<XML><RECORDS><RECORD><REFERENCE_TYPE>31</REFERENCE_TYPE><REFNUM>7268</REFNUM><AUTHORS><AUTHOR>Johnson,C.W.</AUTHOR></AUTHORS><YEAR>2003</YEAR><TITLE>Using IEC61508 to Guide the Investigation of Computer Related Incidents and Accidents</TITLE><PLACE_PUBLISHED>In S. Anderson, M. Felici and B. Littlewood (eds), Safecomp 2003, LNCS 2788, Pages 410-424 </PLACE_PUBLISHED><PUBLISHER>Springer Verlag</PUBLISHER><LABEL>Johnson:2003:7268</LABEL><KEYWORDS><KEYWORD>61508</KEYWORD></KEYWORDS<ABSTRACT>Abstract. Relatively few investigation techniques have been specifically developed to identify the causal factors that contribute to mishaps involving safety-critical computer systems. This is a significant omission because a number of factors distinguish this class of incidents from other mishaps. For example, the Rand report into NTSB investigation methods observed that the introduction of software control systems has greatly increased the integration and complexity of many applications. This has had ‘knock-on’ effects in terms of the complexity of any incident investigation. The following pages, therefore, presents two complementary investigation techniques that are intended to support the analysis of Electrical, Electronic or Programmable, Electronic Systems (E/E/PES)-related mishaps. One is intended to provide a low-cost and lightweight approach that is appropriate for low consequence events. It is based around a flowchart that prompts investigators to identify potential causal factors through a series of questions about the events leading to a failure and the context in which tbey occurred. The second approach is more complex. It involves additional documentation and analysis. It is, therefore, more appropriate for incidents that have greater potential consequences or a higher likelihood of recurrence. This approach uses Events and Causal Factors (ECF) modelling together with particular forms of causal reasoning developed by the US Department of Energy (1992). Both approaches provide means of mapping causal factors back to the lifecycle phases and common requirements described in the IEC 61508 standard. This provides an important bridge from the products of mishap analysis to the design and operation of future systems. The UK Health and Safety Executive sponsored this work as part of an initiative to develop analysis techniques for E/E/PES related incidents. The events leading to an explosion and fires in a fractional distillation unit are used to illustrate the application of our techniques. </ABSTRACT></RECORD></RECORDS></XML>