[conspire] 737 MAX story keeps getting more fractally bad

paulz at ieee.org paulz at ieee.org
Tue Jul 9 08:39:17 PDT 2019 

 
The saga at Boeing is portrays a very different mindset from myexperience with makers of medical devices.

Every one is veryaware that patients lives are effected for bettor or worse by thecompany product. If that isn’t enough, bad outcomes result in lotsof lawyers. I’m sure you have seen ads on television, “If you ora family member was injured...”

First everysignificant step in the development from original requirements toproduction testing must be carefully documented. Makes it very easyto go back and figure out what happened. If the company does nothave a good documentation system, FDA will not approve the product. The whole design process will need to be repeated with betterdocumentation.

Another importantpart of the process is FMEA, Failure Modes and Effects Analysis. Lots of brainstorming to try to list every possible thing that couldgo wrong, the consequences and how severe it is to the patient. Items with any small possibility of serious problems to the patient,the doctor or the equipment must be analyzed and ways found tomitigate it. 

To use ahypothetical example from the airline industry. Some planes have athing called angle of attack sensor. If the sensor just gives anindication to the pilot, and the plane has lots of otherinstruments, perhaps pilot training can tell him when to ignore AoAand how to use other information to safely fly the plane. And thedocumentation system will track the training requirement to theactual training.

Just speaking, notthat this would happen, but suppose the AoA sensor was connected toan automated flight control system and a bad sensor input couldpossibly, under remote circumstances, cause the plane to crash. Thisis not acceptable. 

Mediation wouldrequire multiple sensors, using different technologies. There mightbe an undiscovered weakness in one kind of sensor. Software willhave a requirement that a bad sensor input will not cause the planeto crash. Maybe the requirement includes checking the altitudebefore pointing to the ground. Again the documentation system willtrack this from software requirements to final validation.

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20190709/d2b9574d/attachment.html>

More information about the conspire mailing list