1 / 39

Using IEC 61508 to Guide the Investigation of Computer-Related Incidents and Accidents

Using IEC 61508 to Guide the Investigation of Computer-Related Incidents and Accidents. Chris Johnson University of Glasgow, Scotland. http://www.dcs.gla.ac.uk/~johnson SAFECOMP: 26 th September 2003. Acknowledgements. HSE: Mark Bowell, Ray Ward.

adelaide
Download Presentation

Using IEC 61508 to Guide the Investigation of Computer-Related Incidents and Accidents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using IEC 61508 to Guide the Investigation of Computer-Related Incidents and Accidents Chris Johnson University of Glasgow, Scotland. http://www.dcs.gla.ac.uk/~johnson SAFECOMP: 26th September 2003

  2. Acknowledgements • HSE: Mark Bowell, Ray Ward. • Adelard: George Clelland, Peter Bishop, Sofia Guerra, Robin Bloomfield, Luke Emmett. • Blacksafe Consulting: Bill Black. • Glasgow University: Chris Johnson. Look, I’m not blaming you, I’m just suing you…

  3. HSE Investigatory Process

  4. Not Prosecute HSE Investigatory Process Prosecute

  5. Key Design Objectives • Proportionate effort: • simple technique for ‘simple incident’; • more complex technique if appropriate. • Links to development standard (61508): • help identify processes that ‘failed’; • provide feedback if standard is failing? • Support different potential users: • end-users may know little about architecture; • suppliers are not integrators are not developers…

  6. PARCEL: Programmable Electronic Systems Analysis of Root Causes

  7. PARCEL: Programmable Electronic Systems Analysis of Root Causes As opposed to Leveson’s STAMP…

  8. Key Issues with Flow Chart • Need several passes for multiple causes. • Protocol can increase consistency: • ‘are you sure’, ‘can you justify selection’. • Insufficient information for some areas: • End-users only look at subset of chart; • End-users lack development information.

  9. Decision to Open Valve C Would the incident have been prevented if:

  10. Conclusions - PARCEL • Program. Electronic Systems Analysis of Root Causes • Uses 2 existing techniques (ECF & Flowcharts). • Design objectives: • Proportionate effort; • Links to development standard (61508); • Support user/supplier/integrator/developer… • Being validated for HSE technical report.

  11. Concerns 1:Flow Chart Validation • The flow chart is very simplistic. • Will people be able to use it consistently? • How much must we change for each industry? • Can it really be used by: • developers, vendors, integrators and end-users?

  12. Concerns 2: Human Factors • PARCEL is narrowly based on IEC61508. • IEC61508 is poor on human factors issues. • But HSE and others are addressing this?

  13. Concerns 3: IEC61508? • PARCEL embodies IEC61508: • Can we use it with other standards? • Will it really help spot problems in 61508? • PARCEL embodies flowcharts and ECF: • We could use flowcharts and STAMP? • Must match tool complexity to industry need.

  14. Medical Example • End-user frustrated by device unreliability and manufacturers’ response: SEVERAL UNITS RETURNED FOR REPAIR HAD FAN UPGRADES TO ALLEVIATE TEMP PROBLEMS. HOWEVER, THEY FAILED IN USE AGAIN AND WERE RETURNED FOR REPAIR… AGAIN SALESMAN STATED ITS NOT A THERMAL PROBLEM ITS A PROBLEM WITH X’s Circuit Board. X ENGINEER STATED Device HAS ALWAYS BEEN HOT INSIDE, RUNNING AT 68⁰C AND THEIR product ONLY RATED AT 70⁰C…. ANOTHER TRANSPONDER STARTED TO BURN…SENT FOR REPAIR. SHORTLY AFTER MONITOR BEGAN RESETTING FOR NO REASON…(MDR TEXT KEY: 1370547) • Manufacturers felt reports not safety-related: • “reports relate to end-user frustration regarding product reliability (not safety)”.

  15. Da Vinci, 1st robotic aid approved by the FDA: • New York Presbyterian Hospital uses it on atrial septal defects. • ‘Fly-by-wire’ technology, enhanced 3D ‘virtual’ display of site. • Ave. hospital stay 7-10 days (traditional) now 3 days (N=17).

  16. Questions? http://www.dcs.gla.ac.uk/~johnson Acknowledgements: Mark Bowell (HSE); Bill Black (Blacksafe Consulting); Peter Bishop (Adelard); Luke Emmett (Adelard); George Clelland (Adelard); …

More Related