zSafety Case concept and purpose zRequirements from standards zSafety Case contents zSafety arguments zpresenting clear arguments zGoal Structuring Notation (GSN) zCreating Arguments in GSN zWhen and How to Create Assurance ArgumentsWhere,
Principal Objective: zSafety case presents the argument that a system will be acceptably safe in a given context z be ...System could zphysical (e.g. aero-engines, reactor protection systems) zprocedural (e.g. railway operations, off-shore) zSafety Cases can be prepared for .. zcommissioning zmaintenance zdecommissioning ...
A safety case requires two elements: zSupporting Evidence Results of observing, analysing, testing, simulating and estimating the properties of a system that provide the ademfnutnlafrom which safety can be inferredinformation zHigh Level Argument Explanation of how the available evidence can be reasonably interpreted as indicating acceptable safety usually by demonstrating compliance with requirements, sufficient mitigation / avoidance of hazards etc zArgument without Evidence is unfounded zEvidence without Argument is unexplained
zSafety Caseis the totality of the safety justification + all the supporting material: testing reports, validation reports, relevant design information etc
zSafety Case Reportis the document that summarises all the key components of the Safety Case andreferences all supporting documentation in a clear and concise format
zExact contents depends on regulatory environment zfollowing are key elements of most standards:The zScope zSystem Description zSystem Hazards zSafety Requirements zRisk Assessment zHazard Control / Risk Reduction Measures zSafety Analysis / Test zSafety Management System zDevelopment Process Justification zCosnoisulcn
The Defence in Depth principle (P65) has been addressed in this system through the provision of the following: •Multiple physical barriers between hazard source and the environment (see Section X) •A protection system to prevent breach of these barriers and to mitigate the effects of a barrier being breached (see Section Y) ...
zIt is possible in text at least sometimes zuse simple language and short sentences zuse bullet points for key statements zbreak down the argument one step at a time zand refer to following sub-sections zstructure document sub-sections around separate concepts z6.2 Control of Hazard Inadvertent Chaff Releasee.g. Section zBut it is easier with pictures! zuse agraphical notationto summarise argument zGoal Structuring Notation(GSN) zClaims Argument Evidence (CAE)
Purpose of a Goal Structure To show howgoalsare broken down into sub-goals, and eventually supported by evidence (solutions) whilst making clear thestrategiesadopted, the rationale for the approach (assumptions, justifications)A/J and thecontextin which goals are stated
Hazards Identified from FHA (Ref Y) All identified Software hazards eliminated developed to I.L. I.L. Process Guidelines / sufficiently appropriate to defined by Ref X. Tolerability targets mitigated hazards involved (Ref Z)
1x10-6 Secondary of H3 Probability Protection Primary of H2p.a. Probability CalHtiaamsittrforodprshicHe1lihmaisnabteeedn<o1cxc1ur0r-i6ccruogn<1rerp01x-i3emstySrneoitcetorPp4dtoI.gLn.edevolepSsyetm za annum annum developed to I.L. 2
A Simple Goal Structure Safety Requirements & Objectives
Hazards Identified from FHA (Ref Y) All identified Software hazards eliminated developed to I.L. I.L. Process Guidelines / sufficiently appropriate to defined by Ref X. Tolerability targets hazards involved (Ref Z) Safety Argument 1x10-6 y op.a. Probabi o y a ro occurring CaHltiaamszittrafordoprshicHe1lihmainsabteeden<1axn1n0u-61x01rur<poccnueanrm-i3lovedpeIto..LtcetnoitsySedmegn2etsySnoitcetorPrymarimPerpPyordnraeSoc.L4oI.pedtvelomde
Step 1 - Identify Goals: Phrasing zGoals should be phrased as propositions zStatements that can be said to be TRUE / FALSE (e.g. The sky is blue or York is a beautiful city) zNB: not limited to statements that can be objectively proven zStatement should be expressed as a single statement (1 sentence) of in the form: <NOUN-PHRASE><VERB-PHRASE> zNoun-Phrase identifies the subject of the goal zVerb-Phrase defines a predicate over the sub ect 1 3 6 2 4 20
Step 1 Identify Goals: Phrasing -zThe following are examples of correctly stated goals: Subject Predicate <Noun-Phrase> <Verb-Phrase> Component X has no ‘critical’ failure modes All identified hazards for System Y have been sufficiently mitigated Non-destructive examination of has been performed weld-site Z Design A employs triple modular redundancy 5 1 3 6 2 4 21