This section describes a procedure for implementing the methods for resilience assurance.
We start with a basic configuration ..., by adding an admin station and a Exception handler to the system. The latter serves as protection layer interfacing between the functional units, and the operator's stations, which enforces the operational rules defined in the design scope.
Then we break the exception detector down to specialized control units, including rebounding features, and control aids. The rebounding features enable reliable protection from immediate hazards, while the control aids (described in the top level design chart ...) enable operator's supervision and intervention required to prevent potential threats.
The rules defining resilient operation are defined and implemented in the behavior knowledge bases
The next step is to design the operational procedures, based on human-machine interaction protocols, optimized according the operational situation. These procedures are then implemented in the operational stations. The rules used to protect from operator's errors are implemented in the gate design.
Updated on 05 Feb 2017.