Intro to Work Health and Safety
This Intro to Work Health and Safety (WHS) video looks at Australian legislation that is relevant to System Safety.

When I moved from the UK to Australia in 2012, I had to learn a new legal framework as a safety engineer. I was delighted to find that Australia had taken the principles of UK health and safety law, and crafted a simple, elegant, and readable set of legislation.

In Australia, WHS law applies not just to the workplace, but to designers, manufacturers, importers, and suppliers of plant, substances, and structures. In other words, it covers design and product safety as well.

This short video, and the full-length version, should be helpful to system, functional, and design safety practitioners.  It looks at the three classes of 'upstream' safety duties of designers, that also apply to manufacturers, importers, suppliers those who install/commission plant substances and structures. 

Intro to Work Health and Safety: so What?

Many people think the WHS Act only applies to the management of safety in the workplace. They’re wrong – it does much more than that. In this short presentation, I am going to show you why the WHS Act is relevant to those with 'upstream' safety responsibilities such as designers.

Intro to Work Health and Safety: Topics

- The primary duty of care;

- Safety duties of designers (Section 21); and

- Similar duties apply to others, such as:

- Manufacturers (Section 23);

- Importers (Section 24);

- Suppliers (Section 25);

- Those installing, constructing or commissioning (Section 26);

- Officers (Section 27); and

- Workers (Section 28).

Intro to Work Health and Safety: Transcript

Click Here for the Transcript
Hi everyone and welcome to the Safety Artisan where you will find Professional, pragmatic And impartial Instruction on safety. Which we hope you enjoy. So today we’re talking about the Work Health and Safety (WHS) Act in Australia. Which is surprisingly relevant to what we do in Fact. Let’s see how surprising and relevant it is.Were going to look at the WHS Act. And its relevance to what we’re talking about here on the Safety Artisan. And it’s important to answer that question first, The “So what” test. Many people think that the WHS Act is only applicable To safety In the workplace. So they see it as purely an occupational health and safety Piece of legislation.

And it isn’t!

It does do that, but it does so much more as well.And in this short presentation, I’m going to show you why The WHS act is relevant. To system safety, functional safety, design safety, Whatever we want to call it.

Now I’m actually looking up some information On the work Health and Safety Act, from The Federal Register of Legislation. And, (In blue letters.) And if we go down to the bottom left-hand side of the screen. We will seeA little map of Australia with a big red tick on it. And in green, it says ‘in force latest version’. So I looked at the Website Today, the 6th of October. And this is the latest version. Which is just to make sure that We’ve got the right version. In Australia the Jurisdiction of which version of the act is in place Is complex. I’m not going to talk about that in the short session but I will in the full video version.

The Primary Duty of Care under the WHS Act

The Primary Duty of Care under the WHS Act is as follows. So a person Conducting a business or undertaking and – a Person Conducting a Business or Undertaking is usually abbreviated to PCBU. A horrible, horrible, clunky term! What it’s trying to say is whether you’re doing business or it is non-profit. Whether you work for the government. Or even if you’re self-employed. Whoever you are and whatever you do. If it’s to do with work, being paid for work. Then this applies to you.

Those people doing this stuff Are responsible For ensuring the health andsafety Of workers, who are engaged or paid by the person, by the PCBU. Workers whose activities are influenced or directed by the PCBU while they’re at work. And also the PCBU must ensure the health and safety of Other people. So in the vicinity of the workplace let’s say, or Maybe visitors.

As always the caveat on this ‘ensuring’ Health and Safety is ‘So Far As is reasonably Practicable’. Again we’re not going to be talking about So far as is reasonably practicable in this session, we’ll talk about it in the longer session; and, in fact, I think I’m probably going to do a session Just on the how to do So far as is Reasonably Practicable Because A lot of people Get it wrong. It’s quite a different concept. If you’re not used to it.

Designer Duties under the WHS Act

Moving on. We’ve jumped from Section 19 to Section 22. And we’re now talking about the duties of designers. Well, this doesn’t sound like occupational health and safety does it? So we look at the designer duties of PCBUs who design Plant, Substances, Or structures. So we’re talking industrial plant we’re not talking about commercial goods. There are otherActs that apply to stuff that you would buy in a shop. So this is industrial plant, Chemical substances and the like. And structures and those might be buildings. Or they might be ships, floating platforms, whatever they might be. Aircraft. Cars.

The First WHS Duty of a Designer

So here we have The First Duty of a designer. And there are three groups of duties. First of all, The designer Has to ensure The health and safety of People in the workplace. If they’re designing plant. If they’re designing or creating. A substance, or A structure. That is to be used, Or might reasonably be expected to be used At a workplace. This duty applies to them. So they’ve got to do whatever it takes. To ensure Health and Safety So far as is reasonably practicable.

Now, carrying on from that. We get a bit more detail. So the designer has got to ensure, so far as is reasonably practicable, that plant, substance or structure Is designed To be without risks. The risks are To the health and safety of persons, who Are At a workplace. Who might, Use it For the purpose for which it was designed, Who might Handle the substance. Who might store the plant or substance? And who might construct a structure? Or, and here’s the catch-all, who might carry out any reasonably foreseeable activity At a workplace In relation to this plant, substance, or structure.

And then if we go on to Part (e)(i) And we now get a long list of stuff. Any reasonably foreseeable activity Includes manufacture, assembly, Use, Proper storage, decommissioning, dismantling, disposal, Etc. We run out of space there. But the bottom line is that the scope of this act is cradle to grave. So from the very first time that we Design A plant, substance or structure. Right through to final disposal of said, Plant Substance and structure. The Designer has safety responsibilities. Thinking about the whole lifecycle of This stuff.

The Second WHS Duty of a Designer

Now we move on to the other Two duties that a designer has. So in subsection 3. The designer has a duty to carry out testing. That’s what it says in the guide. Actually, if you look at the words in the act it says the designer must carry out or arrange for Calculations, analysis, testing, Or examination. Whatever is necessary for the performance of the duty that We just described In Subsection 2. You recall Subsection 2, cradle to grave, from creation to final disposal. Calculations, analysis, testing or examination Might be needed. The designer has got to Carry that out Or arrange it. In order to ensure safety SFARP.

The Third WHS Duty of a Designer

And then, our Final Duty Is having done all of that work. Having designed this stuff to be safe and done all the Calculations and testing. The designer must give Adequate information to each person provided with the design. And the purpose of doing so, We’re not just providing information for the sake of it, or because we felt like it. It’s provided for a specific purpose. So each Purpose, Which the plant, substance or structure was designed. So we need all the information associated With its design purpose.We’ve got to provide the results of those calculations, analysis, testing andexamination.

And, Probably this is also equally Crucial from a hazard analysis point of view, Any conditions necessary to ensure that the plant, substance or structure Is without risk to health and safety. When it is used for the purpose for which it was designed, Or, (All the other stuff If we go back toSection 2.)

So Section 4, Does actually say this applies to Section 2(a-e). But we ran out of space on the page, so the designers got to provide all the information necessary. for people to use this stuff and for the life cycle of whatever it is from cradle to grave. Now, If we look at Section 4(a-c), We can say that’s the kind of information we generate from Hazard Analysis from safety analysis. So, yeah, Absolutely We need system safety In order to meet these duties, to satisfy these duties.

A Consistent set of Duties Across the Supply Chain

And these duties are not just on designers, because the WHS Act Is actually Very, very clever. Because it applies Much the same duties, those three duties that we heard of. The duty to ensure health and safety. The duty to test and analyze. And the duty to provide information. If we look at Sections 22, Through 26, We find that very similar duties applyTo designers.To manufacturers.To importers.To suppliers.And to those installing, constructing, Or commissioning. Substances andStructures.And the duties in these sections are all consistent. Basically, it recognizes that there is a supply chain. From design right through to installation and commissioning. And Everybody in that chain Has duties To do their part correctly, or to test what they have to. Pass on information, To the next set of stakeholders.

And then, In addition to that, If we looked in Section 27 we would see the Officers Of the PCBU, so Company directors and the like, People with, major influence, Who are able to direct operations and that kind of thing. So senior management and directors of companies and the equivalent in the public sector Have special requirements applying to them. Again, We’re going to talk about that in the Main Video, Not in this one. And then workers have Duties to Comply with reasonable instructions, That are intended to keep safe And other workers . So that if we go to Section 28 you get the kind of thing that you would expect to see in work-place safety.

Copyright and Attribution

So that’s it In the short video. Just to mention that I have Shown you information From the Federal Register of Legislation. I’m entitled to do that under the Creative Commons license. And I’m making the required attribution statement. You can see it in the middle of the Screen. And for the full information on these terms on copyright and attribution, Please go to that page On my website. And you will find full details of the terms and conditions, under which this video was created. And if you want to see the full version of the introduction to the WHS Act, which is going to cover a lot more ground than this then please go to the Safety Artisan page On www.Patreon.com.

That’s the Presentation. And it just remains for me to say, Thanks very much for listening. I look forward to meeting you again. Cheers now.

The Full Version is Here…

If you want more, if you want a wider and deeper view of the WHS Act, then there’s a longer version of this video. Which you can get at my Patreon page.

I hope you enjoy it. Well that’s it for the short video, for now. Please go and have a look at the longer video to get the full picture. OK, everyone, it’s been a pleasure talking to you and I hope you found that useful. I’ll see you again soon. Goodbye.

The full-length ‘Guide to WHS’ post and video is here.
#atworkhealthandsafety #guidetowhsact #howdoeswhswork #howtoworkinhealthandsafety #projectworkhealthandsafetyrequirements #whatarewhsstandards #whatisthemeaningofworkhealthandsafety #whatiswhsandwhyisitimportant #whatmustemployeesdoforhealthandsafety #whatwhsmeans #whatwhsstandfor #WHS #whs2011regulations #whsdutyofcare #whshazardsandrisks #whyarewhspoliciesimportant #WorkHealthandSafety #workhealthandsafety2012 #workhealthandsafetybill #workhealthandsafetybill2011 #workhealthandsafetyemployerresponsibilities #workhealthandsafetyguidelines #workhealthandsafetyobjectives #workhealthandsafetypurpose #workhealthandsafetyquestions #workhealthandsafetystrategy
Simon Di Nucci https://www.safetyartisan.com/2023/02/01/introduction-to-australian-work-health-safety/

The 2024 Blog Digest - Q3/Q4
The 2024 Blog Digest - Q3/Q4 brings you all of The Safety Artisan's blog posts from the first six months of this year. I hope that you find this a useful resource!

The 2024 Blog Digest - Q3/Q4: 18 Posts!

Meet the Author

Learn safety engineering with me, an industry professional with 25 years of experience. I have:

•Worked on aircraft, ships, submarines, ATMS, trains, and software;

•Tiny programs to some of the biggest (Eurofighter, Future Submarine);

•In the UK and Australia, on US and European programs;

•Taught safety to hundreds of people in the classroom, and thousands online;

•Presented on safety topics at several international conferences.

Hi, everyone, and welcome to The Safety Artisan. I’m Simon, and I just wanted to share with you briefly why I started this enterprise. I’ve had a career in safety, engineering, and safety consulting for over 25 years now. And in that time, I’ve seen customers make one of two mistakes quite often. First of all, I’ve seen customers not do some things that they should have been doing. This was usually because they were just ignorant of what their legal obligations were.

And I guess that’s a fairly obvious mistake. That’s what you would expect me to say. But more often, I’ve seen customers do too much to try and achieve safety, which is surprising! I’ve seen people waste a lot of time, energy, and money doing things that just didn’t make a difference. Sometimes it actually got in the way of doing good safety work.

And I think the reasons for those mistakes are, first of all, ignorance.

Secondly, not knowing precisely what safety is and therefore not being able to work out how to get there. That’s why I started The Safety Artisan. I wanted to equip people with the knowledge of what safety really is and the tools to get there efficiently. To neither do too much nor too little. We want Safety, Just Right.
#coursesafetyengineering #ineedsafety #knowledgeofsafety #learnsafety #safetyblog #safetydo #safetyengineer #safetyengineertraining #safetyengineeringcourse #safetyprinciples
Simon Di Nucci https://www.safetyartisan.com/2024/12/26/the-2024-blog-digest-q3-q4/

Introduction to System Safety Risk Assessment
In this 'Introduction to System Safety Risk Assessment', we will pull together several key ideas.

First, we'll talk about System Safety. This is safety engineering done in a Systems Engineering Framework. We are doing safety within a rigorous process.

Second, we're talking about Risk Assessment. This is a term for putting together different activities within another process. This process may be basic, or it might be quite sophisticated, as illustrated, below.

The Risk Assessment Process

Third, and finally, we will put all this together into a System Safety Program. This is hinted at in the diagram, above, but a real system safety program needs to do a lot more than this. It needs to tie into the project it supports, to systems engineering, to resources, quality, V&V, etc. Designing such a program is complex, so we typically follow a standard, like Mil-Std-882E.

You can hear more about this in the introductory video, below.

https://youtu.be/80irBJjmzxI
Introduction Video

This post is part of a series:

- This Post is the Intro to the System Safety Risk Assessment Programs Course.

- Start of System Safety Risk Assessment

- Hazard & Risk Basics (SSRAP Module 1)

- System safety risk analysis (SSRAP Module 2)

Transcript:

Introduction

Hello,

Welcome to this course on Systems Safety Risk Analysis Programs. I'm Simon Di Nucci, The Safety Artisan, and I've been a safety engineer and consultant for over 20 years. I've worked on a wide range of safety programs doing risk analysis on all kinds of things. Ships, planes, trains, air traffic management systems, software systems, you name it.

I've worked in the U.K., in Australia, and on many systems from the U.S. I've also spent hundreds of hours training hundreds of people on safety. And now I've got the opportunity to share some of that knowledge with you online.

So, what are the benefits of this course?

First of all, you will learn about basic concepts. About system safety, what it is and what it does. You will know how to apply a risk analysis program to a very complex system and how to manage that complexity. So, that's what you'll know.

At the end of the course, you will also be able to do things that you might not have been able to do before. You will be able to take the elements of a risk analysis program and the different tasks. You can select the right tasks and form a program to suit your application, whatever it might be. Whether you might:

- Have a full, high-risk bespoke development system,

- Be taking a commercial system off the shelf and doing something new with it, or

- Take a product and use it in a new application or a new location.

Whatever it might be, you will learn how to tailor your risk analysis program. This program will give you the analyses you need. And to meet your legal and regulatory requirements. Once you've learned how to do this, you can apply it to almost any system.

Finally, you will feel confident doing this. I will be interpreting the terminology used in the tasks and applying my experience. So, instead of reading the standard and being unsure of your interpretation, you can be sure of what you need to do. Also, I will show you how you can get good results and avoid some of the pitfalls.

These are the three benefits of the Course

- You will know what to do.

- You will be able to perform risk program tasks, and

- You'll feel confident doing those tasks.

At the end of the course, I will also show you where to find further resources. There are free resources to choose from. But there are also paid resources for those who want to take your studies to the next level. I hope you enjoy the course.

This is Module 1 of SSRAP

This is Module 1 from the System Safety Risk Assessment Program (SSRAP) Course. Risk Analysis Programs – Design a System Safety Program for any system in any application.

The full course comprises 15 lessons and 1.5 hours of video content, plus resources. It's on pre-sale at HALF PRICE until September 1st, 2024. Check out all the free preview videos here and order using the coupon “Pre-order-Half-Price-SSRAP”. But don't leave it too long because there are only 100 half-price courses available!

Meet the Author

Learn safety engineering with me, an industry professional with 25 years of experience, I have:

•Worked on aircraft, ships, submarines, ATMS, trains, and software;

•Tiny programs to some of the biggest (Eurofighter, Future Submarine);

•In the UK and Australia, on US and European programs;

•Taught safety to hundreds of people in the classroom, and thousands online;

•Presented on safety topics at several international conferences.
#AdvancedSafetyRiskAnalysis #ComprehensiveSafetyEngineeringCourse #DesigningaRiskAnalysisProgram #ExpertSafetyManagementTraining #HazardAnalysisTasks #LearnSystemSafetyRiskAnalysis #OnlineTraininginSystemSafety #ProfessionalSafetyRiskAnalysisCourse #RiskAnalysisProgramDesign #RiskAnalysisProgramforComplexSystems #RiskAnalysisTraining #SafetyEngineeringCourses #SafetyManagementTraining #SafetyProgramStandardTraining #SafetyRiskAnalysisforBeginners #SafetyRiskAnalysisPrograms #SystemSafetyRiskAnalysis #SystemSafetyTrainingOnline #TailorYourRiskAnalysisProgram #UnderstandingSystemSafetyStandards
Simon Di Nucci https://www.safetyartisan.com/2024/07/10/introduction-to-system-safety-risk-assessment/

System Hazard Analysis with Mil-Std-882E
In this 45-minute session, I look at System Hazard Analysis with Mil-Std-882E. SHA is Task 205 in the Standard. I explore Task 205's aim, description, scope, and contracting requirements.

I also provide commentary, based on working with this Standard since 1996, which explains SHA. How to use it to complement Sub-System Hazard Analysis (SSHA, Task 204). How to get the maximum benefits from your System Safety Program.

Using Task 205 effectively is not just a matter of applying it in number order with the other Tasks. We need to use it within the Systems Engineering framework. That means using it top-down, to set requirements, and bottom-up to verify that they are met.

https://youtu.be/F70fhSGsyLk
This is the seven-minute-long demo. The full video is 47 minutes long.

get the course 'system hazard analysis': click here

System Hazard Analysis: Topics

- Task 205 Purpose ;

- Verify subsystem compliance;

- ID hazards (subsystem interfaces and faults);

- ID hazards (integrated system design); and

- Recommend necessary actions.

- Task Description (five slides);

- Reporting;

- Contracting; and

- Commentary.

Transcript: System Hazard Analysis with Mil-Std-882E

Introduction

Hello, everyone, and welcome to the Safety Artisan, where you will find professional, pragmatic, and impartial safety training resources and videos. I’m Simon, your host, and I’m recording this on the 13th of April 2020. And given the circumstances when I record this, I hope this finds you all well.

System Hazard Analysis Task 205

Let's get on to our topic for today, which is System Hazard Analysis. Now, system hazard analysis is, as you may know, Task 205 in the Mil-Std-882E system safety standard.

Topics for this Session

What we're going to cover in this session is purpose, task description, reporting, contracting, and some commentary – although I'll be making commentary all the way through. Going back to the top, the yellow highlighting with this (and with Task 204), I'm using the yellow highlighting to indicate differences between 205 and 204 because they are superficially quite similar. And then I'm using underlining to emphasize those things that I want to bring to your attention and emphasize.

Within Task 205, Purpose. We've got four purpose slides for this one. Verify subsistent compliance and recommend necessary actions – fourth one there. And then in the middle of the sandwich, we've got the identification of hazards, both between the subsystem interfaces and faults from the subsystem propagating upwards to the overall system and identifying hazards in the integrated system design. So, quite a different emphasis to 204, which was thinking about subsystems in isolation. We’ve got five slides of task description, a couple on reporting, one on contracting – nothing new there – and several commentaries.

System Requirements Hazard Analysis (T205)

Let's get straight on with it. The purpose, as we've already said, there is a three-fold purpose here; Verify system compliance, hazard identification, and recommended actions, and then, as we can see in the yellow, the identifying previously unidentified hazards is split into two. Looking at subsystem interfaces and faults and the integration of the overall system design. And you can see the yellow bit, that's different from 204 where we are taking this much higher-level view, taking an inter-subsystem view and then an integrated view.

Task Description (T205) #1

On to the task description. The contract has got to do it and document, as usual, looking at hazards and mitigations, or controls, in the integrated system design, including software and human interface. We must come onto that later.

All the usual stuff about we've got to include COTS, GOTS, GFE, and NDI. So, even if stuff is not being developed, if we're putting together a jigsaw system from existing pieces, we've still got to look at the overall thing. And as with 204, we go down to the underlined text at the bottom of the slide, areas to consider. Think about performance, and degradation of performance, functional failures, timing and design errors, defects, inadvertent functioning – that classic functional failure analysis that we've seen before.

Again, while conducting this analysis, we’ve got to include human beings as an integral component of the system, receiving inputs, and initiating outputs.  Human factors were included in this standard from long ago...

The End

You can see all the Mil-Std-882E Analysis Tasks here.

Get a free pdf of the System Safety Engineering Standard, Mil-Std-882E, here.

Learn safety engineering with me, an industry professional with 25 years of experience, I have:

•Worked on aircraft, ships, submarines, ATMS, trains, and software;

•Tiny programs to some of the biggest (Eurofighter, Future Submarine);

•In the UK and Australia, on US and European programs;

•Taught safety to hundreds of people in the classroom, and thousands online;

•Presented on safety topics at several international conferences.
#Milstd882Technique #Milstd882Training #Milstd882tutorial #Milstd882Video #MilStd882E #Milstd882eTechnique #Milstd882eTraining #Milstd882etutorial #Milstd882eVideo #SafetystandardTechnique #SafetystandardTraining #Safetystandardtutorial #SafetystandardVideo #SHA #systemhazardanalysis #systemhazardanalysisTechnique #systemhazardanalysisTraining #systemhazardanalysistutorial #systemhazardanalysisVideo #SystemsafetyengineeringTechnique #systemsafetyengineeringtraining #Systemsafetyengineeringtutorial #SystemsafetyengineeringVideo #Task205
Simon Di Nucci https://www.safetyartisan.com/2025/06/30/equipped-system-hazard-analysis/

Functional Hazard Analysis with Mil-Std-882E
In this video, I look at Functional Hazard Analysis with Mil-Std-882E (FHA, which is Task 208 in Mil-Std-882E). FHA analyses software, complex electronic hardware, and human interactions. I explore the aim, description, and contracting requirements of this Task, and provide extensive commentary on it. (I refer to other lessons for special techniques for software safety and Human Factors.)

This video, and the related webinar 'Identify & Analyze Functional Hazards', deal with an important topic. Programmable electronics and software now run so much of our modern world. They control many safety-related products and services. If they go wrong, they can hurt people.

I've been working with software-intensive systems since 1994. Functional hazards are often misunderstood or overlooked, as they are hidden. However, the accidents that they can cause are very real. If you want to expand your analysis skills beyond just physical hazards, I will show you how.

https://youtu.be/f4jDnnqYhus
This is the seven-minute demo; the full version is 40 minutes long.

clikc here to get the course: Identify & analyze functional hazards

Functional Hazard Analysis: Context

So how do we analyze software safety?

Before we even start, we need to identify those system functions that may impact safety. We can do this by performing a Functional Failure Analysis (FFA) of all system requirements that might credibly lead to human harm.

An FFA looks at functional requirements (the system should do 'this' or 'that') and examines what could go wrong:

- Does the function work when needed?

- Does the function work when not required?

- Does the function work incorrectly? (There may be more than one version of this.)

(A variation of this technique is explained here.)

If the function could lead to a hazard then it is marked for further analysis. This is where we apply the FHA, Task 208.

Functional Hazard Analysis: The Lesson

Topics: Functional Hazard Analysis

- Task 208 Purpose;

- Task Description;

- Update & Reporting

- Contracting; and

- Commentary.

Transcript: Functional Hazard Analysis

Introduction

Hello, everyone, and welcome to the Safety Artisan; Home of Safety Engineering Training. I'm Simon and today we're going to be looking at how you analyze the safety of functions of complex hardware and software. We'll see what that's all about in just a second.

Functional Hazard Analysis

I'm just going to get to the right page. This, as you can see, functional hazard analysis is Task 208 in Mil. Standard 882E.

Topics for this Session

What we've got for today: we have three slides on the purpose of functional hazard analysis, and these are all taken from the standard. We've got six slides of task description. That's the text from the standard plus we've got two tables that show you how it's done from another part of the standard, not from Task 208. Then we've got update and recording, another two slides. Contracting, two slides. And five slides of commentary, which again include a couple of tables to illustrate what we're talking about.

Functional Purpose HA #1

What we're going to talk about is, as I say, functional hazard analysis. So, first of all, what's the purpose of it? In classic 882 style, Task 208 is to perform this functional hazard analysis on a system or subsystem or more than one. Again, as with all the other tasks, we use it to identify and classify system functions and the safety consequences of functional failure or malfunction. In other words, hazards.

Now, I should point out at this stage that the standard is focused on malfunctions of the system. In the real world, lots of software-intensive systems cause accidents that have killed people, even when they're functioning as intended. That's one of the shortcomings of this Military Standard - it focuses on failure. But even if something performs as specified, either:

- The specification might be wrong, or

- The system might do something that the human operator does not expects.

Mil-Std-882E just doesn't recognize that. So, it's not very good in that respect. However, bearing that in mind, let's carry on with looking at the task.

Functional HA Purpose #2

We're going to look at these consequences in terms of severity – severity only, we'll come back to that – to identify what they call safety-critical functions, safety-critical items, safety-related functions, and safety-related items. And a quick word on that, I hate the term ‘safety-critical’ because it suggests a sort of binary “Either it's safety-critical. Yes. Or it's not safety-critical. No.” And lots of people take that to mean if it's “safety-critical, no,” then it's got nothing to do with safety. They don't recognize that there's a sliding scale between maximum safety criticality and none whatsoever. And that's led to a lot of bad thinking and bad behavior over the years where people do everything they can to pretend that something isn't safety-related by saying, “Oh, it's not safety-critical, therefore we don't have to do anything.” And that kind of laziness kills people.

Anyway, moving on. So, we've got these SCFs, SCIs, SRFs, SRIs and they're supposed to be allocated or mapped to a system design architecture. The presumption in this – the assumption in this task is that we're doing early – We'll see that later – and that system design, system architecture, is still up for grabs. We can still influence it.

COTS and MOTS Software

Often that is not the case these days. This standard was written many years ago when the military used to buy loads of bespoke equipment and have it all developed from new. That doesn't happen anymore so much in the military and it certainly doesn't happen in many other walks of life – But we'll talk about how you deal with the realities later.

And they're allocating these functions and these items of interest to hardware, software, and human interfaces. And I should point out, when we're talking about all that, all these things are complex. Software is complex, human is complex, and we're talking about complex hardware. So, we're talking about components where you can't just say, “Oh, it's got a reliability of X, and that's how often it goes wrong” because those types of simple components are only really subject to random failure, that's not what we're talking about here.

We're talking about complex stuff where we're talking about systematic failure dominating over random, simple hardware failure. So, that's the focus of this task and what we're talking about. That's not explained in the standard, but that's what's going on.

Functional HA Purpose #3

Now, our third slide is on purpose; so, we use the FHA to identify the consequences of malfunction, functional failure, or lack of function. As I said just now, we need to do this as early as possible in the systems engineering process to enable us to influence the design. Of course, this is assuming that there is a system engineering process – that's not always the case. We'll talk about that at the end as well.

Also, we're going to identify and document these functions and items and allocate and it says to partition them in the software design architecture. When we say partition, that's jargon for separating them into independent functions. We'll see the value of that later on. Then we're going to identify requirements and constraints to put on the design team to say, “To achieve this allocation in this partitioning, this is what you must do and this is what you must not do”. So again, the assumption is we're doing this early. There's a significant amount of bespoke design yet to be done....

Then What?

Once the FFA has identified the required 'Level or Rigor', we need to translate that into a suitable software development standard. This might be:

- RTCA DO-178C (also know as ED-12C) for civil aviation;

- The US Joint Software System Safety Engineering Handbook (JSSEH) for military systems;

- IEC 61508 (functional safety) for the process industry;

- CENELEC-50128 for the rail industry; and

- ISO 26262 for automotive applications.

Such standards use Safety Integrity Levels (SILs) or Development Assurance Levels (DALs) to enforce appropriate Levels of Rigor. You can learn about those in my course, Principles of Safe Software Development.

Meet the Author

My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
#functionalhazard #functionalhazardindigitalelectronics #functionalriskassessment #functionalriskexample #functionalsafety #functionalsafetyanalysis #functionalsafetycourse #functionalsafetyonlinecourse #functionalsafetyppt #functionalsafetyrequirements #functionalsafetystandards #functionalsafetytechniquelearnfunctionalsafety #functionalsafetytraining #functionalsafetytrainingAustralia #functionalsafetytutorial #functionalsafetyvideo #hazardfunctiondefinition #howtodofunctionalsafety #Milstd882Technique #Milstd882Training #Milstd882tutorial #Milstd882Video #MilStd882E #whatisfunctionalrisk
Simon Di Nucci https://www.safetyartisan.com/2024/03/20/functional-hazard-analysis-task-208/

My CISSP Exam Journey
Here is a video about my CISSP exam journey.

https://youtu.be/zGof2cB9VW8
I've just passed the Certified Information Systems Security Professional (CISSP) Exam...

Get the full 'My CISSP Exam Journey' free video here.

I've just passed the Certified Information Systems Security Professional (CISSP) Exam, which was significantly updated on 1st May 2021. In this 30-minute video, I will cover:

- The official CISSP course and course guide;

- The 8 Domains of CISSP, and how to take stock of your knowledge of them;

- The official practice questions and the Study Guide;

- The CISSP Exam itself; and

- Lessons learned from my journey.

I wish you every success in your CISSP journey: it's tough, but you can do it!

Transcript: My CISSP Exam Journey

Hi, Everyone,

My name is Simon Di Nucci and I've just passed the new CISSP exam; for those of you who don't know what that is, that's the Certified Information Systems Security professional. It's new because the exams have been around a long time, but the syllabus and the exam itself have undergone a significant change as of the 1st of May this year. I’m probably one of the first people to pass the new exam, which I have to tell you was a great relief because it was really it was a tough exam and it was tough preparing for it.

It was a big mountain to climb. I am very, very relieved to have passed. Now, I hope to share some lessons with you. When I mentioned that I passed on the cybersecurity groups on Facebook and LinkedIn, I got a huge response from people who appreciated how difficult it is to do this and also lots of questions. And whilst I can't talk about the specifics of the exam, that's not allowed, I can share some really useful lessons learned from my journey.

Introduction

So I'm going to be talking about what I did:

- The Official Course, and the Student Guide;

- How I took stock at the start of the revision process;

- How I revised using the practice questions and the Study Guide;

- Something about the exam itself; and

- Lessons learned.

The Official Course

So let's get on with it.  My journey was that two or three years ago, the firm that I worked for decided that they wanted me to take the CISSP exam in order to improve our credibility when doing cybersecurity, and my credibility.

I was sent on a five-day course, which was very intense, and it was the official book.is the official ISC2 course. And that was several hundred slides a day for five days. It was very intense. And as you can see, the guy that you get with a pretty hefty eight hundred pages of closely packed and high-quality material. I was taught by someone who was clearly a very experienced expert in the field.

It was a good quality course. It cost about $3,700 (Australian). I think that's about $2,500 (US). In terms of the investment, I think it was worth it because it covered a lot of ground, and I was very rusty on a lot of this stuff. It was it was a useful ‘crammer’ to get back into this stuff. As I said, 800 pages long. I've done a lot of revising!

Practical Things

Let's put that to one side. The course was very good, but of course, it takes some time out of your schedule to do it. You need the money and the support from your workplace to be able to do that. There are now online courses, which I haven't been on; I can't say how good they are, but they are cheaper, and they're spread out. I think you do a day or two per week for a period of several weeks.

And I think that's got to be really good because you're going to have more time to consolidate this huge amount of information in your head. No disrespect to the face-to-face course. It was very good. I think the online courses could be even better and a lot more accessible.  That was the course. Now, I did that in November twenty nineteen and I intended to do some revision and then take the exam probably in early.

In March, April 2020, global events got in the way of that, and all the exam centers were closed down. I couldn't do that. Basically, I sort of forgot about it for a period of months. And then at the tail end of 2020, as things began to improve here in Australia at least, we've been very lucky here, exam centers reopened, and I thought, well, I really should get back and, you know, try and schedule the exam and do some revision and get on with it.

Exam Preparation

So I did. And starting in January of this year, I got my management agreement that I would spend one day a week working from home, revising, and that's what I did. Given that I took the exam in the middle of May, that's probably 18 full days of revision going through the material, and I needed it! Originally, I was going to take the exam, I think, in early April, but I realized at the end of March that I was not ready and I needed more time.

So I put the exam date back to the middle of May. And it was only after I'd done that that it was announced that the syllabus of the exam was changing quite significantly. That was a, you know, extra work then. And fortunately. They. They brought out the official guide to the new exam, and I realized that quite a lot of material to learn. I went through, and for example, there are eight domains in CISSP.

And for example, here's domain number two, asset security. In the pink, I have highlighted all the new things that are in the 1st of May Edition syllabus that were not in the 2018 syllabus.  I went through all of these things, and there are quite a few in almost every domain except the first one. There are significant changes.  I had to do a lot of extra revision because the syllabus had changed, but nevertheless, it was doable.

To get regular updates from The Safety Artisan, Click Here. For more introductory lessons Start Here.
#CISSP #CISSP2021 #CISSP2021Exam #cisspisanexampleofasecuritycertification #cisspobjectives #cissppearson #cisspqualification #cisspwhatisit #coursesafetyengineering #Cybersecurity #engineersafety #ineedsafety #knowledgeofsafety #learnsafety #needforsafety #safetyblog #safetydo #safetyengineer #safetyengineerskills #safetyengineertraining #safetyengineeringcourse #safetyprinciples #softwaresafety #theneedforsafety
Simon Di Nucci https://www.safetyartisan.com/2023/09/27/my-cissp-exam-journey/

Software Safety Principles Conclusions and References
Software Safety Principles Conclusions and References is the sixth and final blog post on Principles of Software Safety Assurance. In them, we look at the 4+1 principles that underlie all software safety standards. (The previous post in the series is here.)

Read on to Benefit From...

The conclusions of this paper are brief and readable, but very valuable. It's important for us - as professionals and team players - to be able to express these things to managers and other stakeholders clearly. Talking to non-specialists is something that most technical people could do better.

The references include links to the standards covered by the paper. Unsurprisingly, these are some of the most popular and widely used processes in software engineering. The other links take us to the key case studies that support the conclusions.

Content

We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these guidelines as the unchanging foundation of any software safety argument because they hold true across projects and domains.

The principles serve as a guide for cross-sector certification and aid in maintaining comprehension of the “big picture” of software safety issues while evaluating and negotiating the specifics of individual standards.

Conclusion

These six blog posts have presented the 4+1 model of foundational principles of software safety assurance. The principles strongly connect to elements of current software safety assurance standards and they act as a common benchmark against which standards can be measured.

Through the examples provided, it's also clear that, although these concepts can be stated clearly, they haven't always been put into practice. There may still be difficulties with their application by current standards. Particularly, there is still a great deal of research and discussion going on about the management of confidence with respect to software safety assurance (Principle 4+1).

Standards and References

RTCA/EUROCAE, Software Considerations in Airborne Systems and Equipment Certification, DO-178C/ED-12C, 2011.

CENELEC, EN-50128:2011 - Railway applications - Communication, signaling and processing systems - Software for railway control and protection systems, 2011.

ISO-26262 Road vehicles – Functional safety, FDIS, International Organization for Standardization (ISO), 2011

IEC-61508 – Functional Safety of Electrical / Electronic / Programmable Electronic Safety-Related Systems. International Electrotechnical Commission (IEC), 1998

FDA, Examples of Reported Infusion Pump Problems, Accessed on 27 September 2012,

http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/InfusionPumps/ucm202496.htm

FDA, FDA Issues Statement on Baxter’s Recall of Colleague Infusion Pumps, Accessed on 27 September 2012, http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm210664.htm

FDA, Total Product Life Cycle: Infusion Pump - Premarket Notification 510(k) Submissions, Draft Guidance, April 23, 2010.

“Report on the Accident to Airbus A320-211 Aircraft in Warsaw on 14 September 1993”, Main Commission Aircraft Accident Investigation Warsaw, March 1994, http://www.rvs.unibielefeld.de/publications/Incidents/DOCS/ComAndRep/Warsaw/warsaw-report.html  Accessed on 1st October 2012.

JPL Special Review Board, "Report on the Loss of the Mars Polar Lander and Deep Space 2 Missions", Jet Propulsion Laboratory”, March 2000.

Australian Transport Safety Bureau. In-Flight Upset Event 240Km North-West of Perth, WA, Boeing Company 777-2000, 9M-MRG. Aviation Occurrence Report 200503722, 2007.

H. Wolpe, General Accounting Office Report on Patriot Missile Software Problem, February 4, 1992, Accessed on 1st October 2012, Available at: http://www.fas.org/spp/starwars/gao/im92026.htm

Y.C. Yeh, Triple-Triple Redundant 777 Primary Flight Computer, IEEE Aerospace Applications Conference pg 293-307, 1996.

D.M. Hunns and N. Wainwright, Software-based protection for Sizewell B: the regulator’s perspective. Nuclear Engineering International, September 1991.

R.D. Hawkins, T.P. Kelly, A Framework for Determining the Sufficiency of Software Safety Assurance. IET System Safety Conference, 2012.

SAE. ARP 4754 - Guidelines for Development of Civil Aircraft and Systems. 1996.

Software Safety Principles: End of the Series

This blog post series was derived from ‘The Principles of Software Safety Assurance’, by RD Hawkins, I Habli & TP Kelly, University of York. The original paper is available for free here. I was privileged to be taught safety engineering by Tim Kelly, and others, at the University of York. I am pleased to share their valuable work in a more accessible format.

Meet the Author

My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!

Principles of Software Safety Training

Learn more about this subject in my course 'Principles of Safe Software' here.

My course on Udemy, 'Principles of Software Safety Standards' is a cut-down version of the full Principles Course. Nevertheless, it still scores 4.42 out of 5.00 and attracts comments like:

- "It gives me an idea of standards as to how they are developed and the downward pyramid model of it." 4* Niveditha V.

- "This was really good course for starting the software safety standareds, comparing and reviewing strengths and weakness of them. Loved the how he try to fit each standared with4+1 principles. Highly recommend to anyone that want get into software safety." 4.5* Amila R.

- "The information provides a good overview. Perfect for someone like me who has worked with the standards but did not necessarily understand how the framework works." 5* Mahesh Koonath V.

- "Really good overview of key software standards and their strengths and weaknesses against the 4+1 Safety Principles." 4.5* Ann H.
#basicprinciplesofsafety #issafetyimportant #principlesforsoftwaredesign #principlesofsoftwareengineering #principlesofsoftwarevalidation #safeprinciplesexplained #safesystemprinciples #safetyassessmentprinciples #safetyprinciples #safetyprinciplesandpractices #softwareanalysisprinciples #softwaredesignprinciplesexamples #softwaredevelopmentprinciple #softwaredevelopmentprinciplesandpractices #softwareengineeringprinciplesarebasedon #softwareengineeringprinciplesppt #softwareprinciples #softwareprinciplesinsoftwareengineering #softwarequalityprinciples #softwaresafetycertification #softwaresafetydefinition #softwaresafetyengineering #softwaresafetyexamples #softwaresafetyprinciples #softwaresafetyrequirements #softwaresafetyrequirementsexample #softwaresafetystandards #softwaresafetytesting #softwaresystemsafety #whataresoftwaredesignprinciples
Simon Di Nucci https://www.safetyartisan.com/2022/11/23/sw-safety-principles-conclusions-and-references/