A safety-critical system or life-critical system is a system whose failure or malfunction may result in one (or more) of the following outcomes: * death or serious injury to people * loss or severe damage to equipment/property * environmental harm A safety-related system (or sometimes safety-involved system) comprises everything (hardware, software, and human aspects) needed to perform one or more safety functions, in which failure would cause a significant increase in the safety risk for the people or environment involved. Safety-related systems are those that do not have full responsibility for controlling hazards such as loss of life, severe injury or severe

environmental damage Environment most often refers to: __NOTOC__ * Natural environment, referring respectively to all living and non-living things occurring naturally and the physical and biological factors along with their chemical interactions that affect an organism ...

. The malfunction of a safety-involved system would only be that hazardous in conjunction with the failure of other systems or

human error Human error is an action that has been done but that was "not intended by the actor; not desired by a set of rules or an external observer; or that led the task or system outside its acceptable limits".Senders, J.W. and Moray, N.P. (1991) Human Er ...

. Some safety organizations provide guidance on safety-related systems, for example the

Health and Safety Executive The Health and Safety Executive (HSE) is a British public body responsible for the encouragement, regulation and enforcement of workplace health, safety and welfare. It has additionally adopted a research role into occupational risks in Great B ...

in the

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...

. Risks of this sort are usually managed with the methods and tools of

safety engineering Safety engineering is an engineering Branches of science, discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety en ...

. A safety-critical system is designed to lose less than one life per billion (10⁹) hours of operation. Typical design methods include

probabilistic risk assessment Probabilistic risk assessment (PRA) is a systematic and comprehensive methodology to evaluate risks associated with a complex engineered technological entity (such as an airliner or a nuclear power plant) or the effects of stressors on the environ ...

, a method that combines failure mode and effects analysis (FMEA) with

fault tree analysis Fault tree analysis (FTA) is a type of failure analysis in which an undesired state of a system is examined. This analysis method is mainly used in safety engineering and reliability engineering to understand how systems can fail, to identify the ...

. Safety-critical systems are increasingly

computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...

-based. Safety-critical systems are a concept often used together with the

Swiss cheese model The Swiss cheese model of accident causation is a model used in Risk analysis (engineering), risk analysis and risk management. It likens human systems to multiple slices of Swiss cheese (North America), Swiss cheese, which have randomly placed an ...

to represent (usually in a

bow-tie diagram A bow-tie diagram is a graphic tool used to describe a possible damage process in terms of the mechanisms that may initiate an event in which energy is released, creating possible outcomes, which themselves produce adverse consequences such as i ...

) how a threat can escalate to a major accident through the failure of multiple critical barriers. This use has become common especially in the domain of

process safety Process safety is an interdisciplinary engineering domain focusing on the study, prevention, and management of large-scale fires, explosions and chemical accidents (such as toxic gas clouds) in process plants or other facilities dealing with haza ...

, in particular when applied to oil and gas drilling and production both for illustrative purposes and to support other processes, such as asset integrity management and

incident investigation The Incident Command System (ICS) is a standardized approach to the command, control, and coordination of emergency response providing a common hierarchy within which responders from multiple agencies can be effective. ICS was initially develope ...

Reliability regimens

Several reliability regimes for safety-critical systems exist: * Fail-operational systems continue to operate when their

control systems A control system manages, commands, directs, or regulates the behavior of other devices or systems using control loops. It can range from a single home heating controller using a thermostat controlling a domestic boiler to large industrial co ...

fail. Examples of these include

elevator An elevator (American English) or lift (Commonwealth English) is a machine that vertically transports people or freight between levels. They are typically powered by electric motors that drive traction cables and counterweight systems suc ...

s, the gas

thermostat A thermostat is a regulating device component which senses the temperature of a physical system and performs actions so that the system's temperature is maintained near a desired setpoint. Thermostats are used in any device or system tha ...

s in most home furnaces, and passively safe nuclear reactors. Fail-operational mode is sometimes unsafe.

Nuclear weapon A nuclear weapon is an explosive device that derives its destructive force from nuclear reactions, either fission (fission or atomic bomb) or a combination of fission and fusion reactions (thermonuclear weapon), producing a nuclear exp ...

s launch-on-loss-of-communications was rejected as a control system for the U.S. nuclear forces because it is fail-operational: a loss of communications would cause launch, so this mode of operation was considered too risky. This is contrasted with the

fail-deadly Fail-deadly is a concept in nuclear military strategy that encourages deterrence by guaranteeing an immediate, automatic, and overwhelming response to an attack, even if there is no one left to trigger such retaliation. The term ''fail-deadly'' ...

behavior of the

Perimeter A perimeter is the length of a closed boundary that encompasses, surrounds, or outlines either a two-dimensional shape or a one-dimensional line. The perimeter of a circle or an ellipse is called its circumference. Calculating the perimet ...

system built during the Soviet era. * Fail-soft systems are able to continue operating on an interim basis with reduced efficiency in case of failure. Most spare tires are an example of this: They usually come with certain restrictions (e.g. a speed restriction) and lead to lower fuel economy. Another example is the "Safe Mode" found in most Windows operating systems. *

Fail-safe In engineering, a fail-safe is a design feature or practice that, in the event of a failure causes, failure of the design feature, inherently responds in a way that will cause minimal or no harm to other equipment, to the environment or to people. ...

systems become safe when they cannot operate. Many medical systems fall into this category. For example, an

infusion pump An infusion pump infuses fluids, medication or nutrients into a patient's circulatory system. It is generally used intravenously, although subcutaneous, arterial and epidural infusions are occasionally used. Infusion pumps can administer ...

can fail, and as long as it alerts the nurse and ceases pumping, it will not threaten the loss of life because its safety interval is long enough to permit a human response. In a similar vein, an industrial or domestic burner controller can fail, but must fail in a safe mode (i.e. turn combustion off when they detect faults). Famously,

nuclear weapon A nuclear weapon is an explosive device that derives its destructive force from nuclear reactions, either fission (fission or atomic bomb) or a combination of fission and fusion reactions (thermonuclear weapon), producing a nuclear exp ...

systems that launch-on-command are fail-safe, because if the communications systems fail, launch cannot be commanded.

Railway signaling Railway signalling (), or railroad signaling (), is a system used to control the movement of railway traffic. Trains move on fixed rails, making them uniquely susceptible to collision. This susceptibility is exacerbated by the enormous weight ...

is designed to be fail-safe. * Fail-secure systems maintain maximum security when they cannot operate. For example, while fail-safe electronic doors unlock during power failures, fail-secure ones will lock, keeping an area secure. * Fail-Passive systems continue to operate in the event of a system failure. An example includes an aircraft

autopilot An autopilot is a system used to control the path of a vehicle without requiring constant manual control by a human operator. Autopilots do not replace human operators. Instead, the autopilot assists the operator's control of the vehicle, allow ...

. In the event of a failure, the aircraft would remain in a controllable state and allow the pilot to take over and complete the journey and perform a safe landing. *

Fault-tolerant system Fault tolerance is the ability of a system to maintain proper operation despite failures or faults in one or more of its components. This capability is essential for high-availability, mission-critical, or even life-critical systems. Fault to ...

s avoid service failure when faults are introduced to the system. An example may include control systems for ordinary

nuclear reactor A nuclear reactor is a device used to initiate and control a Nuclear fission, fission nuclear chain reaction. They are used for Nuclear power, commercial electricity, nuclear marine propulsion, marine propulsion, Weapons-grade plutonium, weapons ...

s. The normal method to tolerate faults is to have several computers continually test the parts of a system, and switch on hot spares for failing subsystems. As long as faulty subsystems are replaced or repaired at normal maintenance intervals, these systems are considered safe. The computers, power supplies and control terminals used by human beings must all be duplicated in these systems in some fashion.

Software engineering for safety-critical systems

Software engineering Software engineering is a branch of both computer science and engineering focused on designing, developing, testing, and maintaining Application software, software applications. It involves applying engineering design process, engineering principl ...

for safety-critical systems is particularly difficult. There are three aspects which can be applied to aid the engineering software for life-critical systems. First is process engineering and management. Secondly, selecting the appropriate tools and environment for the system. This allows the system developer to effectively test the system by emulation and observe its effectiveness. Thirdly, address any legal and regulatory requirements, such as Federal Aviation Administration requirements for aviation. By setting a standard for which a system is required to be developed under, it forces the designers to stick to the requirements. The

avionics Avionics (a portmanteau of ''aviation'' and ''electronics'') are the Electronics, electronic systems used on aircraft. Avionic systems include communications, Air navigation, navigation, the display and management of multiple systems, and the ...

industry has succeeded in producing standard methods for producing life-critical avionics software. Similar standards exist for industry, in general, (

IEC 61508 IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled '' ...

) and automotive (

ISO 26262 ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles (excluding mopeds), defined by the Intern ...

), medical (

IEC 62304 IEC 62304 – medical device software – software life cycle processes is an international standard published by the International Electrotechnical Commission (IEC). The standard specifies life cycle requirements for the development of medical ...

) and nuclear ( IEC 61513) industries specifically. The standard approach is to carefully code, inspect, document, test, verify and analyze the system. Another approach is to certify a production system, a

compiler In computing, a compiler is a computer program that Translator (computing), translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primaril ...

, and then generate the system's code from specifications. Another approach uses

formal methods In computer science, formal methods are mathematics, mathematically rigorous techniques for the formal specification, specification, development, Program analysis, analysis, and formal verification, verification of software and computer hardware, ...

to generate proofs that the code meets requirements. All of these approaches improve the

software quality In the context of software engineering, software quality refers to two related but distinct notions: * Software's functional quality reflects how well it complies with or conforms to a given design, based on functional requirements or specificat ...

in safety-critical systems by testing or eliminating manual steps in the development process, because people make mistakes, and these mistakes are the most common cause of potential life-threatening errors.

Examples of safety-critical systems

Infrastructure

Circuit breaker A circuit breaker is an electrical safety device designed to protect an Electrical network, electrical circuit from damage caused by current in excess of that which the equipment can safely carry (overcurrent). Its basic function is to interr ...

Emergency services Emergency services and rescue services are organizations that ensure public safety, security, and health by addressing and resolving different emergencies. Some of these agencies exist solely for addressing certain types of emergencies, while ot ...

dispatch systems *

Electricity generation Electricity generation is the process of generating electric power from sources of primary energy. For electric utility, utilities in the electric power industry, it is the stage prior to its Electricity delivery, delivery (Electric power transm ...

transmission Transmission or transmit may refer to: Science and technology * Power transmission ** Electric power transmission ** Transmission (mechanical device), technology that allows controlled application of power *** Automatic transmission *** Manual tra ...

and

distribution Distribution may refer to: Mathematics *Distribution (mathematics), generalized functions used to formulate solutions of partial differential equations *Probability distribution, the probability of a particular value or value range of a varia ...

Fire alarm A fire alarm system is a building system designed to detect, alert occupants, and alert emergency forces of the presence of fire, smoke, carbon monoxide, or other fire-related emergencies. Fire alarm systems are required in most commercial buil ...

Fire sprinkler A fire sprinkler or sprinkler head is the component of a fire sprinkler system that discharges water when the effects of a fire have been detected, such as when a predetermined temperature has been exceeded. Fire sprinklers are extensively used ...

Fuse (electrical) In electronics and electrical engineering, a fuse is an electrical safety device that operates to provide overcurrent protection of an electrical circuit. Its essential component is a metal wire or strip that melts when too much current flows th ...

Fuse (hydraulic) In hydraulic systems, a fuse (or velocity fuse) is a component which prevents the sudden loss of hydraulic fluid pressure. It is a safety feature, designed to allow systems to continue operating, or at least to not fail catastrophically, in the e ...

Life support system A life-support system is the combination of equipment that allows survival in an environment or situation that would not support that life in its absence. It is generally applied to systems supporting human life in situations where the outside ...

s *

Telecommunications Telecommunication, often used in its plural form or abbreviated as telecom, is the transmission of information over a distance using electronic means, typically through cables, radio waves, or other communication technologies. These means of ...

Medicine

The technology requirements can go beyond avoidance of failure, and can even facilitate medical ''

intensive care Intensive care medicine, usually called critical care medicine, is a medical specialty that deals with seriously or critically ill patients who have, are at risk of, or are recovering from conditions that may be life-threatening. It includes p ...

'' (which deals with healing patients), and also ''

life support Life support comprises the treatments and techniques performed in an emergency in order to support life after the failure of one or more vital organs. Healthcare providers and emergency medical technicians are generally certified to perform bas ...

'' (which is for stabilizing patients). * Heart-lung machines *

Anesthetic machine An anaesthetic machine (British English) or anesthesia machine (American English) is a medical device used to generate and mix a fresh gas flow of medical gases and inhalational anaesthetic agents for the purpose of inducing and maintaining anae ...

s *

Mechanical ventilation Mechanical ventilation or assisted ventilation is the Medicine, medical term for using a ventilator, ventilator machine to fully or partially provide artificial ventilation. Mechanical ventilation helps move air into and out of the lungs, wit ...

systems *

Infusion pump An infusion pump infuses fluids, medication or nutrients into a patient's circulatory system. It is generally used intravenously, although subcutaneous, arterial and epidural infusions are occasionally used. Infusion pumps can administer ...

s and

Insulin pump An insulin pump is a medical device used for the administration of insulin in the treatment of diabetes mellitus, also known as continuous Subcutaneous tissue, subcutaneous insulin therapy. The device configuration may vary depending on desig ...

s *

Radiation therapy Radiation therapy or radiotherapy (RT, RTx, or XRT) is a therapy, treatment using ionizing radiation, generally provided as part of treatment of cancer, cancer therapy to either kill or control the growth of malignancy, malignant cell (biology), ...

machines *

Robotic surgery Robot-assisted surgery or robotic surgery are any types of surgical procedures that are performed using robotic systems. Robotically assisted surgery was developed to try to overcome the limitations of pre-existing minimally-invasive surgical ...

machines *

Defibrillator Defibrillation is a treatment for life-threatening cardiac arrhythmias, specifically ventricular fibrillation (V-Fib) and non-perfusing ventricular tachycardia (V-Tach). Defibrillation delivers a dose of electric current (often called a ''count ...

machines *

Pacemaker A pacemaker, also known as an artificial cardiac pacemaker, is an implanted medical device that generates electrical pulses delivered by electrodes to one or more of the chambers of the heart. Each pulse causes the targeted chamber(s) to co ...

devices * Dialysis machines * Devices that electronically monitor vital functions (electrography; especially,

electrocardiography Electrocardiography is the process of producing an electrocardiogram (ECG or EKG), a recording of the heart's electrical activity through repeated cardiac cycles. It is an electrogram of the heart which is a graph of voltage versus time of t ...

, ECG or EKG, and

electroencephalography Electroencephalography (EEG) is a method to record an electrogram of the spontaneous electrical activity of the brain. The biosignal, bio signals detected by EEG have been shown to represent the postsynaptic potentials of pyramidal neurons in ...

, EEG) * Medical imaging devices (

X-ray An X-ray (also known in many languages as Röntgen radiation) is a form of high-energy electromagnetic radiation with a wavelength shorter than those of ultraviolet rays and longer than those of gamma rays. Roughly, X-rays have a wavelength ran ...

computerized tomography A computed tomography scan (CT scan), formerly called computed axial tomography scan (CAT scan), is a medical imaging technique used to obtain detailed internal images of the body. The personnel that perform CT scans are called radiographers or ...

- CT or CAT, different magnetic resonance imaging- MRI- techniques,

positron emission tomography Positron emission tomography (PET) is a functional imaging technique that uses radioactive substances known as radiotracers to visualize and measure changes in metabolic processes, and in other physiological activities including blood flow, r ...

- PET) * Even healthcare information systems have significant safety implications

Nuclear engineering

Nuclear reactor A nuclear reactor is a device used to initiate and control a Nuclear fission, fission nuclear chain reaction. They are used for Nuclear power, commercial electricity, nuclear marine propulsion, marine propulsion, Weapons-grade plutonium, weapons ...

control systems

Oil and gas production

* Process containment *

Well integrity An oil well is a drillhole boring (earth), boring in Earth that is designed to bring petroleum oil hydrocarbons to the surface. Usually some natural gas is released as associated petroleum gas along with the oil. A well that is designed to produ ...

* Hull integrity (for floating production storage and offloading) * Jacket and topside structures * Lifting equipment * Helidecks * Mooring systems * Fire and gas detection * Critical instrumented functions ( process shutdown, emergency shutdown) * Actuated isolation valves * Pressure relief devices * Blowdown valves and

flare A flare, also sometimes called a fusée, fusee, or bengala, bengalo in several European countries, is a type of pyrotechnic that produces a bright light or intense heat without an explosion. Flares are used for distress signaling, illuminatio ...

system * Drilling well control (

blowout preventer A blowout preventer (BOP) (pronounced B-O-P) is a specialized valve or similar mechanical device, used to seal, control and monitor oil well, oil and gas wells to prevent Blowout (well drilling), blowouts, the uncontrolled release of crude oil ...

mud Mud (, or Middle Dutch) is loam, silt or clay mixed with water. Mud is usually formed after rainfall or near water sources. Ancient mud deposits hardened over geological time to form sedimentary rock such as shale or mudstone (generally cal ...

and

cement A cement is a binder, a chemical substance used for construction that sets, hardens, and adheres to other materials to bind them together. Cement is seldom used on its own, but rather to bind sand and gravel ( aggregate) together. Cement mi ...

) *

Ventilation Ventilation may refer to: * Ventilation (physiology), the movement of air between the environment and the lungs via inhalation and exhalation ** Mechanical ventilation, in medicine, using artificial methods to assist breathing *** Respirator, a ma ...

and

heating, ventilation, and air conditioning Heating, ventilation, and air conditioning (HVAC ) is the use of various technologies to control the temperature, humidity, and purity of the air in an enclosed space. Its goal is to provide thermal comfort and acceptable indoor air quality. H ...

* Drainage systems * Ballast systems * Hull cargo tanks

inerting system An inerting system decreases the probability of combustion of flammable materials stored in a confined space. The most common such system is a fuel tank containing a combustible liquid, such as gasoline, diesel fuel, aviation fuel, jet fuel, or r ...

* Heading control * Ignition prevention ( Ex certified electrical equipment, insulated hot surfaces, etc.) * Firewater pumps * Firewater and foam distribution piping * Firewater and foam monitors * Deluge valves * Gaseous fire suppression systems * Firewater hydrants *

Passive fire protection Passive fire protection (PFP) is components or systems of a building or structure that slows or impedes the spread of the effects of fire or smoke without system activation, and usually without movement. Examples of passive systems include floor- ...

* Temporary Refuge * Escape routes * Lifeboats and liferafts * Personal survival equipment (e.g., lifejackets)

Recreation

Amusement ride Amusement rides, sometimes called carnival rides, are mechanical devices or structures that move people to create fun and enjoyment. Rides are often perceived by many as being scary or more dangerous than they actually are. This could be due to ...

s *

Climbing equipment Climbing equipment refers to a broad range of manufactured gear that is used in the activity or sport of climbing. Notable groups include: * Alpine climbing equipment as is used in alpine climbing and mountaineering * Deep-water soloing equipme ...

Parachute A parachute is a device designed to slow an object's descent through an atmosphere by creating Drag (physics), drag or aerodynamic Lift (force), lift. It is primarily used to safely support people exiting aircraft at height, but also serves va ...

s * Scuba equipment **

Diving rebreather A Diving rebreather is an underwater breathing apparatus that absorbs the carbon dioxide of a diver's breathing, exhaled breath to permit the rebreathing (recycling) of the substantially unused oxygen content, and unused inert content when pres ...

Dive computer A dive computer, personal decompression computer or decompression meter is a device used by an underwater diver to measure the elapsed time and depth during a dive and use this data to calculate and display an ascent profile which, according to ...

(depending on use)

Transport

Railway

Railway signalling Railway signalling (), or railroad signaling (), is a system used to control the movement of railway traffic. Trains move on fixed rails, making them uniquely susceptible to collision. This susceptibility is exacerbated by the enormous weight ...

and control systems * Platform detection to control train doorsWayback Machine
/ref> * Automatic train stop

Automotive

Airbag An airbag is a vehicle occupant-restraint system using a bag designed to inflate in milliseconds during a collision and then deflate afterwards. It consists of an airbag cushion, a flexible fabric bag, an inflation module, and an impact sensor. ...

systems *

Braking A brake is a mechanical device that inhibits motion by absorbing energy from a moving system. It is used for slowing or stopping a moving vehicle, wheel, axle, or to prevent its motion, most often accomplished by means of friction. Background ...

systems *

Seat belt A seat belt, also known as a safety belt or spelled seatbelt, is a vehicle safety device designed to secure the driver or a passenger of a vehicle against harmful movement that may result during a collision or a sudden stop. A seat belt reduce ...

s *

Power Steering Power steering is a system for reducing a driver's effort to turn a steering wheel of a motor vehicle, by using a power source to assist steering. Hydraulic or electric actuators add controlled energy to the steering mechanism, so the driver can ...

systems *

Advanced driver-assistance systems Advanced driver-assistance systems (ADAS) are technologies that assist drivers with the safe operation of a vehicle. Through a human-machine interface, ADAS increases car and road safety. ADAS uses automated technology, such as sensors and camer ...

Electronic throttle control Electronic throttle control (ETC) is an Automotive engineering, automotive technology that uses electronics to replace the traditional mechanical linkages between the driver's input such as a Car controls#Throttle control, foot pedal to the vehi ...

Battery management system A battery management system (BMS) is any electronic system that manages a rechargeable battery (cell or battery pack) by facilitating the safe usage and a long life of the battery in practical scenarios while monitoring and estimating its various s ...

for hybrids and electric vehicles * Electric park brake *

Shift by wire Shift-by-wire is an automotive concept or system that employs electrical or electronic connections that replace the mechanical connection between the driver's gearshift mechanism and the transmission. Since becoming commercially available in 199 ...

systems *

Drive by wire Drive by wire or DbW in the automotive industry is the technology that uses electronics or electro-mechanical systems in place of mechanical linkages to control driving functions. The concept is similar to fly-by-wire in the aviation industry. D ...

systems *

Park by wire Shift-by-wire is an automotive concept or system that employs electrical or electronic connections that replace the Linkage (mechanical), mechanical connection between the driver's gearshift mechanism and the Transmission (mechanical device), trans ...

Aviation

Air traffic control Air traffic control (ATC) is a service provided by ground-based air traffic controllers who direct aircraft on the ground and through a given section of controlled airspace, and can provide advisory services to aircraft in non-controlled air ...

systems *

Avionics Avionics (a portmanteau of ''aviation'' and ''electronics'') are the Electronics, electronic systems used on aircraft. Avionic systems include communications, Air navigation, navigation, the display and management of multiple systems, and the ...

, particularly

fly-by-wire Fly-by-wire (FBW) is a system that replaces the conventional aircraft flight control system#Hydro-mechanical, manual flight controls of an aircraft with an electronic interface. The movements of flight controls are converted to electronic sig ...

systems *

Radio navigation Radio navigation or radionavigation is the application of radio waves to geolocalization, determine a position of an object on the Earth, either the vessel or an obstruction. Like radiolocation, it is a type of Radiodetermination-satellite servi ...

(

Receiver Autonomous Integrity Monitoring Receiver autonomous integrity monitoring (RAIM) is a technology developed to assess the integrity of individual signals collected and integrated by the receiver units employed in a Global Navigation Satellite System (GNSS). The integrity of rec ...

) * Engine control systems * Aircrew life support systems *

Flight planning Flight planning is the process of producing a flight plan to describe a proposed aircraft flight. It involves two safety-critical aspects: fuel calculation, to ensure that the aircraft can safely reach the destination, and compliance with air t ...

to determine fuel requirements for a flight

Spaceflight

Human spaceflight Human spaceflight (also referred to as manned spaceflight or crewed spaceflight) is spaceflight with a crew or passengers aboard a spacecraft, often with the spacecraft being operated directly by the onboard human crew. Spacecraft can also be ...

vehicles * Rocket range launch safety systems *

Launch vehicle A launch vehicle is typically a rocket-powered vehicle designed to carry a payload (a crewed spacecraft or satellites) from Earth's surface or lower atmosphere to outer space. The most common form is the ballistic missile-shaped multistage ...

safety * Crew rescue systems * Crew transfer systems

References

External links

An Example of a Life-Critical System

Safety-critical systems Virtual Library

NASA Technical Standards System
''Software Assurance and Software Safety Standard'' {{Authority control Computer systems Control engineering Engineering failures Formal methods Safety Risk analysis Process safety Safety engineering Software quality

Reliability regimens

Software engineering for safety-critical systems

Examples of safety-critical systems

Infrastructure

Medicine

Nuclear engineering

Oil and gas production

Recreation

Transport

Railway

Automotive

Aviation

Spaceflight

See also

References

External links