A safety-critical function is either a “must-work” function or a “must-not-work” function. A must-work-function is an active function vital for keeping the crew alive. A must-not-work function is instead a function that if operated inadvertently or untimely (e.g., propulsion ignition, or access to a live high-power laser) can kill or injure the crew, or cause damages. A function may be a “must-not-work” function for some periods of a mission and a “must-work function” for remaining time. A system function may not be safety critical yet include some inherent hazards such as high voltages, high temperature, toxic compounds, etc. For example, a microgravity experiment using a metal melting furnace.

A failure consists of a function or specified service of a system, device, software, or system operator ceasing or deviating from specification. A fault is instead an incorrect state of hardware or software resulting from failures of components, functional upsets, operator error, or incorrect design. Faults include failures of system elements.

“Fault/Failure Tolerance” is the ability to operate/survive in the presence of faults or failures. “Fault/Failure Avoidance” consists in obviating or mitigating the potential for faults/failures through screening processes (e.g., removing flammable materials), safety factors, and robust design (e.g., derating of components) (Miller et al