Hazard testing is required in the system development, and also in run time: in maintenance and troubleshooting.

In regular testing, the system runs in normal condition, and no hazards are effective. In order to test the system response to hazards, we need to fake them. This chart illustrates a way to fake hazards , to enable testing them.

The example is based on the design of an error-proof boiler .... To enable testability, we add an admin gate to the chart, operated by admin station. The unit is used by system administrators to override the data going between the operator and the machine.

The admin gate

The admin gate has two components:

• Command gate, enables the administrator to to override the machine control
• Display gate, enables the administrator to replace the sensory data by faked data.

Updated on 08 Feb 2017.