[SystemSafety] A comparison of STPA and ARP 4761

Laurent Fabre laurent.fabre at cslabs.com
Thu Jul 24 20:29:27 CEST 2014 

Many in the system safety industry have heard of the STAMP / STPA method 
originally developed by Prof. Nancy Leveson and her team.
One of the latest development around this method is that a group at MIT 
has been comparing the safety assessment process of STPA with SAE ARP 
4761 (For readers not familiar with this reference, this is the well 
established guidance document that describes the safety assessment 
process in the aerospace industry).
The results of this work have been documented in a report recently 
released on the MIT web site. The title of the report is
"A Comparison of STPA and the ARP 4761 Safety Assessment Process". 
Here's the link to the report:
http://sunnyday.mit.edu/papers/ARP4761-Comparison-Report-final-1.pdf

This report should be of interest to system safety engineers in the 
aerospace industry but more generally to engineers in all 
safety-critical industries that have looked at ARP 4761 as a reference.

Here's the conclusion of this report:

    "This report compares the safety analysis process of ARP 4761 with
    STPA, using the wheel brake system example in ARP 4761. We show that
    STPA identifies hazards omitted by the ARP 4761 process,
    particularly those associated with software, human factors and
    operations. The goal of STPA is to identify detailed scenarios
    leading to accidents so that they can be eliminated or controlled in
    the design rather than showing that reliability goals have been met.
    The succeeding verification processes (DO-178C/DO-254) are still
    necessary to assure that the requirements provided by the process in
    ARP 4754A and supported by STPA, are fully verified.

    In the reality of increasing aircraft complexity and software
    control, the traditional safety assessment process described in ARP
    4761 omits important causes of aircraft accidents. The general
    lesson to be learned from the comparison in this report is that we
    need to create and employ more powerful and inclusive approaches to
    evaluating safety that include more types of causal factors and
    integrate software and human factors directly into the evaluation.
    STPA is one possibility, but the potential for additional approaches
    should be explored as well as improvements or extensions to STPA.
    There is no going back to the simpler, less automated designs of the
    past, and engineering will need to adopt new approaches to handle
    the changes that are occurring."

I suspect that this conclusion will generate some controversy. I have 
not read this report yet but I intend to.
This document has been published very recently (last month) so it will 
take some time for system safety practitioners to become aware of it and 
react. Anyway the SAE S-18 committee and EUROCAE WG-63 currently working 
on version A of ARP4761 should have a specific interest in this report.

Laurent Fabre

-- 
---------------------------
Critical Systems Labs, Inc.  <http://www.criticalsystemslabs.com/>
#140 - 601 West Cordova Street
Vancouver, BC, Canada
V6B 1G1
Tel:  (604) 638-7391

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140724/136c8413/attachment.html>

More information about the systemsafety mailing list