2.6.2 Defining safe system response to changes

Contextual description: Once potentially unsafe changes are detected, a safe response must be enacted (i.e. returning the system to a safe state). What is an appropriate response will depend upon the nature of the change that occurs and must link back to the higher-level safety analysis of the RAS. For example, for some changes it may be determined that the safest response is to hand back control to an operator; for other changes this may be an unsafe response.

Practical guidance:  To be determined.