[SystemSafety] Critical Design Checklist

Matthew Squair mattsquair at gmail.com
Tue Aug 27 11:12:20 CEST 2013 

Not so much a list but a comment that the items in such a list should
possess orthogonality, decidability, atomicity, criticality and a
rationale.

The criticality should address Martyn's 'and what then' comment.

On Tuesday, 27 August 2013, Martyn Thomas wrote:

>  On 26/08/2013 21:37, Driscoll, Kevin R wrote:
>
>  For NASA, we are creating a Critical Design Checklist:****
>
> •       *Objective*****
>
> -     *A checklist for designers to help them determine if a
> safety-critical design has met its safety requirements*****
>
>
>   Kevin
>
> For this purpose, I interpret your phrase "safety requirements" for a
> "safety-critical design" as meaning that any system that can be shown to
> implement the design correctly will meet the safety requirements for such a
> system in some required operating conditions.
>
> Here's my initial checklist:
>
> 1. Have you stated the "safety requirements" unambiguously and completely?
> How do you know? Can you be certain? If not, what is your confidence level
> and how as it derived?
> 2. Have you specified unambiguously and completely the range of operating
> conditions under which the safety requirements must be met? How do you
> know? Can you be certain? If not, what is your confidence level and how as
> it derived?
> 3. Do you have scientifically sound evidence that the safety-critcal
> design meets the safety requirements?
> 4. Has this evidence been examined by an independent expert and certified
> to be scientifically sound for this purpose?
> 5. Can you name the both the individual who will be personally accountable
> if the design later proves not to meet its safety requirements and the
> organisation that will be liable for any damages?
> 6. Has the individual signed to accept accountability? Has a Director of
> the organisation signed to accept liability?
>
> Of course, there is a lot of detail conceled within these top-level
> questions. For example, the specification of operating conditions is likely
> to contain detail of required training for operators, which will also need
> to be shown to be adequate.
>
> But there's probably no need to go into more detail as you will probably
> get at least one answer "no" to the top six questions.
>
> What will you do then?
>
> Regards
>
> Martyn
>
>
>

-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130827/c6785356/attachment.html>

More information about the systemsafety mailing list