[SystemSafety] Critical Design Checklist

Driscoll, Kevin R kevin.driscoll at honeywell.com
Tue Aug 27 17:28:29 CEST 2013


> such a list should possess orthogonality, decidability, atomicity, criticality and a rationale.
Addressing orthogonality (and completeness), the list should have a proper taxonomy.  But, that's hard to do.

Internally, we keep revisiting the creation of a taxonomy for fault types, even though much has been published on the subject.   It never seems to be exactly what we want.

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Matthew Squair
Sent: Tuesday, August 27, 2013 04:12
To: martyn at thomas-associates.co.uk
Cc: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Critical Design Checklist

Not so much a list but a comment that the items in such a list should possess orthogonality, decidability, atomicity, criticality and a rationale.

The criticality should address Martyn's 'and what then' comment.

On Tuesday, 27 August 2013, Martyn Thomas wrote:
On 26/08/2013 21:37, Driscoll, Kevin R wrote:
For NASA, we are creating a Critical Design Checklist:
*       Objective
-     A checklist for designers to help them determine if a safety-critical design has met its safety requirements

Kevin

For this purpose, I interpret your phrase "safety requirements" for a "safety-critical design" as meaning that any system that can be shown to implement the design correctly will meet the safety requirements for such a system in some required operating conditions.

Here's my initial checklist:

1. Have you stated the "safety requirements" unambiguously and completely? How do you know? Can you be certain? If not, what is your confidence level and how as it derived?
2. Have you specified unambiguously and completely the range of operating conditions under which the safety requirements must be met? How do you know? Can you be certain? If not, what is your confidence level and how as it derived?
3. Do you have scientifically sound evidence that the safety-critcal design meets the safety requirements?
4. Has this evidence been examined by an independent expert and certified to be scientifically sound for this purpose?
5. Can you name the both the individual who will be personally accountable if the design later proves not to meet its safety requirements and the organisation that will be liable for any damages?
6. Has the individual signed to accept accountability? Has a Director of the organisation signed to accept liability?

Of course, there is a lot of detail conceled within these top-level questions. For example, the specification of operating conditions is likely to contain detail of required training for operators, which will also need to be shown to be adequate.

But there's probably no need to go into more detail as you will probably get at least one answer "no" to the top six questions.

What will you do then?

Regards

Martyn



--
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130827/430fdbb6/attachment-0001.html>


More information about the systemsafety mailing list