I would like to see the failure-mode-effects-analysis (FMEA) that identified "action suppression" as a means of mitigating a nuisance fault on a safety critical system.
And understand why the designers felt this was okay...(Assuming of course, this was the actual reason for the delay. They may have a legitimate reason?)
I hope it's not the case that the hazard analysis stated that the human in the loop was adequate no matter what haywire thing the software did.
And understand why the designers felt this was okay...(Assuming of course, this was the actual reason for the delay. They may have a legitimate reason?)
I hope it's not the case that the hazard analysis stated that the human in the loop was adequate no matter what haywire thing the software did.