Computing Cases Header, Picture of a Keyboard with the text "" printed over it

Case Materials

Case Navigation

Therac-25 Case

Teaching Intro

Socio-Technical Analysis

Ethical Analysis


Supporting Documents



Teaching Tools

Teaching with Cases

Social Impact Analysis

Computer Ethics Curriculum

Curricula Index

Case Materials



Hughes Aircraft

Ethics in Computing Links

Contact Us

Exercises for Therac-25

Designing a Reporting System

A life cycle approach to software requires some way to gather reports in the field of the operation of the software and feed those reports back into maintenance and updating of the software. One of the clear difficulties in the Therac-25 case was the process of getting the right information back from the field to the AECL home office and to other sites and then getting resolutions of the problems communicated back to the sites. In some cases AECL was only notified by lawsuit months after an incident. In other cases, information languished at the home office that might have been useful to sites where the machine was being used.

In this exercise, you will ask your class to design a reporting system and to evaluate its impact on the various stakeholders in the case. In her book Safeware: System Safety and Computers (p. 88), Nancy Leveson lists four requirements of a successful reporting system:

  1. Explicit delegation of responsibility for reporting. Who should report accidents and to whom? What about other errors or malfunctions? What kind of deadlines and penalties should be imposed? Whose responsibility should it be for imposing deadlines and penalties (e.g. the company, the FDA)?
  2. Protection and incentives for informants. If hospitals or manufacturers are required to report errors, incidents, or accidents, there is likely to be some resistance to reporting all errors because of liability issues. What sort of protection and incentives might be given to increase accuracy? Who else within the system other than an official representative might be a useful informant?
  3. Procedures for analyzing incidents and identifying causal factors. When an accident or error is reported, who should investigate the facts? How should the person or panel identify causal factors?
  4. Procedures for using reports and generating corrective actions. When causal factors have been identified, who should be notified of the analysis? What requirements and deadlines should there be for generating corrective actions?

Use these requirements to design a reporting system that might help to reduce the risk to patients. Make sure to address all four points requirements in a successful system. This exercise might be done as an in-class exercise or as individual homework and then discussed in the class.

A more time consuming but interesting alternative is to have teams from representing various stakeholders (AECL, the hospitals, the patients, the FDA) design their preferred reporting system as homework and then have these systems presented in class on the same day. Class discussion after these presentations might be a general comparison or some sort of a negotiation among the various parties.

Leveson, N. G. (1995). Safeware: System safety and computers. New York: Addison Wesley.

Wahlstrom, B., & Swaton, E. (1991). Influence of organization and management on industrial safety. Technical report, International Institute for Applied systems Analysis.