Premises for resilience assurance

The guide proposes the following principles:

• Management responsibility. The organization in charge of the system operation should provide the operators with guidelines and procedures to prevent operational errors.
• Design scope . The specifications should include a definition of its boundaries. Within these boundaries, the specification of the system behavior should be complete.
• Model-based design. The interaction will be designed based on models of the user's and operator's behavior, to ensure that they understand its procedures and behavior.

Resilience features

• Situation awareness. The design should be based on the premise that the operator cannot trace the machine modes reliably. It is the designer's responsibility to ensure that the operators are always aware of the system situation.
• Workload reduction. The design should consider human factors, including the operators' main tasks, including those that are not related to the system operation. To prevent distraction, the design should reduce the mental load required for the system operation.
• Defend against mistakes. The probability of users' and operators' mistakes in exceptional states is high. The design should mitigating the risks of design mistakes, such as by reducing the system complexity (principle of parsimony).

Assuring operator's capability:

• Design for training. The operators should be trained to operate in exceptional conditions, and the design should propose means for such training.
• Design for testing with operators. The system validation should be based on testing with real users and operators, in real operational conditions, and the design should support this kind of testing.

This page was updated on 26 Feb 2017.