2.6.2 Defining safe system response to changes
Assurance objective: Define the safe response required of the RAS when potentially unsafe changes are identified.
Contextual description: Once potentially unsafe changes are detected, a safe response must be enacted (i.e. returning the system to a safe state). What is an appropriate response will depend upon the nature of the change that occurs and must link back to the higher-level safety analysis of the RAS. For example, for some changes it may be determined that the safest response is to hand back control to an operator; for other changes this may be an unsafe response.
Practical guidance: To be determined.