ABSTRACT
The evaluation of the possible safety hazards does not exhaust the preliminary analyses that are needed to deal with safety management in critical systems. As it is not possible to achieve absolute safety, designers of a critical system will necessarily be confronted with making decisions about which level of safety may or may not be considered acceptable for the system at hand. To make these decisions, two factors must be evaluated. First, a hazard must be evaluated in terms of the severity of the possible consequences that it may have. For instance, a hazard that has the potential of causing an accident where human lives may be lost can be deemed more serious than one from which only minor injuries may result. Second, a hazard must be
evaluated in terms of the likelihood, or probability, of its occurrence. For instance, the probability of an airplane being struck by a meteorite will be lower than that of colliding with another airplane. By combining the notion of severity and probability of occurrence of a hazard, we can define the notion of risk. A risk can be thought of as the combination of the severity related to the potential consequences of a safety hazard, and the probability of its occurrence. Risk analysis is discussed in Section 3.3.
