Social Impact Analysis
Ethics in Computing Links
Exercises for Therac-25
Designing a Reporting
A life cycle approach to software requires some way to gather reports
in the field of the operation of the software and feed those reports back
into maintenance and updating of the software. One of the clear difficulties
in the Therac-25 case was the process of getting the right information
back from the field to the AECL home office and to other sites and then
getting resolutions of the problems communicated back to the sites. In
some cases AECL was only notified by lawsuit months after an incident.
In other cases, information languished at the home office that might have
been useful to sites where the machine was being used.
In this exercise, you will ask your class to design a reporting system
and to evaluate its impact on the various stakeholders in the case. In
her book Safeware: System Safety and Computers (p. 88), Nancy Leveson
lists four requirements of a successful reporting system:
- Explicit delegation of responsibility for reporting. Who should report
accidents and to whom? What about other errors or malfunctions? What
kind of deadlines and penalties should be imposed? Whose responsibility
should it be for imposing deadlines and penalties (e.g. the company,
- Protection and incentives for informants. If hospitals or manufacturers
are required to report errors, incidents, or accidents, there is likely
to be some resistance to reporting all errors because of liability issues.
What sort of protection and incentives might be given to increase accuracy?
Who else within the system other than an official representative might
be a useful informant?
- Procedures for analyzing incidents and identifying causal factors.
When an accident or error is reported, who should investigate the facts?
How should the person or panel identify causal factors?
- Procedures for using reports and generating corrective actions. When
causal factors have been identified, who should be notified of the analysis?
What requirements and deadlines should there be for generating corrective
Use these requirements to design a reporting system that might help to
reduce the risk to patients. Make sure to address all four points requirements
in a successful system. This exercise might be done as an in-class exercise
or as individual homework and then discussed in the class.
A more time consuming but interesting alternative is to have teams from
representing various stakeholders (AECL, the hospitals, the patients, the
FDA) design their preferred reporting system as homework and then have
these systems presented in class on the same day. Class discussion after
these presentations might be a general comparison or some sort of a negotiation
among the various parties.
Leveson, N. G. (1995). Safeware: System safety and computers. New
York: Addison Wesley.
Wahlstrom, B., & Swaton, E. (1991). Influence of organization and
management on industrial safety. Technical report, International Institute
for Applied systems Analysis.