[SystemSafety] Elephants, dinosaurs and integrating the VLA model

[yorklist at philwilliams.f2s.com]

On 2023-08-03, PBL wrote:

> How do you go about engineering any system such that risks are reduced ALARP, say in the UK? 
> You follow sector-specific functional safety standards if there are some, as well as the engineering functional safety standard for E/E/PE systems, which is IEC 61508. 
> This approach is regarded by the regulator, at least in the UK, as appropriate to fulfill the ALARP requirement (although of course the courts are the final arbiters of that).

With the usual caveats that I'm not a lawyer, nor do I represent the UK HSE, Peter's summary represents a simplification of the status in the UK. The following are my own opinions (informed but not definitive)
The tests of ALARP are more nuanced.
IEC61508 was seen as relevant good practice and the minimum benchmark of relevant good practice in the UK. 
Relevant good practice is always considered reasonably practicable.
There is no legal obligation to apply 61508, but if you don't you'd be expected to show that what you did apply was at least as good as 61508.
Relevant good practice moves on, and as the latest extant version of 61506 is 13 years old, its unlikely to be seen as sufficient in its own right anymore. The ALARP test is applied by regulators at the point of inspection (which may be before or after an incident), it is applied by courts / coroners (well actually it's typically the 'so far as is reasonably practicable' test - but that's another debate) retrospectively. It is intended to be continuously assessed (quantised to periodic for practicality).
Further, there are decisions being made in 61508, particularly regarding its treatment of cyber security, which mean that 61508 Edn 3 is unlikely to be accepted as a sufficient minimum standard when it is published.

As and when standards are created that address AI and safety they may be accepted as reflecting relevant good practice - but that's not a given.

Best regards

Phil