曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
requirements between software modules and resources, and across temporal boundaries (or into separate
architectures). The software control measure of the SHCM also assists in the prioritization of software
design and programming tasks.
FAA System Safety Handbook, Chapter 10: System Software Safety
December 30, 2000
10-10
Software Hazard Criticality Matrix
For Example Purposes Only
High Risk - Significant Analyses and Testing Resources
Medium Risk - Requirements and Design Analysis and Depth Testing Required
Moderate Risk - High Levels of Analysis and Testing Acceptable With Managing Activity Approval
Severity
Control Category Catastrophic Critical Marginal Negligible
(I) Software exercises autonomous control over potentially hazardous
hardware systems, subsystems or components without the possibility of
intervention to preclude the occurrence of a hazard. Failure of the software
or a failure to prevent an event leads directly to a hazards occurrence.
(IIa) Software exercises control over potentially hazardous hardware
systems, subsystems, or components allowing time for intervention by
independent safety systems to mitigate the hazard. However, these
systems by themselves are not considered adequate.
(IIb) Software item displays information requiring immediate operator
action to mitigate a hazard. Software failure will allow or fail to prevent
the hazard’ s occurrence.
(IIIa) Software items issues commands over potentially hazardous
hardware systems, subsystem, or components requiring human action to
complete the control function. There are several, redundant, independent
safety measures for each hazardous event.
(IIIb) Software generates information of a safety critical nature used to make
safety critical decisions. There are several, redundant, independent safety
measures for each hazardous event.
(IV) Software does not control safety critical hardware systems, subsystems,
or components and does not provide safety critical information.
1 1 3 5
1 2 4 5
1 2 4 5
2 3 5 5
2 3 5 5
3 4 5 5
Extracted from Mil-Std 882C
Moderate Risk - High Levels of Analysis and Testing Acceptable With Managing Activity Approval
Low Risk - Acceptable
Figure 10-4: Software Hazard Criticality Matrix
FAA System Safety Handbook, Chapter 10: System Software Safety
December 30, 2000
10-11
10.3.3 Derivation of System Safety-Critical Software Requirements
Safety-critical software requirements are derived from known safety-critical functions, tailored generic
software safety requirements and inverted contributory factors determined from previous activities. Safety
requirement specifications identify the specifics and the decisions made, based upon the level of risk, desired
level of safety assurance, and the visibility of software safety within the developer organization. Methods for
doing so are dependent upon the quality, breadth and depth of initial hazard and failure mode analyses and on
lessons-learned derived from similar systems. The generic list of requirements and guidelines establish the
beginning point that initiates the system-specific requirements identification process. System-specific
software safety requirements require a flow-down of hazard controls into requirements for the subsystems
which provide a trace (audit trail) between the requirement, its associated risk and to the module(s) of code
that are affected. Once this is achieved as a core set of requirements, design decisions are identified,
assessed, implemented, and included in the hazard record database. Relationships to other risks or
requirements are also determined. The identification of system-specific requirements (see Figure 10-5) is the
direct result of a complete hazard analysis methodology.
PRELIMINARY HAZARD LIST (PHL)
PRELIMINARY HAZARD ANALYSIS (PHA)
Develop Generic Safety Critical
Software Guidelines & Requirements
Derive Functional Safety-
Critical Requirements
ð Obtain Generic Software Safety Requirements Lists
ð Tailor Generic Software Safety Requirement and
Guidelines List for the Specific System and/or
Subsystem
ð Develop Safety-Critical Functions List
ð Develop Potential Functional Hazard List
ð Categorize and Prioritize Generic Software
Requirements and Guidelines
ð Categorize and Prioritize System Functional Hazards
ð Determine System Level HW/SW and HF Causal Factors
ð Execute System Level Trade Study
ð Analyze and Identify All Software Specific Causal
Factors
ð Execute Detail Design Trade Study
SAFETY REQUIREMENTS CRITERIA ANALYSIS (SRCA)
Derive System-Specific Software Safety-Critical Requirements
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(9)
