What to validate

Rule compatibility

Typically, operational rule s are defined according to the preferences of the designers, which are optimized according to the way they use the procedures during the system development.

  The problem is that the way the developers use the procedures during the system development is different from the way the operators use them during real operation.

Faults in the operational rules

  Two types of faults should be targeted:

• Rules which are too restrictive, disabling execution of essential tasks
• Rules which are too permissive, enabling risky activities.

Faults in the resilience features

  The faults in the resilience features are described using the protection model =>

Guidelines

The design should provide means for the operators to report on risks that they experience during the operation.

The reports should include a description of the operator's intention and the history of the recent system behavior.

Also, the design should include means for examination of the development of the system behavior, such as trend presentation using charts =>.

Related topic

Updated on 08 Apr 2016.