[SystemSafety] Safety Cases
Matthew Squair
mattsquair at gmail.com
Mon Feb 10 13:10:52 CET 2014
A deeper question might be, why do we think that we can easily distinguish
between a design that might 'go right' and one that will 'go wrong'?
Matthew Squair
MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com
Web: http://criticaluncertainties.com
On 10 Feb 2014, at 10:43 pm, Michael Jackson <jacksonma at acm.org> wrote:
Felix:
Yes. But surely there is a missing prior question here:
0. What constitutes going right?
How can we discuss 'going wrong' without a clear understanding of 'going
right'?
Yet in much discussion of safety this question seems to be relegated to a
tacit
background understanding.
-- Michael Jackson
At 11:19 10/02/2014, nfr wrote:
In the 1980s, 'the safety case' was defined as having the purpose of
answering three questions:
1. What could [possibly] go wrong?
2. Why won't it?
3. But what if it did?
One or two of you might propose that each of these questions could be
answered by a single sentence. But, with a bit of thought, you'll recognise
that, in order to answer the questions fully, a great deal of evidence must
be adduced, from a great deal of work - from complete and correct
specification, through thorough design, hazard ID, risk assessment, etc.,
to emergency planning.
Felix.
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140210/7ebf9946/attachment.html>
More information about the systemsafety
mailing list