A safety- or life-critical system is a system whose failure or malfunction may result in one (or more) of the following outcomes:
- death or serious injury to people
- loss or severe damage to equipment/property
- environmental harm
Quoted from Wikipedia/Safety-critical system
Safety means:
- protected from harm or other danger
- in control of recognized or accepted dangers or hazards
- achieve an acceptable level of risk
Quoted from Wikipedia/Safety
Capability of a product under defined conditions to avoid a state in which human life, health, property, or the environment is endangered.
Typical Acceptance Criteria
Scenario Response Measures from [Bass et al.]
- Amount or percentage of unsafe states that are avoided
- Amount or percentage of unsafe states from which the system can (automatically) recover
- Change in risk exposure: size(loss) * prob(loss)
- Percentage of times the system can recover
- Amount of time the system is in a degraded or safe mode
- Amount or percentage of time the system is shut down
- Elapsed time to enter and recover (from manual operation, from a safe or degraded mode)
What Stakeholders mean by safe
| Stakeholder | (potential) Expectation for safe |
|---|---|
| User | * using the system will never cause any risk to my health * it is not possible to injure myself accidentally by using the system |
| Management | * minimal risk of any liability lawsuit * no person will ever get hurt when using or maintaining our system * the system poses no risk or danger to any humans’ health * the system poses no risk to the environment |
| Developer | development processes comply with appropriate safety standards and regulations, e.g. SPICE |
| Tester | - |
| Admin | - |
| Domain-Expert | the system and its implementation comply with all required safety standards, like ISO-26262 |
| Others | Safety auditors, government agencies requiring compliance with safety standards, law |