Development of Safety Critical
Systems
Public course
Next offering: none currently scheduled – contact Dr Graeme Smith if you’re
interested
Background:
The Software
Verification Research Centre’s popular Development of Safety Critical
Systems course serves as the basis for the Systems Safety Engineering
course (ENGG7020), now offered by the
Note: In order to gain credit towards a Masters of Engineering degree, it
is necessary to enrol in ENGG7020 and successfully
complete the assessment requirements. There are also options for enrolling in
the Graduate
Certificate in Engineering for people without a first degree. Enrolling
in the course as a UQ student is the best way of ensuring you get a place on
the course.
Timetable:
The following table gives details of the most recent
public offering of the course, 13-16 July 2010:
|
|
Session 1 |
Session 2 |
Session 3 |
Session 4 |
|
Day 1 |
Concepts & terminology |
Hazard identification |
Risk analysis |
Risk reduction & Safety Integrity Levels |
|
Day 2 |
System hazard analysis |
Quantitative analysis |
Design for safety |
|
|
Day 3 |
Design case studies |
Software |
Case studies |
Human factors |
|
Day 4 |
Guest lecture by Dr Luke Wildman |
Management & safety cases |
Summary & conclusions |
Mini exam |
Presenters:
Prof Peter Lindsay, Boeing Professor of
Systems Engineering, UQ
Dr Mark Bofinger, Savive Pty Ltd
Purpose
Safety is a
whole life cycle issue that relates to all aspects of the system. Hardware,
software, operating procedures, planning, development, testing, maintenance,
installation, commissioning, decommissioning, disposal and other aspects are
considered in a safety program.
For most
safety-critical systems, it is insufficient to simply develop a safe system;
the system must be shown to be acceptably safe. The acceptance of a safety case
forms an important part of such a product. Early identification of safety
issues and assessment of the safety-criticality of a system are valuable in
preventing costly mitigations and rework being used to produce an acceptably
safe product. A number of disasters have shown that for many organisations, the entire process of analysing,
specifying, developing and deploying safety-critical systems needs improvement.
The lecture component
of this course explains the principles and practice of safety management and
engineering and the unique challenges of computer-based systems. The content
blends discussion of management and development issues with practical
experience in safety analysis techniques. Topics covered include: hazard
identification and risk analysis, safe system design, safety analysis
techniques, safe software engineering, system hazard analysis, safety cases,
safety management and human factors, and formal methods for system
specification. Techniques covered include: Hazard and Operability Studies
(HAZOP) and Computer Hazard and Operability Studies (CHAZOP), Fault Tree
Analysis (FTA), Event Tree Analysis (ETA), Failure Modes and Effects Analysis
(FMEA) and Failure Modes Effects and Criticality Analysis (FMECA), and Goal
Structured Notation (GSN).
Session outlines
Concepts and terminology
· Safety, hazards and risks
· Example:
· System effects
· Reliability vs safety
· Safety lifecycle
· Safety Cases
Hazard identification
· Preliminary Hazard Identification
· Hazard and Risk Analysis process
· Preliminary Hazard Identification
· Functional hazard identification techniques
- Functional
Failure Analysis
- Hazard
and Operability Studies (HAZOP)
- Computer
HAZOP (CHAZOP)
· Hazard Log
Risk analysis
· Risk analysis process
· Acceptability of risks
o ALARP and
classification of risks
· Severity analysis
· Frequency analysis
· Accident sequences
· Event Tree Analysis
· Setting risk targets
· Safety requirements
Risk reduction & Safety
Integrity Levels
· Risk reduction procedures
o Hazard
Elimination
o Nature and
treatment of failures
o Hazard
Reduction
o Hazard
Control
o Damage
Limitation
· Safety Integrity Levels
· Coping with COTS
System hazard analysis
· System hazard analysis process
· Failure Modes and Effects Analysis (FMEA)
· Fault Tree Analysis (FTA)
· Cause Consequence Analysis (CCA)
· Common cause analysis
Quantitative analysis
· Reliability, Availability, Maintainability, Safety
(RAMS)
· Reliability block diagrams
· Quantitative FTA
Design for safety
· Architectural principles for safety
· Redundancy vs diversity
· Fault tolerance vs failsafe
· Error detection and recovery
· Interlocks
· Modelling and analysis
· Design case study
Human factors
· The role of
humans in safety-critical systems
· Human Reliability Analysis
o task
analysis
o human error
identification
o Reason's
model of human error
o human
reliability quantification
o mitigating
human error
· Safe user interface design
Software
· Nature of software, the software process, software
failure modes
· Qualitative software integrity
· Software safety requirements analysis
· Software specification
· Software design
· Software coding
· Reviews and analyses
· Software Fault Tree Analysis
· Testing
· Independent assessment
Guest lecture by Dr Luke
Wildman, Control Centres RAMS Team Lead, Invensys
Rail
· Guidance for Def(Aust) 5679 Issue 2
· RAMS process in Invensys
· Software issues: partitioning, COTS, evolution, ...
· Comparison of 5679 vs CENELEC philosophies regarding failure rates, hazard logs
Management and safety cases
· Safety Culture
· Safety Management Systems
· Safety Organisations
· Functional Safety Assessment / Evaluation
· Safety Planning
· Safety Cases
o high level
reasoning and supporting evidence
o consistency
and completeness
o maintenance
o tool support
· Other essential
ingredients
Case studies
· This session
will cover various accident case studies, including presentation of the
technical nature of the events leading up to and following the incident. This
session is designed to be discussion based, with an emphasis on covering issues
that have been raised during other sessions.
Summary and conclusions
· Course aims revisited
· Software system safety lifecycle revisited
· Key concepts
o hazard
analysis
o risk and
integrity assessment
o assurance of
hardware, software, humans
o safety cases
Course Goals/Learning Objectives
This course will introduce students to Systems Safety
Engineering (SSE). It is expected that upon
successful completion of the course, students will:
·
understand basic system
safety principles and the purpose and structure of safety cases and hazard logs
·
be familiar with the
role & responsibilities of Safety Engineers
·
know how to apply key
SSE practices including hazard analysis, risk assessment, FMEA, ETA, FTA &
HAZOP
·
be familiar with key
industry system safety standards
Assumed Background
It is recommended that participants have taken ENGG7000 (Systems Engineering)
or have had other experience of systems thinking, systems development and the
system lifecycle. Familiarity with software engineering principles is desirable
but not essential.
Venue:
The
Cost & registration:
$3300 incl GST, Nancy Leveson's
book “Safeware: System Safety & Computers”,
course notes, lunch & refreshments
For further information:
contact
Dr Graeme Smith
Phone: (+61 7) 3365 1625
Email: smith@itee.uq.edu.au