Defence in depth: facilities
Defence in depth: facilities



A safety provision that cannot be broken down
into redundant parts

This is a reminder of some of the areas to be careful for. 

What appear to be independent trains may share the same electrical supplies.

These all require the same response.

Time itself is not a safety layer.
Being trapped in an air pocket as it fills up with water would not make you feel safe!

Time is important in that it gives the opportunity to provide additional safety provisions
- these are the layers, not the time itself.
Time also generally increases the reliability of certain actions.

Be careful about counting too many independent administrative layers.

Experience shows that they do not all act independently.

As with time, indications themselves are not a safety layer, they prompt actions that are the safety layer.

Be careful not to count surveillance where no actions are taken.