References

[ABR095) Army Base Repair Organisation: Annual Report and Accounts 1994/95. ABRO, July 1995

[AMI) The AMI User's Handbook. Application of Metrics in Industry. Available from eSSE, South Bank University, (undated)

[Ayres 87] Ayres R U & Rohargi P K: Lessons for Technological Computer-Aided Industrial Machine Accidents, Proceedings of COMPASS '87, Washington D.C., U.s.A., published in 1989

[Basili 88) Basili V and Rombach D: The TAME Project, Towards Improvement Orientated Software Environments. IEEE ToSE, Vol. 14, No.6, pp 758-773, 1988

[Bennett 96) Bennett W: 'Pescado' Agent Jailed for Manslaughter. The Independent, London, 15 March 1996, p. 4

[Benyon-Davis 95] Benyon-Davis, P: Information Systems 'Faillire' and Risk Assessment: The Case of the London Ambulance Service Computer Aided Dispatch System In Doukidis

F. Redmill et al. (eds.), Life Cycle Management For Dependability© Springer-Verlag London Limited 1997

220 Life Cycle Management for Dependability

G, Galliers R, Jelasi T, Kremar H, and Land F (eds): Proceedings of the Third European Conference on Information Systems ECIS '95, Athens, Greece, June 1-3, 1995

[Bogard 89] Bogard W: The Bhopal Tragedy, Westview Press, Boulder, Colorado, U.s.A., 1989

[BQF 94] The British Quality Foundation: The 1995 UK Quality Award - Guide to Self Assessment. The British Quality Foundation, 1994

[Brooks 75] Brooks F P: The Mythical Man-month. Addison Wesley, 1975

[BSI93] British Standards Institution: British Stand.ard 5750, Part 14 - Quality Systems, Guide to Dependability Programme Management. BSI, 1993 (also numbered EN 60300-1:1993, ISO 9000-4:1993 and lEe 300-1:1993)

[BSI94] BSI Standards: ISO 9001: Quality Systems - Model for Quality Assurance in Design, Development, Production, Installation and Servicing. BSI Standards, UK, 1994

[Bucher 85] Bucher W & Fretz R: Safety Aspects of Compllter Controlled Chemical Plants, Proceedings of Fifth International Symposium of Loss Prevention and Safety Promotion in the Process Industries (Societe de Chimic IndustrieIle), Paris, France, 1985

[Burton 95] Burton T B and Moran J W: The Futllre Focllsed Organization: Complete Organizational Alignment for Breakthrough Res~dts. Prentice Hall, 1995

[Business Week 84] How Xerox Speeds Up the Birth of New Products. Business Week, March 19, 1984

[Butler 91] Bu tier R Wand Finelli G B: The Infeasibility of Experimental Quantification of Life-Critical Software Reliability. In Proceedings of ACM Symposium on Software for Critical Systems, New Orleans, ACM Press, 1991

[CAA 89] Joint Aviation Authorities: Joint Aviation Requirements - 25: wrge Aeroplanes. Change 13, 19891

References 221

[CAA 90] Joint Aviation Authorities: Joint Aviation Requirements - E: Engines. Change 4, 19901

[Carroll 93] Carroll P: Big Blues: The Unmaking of IBM. Orion, 1993

[CEC 91] Commission of the European Communities: Information Technology Security Evaluation Criteria (ITSEC), Provisional Harmonisation Criteria of France, Germany, Netherlands, United Kingdom, Version 1.2, 1991

[CENELEC 94] European Committee for Electrotechnical Standardisation: Railway Applications: Software for Railway Control and Protection Systems. Intended to be issued as pr EN 50128, 1994

[Charette 89] Charette R N: Software Engineering Risk Analysis and Management. McGraw Hill, 1989

[Chillarege 92] Chillarege R, Bhandari I, Chaar J, Halliday M, Moebus 0, Ray B and Wong MY: Orthogonal Defect Classification - A Concept for In-Process Measurements. IEEE Transactions on Software Engineering, Vol. 18, No. 11, 1992

[CITI95] CITI: Profiling Project Managers - Issues and Findings. Working papers: (available from CITI Limited, Challenge House, Sherwood Drive, Bletchley, Milton Keynes MK3 6DP), 1995

[CSC 94] CSC PEP Paper 26: Project Management in the 1990s. February 1994 (Available to sponsors of CSC Research and Ad visory Services PEP)

[Daskalantonakis 92] Daskalantonakis M K: A Practical View of Software Measurement and Implementation Experimces within Motorola. IEEE Transactions on Software Engineering, Vol. 18, No. 11, 1992

[DOD 87] United States of America, Department of Defense: Military Standard 882B -System Safety Program Requirements Incorporation Notice 1. DOD 1984 and 1987

[DOD 89] United States of America, Department of Defence: Defense System Software Development. DoD-Std.-2167, 1989

222 Life Cycle Management for Dependability

[DOD 93] United States of America, Department of Defence: System Safety Program Requirements. DoD-MIL-Std. 882C, January 1993

[DOD 95] United States of America, Department of Defense: Non-electronic Parts Reliability Data. 000, 1995

[DOE 75] Department of Employment: The Flixborough Disaster: Report of the Court of Enquinj- HMSO, London, 1975

[Doujak 89] Doujak A, Haslauer H, Madl M and Rattay G: The Role of the Top Management in Project Orientated Companies. In Gareis R (ed): Proceedings of the 13th INTERNET International Expert Seminar, INTERNET 1989

[Duncan 87] Duncan K 0: Fault Diagnosis Training for Advanced Continuous Process Installations, In: Rasmussen J, Duncan K 0 & Leplat J (EDS): New Technology and Human Error, John Wiley & Sons, New York, U.S.A., 1987

[Dutton 95] Dutton W H, MacKenzie 0, Shapiro Sand Peltu M: Computer Power and Human Limits: Learning from IT and Telecommunications Disasters. Policy Research Paper No. 33, Programme on Information and Communication Technologies, Economic and Social Research Council, Uxbridge, March 1995

[EEMUA89] United Kingdom Electronic Equipment Manufacturers & Users Association: Safety Related Instrument Systems for the Process Industries (Including Programmable Electronic Systems). Publication 160, 1989

[ESA 91] European Space Agency: ESA Software Engineering Standards. ESA PSS-05-0, Issue 2, February 1991

[Fagan 76] Fagan M E: Design and Code Inspections to Reduce Errors in Program Development. IBM Systems Journal, Vol. IS, pp 182-211, 1976

[Feynman 88] Feynman R P: What Do You Care What Other People Think? W W Norton & Company Inc., USA, 1988

[FDA 83] United States Food & Drugs Administration: Guide to Inspection of Computerised Systems in Drug Processing, FDA Center for Drug Evaluation

References

and Research, Rockville, Maryland, U.S.A., 1983

[Forester 94]

223

Forester T and Morrison P: Computer Ethics (2nd edition) MIT Press, 1994

[Gandy 96] Gandy S N: Managing 'Riskt/ Projects. In Redmill F and Anderson T (eds): Safety-critical Systems: The Convergence of High Tech and Human Factors, Springer-Verlag, 1996

[Ha1189] Hall S: Danger on the Line. Ian Allan Ltd, London, 1989, pp. 112-117

[Hawkesley 89] Hawkesley J L: A View from ICI. Part of Chapter 7 of Lees F P and Ang M L (eds): Safety Cases within the Control of Industrial Major Accident Hazards (CIMAH) Regulations 1984, Butterworth, 1989

[Hazards 95] Hazards Forum: Safety-Related Systems: Guidance for Engineers, Issue No.1, Institution of Electrical Engineers, UK, 1995

[Henkoff 93] Henkoff R: The Hot New Seal of Quality. Fortune International, June 28th, 1993, pp 62-65

[Hidden 89] Hidden A: Investigation into the Clapham Junction Railway Accident. HMSO, London, 1989

[HMS094] Her Majesty's Stationary Office: The Construction (Design and Management) Regulations. Statutory Instrument (SI) 1994:3140. 1994

[Howard 83] Howard W B: Efficient Time Use to Achieve Safety of Processes or How Many Angels Can Stand on the Head of a Pin? Proceeding of Loss Prevention and Safety Promotion in The Process Industries,' Institute of Chemical Engineers, United Kingdom, 1983

[HSE 87] United Kingdom Health and Safety Executive: Programmable Electronic Systems in Safety Related Applications, Parts 1 & 2, Her Majesty's Stationary Office (HMSO), London, 1987

[HSE 88] United Kingdom Health and Safety Executive: Tolerability of Risk in Nuclear Power Stations. HMSO, London, 1988

224 Life Cycle Management for Dependability

[Hubbard 94) Hubbard W K: United States Food & Drugs Administration Responses to Comments on Proposed Code of Federal Regulation No. 11 - Electronic Signatures and Electronic Records. United States Food and Drug Administration, Washington, 1994

[Hunt et al 95) Hunt J R, Lucas P R and Wingate GAS: FRESCO - An Investigation into a Framework for the Assessment of Safety-critical Systems. In: Redmill F and Anderson T (Eds): Achievement and Assurance of Safety, Springer-Verlag, London, 1995

[IEC 706) International Electrotechnical Commission: IEC 706 - Guide on Maintainability of Equipment Parts 1 - 6. IEC, Geneva, dates as given for individual parts: Part 1: Introduction, Requirements and Maintainability Programme (1982); Part 2: Maintainability Studies During the Design Stage (1990); Part 3: Verification and Collection, Analysis and Presentation (1987); Part 4: Maintenance and Maintenance Support Planning (1992); Part 5: Diagnostic Testing (1994); Part 6: Statistical Methods in Maintainability Evaluation (1994)

[IEC 93) International Electrotechnical Commission: Dependability Management, Part 2: Dependability Programme Elements and Tasks. IEC 300-2, Geneva, 1993

[lEe 95) International Electrotechnical Commission: Functional Safety: Safety Related Systems, Parts 1 to 7, Draft IEC 1508, Technical Committee No. 65: Industrial Process Management and Control, Sub-committee 65A: System Aspects, 1995 Part 1: General Requirements; Part 2: Requirements for Electrical/Electronic/Programmable Electronic Systems; Part 3: Software Requirements; Part 4: Definitions and Abbreviations of Terms; Part 5: Guidelines to the Application of Part 1; Part 6: Guidelines to the Application of Parts 2, 3 and 4; Part 7: Bibliography of Techniques.

[IEEE 87) Institute of Electrical and Electronic Engineers: IEEE Standard for Software Project Management Plans. IEEE Std 1058.1-1987

[INP085) Institute of Nuclear Power Operations: A Maintenance Analysis of Safety

References 225

Significant Events, Nuclear Utility Management and Human Resources Committee, Maintenance Working Group, Atlanta, U.S.A., 1985

[Investors in People 95] The Benefits of Being and Investor in People. Investors in People, IIP37R, 1995

[ISA 94] Instrument Society of America: Application of Safety Instrumented Systems for the Process Industries. ISA-dSB4.01 (Draft 16-7E), 1994

[ISO 91] International Standards Organisation: ISO 9001-3: Quality Management and Quality Assurance Standards - Part 3: Guidelines for the Application of ISO 9001 to the Development, Supply and Maintenance of Software. ISO, Geneva, 1991

[ISO 93] International Standards Organisation: ISO 9000-4/IEC 300-1: Quality Management and Quality Assurance Standards - Part 4: Guide to Dependability Programme Management. ISO, 1993

[ISO 94a] International Standards Organisation: ISO 9001: Quality Systems - Model for Quality Assurance in Design, Development, Production, Installation and Servicing. ISO, Geneva, 1994

[ISO 94b] Interna tional Standards Organisation: ISO 9000-1: Quality Management and Quality Assurance Standards - Part 1: Guidelines for Selection and Use. ISO, Geneva, 1994

[ISPE 94] International Society for Pharmaceutical Engineers: An Interview with Richard Klug, Pharmaceutical Engineering, Vol 14, No.3, pp 26-31, 1994

[Jackson 94] Jackson T 0, McDermid J A, Wand I C and Wilikens M A: Dependability Measurement of Safety-Critical Computer Systems. Tech. Note No.1.94.116 ISEI/IE/276/94, JRC Ispra, 1994

[Jackson 95] Jackson T 0, McDermid J A and Wand I C: Dependability Measurement of Safety-Critical Computer Systems: Models and Data Refinement. Final Report of Contract No. 10424-94-08 FlED ISP GB, 1995

[Kearns 92] Kearns D: Prophets in the Dark: How Xerox Reinvented Itself and Beat Back the Japanese. Harper Business Publishers, USA 1992

226 Life Cycle Management for Dependability

[King 83] King D W: Discussion Article, Plant/Operations Progress, Vol. 2, No. I, p73,1983

[Kletz 88] Kletz T: Wise After the Event, Control and Instrumentation, Vol. 20, No. 10, pp 57-59,1988

[Kletz 94] Kletz T: What Went Wrong?: Case Histories from Process Plant Disasters. Gulf Publishing Company, Houston, U.S.A., 1994

[Kletz 95] Kletz T, Chung P, Broomfield E & Sen-Orr C: Computer Control and Human Error, Institution of Chemical Engineers, United Kingdom, 1995

[Knight 86] Knight J C and Leveson N G: An Experimental Evaluation of the Assumption of Independence in Multiversion Programming. IEEE Transactions on Software Engineering, SE-12 (1), pp 96-109, January 1986

[Langley 96] Langley 5 and Jarratt P: Classiftjing & Managing Risk: The RATIFI Project. In Redmill F and Anderson T (eds): Safety-critical Systems: The Convergence of High Tech and Human Factors, Springer-Verlag, 1996

[Laprie 92] Laprie J C (ed): Dependability: Basic Concepts and Terminology. Springer­Verlag, Vienna, 1992

[Laprie 93J Laprie J C: Dependabilin;: from Concepts to Limits. In Gorski (ed): Proceedings of the 12th International Conference on Computer Safety, Reliability and Security. Poznan-Kiekrz, Poland, October 1993

[Lee 90] Lee P A and Anderson T: Fault Tolerance: Principles and Practice. Springer­Verlag, 1990

[Leveson 90] Leveson N G: The Challenge of Building Process-control Software. IEEE Software, Vol. 7, No.6, pp 55-62,1990

[Leveson 93] Leveson N G and Turner C S: An Investigation vf the Therac-25 Accidents. Computer, July 1993

[Leveson 95] Leveson N G: Safeware: System Safety and Computers, Addison Wesley, 1995

References 227

[Levi 91] Levi M: Economics Deciphered. Pan Books, 1991

[Littlewood 93] Littlewood Band Strigini L: Validation of Ultra-High Dependability for Software-Based Systems. CACM, Vol. 36, No. 11, November 1993

[Lufkens 92] Lufkens M: Concern of Lithuanian N-Plant in Shut-down. The Daily Telegraph, 3rd February 1992

[MacKenzie 94] MacKenzie 0: Computer-related Accidental Deaths: An Empirical Exploration. Science and Public Policy, Vol. 21, No.4, P 233, 1994

[Martin 89] Martin M W & Schinizger R: Ethics in Engineering, McGraw-Hill, New York, U.S.A., 1989

[MCA 93] United Kingdom Medicines Control Agency: Annex 11 - Computerised Systems, in Guide to Good Manufacturing Practice for Medicinal Products, Rules and Guidance for Pharmaceutical Manufacturers [supporting EU Directive 75/319/EEC], 1993

[McDermid 87] McDermid J A: Assurance. In Anderson T (ed.): Safe and Secure Computing Systems, Blackwell Scientific, 1987

[MoD 94] Ministry of Defence: Defence Standard 00-40/Issue 3 - Reliability and Maintainability, Part 1: Management Responsibilities and Requirements for Programmes and Plans (ARMP-l), and Par~ 2: General Application Guidance on the Use of Part 1 (ARMP-2). MOD, 1994

[MoD 95a] Ministry of Defence: Defence Standard 00-55/Draft - The Procurement of Safety Critical Software in Defence equipment. MoD, August 1995

[MoD 95b] Ministry of Defence: Defence Standard 00-56/Draft - Safety Management Requirements for Defence Systems Containing Programmable Electronics. MoD, August 1995

[MoD 96] Ministry of Defence: A Guideline for HAZOP Studies on Systems which Include a Programmable Electronic System. Defence Standard 00-58, MOD, 1996

228 Life Cycle Management for Dependability

[Morris 87] Morris P W G and Hough G H: The Anatomy of Major Projects: A Study of the Reality of Project Management. John Wiley & Sons, 1987

[Nimmo 87] Nimmo I, Nunns S R & Eddershaw B W: Lessons Learned from the Failure of Computer System Controlling a Nylon Polymer Plant, Safety and Reliability Society Symposium, United Kingdom, 1987

[Nimmo 94] Nimmo I: Extend HAZOP to Computer Control Systems, Chemical Engineering Progress, Vol. 90, No. 10, P 32-44, 1994

[Paulk 91] Paulk M C, Curtis Band Chrissis M B: Capability Maturity Model for Software. Software Engineering Institute, Carnegie Mellon University, 1991

[PDA 95] Parenteral Drug Association: Validation of Computer-Related Systems, Technical Report 17, Vol. 49, No.1, January /February Supplement, 1995

[PICSYF95] United Kingdom Pharmaceutical Industry Computer System Validation Forum: Supplier Guide for Validation of Automation Systems in Pharmaceutical Manufacture, International Society for Pharmaceutical Engineers, (Second Draft),1995

[Pressman 95] Pressman R (and Ince D): Software Engineering: A Practitioner's Approach. Third Edition, McGraw Hill, 1995

lProject730 94] ISO/IEC/JTCl/TCS6/SC7/WG9: Information Technology - Classification and Assignment: Software Integrity Levels. Report on Project 730, Ottawa, Canada, 1994

[Reason 87] Reason J: The Chernobyl Errors. Bulletin of the British Psychological SOciety, Yol. 40, pp. 201-206

[Reason 90] Reason J: Human Error, Cambridge University Press, 1990

[Redmill 88a] Redmill F J (ed): Dependability of Critical Computer Systems - 1. Elsevier Science Publishers, 1988 (now available from Chapman and Hall)

[Redmill 88b] Redmill F J, Johnson E A and Runge B: Document Quality - Inspection.

References 229

British Telecommunications Engineering, Vol 6, pp250-256, January 1988

[Redmill89] Redmill F J (ed): Dependability of Critical Computer Systems - 2. Elsevier Science Publishers, 1989 (now available from Chapman and Hall)

[Rook 91] Rook P M: Project Planning and Control. In McDermid J A (ed.): Software Engineer's Reference Book, Butterworth Heinemann, 1991

[Royal Soc 92] Risk: Analysis, Perception and Management. Report of a Royal Society Study Group. The Royal Society, London, 1992

[RTCA 92] Software Considerations in Airborne Systems and Equipment Certification. RTCA Inc./EUROCAE,1992

[Russell 45] Russell B: The Directiveness of Organic Activities. Cambridge University Press, 1945

[Schoitsch 96] Schoitsch E and Redmill F (eds): EWICS TC7 Guidelines on Project Management of the Development of Critical Computer Systems. European Workshop on Industrial Computer Systems, 1996

[Schultz 87] Schultz R L, Slevin D P and Pinto J K: Strategy and Tactics in a Process Model of Project Implementation. Interfaces, May-June 1987

[Steel 87] Steel D: Formal Investigation into the MV Herald of Free Enterprise Ferry Disaster. HMSO, London, 1987

[Stuckenbruck 81] Stuckenbruck L C (Ed): The Implementation of Project Management: The Professional's Handbook. Project Management Institute, Addison-Wesley, 1981

[SW Thames 93] South West Thames Regional Health Authority: Report of the Inquiry into the London Ambulance Service. South West Thames Regional Health Authority, London, February 1993.

[Turner 93] Turner J R: The Handbook of Project-Based Management. McGraw Hill, 1993

[Thamhain 86] Thamhain H J and Wileman D L: Criteria for Controlling Projects According to Plan. Project Management Journal, June 1986

230 Life Cycle Management for Dependability

[Vesely 81] Vesely et al: Fault Tree Handbook. U.S. Nuclear Regulatory Commission, Washington D.C., USA, 1981

[Wahlstrom 91] Wahlstrom B & Swanton E: Influence of Organisation and Management on Industrial Safety, International Institute for Applied Systems Analysis, Technical Report, 1991

[Waters 93] Waters R and Cane A: Sudden Death of a Runaway Bull. Financial Times, London, 19 March 1993

[Weller 94] Weller E F: Using Metrics to Manage Software Projects. IEEE Computer, Vol. 27, No.9, pp 27-34 1994

[Wilhelrnij 96] Wilhelmij P, Holden T, Reynolds B & Horng Liew B: LIFETRACK -Enhancing Team Knowledge and Corporate Memory in Petrochemical Operations through Sharing Lessons Learnt. in Redmill F and Anderson T (Eds): Safety­critical Systems: The Convergence of High Tech and Human Factors, Springer-Verlag, UK, 1996

[Wingate 95] Wingate GAS, Smith M & Lucas P R: Assuring Confidence in Pharmaceutical Software, Safety and Reliability of Software Based Systems, 1st Annual ENCRESS Conference, Bruges, Belgium, 1995

[Wingate 97] Wingate GAS: Automated Manufacturing: Good Practice:s and Case Studies. Interpharm Press, U.S.A., 1997

[Wray 88] Wray A M: The Everyday Risks of Playing Safe. New Scientist, Vol. 119, No. 16, 1988

I These documents are available from the Civil Aviation Authority in the UK. They are periodically updated and amended, and the latest revision will be supplied on request.

Index

5-up charts 94

acceptance testing 182 access control 146-149 accident severity categories 25 administrative systems 7 Aegis system 105,106 age, chronological 92, 93 age, logical 92, 93 ALARP 67, 203-204 AMI (Applications of Metrics in Ind ustry)

95 assessment, independent 171 assessor 165,166,171,172 Atomic Energy of Canada Ltd 13 audit 59 audit trail 145, 148 authorisation bodies 165 availability 3,50,65, 66 availability, intrinsic 65

Baldrige Award 26 Bank of England 12 Bank of New York 111 benchmarking 129

Bhopal 11,134,136,142,143,150,156,158, 201

blame culture 44 British Quality Foundation 26 British Rail 10 BS575047,52

calibration -143, 151, 155 capability maturity model (CMM) 91-92,

94,95 Carnegie Mellon University 91 CENELEC 101 Centre for Software Reliability 95 certification 101, 102, 169 certification body 78, 101 Challenger (Space Shuttle) 8,9,21,36-39,

45,159 change control 145,151-152,156,174 change management 88, 167, 171 chemical process industry 133 Chernobyl 9-10,159 Civil Aviation Authority (CAA) 5 Clapham Junction railway accident 10-11 cluster management method 124 common mode errors 18

232

company culture 38 competence 101, 102, 141-143 complexity 88, 135 complexity measures 88 Concorde development project 108 confidence 101 confidentiality 3, 64 configuration management 26,173,175,

176,180,180-183 configuration management system 167 consequence category 210 Construction Regulations 74 contingency planning 146 contingency plans 146 corporate memory 157 critical success factors 107, 108, 116, 118 cross-functional teams 107 cultural clash 32 culture 21-45,47 culture, good 24, 32, 138 culture, strong 32, 35

damage limitation 202 decommissioning 74,157 defect analysis 87,97 defect counts 95, 96 defect data 85 defect density 81, 90, 94, 100, 102 defect detection mechanisms 95 defect detection profiles 93 defect detection rate 92, 96 defect rates 88 defect reports 88 Defence Standard 00-40 52 Defence Standard 00-55 24,25,26,45,101,

102, 103 Defence Standard 00-56 24, 26, 45, 52 Department of Employment 150 Department of Trade and Industry (DTI)

23 dependability achievement 14-15 dependability analysis 62-63,65, 76 dependability assessment 14-15 dependability assurance 77-103,166 dependability attributes 3,4,60,164, 166,

184 dependability criteria 4 dependability culture 20, 40 134 dependability in operation 20,133-161 dependability life cycle 52,53,61

Life Cycle Management for Dependability

dependability plan 70, 166 dependability planning 17-19,47-76 dependability policy 139 dependability prediction 81 dependability requirements 15-17,57,63-

70, 75, 76, 163 dependability tree 4, 5 dependability validation 71 design authority 24 diversity, hardware 184 diversity, software 184 diversity, system 184 D0178B 101 Docklands Light Railway 62 document control 145 duty of care 135

electromagnetic compatibility 50 electromagnetic interference 137 Electronic Equipment Manufacturers and

Users Association (EEMUA ) 158 emergency planning 18, 202-203 ENCRESS 95 environmental conditions 163 ethical behaviour 35 ethical standards 31 European Foundation for Quality

Management 26 European Quality Awards 28 European Software Institute (ESI) 95 EWICS TC7 168, 172 Excellence Model, UK/European 26,28,

43

Fagan's Inspection 99, 144 failure modes and effects analysis (FMEA)

54 failure modes, effects and criticality

analysis (FMECA) 57 failure rates 80 fault avoidance 17, 18 fault removal 17,18, 19 fault tolerance 17, 18 fault tree analysis (FTA) 57, 198 feasibility of targets 17 feasibility study 175, 180 Feynman, Prof. Richard 9, 36,37,38, 39 Flixborough 142,146,151,158 FIN curve 67,68,69 formal methods 57

Index

FRESCO project 159 Fulmar Oil Field 108

generation model 112 Goal Question Metric (GQM) 100 Good Automated Manufacturing Practice

(GAMp) 158

hand -over 149 hazard 191 hazard identification 18,197-198 Hazards Forum 142 Hazard and Operability Study (HAZOP)

198 Health and Safety Executive (HSE) 5,102,

158,203 Herald of Free Enterprise 6 Heysham II Nuclear Power Station 108 Hidden enquiry 11 human error 138 human factors 187

IBM 123 IEC 16 IEC 1508 52,57,60 IFIP WGlD.4 3, 4 impact analysis 167,174,175,180 improvement, continuous 31,42,43, 44 incident analysis 103 incident categories 137 incident data 103 Institution of Electrical Engineers (lEE)

140 integrity, professional 22 integrity, system 3,64,79 integrity levels, safety 167, 168, 176 180,

186 integrity levels, software 49 interdisciplinary project teams 109 interlocks 134,138 investors in People programme ISO Iran Air Flight 655 105 ISO 9000 23, 26,45, 141, 159 ISO 9000-3 141 ISO 9001 139, 141 ITSEC 147

Jubilee Line Extension Project 51,52 judgement 114,122,128

233

Kearns, David 45

lagging indicators 81 leadership 28, 30,31, 34, 42, 43, 112, 114,

115,125-126,126,131,138 leading indicators 79,81-82,82 liability, legal 135 licensing authorities 169,171 Lloyds Management Agency System 120-

121 log, hazard 25 log, modification and retrofit 167, 180 log, operation and maintenance 167 log, plant incident 153 London Ambulance Service 7,8,39-41,45,

108, 109 London Stock Exchange 12,13 London Underground Limited 50, 62, 65

maintainability 3, 50, 65 maintainability engineering 185,185-186 maintenance SO, 73, 143, 163-187 maintenance, line-side 65 maintenance, routine 176,177 maintenance approval 168-172 maintenance database 167, 173, 175, 180,

183,184 maintenance organisation 50,166 maintenance plan 171 maintenance policy 29,166,172,173,174,

186 maintenance requirements 186 maintenance support 185,186 maintenance support organisation 167 management commitment 34 management judgement 112 matrix management 123, 124 measurement 44,77-103 measurement-based management 79 measurement strategy 91 Medicines Control Agency (MCA) 158 methyl isocyanate 11 midnight madness 152 MIL STAN 882 52 mission 30, 33,34,40, 42, 43, 107, 116 mission statement 33, 34, 35 monitoring, goal-oriented 120 Motorola 94,141

NASA 9,36,37,38

234

National Health Service 40,48, 61, 108 National Training Task Force 150 near misses 165, 173, 191 New York Federal Reserve Bank 111 Nypro 142,146

o ring 8, 9, 37 OLOS 176 operating instructions 143-145,149 operating procedures 143,144-145,165 operational environment 165 operational requirements 164 operator error 133 operations management 134 organisational excellence 24, 29 organisational structure 139-143

people management 28,43-44,167-168 performance monitoring 153-155 permit to work 145 permit to work procedure 176 Pescado 7 PICT (Programme on Information and

Communication Technology) 12 planning 47-76,115 plant shut-down 157 PLC 134,152 policy 24,28,43,47-76,141 process assurance 101 process control 78 process improvement 78,86,92,95,97,

99, 100, 103 process maturity 91 process measurement 78 process measures 83 project, cost-plus 128 project, critical 128 PI'Qject, resource-capped 128 project, time-boxed 128 project control 79 project goals 116, 118, 131 project management 77,79-82,105-131 project management, first generation 113 project management, judgemental 114,

115 project management, proceduralised 113 project management, second generation

113 project management, third generation 114,

115

Life Cycle Management for Dependability

project mission 116,129 project monitoring 79,110,117,119-121 project organisation 121-125 project plan 78,117,118 project planning 92,110,116-119,129,131 project schedule 117,118,120 project vision 125 protection system 66

quality assurance 92, 138, 140, 141, 153, 159, 166, 167

quality management 166-167 quality management system 23,59,172 quality plan 59,78

radio-frequency interference 137-138 Railway Industries Association 101 reassessment 163 redundancy 18,184 regression testing 167,173,174,175 regression tests 172,183 regulation 157-159 regulators 133,145,149,158 regulatory bodies 5, 169 reliability 3, 50, 65, 66 revalidation 62,175,176,180 reward and recognition systems 33 risk 5,77,78, 128, 146, 169, 173, 189-217 risk, tolerable 203-204 risk, total residual 67 risk action plans 208-214 risk analysis 6, 158, 180, 197, 204 risk assessment 173,190,193,199,205,210 risk category 206 risk classification, statement of 25,26 risk control 197,204 risk magnitude 211 risk management 6,18,77,122,189-217 risk prioritisation 199-200,206 risk removal and reduction 200-202 Rogers, William P 36 Rogers Commission 36,37,39 root cause analysis 98 Royal Electrical and Mechanical Engineers

(REME) 31

safety 3,64,66,164,166,167,169,176,178, 180

safety analysis 182 safety auditor, independent 25, 102

Index

safety body, external 168,169,170,171 safety body, internal 168,169,170,171 safety case 15, 149 safety case, software 101, 102, 103 safety culture 6,102 safety engineer 25 safety integrity 172, 186 safety interlocks 70, 73 safety life cycle 182 safety management 24 safety plan 24, SO, 78 safety programme 25 safety regulations 170 SCADA system 134 scope of consideration 60,61 security 3, 146-149 Seveso 151, 158 Software Engineering Institute (SEI) 91,

94 Space Shuttle 8 specification, qualitative 66 specification, quantitative 67 SSADM 13 statistical process control 153 statistical testing 80 strategy 28, 43, 48, 107 suggestion schemes 30 suppressed traffic 62 system architecture 184

Taurus at the London Stock Exchange 12-13

team working 22, 31, 42 testability 186-187 Therac 25 Radiation Therapy Machine 13-

14

235

Toronto Stock Exchange 111 Total Quality Management (TQM) 23 Townsend Thorensen 6 training 92,142,143,150 troubleshooting 117,129 trustworthiness 3, 4

UK Army Base Repair Organisation (ABRO) 31

UK Quality Awards 28 uncertainty 195 Union Carbide 11,134,136,142,150,156 United States Food and Drugs

Administration 147,158 user management 167,168,169,170,171,

180 US National Quality Awards 26 USS Elmer Montgomery 106 USS Vincennes 105, 106

validation 57,62,64,70,71,102, 145,164, 166,187

value systems 30, 31, 32 values 24,26,30,31,42,43 verification 23, 57, 58, 64, 102, 164, 166,

167,187 virtual teams 125 virtuous cycle 43 vision 30

waterbed model 112,114,116 work breakdown structures 114,120

Xerox 45, 123

Zeebrugge 6,7