• What is the risk of failure, that is, what is the probability of a system
failing to respond to a demand?
• What are the consequences of that failure? If the system does not
respond correctly, what happens?
• Are these consequences more serious than is acceptable? If yes, then
develop a new SIS to reduce the risk, and repeat the process. If no, proceed
with the implementation of the SIS as designed.