Safety computer systems relational

The development of computer capabiUties in hardware and software, related instmmentation and control, and telecommunication technology represent an opportunity for improvement in safety (see COMPUTER TECHNOLOGY). Plant operators can be provided with a variety of user-friendly diagnostic aids to assist in plant operations and incipient failure detection. Communications can be more rapid and dependable. The safety control systems can be made even more rehable and maintenance-free. Moreover, passive safety features to provide emergency cooling for both the reactor system and the containment building are being developed. 

The computerized systems, both hardware and software, that form part of the GLP study should comply with the requirements of the principles of GLP. This relates to the development, validation, operation and maintenance of the system. Validation means that tests have been carried out to demonstrate that the system is fit for its intended purpose. Like any other validation, this will be the use of objective evidence to confirm that the pre-set requirements for the system have been met. There will be a number of different types of computer system, ranging from personal computers and programmable analytical instruments to a laboratory information management system (LIMS). The extent of validation depends on the impact the system has on product quality, safety and record integrity. A risk-based approach can be used to assess the extent of validation required, focusing effort on critical areas. A computerized analytical system in a QC laboratory requires full validation (equipment qualification) with clear boundaries set on its range of operation because this has a high... 

The distributed control system (DCS) hardware areas are often referred to as "process computer rooms." I/O Rooms contain the incoming and outgoing wiring, cables and data highway links, and often small transformers and other related electrical equipment. Often, additional space is needed for a master process engineering computer terminal/work station for process control system changes and for critical safety instrumented systems (SIS) for interlocks and emergency shutdowns. 

The decommissioning procedure must address both operational and safety aspects of the computer system application and establish integrity and accuracy of system data until use of the system and/or process is terminated. For quality-related critical instrumentation, proof of calibration prior to disconnection is needed. 

Operational checks are normally presenting process control computer systems. These systems may contain code that is part of the master production record. At the system level, the purpose of operational checks is to execute algorithms, sequencing of operations, and safety-related functions as required in the applicable customer specification. Inspections and testing are fundamental processes to be performed during the validation of critical system sequences. In addition, an ongoing program must be established to frequently verify that critical operations occur in the proper sequence. 

With increasingly networked, distributed computer systems the risk of deliberate malicious interactions, using software-based tools, became a serious threat. Many-fold related issues like data protection, privacy, integrity, authenticity, and denial of service attacks, viruses, worms etc. lead to a separate community to be established, which is nowadays in the main focus of the public as was safety some time ago (and still is—but only after catastrophic events). This community developed separate standards, methods, taxonomy and ways of thinking. 

Unfortunately, the gap has not been spanned by these approaches. As far as I know, only JRC Ispra has once financed a project of EWICS TC7 (European Workshop on Industrial Computer Systems, TC7, Safety, Reliability and Security, an expert group in this area), on Study of the Applicability of ISO/IEC 17799 and the German Baseline Protection Manual to the needs of safety critical systems (March 2003)(www.ewics.org) (3), where the gaps between the security standards and the safety-related system evaluation requirements have been analyzed for several sectors (medical, railways, nuclear, electric power networks) and in general. 

IS015189 Medical Laboratories—-Particular Requirements for Quality and Competence is a universal standard for quahty management in medical laboratories that specifies requirements in general terms applicable to all medical laboratory fields, The standard is intended to form the basis for accreditation of medical laboratories. In addition to general laboratory conditions in relation to quality control, the standard focuses on medical competence, interpretation of test results, selection of tests, reference intervals, ethical aspects, and safety. An annex concerns quality management of laboratory computer systems. 

ABSTRACT The draft document of the NATO allied ordnance publication (AOP) 52 gives guidance on software safety design and assessment of ammunition-related computing systems. The content of the draft is reviewed and compared with the lEC 61508 standard for functional safety of electrical/electronic/programmable electronic (E/E/PE) systems. We discuss the overall development model, the safety-lifecycle model and proposed techniques and measures. We also investigate whether the functional safety concept of lEC 61508 is incorporated in the document. 

NATO. 2007. Guidance on Software Safety Design and Assessment of Munition-Related Computing Systems. 

The Polish Standard PN lEC/ISO-TR 13335-1 (Polish Standard 1999) defines the term IT security as all activities related to confidentiality, integrity, reh-ability, availability, etc of a computer system. The term safety of a computer system is defined as the lack of negative impacts on surrounding environment computer operating system. 

Rae, A. (2007) Helping the Operator in the Loop Practical Human Machine Interface Principles for Safe Computer Controlled Systems, SCS 07 Proceedings of the twelfth Australian workshop on Safety critical systems and software and safety-related programmable systems—Volume 86 Pages 61-70. Australian Computer Society, Inc. Darhnghurst, Australia. 

Software hazard analysis (SWHA) is a system safety analytical technique whose primary function is to systematically evaluate any potential faults in operating system and applications software requirements, codes, and programs as they may affect overall system operation. The purpose of the SWHA is to ensure that safety specifications and related operational requirements are accurately and consistently translated into computer software programs. In this regard, the analysis will verify that specific operational safety criteria, such as failsafe or fail-passive, have been properly assimilated into operational software. The SWHA will also identify and analyze those computer software programs, routines, or functions that may have direct control over or indirect influence on the safe operation of a given system. Also, in the operation of the computer software command function, there is a potential that the actual coded software may cause identified hazardous conditions to occur or inhibit a desired function, thereby creating additional hazard potential. 

In the early days of criticality safety computations, when a two-group diffusion theory calculation in cylindrical or spherical coordinates 1 desk calculator was a tedious and somewhat formidable task and when cross-section data were more sparse, the selection of cross sections was perhaps a sinqiler task. The fbur-fitctor formula was widely used for moderated systems. A factor was used to indicate the deviation from 1/v behavior of an absorption cross section at thermal energy. - Thermal and epithermal cross sections were related to the Integral parameters, diffusion area, and neutron age. 

Safety analysis uses logic structure representative of possible incidents. Such work methods as fault tree, incident analysis, and decision table are suitable for this purpose. Computation rules for determination of expected frequency of incidents must be formulated accordingly. In a broad sense all mathematical simulation methods which are suited for determination of stress states in technical installations and their parts become aids in safety analysis. These will be described in partial detail later. Here characteristic work methods which are of direct significance with respect to system-related and prognostic consideration of safety analysis will be discussed first,... 

H. Bezecnyl, D. Inverso, V. Maggioli, G. Rabe, A. Weinert, Guidelines for the use of programmable logic controllers in safety-related systems, in European Workshop on Industrial Computer Systems Technical Committee 7 (Safety, Reliability and Security) Working Paper 6009 Version 13, October 1997. 

This Safety Guide does not discuss the aspects of the assessment that relate to other equipment it focuses on the computer system and particularly on the software that runs on the computer. 

Since simplicity facilitates the achievement of reliability, it should be considered whether to encapsulate the functions and components that are related to safety and to isolate them from the other systems. This can be done by removing the nonsafety functions and components from the computer system, by use of a distributed computer system or through the use of appropriate firewalls within a centralized computer system. 

Some security needs for the computer system will be translated into requirements on the software (such as validity checks on inputs, stored data or even the program itseU). Security needs may also indicate that some information manipulated by the software, such as safety related set points, should have privileged access only. 

Individual institutions represent the interests of engineers practising in their field and are frequently consulted by Government as a source of expert and impartial advice. The BCS, for example, is consulted on such issues as safety critical systems, the legal protection of software, data protection, and the law relating to misuse of computers. 

For further discussion of certification and licensing in relation to safety-critical systems see, e.g. D.Rowland Regulatory issues in Safety aspects of computer control, P.Bennett (ed.) (Butterworth-Heinemann, 1993). 

When a computer system is used in a safety-related application then this must be borne in mind at all stages in the software life cycle, i.e. specification, design, testing etc. and it is the particular influence of safety requirements on each of these stages which we shall be studying in this section. All systems consist of both hardware and software and factors relating to both... 

Martyn Thomas, an acknowledged authority on safety related computer systems, quoted in New Scientist suggested the possibility that the London Ambulance system was never identified as being safety-critical E.Geake, Did ambulance chiefs Specify Safety Software , New Scientist,... 

There are a number of specialized texts which consider in more detail some of the topics raised in this chapter. P.Bennett (ed.). Safety Aspects of Computer Control (Butterworth-Heinemann, 1993), discusses a number of general issues involved in the development of safety-related computer systems, including le liability and regulatoiy issues. Redmill Anderson (eds). Directions in Safety-Critical Systems (Springer-Verlag 1993), is the 1993 proceedings of the Safety Critical Symposium and contains a collection of papers on more specific aspects of the subject. 

N.G.Leveson, Safeware system safety and computers (Addison-Wesley, 1995) considers both general risk and safety issues before considering the subject in the particular context of safety-related computer systems. The book concludes with case studies of some of the more high profile systems failures. P.G Neumaim, Computer related risks (ACM Press, 1995) details a large number of anecdotal accounts involving software and network failures before moving on to a consideration of the implications of these for the software industry and society in general. 

Safety Related Computers, European Workshop on Industrial Computer Systems, Verlag TUV Rheinland, K5ln, 1985... 

Harmony Is achieved at a personal level by the International collaboration of experts attending EWICS TC7 meetings. At and between Industrial users of safety related computer systems, harmony arises through the EWICS members participating In the creation of guidelines and then applying them In their workplace. 

This guideline will address the operational phase of the computer system life cycle (18). It will thus concentrate on how to keep the system safe and reliable whilst it is subject to varying stresses due to its working environment, operational procedures and practise, maintenance and enhancement, and changing requirements. A safety related computer system will require careful monitoring until it is retired from service. The... 

Guideline for Verification and Validation of Safety Related Software. European Workshop on Industrial Computer Systems. Computers and Standards, Vol. 4, No. 1, 1985. North Holland. (Position Paper No. 3). 

---