Re: [SystemSafety] Critical Design Checklist

From: Peter Bishop < >
Date: Tue, 27 Aug 2013 10:42:17 +0100

This may be wandering into the realms of system safety, but I would extend 1, 2 because we need to accommodate human fallibility and limitations in knowledge by having some kind of fallback or recovery strategy.

A If there are residual doubts about requirements or implementation, are there any alternative systems that can maintain safety? (defence in depth principle)
B What what features exist for identifying malfunctions in operation, and implementing design rectifications over the operating lifetime.

Peter Bishop
Adelard LLP

Martyn Thomas wrote:
> On 26/08/2013 21:37, Driscoll, Kevin R wrote:

>> For NASA, we are creating a Critical Design Checklist:
>> •       *Objective*
>> -     *A checklist for designers to help them determine if a 
>> safety-critical design has met its safety requirements*

> Kevin
> For this purpose, I interpret your phrase "safety requirements" for a
> "safety-critical design" as meaning that any system that can be shown to
> implement the design correctly will meet the safety requirements for
> such a system in some required operating conditions.
> Here's my initial checklist:
> 1. Have you stated the "safety requirements" unambiguously and
> completely? How do you know? Can you be certain? If not, what is your
> confidence level and how as it derived?
> 2. Have you specified unambiguously and completely the range of
> operating conditions under which the safety requirements must be met?
> How do you know? Can you be certain? If not, what is your confidence
> level and how as it derived?
> 3. Do you have scientifically sound evidence that the safety-critcal
> design meets the safety requirements?
> 4. Has this evidence been examined by an independent expert and
> certified to be scientifically sound for this purpose?
> 5. Can you name the both the individual who will be personally
> accountable if the design later proves not to meet its safety
> requirements and the organisation that will be liable for any damages?
> 6. Has the individual signed to accept accountability? Has a Director of
> the organisation signed to accept liability?
> Of course, there is a lot of detail conceled within these top-level
> questions. For example, the specification of operating conditions is
> likely to contain detail of required training for operators, which will
> also need to be shown to be adequate.
> But there's probably no need to go into more detail as you will probably
> get at least one answer "no" to the top six questions.
> What will you do then?
> Regards
> Martyn
> ------------------------------------------------------------------------
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx

Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855
The System Safety Mailing List
Received on Tue Aug 27 2013 - 11:42:29 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:05 CEST