HCRQ
System Safety, Software Safety Experts
Since 1986
"The Key To A Safer World"
salus populi suprema lex




Welcome To HCRQ


Free Monthly System/Software Safety Newsletter

Click here to see a sample.
Click here to subscribe.



We help assure:
  • Missiles don't hit friendly targets
  • Passenger planes don't crash
  • Trains don't collide or derail
  • Medical devices don't kill you
  • Nuclear reactors don't melt down
  • You don't get sued

Ever wondered why there aren't MORE accidents and MORE lives lost?

Now you know.



Frequently Requested Services



HCRQ has over 19 years of experience in designing safety into and assessing the safety of complex safety-related systems such as:

  • missiles,
  • submarines,
  • air traffic systems,
  • weapons control systems,
  • fighter aircraft,
  • nuclear reactor control and monitoring systems,
  • medical devices,
  • space station systems,
  • light and heavy rail transportation systems.


International System Safety Conference '08

August 25-29, 2008, Vancouver, British Columbia

More information


SAFECOMP 2008

September 22-25, 2008, Newcastle upon Tyne, UK

More information


Environment & Safety Assurance Symposium - ESAS 08

September 30-October 2, 2008, Bristol, UK

More information


System Safety 2008

October 20-22, 2008, Birmingham, UK

More information


We offer the following services:

Software Safety

Look no further! We are renowned experts!

We were some of the early pioneers.
{You can always identify a pioneer by the arrows in their back.}

We are sometimes reminded of the poem by Robert Frost - "The Road Not Taken"
"Two roads diverged in a wood, and I, I took the one less traveled by,
and that has made all the difference".

For more information click here.



We have seen it all - the good, the bad, and the ugly and THERE HAS BEEN A LOT OF THE LATTER TWO.

In terms of safety-related systems, the world is often not a pretty place. This is some of what we've seen:

  • Overzealous safety consultants driving projects to their knees
    Their primary goal was making money
  • Fault tree analysis based on DFDs
    but the DFDs were not maintained resulting in the FTAs not been representative of the design
  • No Corporate Safety Policy
  • $80,000,000 in law suits before they brought us on board
  • Little, none or out-of-date design documentation.
    How about design documents that don't match the code, and code comments that don't match either of the other two?
  • No safety analysis for existing systems where functionality must be added and a safety assessment performed of the changes
  • System safety program for defense helicopter of questionable significance
  • Horribly over budget on system safety with funds being spent faster than they could be burned
  • Significant amounts of time being spent on aspects of questionable significance
  • System safety analyses way behind schedule
  • Too many projects for too few safety engineers with no time available to perform analyses other than cursory ones
  • Preliminary Hazard Analysis at revision 9
  • Safety analyses out of sync with the design
  • Hazard logging way out of sync with design
  • Hazard logs with no traceability
  • Practices being followed which don't work
  • No minutes of safety meetings
  • A design using 4000 global variables
    with a large percentage being safety-related
  • Current software version 20. Previous software version 17.
    You will never guess why
  • No traceability or poor correlation between safety requirements and design
  • Weapons control software with SRS not up-to-date, SDD almost non-existent, coding complete
    System was for a submarine
  • Project management and system safety completely out of sync with each other
  • No records of peer reviews
  • No peer review checklists
  • Safety-related software designer. One year previous - kindergarten teacher
  • No involvement by system safety in the subcontractor selection process
  • Requirements which state that "the delivered system must be as safe as or safer than the system it is replacing"
    yet there is no pertinent data from the existing system

and this is some of what we've heard:

  • He is an excellent safety engineer
    {but he is upable to identify hazards}
  • Please call me at home
    {from a corporate executive trying to jump ship following an accident}
  • The patient did not have long to live anyhow
  • Weapons systems are inherently unsafe
  • Safety analyses are unnecessary
    Our pilots are used to assuming risk
  • That can't happen
  • All hazards must be eliminated
  • We don't need safety analyses to defend us in court should an accident occur
  • When it is time to integrate our software, we receive the modules over our network.
    We're not sure who they are coming from
  • We're not allowed to ask for a System Safety Program Plan
  • Our system is not safety-critical (air traffic management)
  • We perform safety analyses to satisfy the regulations
    We don't use them as a preventative measures
  • I am a safety engineer; I have been hired to deflect our customer's safety concerns
    {hired by a defense contractor, their customer was the U.S. Navy}
  • We test safety-related software differently than we do other software
    For safety-related software, we unit test it
  • I've never heard of quantitative fault trees. What is a minimal cut set?
    {from a "system safety engineer"}
  • A hazard log adds no value and is just something else to maintain
  • Our system is safe
  • The problem with the silent alarm strip is that you don't hear anything when you press it
  • We mitigate hacking into our communications network by using CRCs
  • Why should we continue to analyze system safety? We have not had any other accidents
    {stated by the manager of a nuclear power plant following the analysis of a Loss Of Cooling Accident}



HCRQ speaks your language ( SSPP , SwSPP, PHL , PHA , HAZOP , SSHA , SHA , O&SHA , FFT , FTA , SFTA , FHA , PSSA , SSA , CCA , ZSA, PRA, CMA, FMEA , FMES , SFMEA , FMECA , SFMECA , SRHA, SDHA, SCHA, HHA , HTDB, HRI, HFE , MIL-STD-882 , SAE ARP4754, SAE ARP4761 , SAE ARP5580, EN 50126, EN 50128, EN 50129, MOD 00-56, IEC 61508, IEEE 1483, IEEE 1228, 49CFR236 Subpart H , 49CFR238.105 , IEC 60880, STANAG 4404, IEC 15026, IEC 60601-1-4, ISO 14971, RTCA DO-178B, RTCA DO-248A, RTCA DO-254, RTCA DO-278, SILs, DALs, Safety Case ).

Our courseware is exceptional.
Many of our attendees are repeat clients because they are comfortable with us and view our courses as the very best.
They appreciate their inherent practical insight and "how to" nature.



Aristotle - The originator of inductive reasoning and deductive reasoning which are fundamental to safety analysis

  • Do you have a challenging contract?
  • Do you have a challenging client?
  • Do you need training in either system safety or software safety either in general or in specific areas?
  • Have you under- or over-specified safety? Many of our clients were victims of either over-confidence or under-estimation.
  • Are you pleased with your present safety consultants?
  • Are you ready for your client's safety audit?
  • Is your client armed to the teeth with consulting engineers ready to bombard you with seemingly never-ending safety critiques?
  • Have you experienced a software-related, or worse still, software-caused accident?
  • Are you having a difficult time, perhaps in conflict with your client, knowing when you are "done"?

Get HCRQ on your team!

  • We will help protect you.
  • We will help protect those that use your system.
  • We can save you tens of thousands of dollars in your safety budget.
  • We can protect you against multi-million dollar law suits.
  • We can give you an additional edge over your competition within your bids!

Don't wait too long! One of our clients spent 3 times their safety budget before bringing us in.



Due to numerous requests, we are maintaining and updating our quizzes.
Industry is finding them useful in evaluating the expertise of system safety engineers.

SYSTEM SAFETY
QUIZ #1 - Identify the Hazards
  1. Nitroglycerin
  2. Collision
  3. Derailment
  4. Burns
  5. Electric Shock
  6. Software Range Check Fails
  7. CRC Fails To Detect Corruption

SYSTEM SAFETY
QUIZ #2 - Identify the Failure Modes
  1. Relay Fails To Cut Propulsion
  2. Relay Catches Fire
  3. Relay Fails To Be Energized
  4. Relay Contacts Welded (Closed)
  5. Relay Submersed In Water
  6. Software Fails To Work Properly
  7. Software Fails To Apply Penalty Brake When Discrete Input Asserted

SYSTEM SAFETY
QUIZ #3 - More Challenging Questions
  1. Just How Important is the Selection of the Programming Language?
  2. How Do You Analyze the Safety of Functional Changes to a System When No Safety Analysis Exists?
  3. Should You Consider Software Sneak Analysis?
  4. I am a Safety Engineer. I Have Too Many Active Projects. My Day Seems to Consist of Moving from One Meeting to the Next. Additional Safety Engineers Are Not Available. Budgets Are So Lean That it is Difficult Just to Order Books and Standards. What Can I Do?
  5. The Target Probability of Catastrophic Failure of 10^-9 Originated From Avionics. What is the Basis for Using the Same Target in Rail Systems?
  6. Are Development Assurance Levels from SAE ARP4761 Equivalent to Safety Integrity Levels?
  7. When Preparing a Minimal Equipment List (MEL - Avionics) Do I Repeat My Safety Analyses Considering Various Unavailable Equipment?

SYSTEM SAFETY
QUIZ #4 - More Challenging Questions
  1. What Can You Do if Management Has Decreed That You Cannot Request SSPPs, PHAs, Hazard Logs, etc. from Your Subcontractors?
  2. What Should You Do if You Are Designing a Communications System but No One Can Tell You Whether or Not It Will Be Handling Safety-Critical Data?
  3. How Do You Identify a Good Fault Tree Versus a Bad One?
  4. Is the Purchase of IEC 1025 (Fault Tree Analysis) a Wise Investment?
  5. What Is the Commercial Replacement for MIL-STD-1629A?
  6. Are Software Control Categories from MIL-STD-882C Equivalent to Software Integrity Levels?
  7. Are Software Control Categories Equivalent to Software Development Assurance Levels From SAE ARP4761?

SYSTEM SAFETY
QUIZ #5 - More Challenging Questions
  1. Is Hazard Analysis the Same as Safety Analysis?
  2. What Is Wrong with Default Compliance of MIL-STD-882C?
  3. From a System Safety Engineer's Perspective, What is Missing from SAE ARP4761?
  4. From a System Safety Engineer's Perspective, What is Wrong with 49CFR236 Subpart H?
  5. What are the Two Most Popular Programming Languages Used in Safety-Critical Systems Today?
  6. Under What Circumstances is Subsystem Hazard Analysis (SSHA) Difficult to Conduct?
  7. How Do Preliminary Hazard Analysis (PHA), Functional Hazard Assessment (FHA), and HAZOP Studies Compare?

SYSTEM SAFETY
QUIZ #6 - More Challenging Questions
  1. Compare the Approaches Used by MIL-STD-882, SAE ARP4761, and MOD 00-56.
  2. Comment on the Use of Microsoft Windows in Safety-Related Systems.
  3. Comment on the Use of C# in Safety-Related Systems.
  4. Power is Lost to a Functioning Safety-Related System. What Safety Analyses Could Be Used to Analyze This?
  5. If a Safety-Related System Fails, Due to a Design Error, Resulting in Loss of Life, Can the Design Engineer be Held Personally Liable?
  6. What is the Difference Between a Failure Condition (per SAE ARP4761) and a Hazard?
  7. Does the application of RTCA DO-178B Improve Safety?

SYSTEM SAFETY
QUIZ #7 - More Challenging Questions
  1. Comment on the Use of Java in Safety-Related Systems.
  2. How Does an SMP Differ from an SSPP?
  3. What is the Difference Between a PHL and a PHA?
  4. When You Transition from Dual Redundancy to Triple is Safety Increased?
  5. What are the 3 Causes of CRCs Failing to Detect Corrupted Data?
  6. More pending


While you are here, check out our web page of useful reference material.


"I thank you for your hard work, and for the many ways HCRQ contributes to making our country safer."
Jo Ann Davis, Member of Congress