Identifying Control Redundancy for Computer Interface Analysis

Correctly identifying the redundancy in a system design and its interface with other systems or subsystems is essential for determining if the overall design meets the desired reliability requirements. Incorrectly listing components or interfaces as redundant or not recognizing the redundant functions the components provide can cause the reliability analyst to be unsuccessful in catching common cause failures in the overall system design. The Space Shuttle program reliability requirements contain a requirement for separation of redundant command and control paths. Its intention is to keep common cause failures from stopping redundant commands from being issued when needed as well as preventing inadvertent activation of redundant commands. Determining if commands and/or components provide redundancy to other commands or components in a system cannot be determined merely from looking at how the commands/components connect to each other. One must first determine what the critical function(s) the components need to accomplish for the system to operate successfully. The critical function could be to turn something ON, or the critical function might be to ensure something turns OFF at the right time. It could be that keeping something from prematurely turning ON or OFF is the critical function. After determining the critical functions the commands/components need to perform, the analyst can consider how they connect and can identify the commands/components in the system that provide redundancy for the critical function