Top event prevention in complex systems

A key step in formulating a regulatory basis for licensing complex and potentially hazardous facilities is identification of a collection of design elements that is necessary and sufficient to achieve the desired level of protection of the public, the workers, and the environment. Here, such a collection of design elements will be called a ``prevention set.`` At the design stage, identifying a prevention set helps to determine what elements to include in the final design. Separately, a prevention-set argument could be used to limit the scope of regulatory oversight to a subset of design elements. This step can be taken during initial review of a design, or later as part of an effort to justify relief from regulatory requirements that are burdensome but provide little risk reduction. This paper presents a systematic approach to the problem of optimally choosing a prevention set.