Originally Posted by
FCeng84
A single point failure is acceptable if the consequences are bounded and the failure rate is sufficiently remote. As stated before a single failure with catastrophic results is never acceptable.
The mitigation for this issue seems to be that the pilots will realise what is going on and switch the failed system off. This is the oldest trick in the safety case book . . . and regulators in _many_ safety related/critical industries allow the 'human will figure it out' mitigation to be used . . . and in many cases it doesn't because people are tired, bored, stressed, having a bad day, fallible . . .
This is a regulatory failure pure and simple. The safety case would make interesting reading. As would the one for the 'fix' . . .