Re: [SystemSafety] Critical Design Checklist

From: GRAZEBROOK, Alvery N < >
Date: Tue, 27 Aug 2013 12:27:11 +0200

Almost too obvious to say, but ...



From: systemsafety-bounces_at_xxxxxx Sent: 27 August 2013 11:07 AM
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Critical Design Checklist

A few through-life safety items I'd expect to see in a design safety review checklist: 1) What assumptions have you made about the design, including:

Note that the particular focus of these questions is the design safety analysis - i.e. looking for evidence that the designers understand that safety is not something that is demonstrated at a particular point in time, but is something that must be continuously tested and questioned, and that the design (including safety analysis) must support that continuous management. It's hard to capture the "spirit" of the questions in the questions themselves - that's one of my concerns with a raw checklist. Each question really needs an explanation for why it is being asked.

My system safety podcast: My phone number: +44 (0) 7783 446 814
University of York disclaimer:

On 27 August 2013 10:42, Peter Bishop <pgb_at_xxxxxx This may be wandering into the realms of system safety, but I would extend 1, 2 because we need to accommodate human fallibility and limitations in knowledge by having some kind of fallback or recovery strategy.

A If there are residual doubts about requirements or implementation, are there any alternative systems that can maintain safety? (defence in depth principle) B What what features exist for identifying malfunctions in operation, and implementing design rectifications over the operating lifetime.

Peter Bishop
Adelard LLP

Martyn Thomas wrote:

On 26/08/2013 21:37, Driscoll, Kevin R wrote:

For NASA, we are creating a Critical Design Checklist: * *Objective*


For this purpose, I interpret your phrase "safety requirements" for a "safety-critical design" as meaning that any system that can be shown to implement the design correctly will meet the safety requirements for such a system in some required operating conditions.

Here's my initial checklist:

  1. Have you stated the "safety requirements" unambiguously and completely? How do you know? Can you be certain? If not, what is your confidence level and how as it derived?
  2. Have you specified unambiguously and completely the range of operating conditions under which the safety requirements must be met? How do you know? Can you be certain? If not, what is your confidence level and how as it derived?
  3. Do you have scientifically sound evidence that the safety-critcal design meets the safety requirements?
  4. Has this evidence been examined by an independent expert and certified to be scientifically sound for this purpose?
  5. Can you name the both the individual who will be personally accountable if the design later proves not to meet its safety requirements and the organisation that will be liable for any damages?
  6. Has the individual signed to accept accountability? Has a Director of the organisation signed to accept liability?

Of course, there is a lot of detail conceled within these top-level questions. For example, the specification of operating conditions is likely to contain detail of required training for operators, which will also need to be shown to be adequate.

But there's probably no need to go into more detail as you will probably get at least one answer "no" to the top six questions.

What will you do then?



The System Safety Mailing List

Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
Recep:  +44-(0)20-7832 5850<tel:%2B44-%280%2920-7832%205850>
Direct: +44-(0)20-7832 5855<tel:%2B44-%280%2920-7832%205855>
The System Safety Mailing List

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.

_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Tue Aug 27 2013 - 12:27:24 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST