[SystemSafety] WG: words you cannot use at GM

Thu May 22 14:31:38 CEST 2014

I think saying that "acceptably safe" is safe is a ridiculous definition.
As I remember, it came from the nuclear community because people were
afraid of nuclear power and for public relations reasons (they didn't want
to say that nothing is 100% safe) they redefined safety differently than
the dictionary and most everyone uses the term. Acceptable to whom? What is
acceptable to me may not be acceptable to you, particularly if you are the
one at risk and I am not.

One cannot do engineering with terminology and properties that are
undefined or defined differently by everyone on the Earth. We do not say
something is secure if it is "acceptably secure" or it is "reliable" if it
is "acceptably reliable." If it is such a great way to define system
properties, why don't we do it for other properties?

If car companies or anyone else claims that their cars are safe (and
implicitly define that to mean "acceptably safe") and they therefore don't
have to do anything about safety, where they get to define what is
"acceptably safe," then they are simply lying to the public.

On Thu, May 22, 2014 at 8:10 AM, Rolle, Ingo <ingo.rolle at vde.com> wrote:

>
>
>
>
> *Von:* Rolle, Ingo
> *Gesendet:* Mittwoch, 21. Mai 2014 13:41
> *An:* 'systemsafety-bounces at lists.techfak.uni-bielefeld.de'
> *Cc:* 'Andrew Rae'
> *Betreff:* AW: [SystemSafety] words you cannot use at GM
>
>
>
> Hello,
>
>
>
> I think, in this respect IEC terminology could assist us
>
>
>
> ISO/IEC guide 51:1999 defines safety as “freedom from unacceptable risk”.
> That is something else than freedom from risk at all. This definition is
> repeated in IEC 61508-4, the terminology part of IEC 61508 series
>
>
>
> It is further explained in said guide: “There can be no absolute safety:
> some risk will remain”
>
>
>
> So you may say “safety according to IEC” if still a residual risk is
> present
>
>
>
> Perhaps that could also help GM
>
>
>
> Ingo Rolle
>
>
>
> *Von:* systemsafety-bounces at lists.techfak.uni-bielefeld.de [
> mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de<systemsafety-bounces at lists.techfak.uni-bielefeld.de>]
> *Im Auftrag von *Andrew Rae
> *Gesendet:* Mittwoch, 21. Mai 2014 11:52
> *An:* Bielefield Safety List
> *Betreff:* Re: [SystemSafety] words you cannot use at GM
>
>
>
> This isn't just a USA thing. Customers and companies do it to themselves
> all the time.
>
> Simple example: Insisting that every hazard must be marked "closed" before
> a contract can be completed. "Closed" never actually means closed, just
>
> that the next action to be taken on the hazard is beyond the
> scope/timeframe of the currently contracted task. Of course, after
> insisting that the word is used, the document then gets passed to someone
> who speaks English instead of hazard log legalese, and and thinks that
> nothing further has to be done.
>
> The best thing you can do in all these cases is "If the customer/lawyer
> insists that you use silly wording, do what they pay you to do. Just don't
> ever lie to you yourself about what the underlying reality is." If you're
> in the US and you can't use the term "acceptably safe", then every time you
> say safe you need to do an internal translation "and by safe I mean that I
> know that there is remaining risk, but I have considered that it is
> acceptable".
>
> No suggestions how you deal with that pesky ethical requirement to
> accurately communicate information about risk.
>
>
>   My system safety podcast: http://disastercast.co.uk
> My phone number: +44 (0) 7783 446 814
> University of York disclaimer:
> http://www.york.ac.uk/docs/disclaimer/email.htm
>
>
>
> On 21 May 2014 10:23, Dewi Daniels <ddaniels at verocel.com> wrote:
>
> I thought it was infinitely recursive. One slide states that, instead of
> Safety, use Has Potential Safety Implications. That suggests:
>
>
>
> Safety -> Has Potential Safety Implications -> Has Potential Has Potential
> Safety Implications Implications -> Has Potential Has Potential Has
> Potential Safety Implications Implications Implications -> Has Potential
> Has Potential Has Potential Has Potential Safety Implications Implications
> Implications Implications -> ad infinitum
>
>
>
> Yours,
>
>
>
> Dewi Daniels | Managing Director | Verocel Limited
>
> Direct Dial +44 1225 718912 | Mobile +44 7968 837742 | Email
> ddaniels at verocel.com
>
>
>
> Verocel Limited is a company registered in England and Wales. Company
> number: 7407595. Registered office: Grangeside Business Support Centre, 129
> Devizes Road, Hilperton, Trowbridge, United Kingdom BA14 7SZ
>
>
>
> *From:* systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:
> systemsafety-bounces at lists.techfak.uni-bielefeld.de] *On Behalf Of *Chris
> Hills
> *Sent:* 21 May 2014 10:16
> *To:* 'Bielefield Safety List'
> *Subject:* Re: [SystemSafety] words you cannot use at GM
>
>
>
> RE ‘has potential safety implications’
>
>
>
> You can’t use “safety”
>
>
>
> So ‘has potential implications’…..
>
>
>
> Sorry not had my coffee yet J
>
>
>
>
>
>
>
> *From:* systemsafety-bounces at lists.techfak.uni-bielefeld.de [
> mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de<systemsafety-bounces at lists.techfak.uni-bielefeld.de>]
> *On Behalf Of *Maier, Thomas
> *Sent:* 21 May 2014 09:55
> *To:* nfr; Bielefield Safety List
> *Subject:* Re: [SystemSafety] words you cannot use at GM
>
>
>
> Reference to the GM-list only was made. Don’t know the paper you are
> referring to, in particular how the term “safety” was employed by it.
>
> GM provides the following guidance, or whatever you want to call it:
> “instead of ‘safety’, use ‘has potential safety implications”. So, is
> “safety” forbidden or not?
>
>
>
> Med venlig hilsen / Best regards / Mit freundlichen Grüßen
>
>
>
> Thomas Maier
>
> E: Thomas.Maier at ul.com
>
> T: +45 42 13 74 52
>
>
>
> *Fra:* systemsafety-bounces at lists.techfak.uni-bielefeld.de [
> mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de<systemsafety-bounces at lists.techfak.uni-bielefeld.de>]
> *På vegne af *nfr
> *Sendt:* 21. maj 2014 10:38
> *Til:* Bielefield Safety List
> *Emne:* Re: [SystemSafety] words you cannot use at GM
>
>
>
> "Safety" is not forbidden?
>
>
>
> Some years ago, when I edited papers for the annual System Safety
> Symposium (in England), I received a call, rather close to the delivery
> deadline, from an author in a US-based automotive company.
>
> "We've got a problem," he said. "The company reviewers have told me that I
> have to remove every mention of the word 'safety'. What can we do?"
>
> I suggested replacing "safety" with "risk" and adjusting the wording
> accordingly.
>
> "I've tried that," he replied, "but I'm not allowed to use the word 'risk'
> either."
>
> It was too late for me to commission a replacement paper, and our
> "solution" was to employ the word "reliability", which was not what the
> paper was about.
>
>
>
> Felix.
>
>
>
>
>
> On 21 May 2014, at 09:14, Maier, Thomas wrote:
>
>
>
> A correction regarding IEC 615011:
>
> That minimum failure rate per IEC 61511 is specified in Part 1 clause
> 8.2.2: “The dangerous failure rate of a BPCS (which does not conform to IEC
> 61511) that places a demand on a protection layer shall not be assumed to
> be better than *10-5 per hour*.”
>
>
>
> A question regarding legal damages by non-zero risk statements:
>
> The US National Electrical Code for machinery (standard NFPA 79)
> normatively requires: “Where failures or disturbances in the electrical
> equipment cause a hazardous condition or damage to the machine or the work
> in progress, measures shall be taken to *minimize the probability of the
> occurrence* of such failures or disturbances.” It informatively refers to
> IEC 61508, IEC 62061, ISO 13849 in this context, i.e. to standards which
> are based on probabilistic quantification of risk.
>
> How much legal protection do you actually get as a manufacturer in a
> liability law suit under US jurisdiction by showing compliance to NFPA 79?
>
> And in the automotive domain: How about ISO 26262, which also allows
> quantitative arguments in the safety case for programmable electronic
> controls on board road vehicles, and which has been written and is
> supported by the global automotive industry as state-of-science-and-art?
>
>
>
> A comment regarding the qualification as “Orwellian” of the 69 words (by
> the way I was only aware of the “Milwaukee 7” so far, should these be
> called the “Detroit 69”? …J):
>
> Even though the list looks a bit funny to me, I think this is the kind of
> language regulation you generally want for technical / scientific writing.
> I cannot see any corporate agenda of truth-hiding or any other evil
> intention behind. And please note also that the word “safety” is not
> forbidden. Guidance is provided, very much in line how “safety” is used in
> functional safety standards.
>
>
>
> Med venlig hilsen / Best regards / Mit freundlichen Grüßen
>
>
>
> Thomas Maier
>
> E: Thomas.Maier at ul.com
>
> T: +45 42 13 74 52
>
>
>
> *Fra:* systemsafety-bounces at lists.techfak.uni-bielefeld.de
> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] *På vegne af
> * Peter Bernard Ladkin
> *Sendt:* 21. maj 2014 09:20
> *Til:* systemsafety at lists.techfak.uni-bielefeld.de
> *Emne:* Re: [SystemSafety] words you cannot use at GM
>
>
>
> This would seem to be one of the disadvantages of not taking IEC/ISO
> standards seriously. In European arbitration, the claim "the applicable
> international standard says...." is mostly taken very seriously by the
> arbitrators, I understand.
>
>
>
> Not that the standards are perfect, or even wonderful..... :-) But they do
> tend to say " there is no such thing as zero risk". Indeed, in IEC 61511
> you're only "allowed" to assume that an otherwise-unqualified process
> control system has a failure rate of 1 in 10 ophours or worse.
>
>
>
> PBL
>
>
> Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
>
>
> On 21 May 2014, at 00:02, Eric Scharpf <EScharpf at exida.com> wrote:
>
> Unfortunately this is not surprising. I have dealt with other US companies
> which have indicated that any statement acknowledging a non-zero risk from
> their equipment invites legal damages in potential product liability
> lawsuits.
>
>
> This e-mail may contain privileged or confidential information. If you are
> not the intended recipient: (1) you may not disclose, use, distribute, copy
> or rely upon this message or attachment(s); and (2) please notify the
> sender by reply e-mail, and then delete this message and its attachment(s).
> Underwriters Laboratories Inc. and its affiliates disclaim all liability
> for any errors, omissions, corruption or virus in this message or any
> attachments.
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>
>
>
> This e-mail may contain privileged or confidential information. If you are
> not the intended recipient: (1) you may not disclose, use, distribute, copy
> or rely upon this message or attachment(s); and (2) please notify the
> sender by reply e-mail, and then delete this message and its attachment(s).
> Underwriters Laboratories Inc. and its affiliates disclaim all liability
> for any errors, omissions, corruption or virus in this message or any
> attachments.
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>

-- 
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson at mit.edu
URL: http://sunnyday.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140522/a271425c/attachment-0001.html>