<XML><RECORDS><RECORD><REFERENCE_TYPE>3</REFERENCE_TYPE><REFNUM>7806</REFNUM><AUTHORS><AUTHOR>Johnson,C.W.</AUTHOR><AUTHOR>Bowell,M.</AUTHOR></AUTHORS><YEAR>2003</YEAR><TITLE>Using Software Development Standards to Analyse Accidents Involving Electrical, Electronic or Programmable Electronic Systems: The Blade Mill Case Study</TITLE><PLACE_PUBLISHED>In C.J. Hayhurst, C.M.Holloway and B. Strauch (eds), Proceedings of the 2nd Workshop on the Investigation and Reporting of Incidents and Accidents, Published as NASA Technical Report NASA/CP-2003-212642 </PLACE_PUBLISHED><PUBLISHER>N/A</PUBLISHER><PAGES>111-128</PAGES><LABEL>Johnson:2003:7806</LABEL><ABSTRACT>This paper presents the results of a project commissioned by Electrical and Control Systems Unit of the UK Health and Safety Executive. The results of the project will be used to give guidance to operators and suppliers of electrical, electronic or programmable electronic systems (E/E/PES) in satisfying particular requirements of the Management of Health and Safety at Work Regulations 1999. The associated approved code of practice explains an obligation to ‘adequately investigating the immediate and underlying causes of incidents and accidents to ensure that remedial action is taken, lessons are learnt and longer term objectives are introduced’. There are relatively few techniques that might be used to investigate the underlying causes of E/E/PES related incidents. The following sections, therefore, introduce two techniques to support the investigation of this class of mishaps. One is based around flowcharts. These provide a series of questions to prompt investigators about the causal factors leading to an adverse event. Such a lightweight approach is appropriate for low consequence events. In contrast, the second technique involves additional documentation and analysis. It is, therefore, more appropriate for incidents that have greater potential consequences or a higher likelihood of recurrence. Events and Causal Factors (ECF) modeling is used together with a form of causal reasoning developed by the US Department of Energy (1992). The intention is that both the lightweight flowcharts and the more complex modeling techniques should help investigators to map causal factors back to the lifecycle phases and common requirements described in the IEC 61508 standard. This provides an important bridge from the products of mishap analysis to the design and operation of future systems. It is likely, however, that we will encounter incidents that cannot easily be attributed to lifecycle phases or common requirements in IEC 61508. Our work, therefore, offers important insights into the limitations of existing development standards. An implicit motivation in our work is to provide the feedback mechanisms that are necessary to improve the application of IEC 61508 and related standards such as DO-178B. A fatal injury in a gravel wash plant is used to illustrate this paper. </ABSTRACT></RECORD></RECORDS></XML>