Re: [SystemSafety] Critical Design Checklist

From: Matthew Squair < >
Date: Tue, 27 Aug 2013 19:12:20 +1000


Not so much a list but a comment that the items in such a list should possess orthogonality, decidability, atomicity, criticality and a rationale.

The criticality should address Martyn's 'and what then' comment.

On Tuesday, 27 August 2013, Martyn Thomas wrote:

> On 26/08/2013 21:37, Driscoll, Kevin R wrote:
>
> For NASA, we are creating a Critical Design Checklist:****
>
> *Objective*****
>
> - *A checklist for designers to help them determine if a
> safety-critical design has met its safety requirements*****
>
>
> Kevin
>
> For this purpose, I interpret your phrase "safety requirements" for a
> "safety-critical design" as meaning that any system that can be shown to
> implement the design correctly will meet the safety requirements for such a
> system in some required operating conditions.
>
> Here's my initial checklist:
>
> 1. Have you stated the "safety requirements" unambiguously and completely?
> How do you know? Can you be certain? If not, what is your confidence level
> and how as it derived?
> 2. Have you specified unambiguously and completely the range of operating
> conditions under which the safety requirements must be met? How do you
> know? Can you be certain? If not, what is your confidence level and how as
> it derived?
> 3. Do you have scientifically sound evidence that the safety-critcal
> design meets the safety requirements?
> 4. Has this evidence been examined by an independent expert and certified
> to be scientifically sound for this purpose?
> 5. Can you name the both the individual who will be personally accountable
> if the design later proves not to meet its safety requirements and the
> organisation that will be liable for any damages?
> 6. Has the individual signed to accept accountability? Has a Director of
> the organisation signed to accept liability?
>
> Of course, there is a lot of detail conceled within these top-level
> questions. For example, the specification of operating conditions is likely
> to contain detail of required training for operators, which will also need
> to be shown to be adequate.
>
> But there's probably no need to go into more detail as you will probably
> get at least one answer "no" to the top six questions.
>
> What will you do then?
>
> Regards
>
> Martyn
>
>
>

-- 
Sent from Gmail Mobile



_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Tue Aug 27 2013 - 11:12:28 CEST

This archive was generated by hypermail 2.3.0 : Sun Apr 21 2019 - 00:17:06 CEST