[SystemSafety] Critical Design Checklist

René Senden rene.senden at gmail.com
Tue Aug 27 22:46:58 CEST 2013


Hi Kevin,

First let me briefly list some foolish assumptions regarding context I am
making concerning the checklist you address.
- we are talking about system design, which may include any conceivable
combination of software, electronics, mechanics, hydraulics, human actors,
procedures, etc.
- the preceding safety-lifecycle-activities (hazard analysis, safety
requirements, 
) have been completed or have been progressed sufficiently to
commence the design activities
- the prevailing safety requirements include functional requirements and
non-functional requirements, they also may include qualitative (e.g.
integrity/assurance levels) and quantitative objectives (e.g. max. occurence
rates)
- there is a superordinate set of system requirements (again including
functional- and non-functional requirements)
- non-functional requirements include safety, quality, maintainability,
performance, reliability, availability, 

- there may be any of the following: design constraints, operational
concept, conceptual architecture, existing designs (of any of the
constituting architectural elements, or any integrated combination thereof)
- the system boundaries and the environmental conditions are known, at least
to a sufficient degree
- there are prevailing technical standards and/or regulations which must be
complied with, incl. safety standards
- we are talking about design activities in the context of a
project/program, as such resources/time/schedule are limited
- we are talking about the development of a product/system which is not
altogether unique or unprecedented in human history, as such there may be
relevant “lessons learned” and/or heuristics, either within the companies 
that develop the product or within the “engineering community”
 
- distributed development may be applicable..which can cause a lot of
time-wasting/communication breakdowns/...  now there is a challenge if there
ever was one...
- the system design will have to be verified with respect to the various
requirements allocated to it, some example of these are listed above... 
- the system design and/or subsequent detailed designs will have to be
validated, identifying what it is exactly that must be validated is often
not straightforward...
- without a firm grip on the failure models/mechanisms at play we are more
or less stumbling in the dark.. so if that is not sufficiently clear then it
is probably 

One can extend the list above as appropriate, I find that quite a few items
for the checklist can be derived easier that way, compared to starting with
a blank sheet of paper that is..I am not going to list such list
here..except one item..
One of the properties any safety-related system design should have is that
it enables the satisfaction of the safety requirements, I select this one
because, surprisingly, this does not always seem to be on the agenda during 
evaluation of preliminary designs where lots of decisions are made which are
notoriously difficult (impossible) to change later


Although checklists can be very helpful, we also should be aware of
inappropriate use thereof, checklists should not prevent us from critical &
creative thinking ("checking out our brains at the door").. It is an
aid..not much more..
I also think that there may very well be common elements that many design
checklists may share, but there must be some way to address specific aspects
of the system or project at hand in a checklist... a specific checklist if
you will..

So..what do you consider to be design? 

Greetings,
Rene






From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Driscoll, Kevin R
Sent: maandag 26 augustus 2013 22:38
To: systemsafety at techfak.uni-bielefeld.de
Subject: [SystemSafety] Critical Design Checklist

For NASA, we are creating a Critical Design Checklist:
• Objective
- A checklist for designers to help them determine if a safety-critical
design has met its safety requirements
- Not a “Have you done ...” checklist
* Too easy to just check “yes” without doing sufficient work
* Instead, “What have you done ...”
* Prove what you have done is sufficient
• We are looking for inputs to include in this checklist
• Do you have any inputs that should be included? 
- Meta-question:  “If you were asked to participate in a design review of a
safety-critical design, what questions would you ask?”  (Particularly,
general questions you would have before seeing the details of a design.)
- Inverse meta-question:  “If you were presenting a design, what questions
would you dread being asked?”  :-}
* Where are the bodies buried?

We are finishing the Checklist by next week and would like to include any
good questions you may have that we have overlooked.   Realizing this is an
imposition on your time, I am hoping some of you would be so kind as to
spend just a few minutes to send questions or even question fragments.

--
P.S.
I am also looking for unusual failure scenarios to add to my collection,
like those I’ve described in my series of “Murphy was an Optimist”
presentations (e.g.
http://www.rvs.uni-bielefeld.de/publications/DriscollMurphyv19.pdf).




More information about the systemsafety mailing list