Re: [SystemSafety] Critical Design Checklist

From: René Senden < >
Date: Tue, 27 Aug 2013 22:46:58 +0200

Hi Kevin,

First let me briefly list some foolish assumptions regarding context I am making concerning the checklist you address.
- we are talking about system design, which may include any conceivable
combination of software, electronics, mechanics, hydraulics, human actors, procedures, etc.
- the preceding safety-lifecycle-activities (hazard analysis, safety
requirements, …) have been completed or have been progressed sufficiently to commence the design activities
- the prevailing safety requirements include functional requirements and
non-functional requirements, they also may include qualitative (e.g. integrity/assurance levels) and quantitative objectives (e.g. max. occurence rates)
- there is a superordinate set of system requirements (again including
functional- and non-functional requirements)
- non-functional requirements include safety, quality, maintainability,
performance, reliability, availability, …
- there may be any of the following: design constraints, operational
concept, conceptual architecture, existing designs (of any of the constituting architectural elements, or any integrated combination thereof)
- the system boundaries and the environmental conditions are known, at least
to a sufficient degree
- there are prevailing technical standards and/or regulations which must be
complied with, incl. safety standards
- we are talking about design activities in the context of a
project/program, as such resources/time/schedule are limited
- we are talking about the development of a product/system which is not
altogether unique or unprecedented in human history, as such there may be relevant “lessons learned” and/or heuristics, either within the companies that develop the product or within the “engineering community”…
- distributed development may be applicable..which can cause a lot of
time-wasting/communication breakdowns/... now there is a challenge if there ever was one...
- the system design will have to be verified with respect to the various
requirements allocated to it, some example of these are listed above...
- the system design and/or subsequent detailed designs will have to be
validated, identifying what it is exactly that must be validated is often not straightforward...
- without a firm grip on the failure models/mechanisms at play we are more
or less stumbling in the dark.. so if that is not sufficiently clear then it is probably

One can extend the list above as appropriate, I find that quite a few items for the checklist can be derived easier that way, compared to starting with a blank sheet of paper that is..I am not going to list such list here..except one item..
One of the properties any safety-related system design should have is that it enables the satisfaction of the safety requirements, I select this one because, surprisingly, this does not always seem to be on the agenda during evaluation of preliminary designs where lots of decisions are made which are notoriously difficult (impossible) to change later…

Although checklists can be very helpful, we also should be aware of inappropriate use thereof, checklists should not prevent us from critical & creative thinking ("checking out our brains at the door").. It is an aid..not much more..
I also think that there may very well be common elements that many design checklists may share, but there must be some way to address specific aspects of the system or project at hand in a checklist... a specific checklist if you will..

So..what do you consider to be design?


From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Driscoll, Kevin R
Sent: maandag 26 augustus 2013 22:38
To: systemsafety_at_xxxxxx Subject: [SystemSafety] Critical Design Checklist

For NASA, we are creating a Critical Design Checklist: • Objective
- A checklist for designers to help them determine if a safety-critical
design has met its safety requirements
- Not a “Have you done ...” checklist

* Too easy to just check “yes” without doing sufficient work
* Instead, “What have you done ...”
* Prove what you have done is sufficient
• We are looking for inputs to include in this checklist • Do you have any inputs that should be included?
- Meta-question:  “If you were asked to participate in a design review of a
safety-critical design, what questions would you ask?”  (Particularly, general questions you would have before seeing the details of a design.)
- Inverse meta-question:  “If you were presenting a design, what questions
would you dread being asked?”  :-}
* Where are the bodies buried?

We are finishing the Checklist by next week and would like to include any good questions you may have that we have overlooked.   Realizing this is an imposition on your time, I am hoping some of you would be so kind as to spend just a few minutes to send questions or even question fragments.

I am also looking for unusual failure scenarios to add to my collection,
like those I’ve described in my series of “Murphy was an Optimist”
presentations (e.g.

The System Safety Mailing List
Received on Tue Aug 27 2013 - 22:47:10 CEST

This archive was generated by hypermail 2.3.0 : Sat Feb 16 2019 - 18:17:05 CET