Re: [SystemSafety] Safety Case Standards and Experience

From: René Senden < >
Date: Mon, 17 Feb 2014 11:42:38 +0100


See below for some replies...

-----Original Message-----
From: Patrick Graydon [mailto:patrick.graydon_at_xxxxxx Sent: maandag 17 februari 2014 11:11
To: René Senden
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Safety Case Standards and Experience

On 17 Feb, 2014, at 11:02, René Senden <rene.senden_at_xxxxxx

> The work products (including scope, contents) are prescribed in much
> detail so any "safety argument" is already pretty much set.

>>No, it isn’t. The safety goals and safety requirements are unique to each item. Thus the arguments linking them to evidence will be as well. Saying that all ISO 26262 arguments are the same because they all cite testing evidence and so on makes as little >>sense as little sense as saying that all criminal trials are the same because they all cite evidence from witnesses.
I am not saying that all ISO 26262 arguments are the same, I am saying that they are pretty much set

> Your reference to part 10 (informative) is not valid because part 10
> is not included in the formally released standard, it was only
> included in a draft version (submitted for review) that preceded the
> formal release.

>>I pointed out that it was informative. I also cited the parts of the normative text that definitively establish my point. Unless you find some part of the normative text that says ‘just kidding when we said in the definition that argument was involved’, I >>stand by my evidence-driven conclusion that ISO 26262 does require an argument, contrary to what you wrote.
I did/do not disagree that ISO26262 requires an argument, see below

> There is an argument involved here, there always is, but it is not the
> strict safety argument we find in goal-based/safety-case-oriented
> It is not a structured argument to justify that a system/item is
> reasonably safe, it is an argument that the safety requirements for an
> item are complete and satisfied by evidence compiled from work products.

>>As I said, it is not a complete system safety argument. I also pointed out that ‘safety argument’ is frequently used in the literature to refer to things that are not complete system safety arguments. You have similarly failed to address that point.
My point is not at all about the scope of the argument

— Patrick

Dr Patrick John Graydon
Postdoctoral Research Fellow
School of Innovation, Design, and Engineering (IDT) Mälardalens Högskola (MDH), Västerås, Sweden

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Feb 17 2014 - 11:42:49 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST