The
functional unit should send the measurements to the
This parameter is applicable to measurements of recovery. It may be used for control management, to decide about the machine taking the control, overriding the operator commands.
Recovery time is the it time it take to manage a hazard , including detection, identification, troubleshooting and resuming routine operation. The measure is the time elapsed since the hazard detection until recovery
The designers may define critical recovery time per hazard, based on risk analysis, and store it in the rule knowledge base.
At run time, the grace time based on trend analysis, and informs the supervision station about the grace time reaching the critical recovery time. The supervision station can decide (either automatically or following approval by the supervisor) that the machine should take the control, overriding the operator's input.
A pilot does not notice that the airplane is about to crash.
The cockpit computer computes the grace time. If the grace time approaches the preset recovery time, the computer may take over the pilot.
The
functional unit should send the measurements to the
The
grace time and inform the
supervision unit about the risk.
The
supervision unit should transfer the control from the
operator to the
machine..
Updated on 06 Apr 2016.