Predictable safety in the control of high consequence systems

Abstract

Many industries transmit large amounts of energy under the control of safety critical systems. Inadvertent release of energy by such systems can result in negative high consequences. This paper describes a principle-based strategy for preventing inadvertent release due to normal operational stresses or abnormal (e.g., accident) stresses. The safety principles, developed by Sandia National Laboratories for imbedding detonation safety in nuclear weapons, include isolation, inoperability and incompatibility. These principles are defined in the paper. They are illustrated and contrasted to conventional practice via the application to a gas furnace control system.