Introduction

Question 1

Define critical system:

Answer 1

A critical system is a computer, electronic or electromechanical system, the failure of which may have serious consequences.

Question 2

What are some consequences of a failure of a critical system?

Answer 2

• substantial financial losses
• substantial environmental damage
• injuries or death of human beings

Question 3

What are the three types of critical systems?

Answer 3

• Safety-critical systems
• Mission-critical systems
• Business-critical systems

Question 4

What are safety-critical systems?

Answer 4

Systems where failure may cause injury or death to human beings or substantial environmental harm

Question 5

What are mission-critical systems?

Answer 5

Systems where failure may result in the failure of some goal-directed activity

Question 6

What are business-critical systems?

Answer 6

Systems where failure may result in the failure of the business using that system

Question 7

What are some examples of Safety-Critical sytems?

Answer 7

• Medical Devices
• Aerospace
• Chemical industry
• Nuclear power stations
• Traffic control
• Military equipment

Question 8

What are examples of mission-critical systems?

Answer 8

• Navigation systems

Question 9

What are examples of business-critical systems?

Answer 9

• Customer account system in a bank
• Online shopping cart
• Areas where secrecy is required
• Areas where personal data are administered.

Question 10

What types of safety critical software are there?

Answer 10

Primary and secondary safety-critical software

Question 11

What is primary safety-critical software?

Answer 11

Software embedded as a controller in a system. Malfunction causes hardware malfunction, which results directly in human injury or environmental damage.

Question 12

What is safety-critical software?

Answer 12

Software indirectly results in injury. E.g. software tools used for developing safety critical systems. Malfunction might cause bugs in critical systems using that tool

Question 13

What are Preliminary events?

Answer 13

Events which influence the initiating event, without them the accident cannot advance to the next step

Question 14

What is the initiating event, trigger event?

Answer 14

Mechanism that causes the accident to occur.

Question 15

What are intermediate events?

Answer 15

Events that may propagate or ameliorate the accident/event.

Question 16

What are Ameliorating events?

Answer 16

Ameliorating events can prevent the accident or reduce its impact.

Question 17

What are propagating events?

Answer 17

Propagating events can cause an accident or increase its impact.

Question 18

What should you avoid when designing a critical system?

Answer 18

Avoid triggering events by adding safeguards.

Question 19

What are safeguards?

Answer 19

A method to prevent a triggering event from causing an accident or reducing its impact.

Question 20

What is the three level model to identify the reason behind accidents?

Answer 20

Level 1: Mechanisms, Chain of events
Level 2: Conditions
Level 3: Condition and constraints

Question 21

Define root causes:

Answer 21

Root causes are weaknesses in general classes of accidents, which contributed to the current accident but might affect future accidents, underlying issues.

Question 22

What model do we use to identify the real reason behind accidents?

Answer 22

Three-level model

Question 23

What is Level 1 in the three-level model?

Answer 23

Mechanisms, chain of events leading to an accident

Question 24

What is Level 2 in the three-level model?

Answer 24

The conditions that allowed the events on level 1 to occur

Question 25

What is Level 3 in the three-level model?

Answer 25

The conditions and constraints that allowed the conditions on the second level to cause the events at the first level

Question 26

What happens in the root cause is not fixed?

Answer 26

Almost inevitably an accident will happen again

Question 27

What are some examples of Level 3 constraints and conditions?

Answer 27

- Cost-cutting - Flaws in software - Poor human-computer interface - Overconfidence in ICT - Flaws in management practises

Question 28

What is the most common conclusion for an accident investigation?

Answer 28

Human error

Question 29

What precedes accidents?

Answer 29

Incidents precedes accidents. If we don't learn from incidents eventually accidents will happen

Question 30

What are the different levels of rigour?

Answer 30

1) application of formal methods by hand, without machine assistance 2) Use of formalised specification languages with some mechanised support tools 3) Use of fully formal specification languages with machine assisted or fully automated theorem proving

Question 31

What are some examples of system aspects for safety critical systems (software engineering aspect)?

Answer 31

- Software - Hardware - Environment - Human-computer interaction - Protocols - Training - Cultural habits - Methods for identifying hazards - Standards - Documentation - Validation and verification - Ethical and legal aspects

Question 32

What is the system aspect of safety critical systems?

Answer 32

The collective elements and interaction with a system that contribute to its safety or protentional risk

Question 33

What are tools for writing correct software (formal methods) used for?

Answer 33

Used to idealise a system and ignore aspects like hardware failures

Question 34

What are system aspects of a critical safety system?

Answer 34

Elements or interactions that can cause a system to fail.