Why sometimes simpler is better in safety engineering.
Archives For Design
I just realised that I’ve used the term ‘design hypothesis’ throughout this blog without a clear definition of what one is. 🙂
So here it is.
A design hypothesis is a prediction that a specific design will result in a specific outcome. A design hypothesis must:
- Identify the designs provenance, e.g the theory, practice or standards from it is derived.
- Provide a concise description of the design.
- State what the design must achieve in a verifiable fashion.
- Clearly identify critical assumptions that support the hypothesis.
Note that the concept of a fault hypothesis can be seen as a particular and constrained form of design hypothesis as, after Powell (1992), a fault hypothesis specifies assumptions about the types of faults, the rate at which components fail and how components may fail for fault tolerant computing purposes.
I give a short example of of a design hypothesis in the Titanic Part I post.
Powell, D., Failure mode assumptions and assumption coverage. In Proc. of the 22nd IEEE Annual International Symposium on Fault-Tolerant Computing (FTCS-22) , p386–395, Boston, USA, 1992.
In June of 2011 the Australian Safety Critical Systems Association (ASCSA) published a short discussion paper on what they believed to be the philosophical principles necessary to successfully guide the development of a safety critical system. The paper identified eight management and eight technical principles, but do these principles do justice to the purported purpose of the paper?