Please log in using either your email address or your membership number.
Please register with your name, email address, password and email preferences. You will be sent an email to verify the address.
Please enter the email address used for your account. A temporary password will be emailed to you.
The SCSC publishes a range of documents:
The club publishes its newsletter Safety Systems three times a year in February, June and October. The newsletter is distributed to paid-up members and can be made available in electronic form for inclusion on corporate members' intranet sites.
The proceedings of the annual symposium, held each February since 1993, are published in book form. Since 2013 copies can be purchased from Amazon.
The club publishes the Safety-critical Systems eJournal (ISSN 2754-1118) containing high-quality, peer-reviewed articles on the subject of systems safety.
If you are interested in being an author or a reviewer please see the Call for Papers.
All publications are available to download free by current SCSC members (please log in first), recent books are available as 'print on demand' from Amazon at reasonable cost.
Contents
The Insider threat is rarely considered as part of functional safety to inform design, process and procedure. Worryingly, it is often neglected as part of safety and risk management practices entirely. This must change in light of high profile cases in recent years where Insiders have been seen to pose a severe threat. Industry must attempt to analyse and understand Insider threat risk and build this into integral processes, which will require close collaboration across diverse technical areas and specialisms. Government policy may even be developed in the coming years, similar to that of US Executive Order 13587, which necessitates a more comprehensive consideration of these risks. Now is the time for safety-critical industries to wake up to the Insider threat as one of the most real and present dangers to organisations in the modern age.
This paper is a thought-piece about how Insider threat could be dealt with as part of normal engineering practice, and proposes a concept methodology for the formal assessment of Insider threat risk to systems and organisations. The paper deals only with deliberate and malicious acts (intended to do harm in some way), rather than the unintentional insider threat.
A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care.
The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability.
This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance.