Case Studies in Process Safety: Lessons Learned From Software-Related Accidents
- Type: Conference Presentation
- Skill Level:
Software often plays a significant role in the safety of complex systems such as those used in the chemical processing and energy production industries. Because computing systems are increasingly being used to control critical functions, software may directly contribute to an accident. Software can also be used in hazard controls to reduce risks, and computing systems can provide valuable information to help make safety decisions. Therefore, software must be included as part of an organization’s process safety efforts to analyze and manage hazards and risks. However, for many organizations, software is not effectively incorporated into process safety efforts. This presentation will review lessons learned from accidents and incidents to illustrate potential ways organizations may fail to prevent a software-related accident even if they incorporate process safety management. This discussion is intended to provide insights to help improve process safety and software safety efforts.
In spite of the fact that software is such an important part of complex systems, the analysis of hazards and risks from software has been inconsistent across industries. Safety analyses have historically been hardware-focused. Therefore, many analysts may not understand how to incorporate software into their system hazard analyses, and evaluators of those analyses may not understand what should be assessed. Organizations may be focused on compliance to regulations, which often do not address software, and therefore those organizations may not properly assess or mitigate software risks. Organizations need to increase the attention given to addressing and analyzing the potential for hazards related to software and computing systems.
Software includes computer programs, procedures, scripts, rules, and associated documentation and data pertaining to the development and operation of a computer. Software can be developed by the organization implementing the system or may be purchased as Commercial Off-The-Shelf (COTS) software. Software safety encompasses not just the software but also the computing system. A computing system includes the software and supporting hardware, sensors, effectors, humans who interact with the system, and data necessary for successful operation. Examples of computing systems include Programmable Logic Controllers (PLC) and Supervisory Control and Data Acquisition (SCADA) systems.
Hundreds of software-related accidents and incidents have been reviewed, and from that review, along with the author’s personal experience in this discipline, common themes and lessons arise (Hardy, 2012). This presentation will use case studies to illustrate those themes and lessons learned. The case studies will focus on the chemical process industry, providing accidents and mishaps related to software and computing systems. The focus of the discussion will be on software safety as part of a broader process safety effort. Recommendations will be provided in order to improve the safety of software-driven systems.
Hardy, T.L., Software and System Safety: Accidents, Incidents, and Lessons Learned, AuthorHouse, 2012.