This pattern is intended to argue that a (sub)system has been developed to an integrity level appropriate to the hazards to which the system contributes.
Author: Tim Kelly
Last Modified: 22/2/1999
The motivation for this pattern was to provide an argument where the overall objective was expressed in terms of the hazards involved and to show how this was then translated into integrity level requirements. The top level objective, being expressed in terms of hazards and associated hazard classes, can be more readily integrated with an overall system level argument.
