SW safety for a fully SW controlled safety critical system



SW safety for a fully SW controlled safety critical system

From: Li, Michelle (GE Infra, Aviation, US) <Michelle.y.li_at_xxxxxx>
Date: Thu, 25 Oct 2007 11:04:08 -0400
Message-ID: <6C2A6E006AAB7C48ADFD901120858E4A016B9898@xxxxxx>
 
Dear All:

I am working on a fully SW controlled safety critical system: engine
control--it will be catastrophic if no sufficient thrust. There are two
types of SW functions: 1. fault detection and redundant management to
mitigate HW hazards 2. SW control functions such as thrust controlling. 

I really get lost here how I should identify SW hazards and derive SW
safety requirements. Each one of them is safety critical. So each SW
function (thousands of them) under the two types will have at least one
SW hazard--fail to perform. There is no way that we can use HW to
mitigate this type of SW hazard. What kind of SW safety requirements can
I get as the results of the SW safety analysis?

Your advice will be highly appreciated.

By the way, The highest SW integrity level is assigned already to the
entire system including SW. 




	Michelle 
	
Received on Thu 25 Oct 2007 - 16:05:19 BST