use-case-stad.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,16 +35,27 @@ image::../images/vol1-diagram-use-case-stad-tech-view.svg[align=center]
*Then* The device will synchronize its time with the <<acronym_ts_service>>


===== Scenario: <<acronym_stad>> {var_use_case_id}.2 - Device is connected to the MD LAN network with a TS Service and a user wants to change the device's time
===== Scenario: <<acronym_stad>> {var_use_case_id}.2 - Device is connected to the MD LAN network and a user wants to change the device's time

*Given* Device has detected at least one <<acronym_ts_service>>

*When* The <<acronym_ts_service>> is operational
*Given* Device is operational in <<acronym_md_lan>> network

*And* The user attempts to change the time on the device manually
*When* The user attempts to change the time on the device manually

*Then* The device will disable the ability to change its time manually

====== Safety, Effectiveness & Security Considerations and Requirements

.R1510
[sdpi_requirement#r1510,sdpi_req_level=shall]
****
A <<vol1_spec_sdpi_p_actor_somds_participant>> shall not allow manual configuration of its internal clock while the device is operational in an <<acronym_md_lan>> network.
.Notes
[%collapsible]
====
NOTE: Since manual time adjustments of the device's internal clock would lead to plausible but still inaccurate timestamps, this requirement also prohibits manual adjustments when the <<acronym_ts_service>> is not available.
====
****

===== Scenario: <<acronym_stad>> {var_use_case_id}.3 - Device is connected to the MD LAN network and cannot connect to a TS Service

Expand Down Expand Up @@ -160,6 +171,22 @@ NOTE: It is the <<vol1_spec_sdpi_p_actor_somds_consumer>>'s responsibility to de

====== Safety, Effectiveness & Security Considerations and Requirements

.R1500
[sdpi_requirement#r1500,sdpi_req_level=shall]
****
The <<term_manufacturer>> of a <<vol1_spec_sdpi_p_actor_somds_participant>> shall consider the risk of workflow interruption due to misaligned clocks.
.Notes
[%collapsible]
====
NOTE: Clocks of <<vol1_spec_sdpi_p_actor_somds_participant>>s run apart due to lack of synchronization with NTP servers, different clock drifts or cyberattacks.
NOTE: This requirement supplements RR1162 in <<ref_ieee_11073_10700_2022>>: _The MANUFACTURER of an SDC BASE CONSUMER SHALL consider the RISKs resulting from erroneous timestamps._
====
****

.R1540
[sdpi_requirement#r1540,sdpi_req_level=shall]
****
Expand All @@ -185,5 +212,3 @@ If a <<vol1_spec_sdpi_p_actor_somds_consumer>> disables one or more <<term_syste
****




113 changes: 113 additions & 0 deletions asciidoc/volume1/use-cases/tf1-ch-c-use-case-stad.adoc.orig
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
[#vol1_clause_appendix_c_use_case_stad,sdpi_offset=2]
=== Use Case Feature {var_use_case_id}: <<label_use_case_name_stad>> (<<acronym_stad>>)

// NOTE: See use case labels in document-declarations.adoc

==== Narrative
Nurse Jean attaches a ventilator to the medical device network in the ICU. It automatically obtains the correct time.

==== Benefits
Automatically acquiring the time saves the user from spending time entering the time into the device. It also guarantees that the correct time will be entered.
It is also important for all devices to have a consistent time since the data being exported to consuming devices and systems will use the time stamps from the device to mark the time that the clinical data was acquired. Since this is part of the clinical record, accuracy is very important.

==== Technical View

.<<label_use_case_name_stad>> (<<acronym_stad>>) -- Technical View

image::../images/vol1-diagram-use-case-stad-tech-view.svg[align=center]

[#vol1_clause_appendix_c_use_case_stad_technical_precondition]
==== Technical Pre-Conditions

*Given* All devices communicate using a common <<acronym_md_lan>> protocol

*And* A Time Source (TS) Service is on the <<acronym_md_lan>> network

[#vol1_clause_appendix_c_use_case_stad_scenarios]
==== Scenarios

===== Scenario: <<acronym_stad>> {var_use_case_id}.1 - Device is connected to the MD LAN network with a Time Source service

*Given* Device has detected at least one <<acronym_ts_service>>

*When* The <<acronym_ts_service>> is operational

*Then* The device will synchronize its time with the <<acronym_ts_service>>


===== Scenario: <<acronym_stad>> {var_use_case_id}.2 - Device is connected to the MD LAN network with a TS Service and a user wants to change the device's time

*Given* Device has detected at least one <<acronym_ts_service>>

*When* The <<acronym_ts_service>> is operational

*And* The user attempts to change the time on the device manually

*Then* The device will disable the ability to change its time manually


===== Scenario: <<acronym_stad>> {var_use_case_id}.3 - Device is connected to the MD LAN network and cannot connect to a TS Service

*Given* Device has just connected to the <<acronym_md_lan>> network and has not detected any <<acronym_ts_service>>s

*When* The <<acronym_ts_service>> is not operational or inaccessible

*Then* The device will not participate on the <<acronym_md_lan>> network until it detects and connects to a <<acronym_ts_service>>

===== Scenario: <<acronym_stad>> {var_use_case_id}.4 - Devices are operational in the MD LAN network but cannot access the TS Service

*Given* Device is operational on the <<acronym_md_lan>> network

*When* The <<acronym_ts_service>> is no longer operational or otherwise inaccessible

*Then* The device will rely on its internal clock for time synchronization

*And* The device will provide the accuracy of its clock in its <<acronym_mdib>>

*And* The device will periodically attempt to reconnect to the <<acronym_ts_service>>

*And* The device will notify the user about the fact, that the <<acronym_ts_service>> cannot be reached

<<<<<<< HEAD
==== Safety, Effectiveness & Security Considerations and Requirements

.R1500
[sdpi_requirement#r1500,sdpi_req_level=shall]
****
The <<term_manufacturer>> of a <<vol1_spec_sdpi_p_actor_somds_participant>> shall consider the risk of workflow interruption due to misaligned clocks.

.Notes
[%collapsible]
====
NOTE: Clocks of <<vol1_spec_sdpi_p_actor_somds_participant>>s run apart due to lack of synchronization with NTP servers, different clock drifts or cyberattacks.

NOTE: Typically, a <<term_manufacturer>> assumes that system functionality in general may not be available due to loss of network connections, and risks are mitigated accordingly.
====
****
=======
*And* The device will create a log entry noting the disconnection from the <<acronym_ts_service>>

*And* The ability to change the device time manually will remain disabled

NOTE: Device internal clocks are usually accurate enough to bridge short periods of time when no time-servers are accessible. Manual time synchronization is considered too inaccurate for SDC System Functionality.

NOTE: By using the device's clock accuracy, a consumer can decide if received data is accurate enough for its use case. This may cause the consumer to disconnect from the device.

NOTE: A <<term_manufacturer>> may decide to limit user notification of technical issues to certain user groups (e.g., biomed).

===== Scenario: <<acronym_stad>> {var_use_case_id}.5 - Devices are operational in the MD LAN network but cannot access the TS Service and clock drift is unacceptable

*Given* Device is operational on the <<acronym_md_lan>> network

*And* The <<acronym_ts_service>> is no longer operational or otherwise inaccessible

*When* The clock drift of the device exceeds an internal threshold

*Then* The device will notify the user that time synchronization is no longer functional, which may limit the availability of SDC System Functionality

*And* The device will create a log entry noting inaccurate time synchronization

*And* The device will periodically attempt to reconnect to the <<acronym_md_lan>> and <<acronym_ts_service>>

*And* Based on a <<term_manufacturer>>'s risk management, the device may be disconnected entirely from the <<acronym_md_lan>> network.
>>>>>>> master
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[#vol3_clause_mdib_efficiency_considerations]
===== MDIB Efficiency Considerations

The

0 comments on commit b9d61e3

Please sign in to comment.