1.2 Identifying hazardous system behaviour
Assurance objective: Identify how the RAS could bring about hazards given its defined operation and environment.
Contextual description: Having identified system hazards, the ways in which the system may bring about those hazards must be determined. This will require consideration of both nominal and deviant behaviour of the system. An important consideration is that unusual or unexpected behaviour of the RAS, although not necessarily directly hazardous to the RAS itself, may provoke behaviour in another system or human that is potentially hazardous.
Practical guidance: Standard techniques such as Functional Failure Analysis (FFA) and HAZOP may be used here, but for RAS additional guidance on their application may be required (including potentially additional guidewords etc). Alternative techniques such as simulation may also be required in order to fully explore the behaviour of the system. Possible security attack scenarios should also be considered to identify if these could result in system hazards.
Next section:
- 1.2.1 Considering human/machine interaction (guidance available)