Lecturer: Gonzalo Rey

This is a 6-8h hour seminar running for both slots on Thursday. Friday is a reserve, in case some folks want to go into more depths on some topics.

Dates:

• Thu, 17.9. - 9-12
• Thu, 17.9. - 13:30-16:00
• Fri, 18.9. - 9-12 (not taking place).

Room:

• Thu, 17.9. - HPZ E 35
• Fri, 18.9. - HIT J 53

Safe System Design Seminar Speaker: Gonzalo J. Rey, Moog Inc. (Visiting Professor, on invitation from Jonas Buchli, ETH ADRL)   Safe system design methodologies aim to reduce the risk of injury and fatality to tolerable or desired levels. The guidelines and regulations that exist for many domains of application share a set of common expectations. This seminar presents a set of concepts and approaches that help meet these expectations. The content focuses on “what” can and needs to be done more than in “how”, which tends to be application specific. Topics are presented at the introductory level and illustrated with simple examples.   The sequence of topics is as follows:

• Unordered List ItemSafe systems and tolerable risk targets: social expectations, where they come from, what they look like, implications
• Safe system: key decisions, hazards and mitigations, engineering judgment, implications
• Architectural mitigations: redundancy, partitions, redundancy management
• Safety oriented development process: System and item requirements, validation, design, certification, life-cycle issues
• Certification oriented system development: field of use considerations, technology maturity, verification oriented requirements, life-cycles

  This is an informal engagement. Slides will be available before the start of the seminar and discussion is encouraged. In order to stay within the planned time we may take deeper, longer discussions off line in smaller groups.   While many books and guidelines exist on this topic, typically with a target domain of application, there is no universal terminology or method for safety. Nor is there a universally accepted treatment of the topic. Typically domain-specific expectations are clear but the method to achieve them are for the most part left to the engineer. This seminar’s terminology and approaches will have an “aircraft” tone since this is the speaker’s domain of expertise. If this were presented by a member of the atomic power, or automotive, or mining community, this would change. The hope is that the selection of content and concepts will provide the audience with a mental picture of the type of engineering decisions that go into a “safe system” of any kind. Without claiming to be the “definitive” approach it is intended to be a reflection of a “practical” approach.

Safe System Design Seminar