Abstract :
Many system specifications today specify that the design shall be fail-safe or that two or more failures or errors shall be required to cause a serious accident As a part of the compliance, the safety-reliability engineer performs hazard and failure mode analyses which give rise to questions concerning failure mode credibility and s-independence, failure modes in computer and abort systems, and the type and adequacy of techniques to satisfy the requirements. The real world of competition and schedules and rapidly developing and changing designs preclude elaborate statistical studies of each of the large numbers of hazards, failure modes, and related factors which collectively determine the accident rate. Instead, rationally based, free flowing, analytic techniques with built-in conservatism must be used if the system design is to be affected, and if the available time and effort is to be concentrated in areas of maximum payoff. This paper discusses these questions in this context and provides a practical rationale for the value judgments the safety/reliability engineer must make to perform his analysis.
