A high-consequence system is one in which the consequences of failure are so severe that the tradeoff between prevention cost and external failure cost almost always leads to a decision to strongly emphasize prevention cost. This is not to say that in high-consequence systems, money is no object in the prevention cost budget, but rather the bias for prevention in such systems is so strong that extraordinary measures are usually easily justified. This chapter discusses reliability engineering practices that may not be fully implemented in ordinary cases but are appropriate for high-consequence systems.
Much of modern life is made possible by systems whose proper functioning is usually taken for granted by lay persons but whose failure would have severe consequences that may range from relatively benign problems, such as extreme expense to repair, to very malign events, possibly even including social collapse. We refer to these systems in this book as high-consequence systems.1 High-consequence systems have one or more of these attributes: