This section provides links to various charts, representing models used in
resilience-oriented design principles and methods:
- Practically, it is impossible to anticipate at design time the system behavior in all possible
situations. The designers have no other choice but to rely on the
operators' competence, their ability to tackle the unforeseen
situation. The design quality depends on the costs of the specifications, design and testing, evaluated for each of the operational
states.
- Following the Swiss-Cheese model (and its
extension ...),
defense design is based on protection layers (
PL ...).
- The defenses against
hazards are developed proactively partly in parallel. Blockages are designed, to mitigate the risks about failure of the resilience add-ons.
- The HM control dilemma is about
balancing
manual control
with automation. The benefit of
automation should be considered with regard to two operational tasks: direct control and
supervision.
- Alarms are used to trigger the operators', to attract their
attention, and to inform about operational
risks. If the
operators are not aware of the new
risks, they might not be able to prevent the
failure. Both
alarm and
rebound design need to consider the critical time, which
determines the grace time.
Updated on 17 Apr 2017.