About the guidelines in this section

The guidelines in this section may be used to specify the rules about the design scope (the operational states)  and the constraints scope (the operational procedures), regarding the following situations:

• In routine operation, namely, functional operation (such as production), maintenance, testing, training, etc.
• In exceptional situations, following a disturbance, during the recovery, until resuming normal operation
• Default behavior in unexpected situations.

The underlying concept is of self-control, based on ideas introduced in STAMP ( Leveson 2012 ). The guidelines are based on explicit definition of normal system operation, formal rules for constraining the system behavior, and a resilience-oriented architecture supporting graceful reaction to deviations from the constraints.

Related topic

Updated on 18 Feb 2016.