Safety critical systems are systems in which failures may affect the environment or cause injury or death to the people in that environment. The principal concept of safety specification is to identify requirements that will minimize the probability that such system failures will occur. Safety requirements are primarily protection requirements and are concerned with normal system operation. They may specify that the system should be shut down so that safety is maintained. In deriving safety requirements, you, therefore, need to find an acceptable balance between safety and functionality and avoid over protection. There is no point in having a very safe system if it does not operate in a cost-effective way. Safety specification is usually focused on the hazards that may arise in a given situation, and the events that can lead to these hazards. The activities in the general risk-based specification process map onto the safety specification process as follows:
1.（ ） In safety specification, this is the hazard identification process that identifies hazards that may threaten the system.
2.（ ） This is a process of hazard assessment to decide which hazards are the most dangerous and/or the most likely to occur. These should be prioritized when deriving safety requirements.
3.（ ） This process is concerned with discovering the events that can lead to the occurrence of a hazard. In safety specification, the process is known as hazard analysis.
4.（ ） This process is based on the outcome of （ ） and leads to the identification of safety requirements. These may be concerned with ensuring that a hazard does not arise or lead to an accident or that if an accident does occur, the associated damage is minimized.