Argument A1.2.2.1.7.3.3 All hazards are tolerable and ALARP holistically because...

• Supports Claim: C1.2.2.1.7.3 The identified hazards have a tolerable and ALARP mitigation strategy for each

Child nodes:

• Has evidence Evidence: E1.2.2.1.2.1 Hazard identification, security and analysis report

The prevention, protection and mitigation strategies for Hazard 1 and 2 have been analised and the following has been found:

1. They are not exclusive i.e. one hazard's strategy implementation does not prevent the other's implementation
2. Priorities are decided within the symbolic AI, however, the ultimate safe state for both hazards is to remove power to the propellers
3. A single point of failure exists (symbolic AI), however, this has been analysed and shown to be ALARP as the combined likelihood of the two hazard initiating events is still mitigated to a level which is tolerable and ALARP.