The types and causes of harm which may be considered when judging if a system is acceptably safe.

The variety of stakeholders and domains in which safety-critical systems are involved leads to a wide range of harm that may be considered.

Various safety standards go beyond death and injury to include aspects such as system loss and environmental damage, but the harm considered can also include financial loss, damage to reputation through bad publicity, political fallout, and the various results of legal proceedings.

The scope of harm considered does not always depend only upon the type of harm, but also may depend upon the causes of that harm. For example, the scope may not include sabotage, terrorism, intentional misuse, or environmental causes such as lightning strike.

Some of the case studies written up in the Savive web site involved no loss of life, and some no significant loss at all, but the causes and chain of events leading up to them are of some interest. For example, the Aurora 7 splashdown was just in the wrong spot, and the Channel Tunnel fire and Apollo 13 explosion only resulted in loss of equipment and system use or mission.


The inclusion of financial, political, and other losses in the harm considered naturally leads to an overlap between system safety and other branches of risk management, although it is important to have system safety maintain independence.