[SystemSafety] Analyzing far behind the Intended Use

Haim Kuper h3k at 012.net.il
Wed Dec 30 17:05:58 CET 2015 

Thanks a lot.

 

System-A and System-X are the same: X is a typo.

 

kuper

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Martyn Thomas
Sent: Wednesday, December 30, 2015 12:38 PM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Analyzing far behind the Intended Use

 

Are System-A and System-X different systems?

On the general point - it is common for operators to use systems outside
their intended use. People have been killed because they balanced an
electric fire on the side of their bath, or used their powered grass-mower
to trim their hedges. Car owners modify their engine management systems to
get better performance. People even use MS Windows in safety-critical
applications, despite the EULA.

What should the manufacturer do?

Firstly, be explicit about the permitted limits of use within which the
product is warranted or certified to be safe. Secondly, be explicit about
the critical risks if the product is used outside these limits - and state
clearly that the warranty and any safety certification is invalidated by
such use. Thirdly, where a particular and dangerous misuse is foreseeable,
design the product so that it prevents or detects such misuse and fails
safely. These are common strategies that have been used by many product
manufacturers for years; computer system manufacturers can be expected to
adopt similar policies.

Martyn


On 30/12/2015 02:12, Haim Kuper wrote:

Hello everyone,

 

What is your opinion regarding the following situation:

The customer defines System-A to be used as "Advisory only". This fact
defines what we call the "Intended Use" of the system.

This  Intendent use is the basis of System-A safety analysis, resulting with
few hazards marked with CRITICAL severity.

The operator of System-X is quite clever to use the system FAR BEHIND the
Intendent use. 

If you analyze this  "Extra-usage", you find hazards typed as CATASTROPHIC
severity, and the mitigation of those hazards is quite expensive.

We do wish to protect the operator activities. However, the customer will
not pay the price of  FAR BEHIND the Intendent use mitigation.

 

How will you act under those constrains ?

 

Thanks,

Kuper

 






_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20151230/71b3e05d/attachment.html>

More information about the systemsafety mailing list