Software safety analysis: Using the entire risk analysis toolkit

When an accident occurs, it is common to attribute the accident to a failure in the system. Therefore, precautions must be taken to design the system to provide safeguards that will support the system even when failures occur. The problem, however, is that accidents occur where there is no failure in the system (i.e., the software, hardware, and humans "work" as they are supposed to). The flaw is in the design oversight for specific high-risk situations. It is up to the decision maker to: Ensure that adequate design and safety checks have been performed before the system is put into operation Ensure that a comprehensive risk analysis is conducted to examine both the design element malfunctions and the design oversights to determine the loss sequences Be satisfied that the loss sequences are understood with adequate confidence that the system risk is at or below the risk acceptance criteria