Identify three hazards that may arise in this system. For each hazard, suggest a defensive requirement that will reduce the probability that these hazards will result in an accident. Explain why your suggested defense is likely to reduce the risk associated with the hazard.

A safety-critical software system for treating cancer patients has two main
components:
• A radiation therapy machine that delivers controlled doses of radiation
to tumor sites. This machine is controlled by an embedded software
system.
• A treatment database that includes details of the treatment given to
each patient. Treatment requirements are entered in this database and
are automatically downloaded to the radiation therapy machine.

Hazards:
1. Incorrect dosage of radiation computed
2. Radiation delivered to the wrong site on patient’s body
3. Data for wrong patient used to control machine
4. Data transfer failure between database and therapy machine
Software protection:
1. Comparison with previous doses delivered. Establishment of a maximum
monthly dose which may never be exceeded. Feasibility checks (e.g. for
negative dosages). Confirmation of dose to be delivered by operator.
Continuous visual display of dose being delivered.
2. Comparison with delivery site in previous treatment. Light used to
illuminate site of radiation delivery. Operator confirmation of site before
machine can operate.
3. Patient asked to verify name, address and age before machine starts by
pressing button. Issue patient with a personal treatment card which is
handed over to identify patient. Maintain separate list of patients to be
treated each day and correlate with patient databases. Force machine
operator to verify list and database consistency before starting machine.
4. Dual display of information in therapy machine and database. Highlighting
of differences in operator display. Locking of machine until information is
consistent. Use of check digits and other error checking codes in the data.
Duplicate communication channels between machine and database.