Damage Limitation


Damage limitation is an important technique in reducing the harm which can be caused by the failure of a safety-critical system, and is a passive aspect of fault tolerance where there is no need for error detection.

Physical partitioning is a common strategy to follow, keeping subsystems that are safety-critical on separate hardware and power supplies from less important subsystems.

Logical partitioning can also be seen, the software world adopting hardware techniques, where an effort is made to keep data from flowing from less important systems to safety-critical ones. Damage limitation can often be achieved by minimising coupling and maximising cohesion, or keeping the interfaces between modules as limited as possible and hopefully localising or at least minimising the effect of a fault.

Why?

An incident in one part of the mine affecting another caused the Moura No. 4 mine explosion.

Why?

Because during the Piper Alpha oil platform inferno the original explosion might have been contained.