Safety standards in the legal and industry context
If I were to suggest some add ons, enhancements, extensions (you name them) to current functional safety trainings, those would target mainly two aspects. But before talking about my training aspirations, I need to confess that I do not have myself enormous experience. I've been only attending to three ISO26262 trainings, whereby only two of them streching for more than one day. Apart from that I would count numerous webinars and online presentations (I mean here only the thorough ones, taking at least 40-50 min) on IEC61508, IEC61511 and EN50126/8. I found all of them basically very SIL-centered (probably with the exception of railway EN norms, sliding a bit into other concepts), which is somehow normal, since all of them were about standards derived from IEC61508, where the notion was invented. But what I generally felt was that they were lacking a bit this context view about how functional safety links with legislation, "coercive "directives aiming for consumer protection and how it builds on existing industry technological frameworks and reference models. So, my two cents:
- Some basic questions a person responsible for product-safety shall (be trained to) grapple with: how are technical standards interplaying with regional legal framework (here would be good to give an overview on main economic and trade areas - USA/North America, EU, China, Japan ..), fostering of economic prosperity (via competition and innovation stimulus) or industry interests? How do they help to protect small companies against monopolies simultaneously with endorsement of collaboration between different industrial tiers? Which societal impact do they generate, because after all this is what we all want from standards, to make us a "better" society? A good reference to get answers to all that would be Carl Cargill, an authority in matter of standardization, as a discipline, and one of his papers about standards "becoming". Some take-aways from there:
" the more developed a society is, the more standards become necessary"
"in the computer industry, new standards can be the source of enormous wealth, or the death of corporate empires"
"education and standards, are impure public goods. These combine aspects of both public and private goods. Although they serve a private function, there are also public benefits associated with them. Impure public goods may be produced and distributed in the market or collectively through government. How they are produced is a societal choice of significant consequence."
2. Second thing would be about other approaches to risk assessment than SIL. Functional safety is the discipline of reducing the risk to a minimum acceptable level. This implies (at least) two things: you have to have some means to quantify the risk AND that you set a threshold - what do you define as "unacceptable" risk. The way SIL tackles that is described in IEC61508-5 Annexes D and E. There are basically a weighted risk graph and a hazardous event matrix indicated (which was standardized as HARA in ISO26262). This stays, as a concept, given its "risk-levels" approach, close to ALARP risk assessement method. What this mindset (for both, SIL and ALARP) obfuscates is that risk "social acceptance", meaning the trade-off between economic advantage of new technology vs its risk introduction, may vary geographically. Those two papers are very helpful to better grasp this. They both set criterias for risk analysis and then apply them on ALARP, as well as two other risk analyses, namely GAMAB (globalement au moin aussi bon - globally at least as good) and MEM (minimum endogenous mortality). The latter two are legally enforced in the railway industry, one in France and the other in Germany, and are about a comparative approach toward similar existing technologies. Former one, GAMAB, is system-centered and requires for a new system to demonstrate that "globally" does not increase the risk compared to existing systems using same technology. Latter one, MEM, is socially-centered, and requires a new system to not increase with 1/20 the local minimum mortality considered. It might be that you find some aspects about how to deal with risk assessment, scandalous or gruesomly formulated (as this proof for required "mortality rates"), but the point is not to debate on that, it is to show that there is some other ways to assess risk than SIL.
Some of the most sound critiques on SIL were formulated by John McDermid, whose personal web-page on University of York, I highly encourage you to see, or Felix Redmill's paper which is also worth-reading.
To conclude I would say that maybe due to the the things above, current functional safety industry norms trainings, may IMHO generally lead to submissive thinking and probably not leave that much room to critical attitude. When you're teaching about safety I think it is imperative to link it with the real-life, the social environment and perception of risks and new technologies, and obviously, the industry background.