[SystemSafety] Safety Cases

Tracy White tracyinoz at mac.com
Tue Feb 11 01:59:06 CET 2014 

Felix
 
I agree in the broad sense, but ‘unsafeness’ doesn’t come purely from ‘hazards’. Unsafeness also comes from poor or substandard engineering, but I would not wish to see a ream of hazard associated with deficient engineering solutions. I have been on a project where somebody wanted a hazard log entry for ‘using the wrong steel’ and ‘using the wrong colour paint’ but listing these types of ‘engineering’ failures as ‘hazards’ would be impractically and frankly ludicrously open ended.
 
This is why I believe it is more sensible and ‘complete’ to talk in terms of ‘systems and safety assurance’ which would extent the argument to, in addition to the explicit safety (hazard) issues, talk about the ‘good system engineering’ process and activities including appropriate competency, oversight and approvals/authorities etc. So ‘wrong’ in this sense derives from both ‘hazards’ (the safety program) and deficient engineering processes (the engineering program).
 
Tracy



> On 11 Feb 2014, at 10:09, nfr <felix.redmill at newcastle.ac.uk> wrote:
> 
> Michael,
> 
> In addressing safety, "wrong" equals "unsafe". And to determine what might be, or might become, unsafe, we need to identify the hazards.
> 
> What is right, in that context, is what is deemed not to be unsafe.
> 
> Felix.
> 
> 
>> On 10 Feb 2014, at 11:43, Michael Jackson wrote:
>> 
>> Felix:
>> 
>> Yes. But surely there is a missing prior question here:
>> 
>> 0. What constitutes going right?
>> 
>> How can we discuss 'going wrong' without a clear understanding of 'going right'?
>> Yet in much discussion of safety this question seems to be relegated to a tacit
>> background understanding.
>> 
>> -- Michael Jackson
>> 
>> 
>> At 11:19 10/02/2014, nfr wrote:
>> 
>>> In the 1980s, 'the safety case' was defined as having the purpose of answering three questions:
>>> 
>>> 1. What could [possibly] go wrong?
>>> 
>>> 2. Why won't it?
>>> 
>>> 3. But what if it did?
>>> 
>>> One or two of you might propose that each of these questions could be answered by a single sentence. But, with a bit of thought, you'll recognise that, in order to answer the questions fully, a great deal of evidence must be adduced, from a great deal of work - from complete and correct specification, through thorough design, hazard ID, risk assessment, etc., to emergency planning.
>>> 
>>> Felix.
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety at TechFak.Uni-Bielefeld.DE
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE

More information about the systemsafety mailing list