曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
7 The actual analysis techniques used to identify hazards, their causes and effects, hazard elimination, or risk reduction
requirements and how they should be met should be addressed in the applicant’s System Safety Program Plan. The System
Safety Society’s System Safety Handbook identifies additional system safety analysis techniques that can be used.
8 Reference E
FAA System Safety Handbook, Chapter 13: Launch Safety
December 30, 2000
13 -
24
MIL-STD 882C RTCA-DO-178B
(I) Software exercises autonomous
control over potentially hazardous
hardware systems, subsystems or
components without the possibility of
intervention to preclude the occurrence of
a hazard. Failure of the software or a
failure to prevent an event leads directly to
a hazard’s occurrence.
II(a) Software exercises control over
potentially hazardous hardware systems,
subsystems, or components allowing time
for intervention by independent safety
systems to mitigate the hazard. However,
these systems by themselves are not
considered adequate.
II(b) Software item displays
information requiring immediate operator
action to mitigate a hazard. Software
failure will allow or fail to prevent the
hazard’s occurrence.
III(a) Software items issues commands
over potentially hazardous hardware
systems, subsystem, or components
requiring human action to complete the
control function. There are several,
redundant, independent safety measures
for each hazardous event.
III(b) Software generates information of
a safety critical nature used to make safety
critical decisions. There are several,
redundant, independent safety measures
for each hazardous event.
(IV) Software does not control safety
critical hardware systems, subsystems, or
components and does not provide safety
critical information.
(A) Software whose anomalous
behavior, as shown by the system safety
assessment process, would cause or
contribute to a failure of system
function resulting in a catastrophic
failure condition for the vehicle.
(B) Software whose anomalous
behavior, as shown by the system safety
assessment process, would cause or
contribute to a failure of system
function resulting in a hazardous/severe
major failure condition of the vehicle.
(C) Software whose anomalous
behavior, as shown by the system safety
assessment process, would cause or
contribute to a failure of system
function resulting in a major failure
condition for the vehicle.
(D) Software whose anomalous
behavior, as shown by the system safety
assessment process, would cause or
contribute to a failure of system
function resulting in a minor failure
condition for the aircraft.
(E) Software whose anomalous
behavior, as shown by the system safety
assessment process, would cause or
contribute to a failure of function with
no effect on vehicle operational
capability or pilot workload. Once
software has been confirmed as level E
by the certification authority, no further
guidelines of this document apply.
FAA System Safety Handbook, Chapter 13: Launch Safety
December 30, 2000
13 -
25
Figure 13-3: Software Hazard Criticality Matrix*
(I) S/W without possibility
of intervention– leads
directly to hazard
occurrence
(IIa) S/W with time for
intervention– can not
stand alone
(IIb) S/W displays
information but requires
operator to mitigate
hazard - allow or fail to
prevent hazard
occurrence.
(IIIa) S/W issues
commands requiring
human action to complete
control function– several
redundant, independent
measures for each event.
(IIIb) S/W generate
information of a safety
critical nature to make
safety critical decisions -
several redundant,
independent measures for
each event.
(IV) S/W does not control
safety critical H/W
systems or provide safetycritical
information
CONTROL
CATEGORY CATASTROPHIC CRITICAL MARGINAL NEGLIGIBLE
1
1
1
2
2
3
1
2
2
3
3
4
3
4
4
5
5
5 5
5
5
5
5
5
1 High Risk Significant Analyses and Testing Resources
2 Medium Risk Requirements and Design Analysis and Dept Test Required
3 Moderate Risk High Levels of Analysis and Testing Acceptable with Managing Activity Approval
4 Moderate Risk High Levels of Analysis and Testing Acceptable with Managing Activity Approval
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(43)
