DOCSLIB.ORG

System Safety Engineering: Back to the Future

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
System Safety Engineering: Back to the Future System Safety Engineering: Back To The Future Nancy G. Leveson Aeronautics and Astronautics Massachusetts Institute of Technology c Copyright by the author June 2002. All rights reserved. Copying without fee is permitted provided that the copies are not made or distributed for direct commercial advantage and provided that credit to the source is given. Abstracting with credit is permitted. i We pretend that technology, our technology, is something of a life force, a will, and a thrust of its own, on which we can blame all, with which we can explain all, and in the end by means of which we can excuse ourselves. — T. Cuyler Young ManinNature DEDICATION: To all the great engineers who taught me system safety engineering, particularly Grady Lee who believed in me, and to C.O. Miller who started us all down this path. Also to Jens Rasmussen, whose pioneering work in Europe on applying systems thinking to engineering for safety, in parallel with the system safety movement in the United States, started a revolution. ACKNOWLEDGEMENT: The research that resulted in this book was partially supported by research grants from the NSF ITR program, the NASA Ames Design For Safety (Engineering for Complex Systems) program, the NASA Human-Centered Computing, and the NASA Langley System Archi- tecture Program (Dave Eckhart). program. Preface I began my adventure in system safety after completing graduate studies in computer science and joining the faculty of a computer science department. In the first week at my new job, I received a call from Marion Moon, a system safety engineer at what was then Ground Systems Division of Hughes Aircraft Company. Apparently he had been passed between several faculty members, and I was his last hope. He told me about a new problem they were struggling with on a torpedo project, something he called software safety. I told him I didn’t know anything about it, that I worked in a completely unrelated field, but I was willing to look into it. That began what has been a twenty-two year search for a solution to his problem. It became clear rather quickly that the problem lay in system engineering. After attempting to solve it from within the computer science community, in 1998 I decided I could make more progress by moving to an aerospace engineering department, where the struggle with safety and complexity had been ongoing for a long time. I also joined what is called at MIT the Engineering Systems Division (ESD). The interactions with my colleagues in ESD encouraged me to consider engineering systems in the large, beyond simply the technical aspects of systems, and to examine the underlying foundations of the approaches we were taking. I wanted to determine if the difficulties we were having in system safety stemmed from fundamental inconsistencies between the techniques engineers were using and the new types of systems on which they were being used. I began by exploring ideas in systems theory and accident models. Accident models form the underlying foundation for both the engineering techniques used to prevent accidents and the techniques used to assess the risk associated with using the systems we build. They explain why accidents occur, that is, the mechanisms that drive the processes leading to unacceptable losses, and they determine the approaches we take to prevent them. Most of the accident models underlying engineering today stem from the days before computers, when engineers were building much simpler systems. Engineering techniques built on these models, such as Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA), have been around for over 40 years with few changes while, at the same time, engineering has been undergoing a technological revolution. New technology is making fundamental changes in the etiology of accidents, requiring changes in the explanatory mechanisms used to understand them and in the engineering techniques applied to prevent them. For twenty years I watched engineers in industry struggling to apply the old techniques to new software-intensive systems—expending much energy and having little success—and I decided to search for something new. This book describes the results of that search and the new model of accidents and approaches to system safety engineering that resulted. i ii My first step was to evaluate classic chain-of-events models using recent aerospace accidents. Because too many important systemic factors did not fit into a traditional framework, I experi- mented with adding hierarchical levels above the basic events. Although the hierarchies helped alleviate some of the limitations, they were still unsatisfactory [67]. I concluded that we needed ways to achieve a more complete and less subjective understanding of why particular accidents occurred and how to prevent future ones. The new models also had to account for the changes in the accident mechanisms we are starting to experience in software-intensive and other high-tech systems. I decided that these goals could be achieved by building on the systems approach that was being applied by Jens Rasmussen and his followers in the field of human–computer interaction. The ideas behind my new accident model are not new, only the way they are applied. They stem from basic concepts of systems theory, the theoretical underpinning of systems engineering as it developed after World War II. The approach to safety contained in this book is firmly rooted in systems engineering ideas and approaches. It also underscores and justifies the unique approach to engineering for safety, called System Safety, pioneered in the 1950s by aerospace engineers like C.O. Miller, Jerome Lederer, Willie Hammer, and many others to cope with the increased level of complexity in aerospace systems, particularly in military aircraft and intercontinental ballistic missile systems. Because my last book took seven years to write and I wanted to make changes and updates starting soon after publication, I have decided to take a different approach. Instead of waiting five years for this book to appear, I am going to take advantage of new technology to create a “living book.” The first chapters will be available for download from the web as soon as they are completed, and I will continue to update them as we learn more. Chapters on new techniques and approaches to engineering for safety based on the new accident model will be added as we formulate and evaluate them on real systems. Those who request it will be notified when updates are made. In order to make this approach to publication feasible, I will retain the copyright instead of assigning it to a publisher. For those who prefer or need a bound version, they will be available. My first book, Safeware, forms the basis for understanding much of what is contained in this present book and provides a broader overview of the general topics in system safety engineering. The reader who is new to system safety or has limited experience in practicing it on complex systems is encouraged to read Safeware before they try to understand the approaches in this book. To avoid redundancy, basic information in Safeware will in general not be repeated, and thus Safeware acts as a reference for the material here. To make this book coherent in itself, however, there is some repetition, particularly on topics for which my understanding has advanced since writing Safeware. Currently this book contains: • Background material on traditional accident models, their limitations, and the goals for a new model; • The fundamental ideas in system theory upon which the new model (as well as system engi- neering and system safety in particular) are based; • A description of the model; • An evaluation and demonstration of the model through its application to the analysis of some recent complex system accidents. Future chapters are planned to describe novel approaches to hazard analysis, accident prevention, risk assessment, and performance monitoring, but these ideas are not yet developed adequately to justify wide dissemination. Large and realistic examples are included so the reader can see how iii this approach to system safety can be applied to real systems. Example specifications and analyses that are too big to include will be available for viewing and download from the web. Because the majority of users of Safeware have been engineers working on real projects, class exercises and other teaching aids are not included. I will develop such teaching aids for my own classes, however, and they, as well as a future self-instruction guide for learning this approach to system safety, will be available as they are completed. Course materials will be available un- der the new MIT Open Courseware program to make such materials freely available on the web (http://ocw.mit.edu). iv Contents I Foundations 1 1 Why Do We Need a New Model? 3 2 Limitations ofTraditional Accident Models 7 2.1UnderstandingAccidentsusingEventChains...................... 7 2.1.1 SelectingEvents.................................. 9 2.1.2 SelectingConditions................................ 12 2.1.3 SelectingCountermeasures............................ 13 2.1.4 Assessing Risk ................................... 14 2.2InterpretingEventsandConditionsasCauses...................... 17 3 Extensions Needed to Traditional Models 25 3.1SocialandOrganizationalFactors............................. 25 3.2SystemAccidents...................................... 30 3.3HumanErrorandDecisionMaking............................ 32 3.4SoftwareError....................................... 36 3.5Adaptation........................................
Load more

Recommended publications
  • Hearing Loss Prevention and a Survey of Firefighters
    Update 2017 Vol. 29, Issue 1 The Council for Accreditation in Occupational Hearing Conservation Hearing Loss Prevention and a Survey of Firefighters Submitted by: Natalie Rothbauer, Illinois State University According to the Occupational and Safety Administration (OSHA), Candidates with the following medical conditions shall not be certified as approximately 30 million people are exposed to hazardous noise annually, meeting the medical requirements of this standard: (1) Chronic vertigo which places them at risk for auditory injuries such as noise-induced or impaired balance as demonstrated by the inability to tandem gait hearing loss (NIHL) and tinnitus. Noise-induced hearing loss can be walk. (2) On audiometric testing, average hearing loss in the unaided costly to workers as it can interfere with their daily tasks. It may make it better ear greater than 40 decibels (dB) at 500 Hz, 1000 Hz, and 2000 impossible to hear important warning signals and other important sounds, Hz when the audiometric device is calibrated to ANSI Z24.5. (3) Any possibly resulting in a worker being relieved from duty. Firefighting is ear condition (or hearing impairment) that results in a person not being considered a hearing critical profession because warning signal audibility able to safely perform essential job tasks. - NFPA Standard 1582 (pp. 11) could be the difference between life and death (Hong et al, 2013). Knowledge A literature review did not reveal a consistent sound exposure profile for Survey data indicated that many firefighters were knowledgeable of some career firefighters due to the variable noises and length of work shift. Some of the aspects of hearing loss and approaches to prevention.
    [Show full text]
  • Digital Dialectics: the Paradox of Cinema in a Studio Without Walls', Historical Journal of Film, Radio and Television , Vol
    Scott McQuire, ‘Digital dialectics: the paradox of cinema in a studio without walls', Historical Journal of Film, Radio and Television , vol. 19, no. 3 (1999), pp. 379 – 397. This is an electronic, pre-publication version of an article published in Historical Journal of Film, Radio and Television. Historical Journal of Film, Radio and Television is available online at http://www.informaworld.com/smpp/title~content=g713423963~db=all. Digital dialectics: the paradox of cinema in a studio without walls Scott McQuire There’s a scene in Forrest Gump (Robert Zemeckis, Paramount Pictures; USA, 1994) which encapsulates the novel potential of the digital threshold. The scene itself is nothing spectacular. It involves neither exploding spaceships, marauding dinosaurs, nor even the apocalyptic destruction of a postmodern cityscape. Rather, it depends entirely on what has been made invisible within the image. The scene, in which actor Gary Sinise is shown in hospital after having his legs blown off in battle, is noteworthy partly because of the way that director Robert Zemeckis handles it. Sinise has been clearly established as a full-bodied character in earlier scenes. When we first see him in hospital, he is seated on a bed with the stumps of his legs resting at its edge. The assumption made by most spectators, whether consciously or unconsciously, is that the shot is tricked up; that Sinise’s legs are hidden beneath the bed, concealed by a hole cut through the mattress. This would follow a long line of film practice in faking amputations, inaugurated by the famous stop-motion beheading in the Edison Company’s Death of Mary Queen of Scots (aka The Execution of Mary Stuart, Thomas A.
    [Show full text]
  • White Paper on Approaches to Safety Engineering∗
    White Paper on Approaches to Safety Engineering∗ Nancy Leveson April 23, 2003 A life without adventure is likely to be unsatisfying, but a life in which adventure is allowed to take whatever form it will, is likely to be short. — Bertrand Russell This white paper lays out some foundational information about different approaches to safety: how various industries differ in their approaches to safety engineering, and a comparison of three general approaches to safety (system safety, industrial safety engineering, and reliability engineer- ing).An attempt is made to lay out the properties of industries and systems that make one approach more appropriate than another. How do industries differ in their approaches to safety engineering? While the concern about industrial safety dates back to at least the turn of the century (and before in some countries and industries) and individual efforts to design safe products and systems also goes back in time, rigorous and defined approaches to safety engineering mostly arose after World War II, when the AEC (and later the NRC) were engaged in a public debate about the safety of nuclear power; civil aviation was trying to convince a skeptical public to fly; the chemical indus- try was coping with larger plants, increasingly lethal chemicals, and heightened societal concern about pollution; and the DoD was developing ballistic missile systems and increasingly dangerous weapons.Each of these parallel efforts resulted in very different engineering approaches, mostly because the problems they needed to solve were different. Commercial Aircraft The [FAA] administrator was interviewed for a documentary film on the [Paris DC-10] accident.
    [Show full text]
  • Manuscript Instructions/Template
    INCOSE Working Group Addresses System and Software Interfaces Sarah Sheard, Ph.D. Rita Creel CMU Software Engineering Institute CMU Software Engineering Institute (412) 268-7612 (703) 247-1378 [email protected] [email protected] John Cadigan Joseph Marvin Prime Solutions Group, Inc. Prime Solutions Group, Inc. (623) 853-0829 (623) 853-0829 [email protected] [email protected] Leung Chim Michael E. Pafford Defence Science & Technology Group Johns Hopkins University +61 (0) 8 7389 7908 (301) 935-5280 [email protected] [email protected] Copyright © 2018 by the authors. Published and used by INCOSE with permission. Abstract. In the 21st century, when any sophisticated system has significant software content, it is increasingly critical to articulate and improve the interface between systems engineering and software engineering, i.e., the relationships between systems and software engineering technical and management processes, products, tools, and outcomes. Although systems engineers and software engineers perform similar activities and use similar processes, their primary responsibilities and concerns differ. Systems engineers focus on the global aspects of a system. Their responsibilities span the lifecycle and involve ensuring the various elements of a system—e.g., hardware, software, firmware, engineering environments, and operational environments—work together to deliver capability. Software engineers also have responsibilities that span the lifecycle, but their focus is on activities to ensure the software satisfies software-relevant system requirements and constraints. Software engineers must maintain sufficient knowledge of the non-software elements of the systems that will execute their software, as well as the systems their software must interface with.
    [Show full text]
  • Infrastructure (Resilience-Oriented) Modelling Language: I®ML
    Infrastructure (Resilience-oriented) Modelling Language: I®ML A proposal for modelling infrastructures and their interconnections Andrés Silva, Roberto Filippini EUR 24727 EN - 2011 The mission of the JRC-IPSC is to provide research results and to support EU policy-makers in their effort towards global security and towards protection of European citizens from accidents, deliberate attacks, fraud and illegal actions against EU policies. European Commission Joint Research Centre Institute for the Protection and Security of the Citizen Contact information Address: TP 210, EC JRC Ispra, Ispra (Va) Italy E-mail: [email protected] Tel.: +39 0332 789936 Fax: http://ipsc.jrc.ec.europa.eu/ http://www.jrc.ec.europa.eu/ Legal Notice Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use which might be made of this publication. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) Certain mobile telephone operators do not allow access to 00 800 numbers or these calls may be billed. A great deal of additional information on the European Union is available on the Internet. It can be accessed through the Europa server http://europa.eu/ JRC 63302 EUR 24727 EN ISBN 978-92-79-19324-8 ISSN 1018-5593 doi:10.2788/54708 Luxembourg: Publications Office of the European Union © European Union, 2011 Reproduction is authorised provided the source is acknowledged Printed in Italy Infrastructure (Resilience-oriented) Modelling Language: I®ML A proposal for modelling infrastructures and their connections Andrés Silva1 Roberto Filippini Universidad Politécnica de Madrid JRC of the European Commission Abstract The modelling of critical infrastructures (CIs) is an important issue that needs to be properly addressed, for several reasons.
    [Show full text]
  • Imagining a Multiracial Future Author(S): Leilani Nishime Source: Cinema Journal, Vol
    Society for Cinema & Media Studies The Mulatto Cyborg: Imagining a Multiracial Future Author(s): LeiLani Nishime Source: Cinema Journal, Vol. 44, No. 2 (Winter, 2005), pp. 34-49 Published by: University of Texas Press on behalf of the Society for Cinema & Media Studies Stable URL: http://www.jstor.org/stable/3661093 Accessed: 18-09-2016 02:53 UTC REFERENCES Linked references are available on JSTOR for this article: http://www.jstor.org/stable/3661093?seq=1&cid=pdf-reference#references_tab_contents You may need to log in to JSTOR to access the linked references. JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship. For more information about JSTOR, please contact [email protected]. Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at http://about.jstor.org/terms Society for Cinema & Media Studies, University of Texas Press are collaborating with JSTOR to digitize, preserve and extend access to Cinema Journal This content downloaded from 128.210.126.199 on Sun, 18 Sep 2016 02:53:57 UTC All use subject to http://about.jstor.org/terms The Mulatto Cyborg: Imagining a Multiracial Future by LeiLani Nishime Abstract: Applying the literature of passing to cyborg cinema makes visible the politics of cyborg representations and illuminates contemporary conceptions of mixed-race subjectivity and interpolations of mixed-race bodies. The passing nar- rative also reveals the constitutive role of melancholy and nostalgia both in creat- ing cyborg cinema and in undermining its subversive potential.
    [Show full text]
  • Back to the Future: the Implications of Service and Problem-Based Learning in the Language, Literacy, and Cultural Acquisition of ESOL Students in the 21St Century
    The Reading Matrix: An International Online Journal Volume 18, Number 2, September 2018 Back to the future: The implications of service and problem-based learning in the language, literacy, and cultural acquisition of ESOL students in the 21st century Margaret Aker Concordia University, Chicago Luis Javier Pentón Herrera University of Maryland, Baltimore County (UMBC) Lynn Daniel Concordia University, Chicago ABSTRACT Research has identified the essential proficiencies students should possess to be successful, but they are often not incorporated in the ESOL classroom. As a result, many teachers lack access to adequate instructional strategies to guide ELs to academic success. We argue in this article that, to provide a strong foundation and a bright future for ESOL students, problem-based learning and service-learning (PBSL) should be combined to activate the skills identified by the Partnership for 21st Century Skills (2011). For this, we reflect on the 21st century skills and the implications for teaching today’s students—the Millennials and GenZs—keeping in mind the professionals they will become tomorrow. Reflecting a student-centered approach, we incorporate practice into the research process by illustrating a successful integration of PBSL into an ESOL learning environment in higher education and then highlight additional curricular opportunities for synthesizing PBSL at the elementary, middle, and high school levels. INTRODUCTION “Education is for improving the lives of others and for leaving your community and world better than you found it” (Edelman, 1993, pp. 9-10). Inspired by a call for research in the Teaching English to Speakers of Other Languages (TESOL) field (Wurr, 2013), we seek to contribute by proposing a model that guides the larger discourse on service-learning, civic engagement, and language learning for minority students.
    [Show full text]
  • 'The Coolest Way to Watch Movie Trailers in the World': Trailers in the Digital Age Keith M. Johnston
    1 This is an Author's Accepted Manuscript of an article published in Convergence: The International Journal of Research into New Media Technologies 14, 2 (2008): 145- 60, (c) Sage Publications Available online at: http://con.sagepub.com/content/14/2/145.full.pdf+html DOI: 10.1177/1354856507087946 ‘The Coolest Way to Watch Movie Trailers in the World’: Trailers in the Digital Age Keith M. Johnston Abstract At a time of uncertainty over film and television texts being transferred online and onto portable media players, this article examines one of the few visual texts that exists comfortably on multiple screen technologies: the trailer. Adopted as an early cross-media text, the trailer now sits across cinema, television, home video, the Internet, games consoles, mobile phones and iPods. Exploring the aesthetic and structural changes the trailer has undergone in its journey from the cinema to the iPod screen, the article focuses on the new mobility of these trailers, the shrinking screen size, and how audience participation with these texts has influenced both trailer production and distribution techniques. Exploring these texts, and their technological display, reveals how modern distribution techniques have created a shifting and interactive relationship between film studio and audience. Key words: trailer, technology, Internet, iPod, videophone, aesthetics, film promotion 2 In the current atmosphere of uncertainty over how film and television programmes are made available both online and to mobile media players, this article will focus on a visual text that regularly moves between the multiple screens of cinema, television, computer and mobile phone: the film trailer. A unique text that has often been overlooked in studies of film and media, trailer analysis reveals new approaches to traditional concerns such as stardom, genre and narrative, and engages in more recent debates on interactivity and textual mobility.
    [Show full text]
  • IS2018 Book of Abstract
    th Annual INCOSE 28 international symposium Washington, DC, USA July 7 - 12, 2018 Delivering Systems in the Age of Globalization Status as of May 15 th , 2018 Book of Abstract Table of contents keynotes ............................................................................................................................................................................... p. 7 keynotes#Keynote#2: The Big Shift: Innovation and Systems Engineering ................................................................ p. 7 Papers .................................................................................................................................................................................. p. 8 Papers#107: A Framework for Concept and its Testing on Patents ............................................................................ p. 8 Papers#75: A Framework for Testability Analysis from System Architecture Perspective .......................................... p. 9 Papers#128: A Framework for Understanding Systems Principles and Methods .......................................................p. 10 Papers#31: A fresh look at Systems Engineering - what is it, how should it work? .....................................................p. 11 Papers#35: A Hybrid Liver-Candidate Transportation System to Improve Accessibility and Extend Organ Life in L ..p. 12 Papers#55: A Novel “Resilience Viewpoint” to aid in Engineering Resilience in Systems of Systems (SoS) .............p. 13 Papers#97: A successful use of systems approaches in
    [Show full text]
  • Process Safety for the 21St Century and Beyond This Initiative
    Process Safety for the 21st Century and Beyond 1 Introduction Process safety has been practiced as a field of research and 1.1 Who was involved in this project? safety management in the oil and chemical industries since the 1960s. Over this period there have been many tragic incidents, This project was led by a steering committee convened to bring which have resulted in fatalities as well as asset, environmental, in academic, industrial, regulatory, and societal perspectives and reputational damage. While standards have improved from around the world and across stakeholders. Trish Kerin, the since then and much work has been done, particularly in director of the IChemE Safety Centre and Dr M Sam Mannan, inherently safer design and management systems, catastrophic the executive director of Mary Kay O’Connor Process Safety incidents are still happening and will continue to do so until Center were the co-chairs of the steering committee. The team we tackle them head on. It appears as if we are not learning members are listed below, and biographical details can be lessons from the past, because the causes of failures for found in Appendix A. current incidents are the same as past incidents, albeit in Team members different environments. We must learn from these incidents. As an industry, our inability to learn from past incidents and ■■ Dr Paul Amyotte demonstrate that process safety is improving has led to this ■■ Dr Ian Cameron project, Process Safety in the 21st Century and Beyond. The aim of this project is to envision better process safety by ■■ Dr Mike Considine outlining efforts that each stakeholder can take.
    [Show full text]
  • Control of Hazardous Energy by Lock-Out and Tag-Out
    Control of Hazardous Energy By Lock-out and Tag-out Why Lock-Out and Tag-Out? Basics of Lock-Out and Tag-Out Learning From Case Histories What Industry Process Safety Leaders Say Additional Reading February 23, 2005 This Safety Alert can also be found on the CCPS Web site at http://www.aiche.org/ccps/safetyalert Copyright 2005 American Institute of Chemical Engineers Engineers Chemical of Institute Copyright 2005 American CCPS Safety Alert, February 23, 2005 The Center for Chemical Process Safety was established by the American Institute of Chemical Engineers in 1985 to focus on the engineering and management practices to prevent and mitigate major incidents involving the release of hazardous chemicals and hydrocarbons. CCPS is active worldwide through its comprehensive publishing program, annual technical conference, research, and instructional material for undergraduate engineering education. For more information about CCPS, please call 212-591-7319, e-mail [email protected], or visit www.aiche.org/ccps Copyright 2005 American Institute of Chemical Engineers 3 Park Avenue New York, New York 10016 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise without the prior permission of the copyright owner. It is sincerely hoped that the information presented in this document will lead to an even more impressive record for the entire industry; however, the American Institute of Chemical Engineers, its consultants, CCPS Subcommittee members, their employers, and their employers’ officers and directors disclaim making or giving any warranties, expressed or implied, including with respect to fitness, intended purpose, use or merchantability and/or correctness or accuracy of the content of the information presented in this document.
    [Show full text]
  • Towards Safety Assessment Checklist for Safety-Critical Systems P.V
    Article can be accessed online at http://www.publishingindia.com Towards Safety Assessment Checklist for Safety-critical Systems P.V. Srinivas Acharyulu*, P. S. Ramaiah** Abstract 1. Introduction Safety-critical systems are ever increasing in day to Safety-Critical Systems are those systems whose failure day life such as use from microwave oven to robots could result in loss of life, significant property damage, involving computer systems and software. Safety- or damage to environment (Knight, J.C, 2002). Safety in critical systems must consider safety engineering and broad pertains to the whole system, computer hardware, safety management principles in order to be safe when software, other electronic & electrical components and they are put into use. Safety analysis must be done. stake holders. A safety-critical system is such a system Safety assessment of such systems is difficult but not impossible. They must deal with the hazards analysis which has the potential to cause hazard either directly or in order to reduce or prevent risks to environment, indirectly. The emphasis of this paper is on the element property damage and / or loss of life through risk-free of software for such safety critical systems, which can and failure free or fail-safe operations. The existing be referred to as safety critical software. Some of the methods are found to be limited and inadequate safety critical applications include flight control systems, to address the risks associated and for safety medical diagnostic and treatment devices, weapon assessment. This paper proposes a methodology for systems, nuclear power systems, robots and many. Failure safety assessment of safety critical systems based on free and risk free or fail-safe operations may not lead to identifying significant and non-significant aspects of hazards.
    [Show full text]