A comparison of hazard analysis methods capability for safety requirements generation

A safety-critical system comprising several interacting and software-intensive systems must be carefully analyzed to detect whether new functional requirements are needed to ensure safety. This involves an analysis of the systemic properties of the system, which addresses the effect of the interaction between systems and system parts. The paper compares two hazard analysis methods, which are often considered well-suited for such software-intensive systems: the Functional Hazard Analysis (FHA) and Systems-Theoretic Process Analysis (STPA). The focus is on the selection and improvement of the best methods, based on the lesson learned from the comparison of FHA and STPA. The analyses cover the hazard analysis processes, systemic properties, and the criteria of requirements. The paper concludes that STPA is the better choice over FHA. Insights are obtained to align both STPA and FHA methods with the broader topic on risk management, that is, hazard analysis method improvement, cautionary thinking, uncertainty management, and resilience management.

[1]  M. Bunge Emergence and Convergence: Qualitative Novelty and the Unity of Knowledge , 2003 .

[2]  Tim Kelly,et al.  Functional hazard analysis for highly integrated aerospace systems , 1998 .

[3]  G. McCarthy FRAM: the functional resonance analysis method, modelling complex socio-technical systems , 2013 .

[4]  Marvin Rausand,et al.  Risk Assessment: Rausand/Risk Assessment , 2011 .

[5]  Clifton A. Ericson,et al.  Hazard Analysis Techniques for System Safety , 2005 .

[6]  P. Y. Wan Emergence à la Systems Theory: Epistemological Totalausschluss or Ontological Novelty? , 2011 .

[7]  José Orlando Gomes,et al.  Employing resilience engineering in eliciting software requirements for complex systems: experiments with the functional resonance analysis method (FRAM) , 2020, Cognition, Technology & Work.

[8]  Simon Perry,et al.  Model-Based Requirements Engineering , 2011 .

[9]  Marvin Rausand,et al.  Risk Assessment: Theory, Methods, and Applications , 2011 .

[10]  Yi Zhang,et al.  A Hazard Analysis Method for Systematic Identification of Safety Requirements for User Interface Software in Medical Devices , 2017, SEFM.

[11]  Mary Ann Lundteigen,et al.  Utilization of risk priority number to systems-theoretic process analysis: A practical solution to manage a large number of unsafe control actions and loss scenarios , 2020 .

[12]  Rune Mode Ramberg,et al.  Subsea Compression – Project Overview , 2016 .

[13]  Chris Wilkinson,et al.  A Comparison of STPA and the ARP 4761 Safety Assessment Process 1 , 2014 .

[14]  John P. Thomas,et al.  Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis , 2013 .

[15]  Nektarios Karanikas Documentation of assumptions and system vulnerability monitoring : the case of System Theoretic Process Analysis (STPA) , 2018 .

[16]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[17]  Jan Erik Vinnem,et al.  Deriving verification objectives and scenarios for maritime systems using the systems-theoretic process analysis , 2018, Reliab. Eng. Syst. Saf..

[18]  Blandine Antoine Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry , 2013 .

[19]  Terje Aven,et al.  The cautionary principle in risk management: Foundation and practical use , 2019, Reliab. Eng. Syst. Saf..

[20]  Dev Raheja Software FMEA: A Missing Link in Design for Robustness , 2005 .

[21]  Andreas L. Opdahl,et al.  Comparing risk identification techniques for safety and security requirements , 2013, J. Syst. Softw..

[22]  Robert L. Wears,et al.  Resilience Engineering: Concepts and Precepts , 2006, Quality and Safety in Health Care.

[23]  Enrico Zio,et al.  Uncertainty treatment in risk analysis of complex systems: The cases of STAMP and FRAM , 2016, Reliab. Eng. Syst. Saf..

[24]  Christian Holden,et al.  Application of systems-theoretic process analysis to a subsea gas compression system , 2018 .

[25]  Mary Ann Lundteigen,et al.  Application of System-Theoretic Process Analysis to the Isolation of Subsea Wells: Opportunities and Challenges of Applying STPA to Subsea Operations , 2018 .

[26]  Martin Höst,et al.  Comparison of the FMEA and STPA safety analysis methods–a case study , 2019, Software Quality Journal.

[27]  Cody H. Fleming,et al.  A Comparison of SAE ARP 4761 and STPA Safety Assessment Processes , 2015 .

[28]  N. A. Zikrullah,et al.  Clarifying Implementation of Safe Design Principles in IEC 61508: Challenges of Novel Subsea Technology Development , 2019 .

[29]  Terje Aven,et al.  Improving government policy on risk: Eight key principles , 2018, Reliab. Eng. Syst. Saf..

[30]  R. M. Chandima Ratnayake,et al.  Implementation of system-based hazard Analysis on physical safety barrier: A case study in subsea HIPPS , 2015, 2015 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM).

[31]  Neil Maiden,et al.  Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle , 2004 .

[32]  Terje Aven,et al.  Practical implications of the new risk perspectives , 2013, Reliab. Eng. Syst. Saf..

[33]  Abouzar Yousefi,et al.  Systemic accident analysis models: A comparison study between AcciMap, FRAM, and STAMP , 2018, Process Safety Progress.

[34]  David John Pumfrey,et al.  The principled design of computer system safety analyses , 1999 .

[35]  Nancy G. Leveson,et al.  Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis , 2014 .

[36]  Tim Kelly,et al.  Deriving safety requirements using scenarios , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.