By Topic

System Safety, 2008 3rd IET International Conference on

Date 20-22 Oct. 2008

Filter Results

Displaying Results 1 - 25 of 55
  • Unmanned Air Systems Some Safety Management Challenges

    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (47411 KB)  

    Unmanned Aircraft technology continues to mature. UAS are already big business for the military and breakout into civil operations is progressively occurring. Some novel Safety Management challenges - "Senses & Avoid", in particular, remains a major challenge (and presents considerable potential opportunities for transfer to manned flight environment?). ?? Light UAS is the biggest growth area for civil operations (they can operate in visual range of the human operator who provides "See & Avoid"). ?? Standards development work is being undertaken in Europe (EASA, Eurocae, JAA) the US (RTCA) and within ICAO ?? Collaborative, well-paced, approach is working and needs the continued active engagement of Safety Management professionals. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Confidence in System Safety

    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (15165 KB)  

    Safety is a property of Sociotechnical Systems not of software - We should set the system boundary where the dependence on assumptions is minimised and most certain ?? We should reduce functionality and use our best designers to make the system as simple as possible ?? We should ?? build safety cases from claims about system properties, not about rates of failures ?? rely on evidence from analysis where possible ?? use rigorous notations and automated analysis ?? We must develop standards that demand strong evidence for feasible claims ?? If an application needs a degree of dependability for which adequate confidence cannot be achieved before deployment, we must say "no" View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Development of an Intelligent System for Railway Risk Analysis

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (6835 KB)  

    This article describes the development of an intelligent system for railway risk analysis using fuzzy reasoning approach (FRA) and fuzzy analytical hierarchy decision making process (Fuzzy-AHP), which is specially designed and developed for the railways. In the system, FRA is employed to estimate the risk level (RL) of each failure event in terms of failure probability (FP) and consequent severity (CS). This allows imprecision or approximate information in risk analysis process. Fuzzy-AHP technique is incorporated into the risk model to use its advantage in determining the relative importance of the risk contributors, i.e. weight factor (WF) so that the risk assessment can be progressed from component level to the subsystem level and finally to system level. This risk assessment system can evaluate both qualitative and quantitative risk data and information associated with a railway system efficiently and effectively, which will provide railway risk analysts, managers and engineers with a method and tool to improve their safety management of railway systems and set safety standards. A case study on rolling stock asset risk analysis is used to illustrate the application of the intelligent system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safety-Critical Shortage

    Page(s): 1 - 4
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2248 KB)  

    Safety-critical software is playing an ever growing role in everyday's life. Whether it is in civil or military airplanes, space systems, over-ground or underground railway systems, nuclear power plants, or air traffic management systems, safety-critical software helps us and protects us. The events at the beginning of the century and the growing level of interconnectedness among these systems are also adding security requirements onto these safety- critical software systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Explosion Protection : Risk Assessment & Hazard Management in Manufacturing

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5718 KB)  

    With increasing pressures from an array of legislation and regulations, manufacturing organisations must today make a proactive effort in the development of health and safety policies and procedures. This paper explores a selection of issues encountered in modern system safety, with particular reference to explosion protection. Since 1974, when the Health and Safety at Work, etc. Act was introduced, employers have been held responsible for the health, safety and welfare of their employees. 1988 saw the introduction of the Control of Substances Hazardous to Health (COSHH) Regulations, and since then there has been a great deal of focus on dangerous substances and explosive atmospheres, giving rise first to the ATEX Regulations in Europe in 1996 and then the DSEAR Regulations in Britain in 2002. This paper gives a brief overview of a selection of current legislation before demonstrating the application of the Dangerous Substances and Explosive Atmospheres Regulations 2002 (DSEAR) in a modern manufacturing facility. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evidence-Based Development - Applying Safety Engineering Techniques to the Progressive Assurance and Certification of Complex Systems

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5487 KB)  

    This paper presents evidence-based development (EbD), an approach to progressive system assurance that is confidence-based and deeply integrated with the development process. EbD draws inspiration from requirements management, risk management, and from the claim-evidence-argument paradigm well known in the safety engineering domain. The ideas are applied not just to safety, but to the broader concept of system fitness-for-purpose. EbD provides an evidential backbone for assurance, recognising that assurance is a progressive activity that begins at the very start of the system lifecycle. Evidence is accumulated where confidence is most lacking, beginning with design verification in the earliest stages of development, through design fulfilment from test results in the later stages. It caters for assurance and certification evidence arising in many different forms from diverse sources and approaches throughout the lifecycle. The paper will also describe the work undertaken under the auspices of a UK DBERR Technology Programme to apply EbD to the certification of systems to RTCA/DO-178B. It will argue that EbD has features that address particular parts of the standard in new ways. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automotive Telematics System for Safe Driving

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2460 KB)  

    To deter dangerous driving, we recently proposed an automotive telematics system, which displays safe driving points and rankings to a driver in real time. In this study, we tried to enhance the effectiveness of the system by adding an individual or team competition. Effect measurements of these functions were carried out on a driving simulator using a between-subjects design under three conditions: original ranking, individual competition, and team competition conditions. The experimental route was three lanes and about 6.7 km long. Safe driving points were calculated by the value of the following time and acceleration. After the experiment, we analyzed the following time, rapid acceleration, sudden deceleration, and the number of lane changes. Moreover, questionnaires were used to analyze impressions of the system. When the results were comprehensively examined, although all the conditions considerably enhanced sufficient following time as well as gradual accelerations and decelerations, the individual competition condition had the largest effect. The scores of the questionnaires showed that the participants seemed to be encouraged most by the driving scores and the competition. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Combining Safety and HCI Arguments to Increase Confidence in Information-Only Systems

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (137 KB)  

    Whilst the argument for equivalent levels of rigour being applied to Safety and Human Computer Interaction (HCI) in defence, is generally well recognised, it is the authors opinion and experience that this is rarely the case and this could be due to the lack of guidance and collaboration between HCI and Safety guidance and communities. This paper will compare the confidence levels defined in Def Stan 00-56, Issue 4 [3] along with the equivalent Safety Integrity Levels (SILs) in IEC 61508 [2] and discuss the need for the consideration of HCI issues within the confidence levels commensurate with the level of safety risk within the defence domain. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Estimating the Accuracy of Opposing Left-Turn Potential Conflict Model Via Programming in MATLAB

    Page(s): 1 - 5
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (1712 KB)  

    According to accident statistics for selected intersections in Tehran, Iran, head-side accident occurring at intersections assign the major part of the reported accidents in compare to the other types of reported accidents. Analyzing the accident reports, indicate that the opposing left-turn accidents conclude the significant part of head-side accidents. Hence, developing a method for analyzing and estimating opposing-left-turn accidents can be used as a surrogate safety measure in evaluating relative safety level of signalized intersections. In this regard, historical crash data have been used widely as a direct measure of safety at intersections and other locations. However, attempts to estimate the relative safety of a highway facility are usually hindered by the unreliability of crash records and the long period to achieve adequate sample sizes, furthermore non-accessible accident database in Iran, emphasis the need for a surrogate safety measure which can be used to overcome these problems. Analyzing the predetermined methods indicate that traffic conflict technique's ability in predicting the number of accidents and potential risk of road network (especially intersections) in one side and also limited field observation time and low costs on the other side, determined this method as an effective surrogate safety method. Consequently, the proposed methodology was determined based on Traffic Conflict Technique concepts and designed to be compatible with HCM2000. By inspiration of Dr Lin Zhang and Panos D. Prevedouros predetermined model of estimating opposing left-turn conflicts probability [2], model improvement and model verification for 15 selected intersections in Tehran is performed. Besides, in order to simplify the calculation process of opposing left-turn conflict probability, programming in MATLAB is used. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design of Systematic Safety Program Based on Work-Group

    Page(s): 1 - 5
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5766 KB)  

    Safety management is a huge and complicated system engineering which is related to 4M elements of man, machine, media and management. The approach of management includes 3E of engineering, education and enforcement. The Procedure of the system is composed of hazard identification, risk evaluation, hazard control and emergency management which itself includes prevention, preparation, response and recover. When we face the complicated system, what we should do to harmonized all of them draw us to think and study. The goal of company's work safety depends on its policy and strategy, and the executing of them will be fulfilled from top to down of the company's structure, at last stop at the work-group level. Work-group management is the basement of company management. Just like family is the cell of the social, and the work-group is the cell of the company. This paper design a system safety program based on cell theory at work-group level. Work-group cell is composed of human behavior, work-site job and safety climate. And every element is affected by different indicators and only every element is strong enough can the whole cell is strong enough. This paper has analysis every indicator of work-group's composition. At last, through case study of coalmine, it shows the work-group system safety grogram can improve its safety performance at 6 different aspects. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Investigating the Use of Argument Modularity to Optimise Through-Life System Safety Assurance

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5218 KB)  

    Safety cases are now regularly used to communicate the argument about the achievement of acceptable levels of safety for safety critical systems. Increasingly, safety standards such as Defence Standard 00-56 require the scope of the safety case to cover not only the development of the system, but also operating and maintenance through life, including decommissioning. This involves two dimensions of safety case management: safety case development and safety case maintenance. The development of modular safety cases is considered to address to some extent a number of challenges during development and maintenance. In modular safety cases, the safety case argument and evidence are organised into separate but interrelated and cross-referenced modules. However, the adoption of modular safety case development approach is not a panacea. Alongside the advantages listed, modular safety cases can bring a number of new challenges that need to be taken into account. This paper discusses some of these difficulties, together with suggested mitigation strategies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Design Process for Constructing a User Interface Pattern Library for Touch-based Applications in Safety-Critical Environments

    Page(s): 1 - 3
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5250 KB)  

    This poster shows the stages of development of a user interface pattern library for touch-input devices for safety-critical environments. The process emerged from several projects, one in air traffic control and three in railway operations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing and Maintaining Competence - Experiences from the Rail Industry

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (4581 KB)  

    Competence plays a very important role in controlling risks - especially in degraded and emergency situations where it is often the actions of people which are critical in returning the system to a 'normal' state. This paper draws on experiences in the UK rail industry where organisations have been required to have formal 'competence management systems' for safety critical work for many years. Rail industry organizations are required to develop, maintain and assess the competence of individuals on an ongoing basis - training and once-off assessment is no longer an acceptable means of inferring competence. We explore some of the issues that the rail industry has faced when developing systems for managing competence, with particular reference to degraded and emergency situations, and which may be equally relevant to other hazardous industries. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving Safety by Enhancing Technical Competence Management

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (1029 KB)  

    This article presents the skyguide technical competence management model as an answer to the requirements the Swiss ANSP shall satisfied. This model is the basis for the ATSEP certification as required in ESARR5 and based on a key concept called Required Knowledge and Skills (RKS). This concept represents the ATSEP competence, and is supported by a BQR training model. This paper ends with a brief overview of the skyguide ATSEP certification path. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Data from Simulation Training in Modelling Emergency Response Outcome

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2591 KB)  

    Simulations fulfilling the UKOOA requirements to train and validate competence in emergency management for the offshore industry may provide organisations with valuable information. This paper describes a methodology to plan simulations for data capture. Following this, the task performance resource constraint model is used to integrate the information provided by simulation and other research studies. Then the human response data within the simulation can be categorised for further use. This paper presents the scope of human response data that can be obtained and the means of categorising them. This is based on cumulative results from 5 offshore scenarios and 9 onshore scenarios. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Incompetence of Competency Assurance

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2770 KB)  

    The competence of people operating, maintaining and managing safety-related and safety-critical systems is a key factor in their safe operation. Assuring that appropriate, effective and robust processes for competence and performance assessment are in place has been an ongoing cause of concern for operators and regulators, alike. Traditional approaches are unable to capture and assess the impact of less overt human factors that influence an individual's day to day fitness for duty. We review what may be considered a fundamental problem in traditional approaches in so far as they fail to address wider issues most notably the assurance of effective safety leadership and specifically the competencies and capabilities of the leaders themselves. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Environment for Testing Safety-Critical Protocols

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (3168 KB)  

    This paper presents an environment for fault injection based testing of protocols that implement fault tolerance and redundancy management in safety-critical distributed realtime systems. Building confidence in the correctness of distributed protocols is an intrinsically difficult problem that requires the use of complementary testing and verification techniques. To this end, we propose a verification approach that involves three steps: i) initial testing in a software simulator, ii) formal verification by model checking and iii) final testing in a hardware prototype. Here, we describe an integrated test environment intended for the first and third steps in the verification process. It allows a tester to expose a protocol to various failure scenarios in both a software simulator and a hardware prototype system. Common data formats for definition of failure scenarios and for storing test results makes it possible to run identical tests in the simulator and the hardware prototype and simplifies comparison of test results. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Circuit Fault & Failure Description Language

    Page(s): 1 - 5
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (1685 KB)  

    In this paper, we aim at formalising an experimental fault and failure description language in order to design a safety verification process for circuits. We would like to extend methods and techniques which check that circuits are design fault free, e.g. they correctly behave in normal mode, in such a way that circuits could be statically verified as well when unexpected failures arise, e.g. in degraded mode. We then model a formal fault and failure description language that suits a tiny language able to design structural configuration of circuits. As we borrow Gordon and Melham's "circuits as predicates" paradigm to perform circuit design verification, we shall define fault and failure semantics in terms of "predicates transformers". We choose to take advantage of higher order logic features to realise this goal. Then we are able to build a verification process for safety properties that express the conditions from which circuit behaviour can be proved stable when faults and failures arise. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Pace Towards Protocol-Independent Safety Requirements for Serial Buses in the Automotive Environment

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (111 KB)  

    This paper highlights the application of protocol-independent safety requirements in the functional safety assessment process of automotive bus systems such as CAN and FlexRay. Issues regarding a targeted alignment with IEC 61508 and related standards are identified. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Model Based Requirements Elicitation

    Page(s): 1 - 5
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5374 KB)  

    Despite the advances in high integrity software development there remains the problem of adequately specifying the requirements for a safety related system. This is compounded in bespoke applications. This paper describes a behavioural model based process for eliciting a requirement set covering normal and abnormal behaviour that is deterministic and verifiable. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing and Sustaining Human Reliability Programmes of Work- a Managers' Guide

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5001 KB)  

    Over the past few years, human reliability has had considerable experience of applying qualitative risk assessment techniques in a range of organisations. Our observation is that, once the commitment has been made to undertake this type of work, its ultimate success depends, to a large degree, on how certain organisational issues are managed. Drawing on our practical experience, this paper is designed to provide some insights into these issues for organisations taking their first steps in this field. To this end, a case study is used to demonstrate one type of qualitative human reliability risk assessment and illustrate potential pitfalls. Guidance is provided regarding the planning, resources and timescale issues that need to be managed in order to successfully complete such analyses. The paper ends with some conclusions about the impact of this task- based process on wider human factors issues within process organisations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Operator or the Automation: In Whom Should We Place Ultimate Trust?

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (1565 KB)  

    This paper investigates the conflict between two competing safety philosophies. According to one philosophy, dangerous system states should be explicitly prevented through system design. According to the alternate philosophy, human operators should be the final arbiters of safety. These principles come into conflict in situations where any attempt to prevent the system entering an unsafe state may limit the freedom of the operator to recover from a dangerous situation not envisaged by the system designers. We argue that conventional hazard analysis and mitigation techniques have limited power to resolve this dilemma. We present a framework for making decisions about where final authority in a system should lie, and explore the implications of this framework. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Role of Human Factors in Planning for Nuclear Power Plant Decommissioning

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (1658 KB)  

    As increasing numbers of nuclear power plants (NPPs) worldwide reach the end of their useful life, careful and systematic planning for decommissioning has become increasingly important. Reports on previous experience of decommissioning tend to focus on the technical issues rather than the human factors that are fundamental to, and can significantly affect, the success of the decommissioning process. This paper describes those human factors that have a more significant impact on decommissioning, illustrates how they can affect decommissioning, and makes practical recommendations for management of these factors. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Characteristics of Human Behaviour in Safety-Critical Systems by the Example Of European Railway Control Centres

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (1940 KB)  

    This paper attempts to explain behavioural patterns of signallers, emergency controllers, and other users in railway control centres by analysing observational record. By applying inductive reasoning it describes work patterns that have emerged in railway control centres in order to deal with high volumes of traffic and critical situations. Factors that affect human performance when interacting with software systems have been given special attention. This study was carried out with operators at railway control centres in Austria, the United Kingdom, and Switzerland. This work will be of interest for managers in railway organisations, as well as for companies supplying technical equipment for train control centres. Furthermore, human factors researchers and practitioners will find insights for the implementation of the findings in user-centred design in the field of safety-critical applications. Due to the research focus on railway operations the results may not be transferrable to all areas, in which safety-critical operations take place. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Development of an Electronic Safety Case for a Military Communication, Command and Control System

    Page(s): 1 - 6
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (3914 KB)  

    The modern infantry soldier is expected to operate across a wide spectrum of operational scenarios from war fighting to humanitarian aid. Deployments can be National, International Single/Joint Services or as part of a coalition with other international services. Key to success in any military operation is the ability for personnel at the combat level to manage and control their environment and to directly influence their situation. This needs to be done in real-time, through decisive actions base on sound and safe situational awareness information. An integrated digital soldier system has recently been designed and developed, which allows combat units to monitor and react to the 'chaos of battle'. This digital mapping, navigation and communication capability has a recognised relationship to the safe operation of combat capability and as such requires an explicit safety argument with associated evidence to demonstrate that residual risk is as low as reasonably practicable. This paper presents the real example of how the risk evaluation and preliminary safety case development was actually done for this new equipment. It was an expression of wish that the safety case would be in electronic format using graphical notations. In this way, the case for safety could be demonstrated remotely and used as programme submission evidence as part of key gateways early in the military procurement cycle. This paper will present the key stages that the programme team went through in developing the preliminary safety case, from hazard identification through to graphical argument construction and on to publication. During this relatively short project it has also been possible to record the resource effort used through this component of the programme, so this is also presented as rich evidence for future programmes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.