Components safety critical

The Scania plant at Falun in Sweden manufaetures bus and truck steering knuckles. These are safety-critical components that are specified as having to be crack-free. For this reason, every component is now inspected using an automatic process that ensures the appropiate inspection is consistently canied out to the required standards of quality. Photos of the system are shown in Fig 1. The principle of operation is as follows. 

Cichocki, T. and J. Gorski, Failure Mode and Effect Analysis for Safety-Critical Systems with Software Components, in Floor Koomneef, Meine van der Meulen (eds.) Computer Safety, Reliability and Security, Proceedings of 19th International Conference SAFECOMP 2000, Rotterdam (The Netherlands), October 24—27, 2000, Springer Lecture Notes in Computer Science 1943, p. 382-394. 

A strong assurance component is typical for safety cases of safety critical systems. 

First, safety critical systems must be reliable. These systems control releases in the event of accidents. It s necessary to have a critical analyzer, instrument and electrical system test program. This should consist of preventive maintenance and alarm and trip device testing for panel alarms, emergency isolation valves and other critical components. [7]... 

Maintenance programs both prevent failures and prolong the useful life of equipment. In the case of safety—critical equipment and components, failure prevention is of primary concern, however prolonging useful life will also reduce failure frequency and thus contribute to overall reliability. 

Decentralized decision making is, of course, required in some time-critical situations. But like all safety-critical decision making, the decentralized decisions must be made in the context of system-level information and from a total systems perspective in order to be effective in reducing accidents. One way to make distributed decision making safe is to decouple the system components in the overall system design, if possible, so that decisions do not have systemwide repercussions. Another common way to deal with the problem is to specify and train standard emergency responses. Operators may be told to sound the evacuation alarm any time an indicator reaches a certain level. In this way, safe procedures are determined at the system level and operators are socialized and trained to provide uniform and appropriate responses to crisis situations. 

Information about the allocation of these design decisions to individual system components and the logic involved is located in level 3, which in turn has links to the implementation of the logic in lower levels. If a change has to be made to a system component (such as a change to a software module), it is possible to trace the function computed by that module upward in the intent specification levels to determine whether the module is safety critical and if (and how) the change might affect system safety. 

Inadequate inventory control policies for safety-critical components and parts... 

The list assumes that all critical and safety components comply with then-individual component safety standards and are acceptable for use in the end equipment. Additional tests may be necessary depending on the complexity of the equipment or components (i.e., specials, lasers, UV/microwave radiation, noise) and the environment where the equipment will be used (residential, industrial, hazardous locations). For test conditions and pass/fail criteria and other tests, refer to the relevant product/machine safety standard(s). 

Safety-critical computer software components Those computer software components (processes, functions, values or computer program state) whose errors (inadvertent or unauthorized occurrence, failure to occur when required, occurrence out of sequence, occurrence in combination with other functions, or erroneous value) can result in a potential hazard, or loss of predictability or control of a system (MIL-STD-882). 

Are drivers adequately trained to inspect safety critical components and determine whether their condition is adequate How When By whom ... 

Reliability, Maintainability, and Quality Control. Inclusion of these organizations in the system safety process, from concept through disposal, will aid in the identification of safety-critical components for reliability analysis. A failure mode(s) and effect(s) analysis (FMEA), as well as other common reliability models, can be used to identify critical and noncritical failure points. The quality assurance element can be extremely usefid in the overall system safety process. Quality engineers should participate in the inspection of safety-critical components, serve on certification boards, audit any corrective-action requirements, and identify any safety impacts associated with implementation of such requirements. 

Any good quality-assurance system should also assess the quality of performance in practice as well as in theory. With no currently available, effective, non-destructive test, critical areas or components may only be assessed for voids (acoustic methods are useful here) and, where possible, proof loaded. Other than this, test coupons or parts need to accompany the components themselves through the assembly process so that appropriate, systematic destructive tests may be carried out. A check-list for safety critical items is given in Table 6.1. 

Checks the safety criticality level of system components and highlights potential safety hazards that may occur because of communication among components with different safety levels. 

Sandom C (2002). Human Factors Considerations for System Safety, in Components of System Safety, Redmill F and Anderson T (Eds.), proceedings of 10th Safety Critical Systems Symposium, 5th-7th February 2002 Southampton, Springer-Verlag, UK, February 2002... 

In our future work, we intend to involve the smdy of ASR intersections and cyclic ASRs in the architectural design decisions. An ASR intersection is a number of common component interfaces among multiple ASRs. A cyclic ASR is a closed sequence of connected components. By considering ASR intersections and cyclic ASRs, we may be able to measure the architectural impacts on the reliability of more complicated software architectures. Another direction of future research will incorporate failure severities in the architectural design decisions. Some systems are critical to specific failure types, while they are less critical to other failures [20]. Therefore, this research will allow new applications in safety-critical systems that distinguish among different failure severities. Further research will allow to estimate the failure severity of a component based on its location and connectivity in an architecture. This will help in identifying the components that are critical to system reliability. 

Abstract. Component-based architectures are widely used in embedded systems. For managing complexity and improving quality separation of concerns is one of the most important principles. For one component, separation of concerns is realized by defining the overall component functionality by separated protocol behaviors. One of the main challenges of applying separation of concerns is the later automatic composition of the separated, maybe interdependent concerns which is not supported by current component-based approaches. Moreover, the complexity of real-time distributed embedded systems requires to consider safety requirements for the composition of the separated concerns. We present an approach which addresses these problems by a well-defined automatic composition of protocol behaviors with respect to interdependent concerns. The composition is performed by taking a proper refinement relation into accoimt so that the analysis results of the separated concerns are preserved which is essential for safety critical systems. 

---