104:(2) independent review to verify and validate. Since Safety Cases are structured, evidence based approaches to satisfy the safety argument established at the start of programs, they may find a good fit in augmenting existing and proven hazard analyses methods and techniques. It is envisioned as Safety Cases gain popularity and are included in current best practices they will not replace any current effective safety methods, such as Functional Hazard Assessments (FHA), but may be included in those up front and in more comprehensive and blended safety methodologies to argument and improve capturing and documenting objective safety evidence through the program. A final Safety Case should have all of the necessary and required specific artifacts such as test evidence supporting safety claims. A well balanced Safety Case must also allow for special safety directed verification, such as testing of credible failure conditions, testing of malfunctions to observe predicted safe states and planned behavior, fault insertion for expected functionality under worse case conditions, failure immunity to ensure system ignores corruption and rogue threats, and off nominal or modified conditions, out of bounds, and other type test results to prove safety requirements are met outside normal operation.
95:
Assessments and more elaborate and comprehensive Safety Cases with GSN are effective so long as
Refuting Arguments and much scrutiny using traditional hazard analyses and safety approaches are included and models used to depict system behavior. More elaborate models and formal methods are being used for collective safety evidence. In the UK, GSN as part of Safety Cases have proven to be useful for providing objective safety evidence. A Safety Case is an ideal way to reflect the MBSE model, software use cases, safety architecture, safety critical functional behavior, safe states, and sequencing in the safety domain. Functional behavior is often better understood, expressed and defended when graphically displayed every step of the way in MBSE vs. traditional development with enormous paperwork that is very difficult to correlate into an effective Safety Case.
60:, although the result will be case specific. A vehicle safety case may show it to be acceptably safe to be driven on a road, but conclude that it may be unsuited to driving on rough ground, or with an off-center load for example, if there would then be a greater risk of danger e.g. a loss of control or an injury to the occupant. The information used to compile the safety case may then formally guarantee further specifications, such as maximum safe speeds, permitted safe loads, or any other operational parameter. A safety case should be revisited when an existing product is to be re-purposed in a new way, if this extends beyond the scope of the original assessment.
108:
of system risk. Safety Cases must go beyond the current MIL-STD-882 Safety
Assessment Reports that are more general summary of hazard and risk based findings. Safety Cases with structured arguments, goals and objectives need to be more inclusive of various modern safety aspects, usually including requirements based safety (INCOSE), model based safety, software based safety (IEEE STD-1228), function based safety (IEC-61508, design based aerospace recommended practices for safety (SAE ARP 4761/4754A).
107:
Ideally, future Safety Case concepts, that are evolving as software intensive and high technology systems of systems gets more complex, must contain a focused data package with comprehensive safety artifacts and must be inclusive of all safety analyses, findings and determination of total summation
90:
Safety Cases are becoming more popular on civil/commercial aircraft and
Department of Defense (DoD) weapon systems as complexity and criticality increase. A paradigm shift is often necessary to accept Safety Cases as traditional system safety and software safety analysis and verification approaches
103:
The G-48, composed of a NASA safety Office, DoD Agencies and several leading defense contractor representatives, cite several evidence based safety advantages of Safety Cases over ANSI/GEA-STD-010 and MIL-STD-882, including 1. Upfront articulation of
Arguments (rationale and claims) to be used and
94:
Some major programs in the US Department of
Defense, such as the F-35 Vehicle Management System (VMS) are using Model Based System Engineering (MBSE) effectively on highly complex, software intensive and safety-critical airborne system functions, along with Goal Structuring Notation (GSN). Safety
79:
approach to safety certification, which require safety to be justified using a prescribed process. Such standards typically do not explicitly require an explicit argument for safety and instead rest on the assumption that following the prescribed process will generate the required evidence for
98:
The SAE International G-48 System Safety
Committee held The Safety Case Workshop at APT Research in Huntsville, AL on 15 January 2014 with several DoD agencies and leading contractors present to further study and capture the Safety Case process and methods for refinement and possible future
35:
for a specific application in a specific operating environment. Safety cases are often required as part of a regulatory process, a certificate of safety being granted only when the regulator is satisfied by the argument presented in a safety case. Industries regulated in this way include
117:
The review of safety cases is an important activity in the safety engineering process, performed throughout development, operation and maintenance, in which the safety case argument and evidence are scrutinized and challenged.
196:
161:
148:
91:
and processes are not adequately structured to present an effective safety argument on some more modern architectures using modern development tools and formal methods.
203:
168:
68:
A safety case aims to show that specific safety claims are substantiated and, in the UK, that risks are kept 'As Low As
Reasonably Practicable' (
80:
safety. Many UK standards are non-prescriptive and call for an argument-based approach to justify safety, hence why a safety case is required.
72:). In the US, the FDA issued a guidance document in 2010 to require infusion pump manufacturers to submit safety cases as part of the 510(k)s.
247:
162:"Safety Management Requirements for Defence Systems: Part 2: Guidance on Establishing a Means of Complying with Part I"
75:
A definition by UK Defense
Standard 00-56 Issue 4 states: Such an evidence-based approach can be contrasted with a
101:"There is now increasing evidence that some organizations in the U.S. are moving in the safety case direction."
111:
99:
promulgation in several Safety
Standards, as several already use as part of internal best practices.
84:
291:
264:
252:
83:
Safety cases are typically documented in both textual and graphical notations, e.g. using the
230:
136:
Defence
Standard 00-56 Issue 4 (Part 1): Safety Management Requirements for Defence Systems
56:. As such there are strong parallels with the formal evaluation of risk used to prepare a
8:
45:
286:
57:
53:
37:
280:
32:
16:
Series of arguments supported by evidences to justify the safety of a system
270:
184:
258:
49:
41:
28:
24:
219:
Journal of System Safety, Volume 51, No.1 Winter 2015 on page 19
69:
202:. A-P-T Research. January 14–15, 2014. Archived from
114:
methods have been applied to safety case production.
167:. Ministry of Defence. June 1, 2007. Archived from
31:, intended to justify that a system is acceptably
228:
278:
229:Myklebust, T.; Stålhane, T. (September 2016).
63:
279:
138:. UK Ministry of Defence. p. 17.
265:Italiano-speaking safety case course
259:Spanish-speaking safety case course
248:English-speaking safety case course
13:
271:German-speaking safety case course
253:French-speaking safety case course
14:
303:
241:
222:
213:
189:
178:
154:
142:
128:
1:
121:
7:
23:is that it is a structured
10:
308:
85:Goal Structuring Notation
64:Presenting a safety case
231:"The Agile Safety Case"
233:. Trondheim: SafeComp.
197:"Safety Case Workshop"
185:GSN Community Standard
209:on December 15, 2017.
174:on December 15, 2017.
149:FDA: Medical Devices
19:One definition of a
46:automotive industry
112:Agile development
299:
235:
234:
226:
220:
217:
211:
210:
208:
201:
193:
187:
182:
176:
175:
173:
166:
158:
152:
146:
140:
139:
132:
102:
307:
306:
302:
301:
300:
298:
297:
296:
277:
276:
244:
239:
238:
227:
223:
218:
214:
206:
199:
195:
194:
190:
183:
179:
171:
164:
160:
159:
155:
147:
143:
134:
133:
129:
124:
100:
66:
58:Risk Assessment
54:medical devices
27:, supported by
17:
12:
11:
5:
305:
295:
294:
292:Process safety
289:
275:
274:
268:
262:
256:
250:
243:
242:External links
240:
237:
236:
221:
212:
188:
177:
153:
141:
126:
125:
123:
120:
65:
62:
38:transportation
15:
9:
6:
4:
3:
2:
304:
293:
290:
288:
285:
284:
282:
272:
269:
267:(in Italiano)
266:
263:
260:
257:
254:
251:
249:
246:
245:
232:
225:
216:
205:
198:
192:
186:
181:
170:
163:
157:
150:
145:
137:
131:
127:
119:
115:
113:
109:
105:
96:
92:
88:
86:
81:
78:
73:
71:
61:
59:
55:
51:
47:
43:
39:
34:
30:
26:
22:
261:(in Spanish)
224:
215:
204:the original
191:
180:
169:the original
156:
144:
135:
130:
116:
110:
106:
97:
93:
89:
82:
77:prescriptive
76:
74:
67:
20:
18:
273:(in German)
255:(in France)
21:Safety Case
281:Categories
122:References
40:(such as
50:railways
42:aviation
29:evidence
25:argument
87:(GSN).
287:Safety
52:) and
44:, the
207:(PDF)
200:(PDF)
172:(PDF)
165:(PDF)
70:ALARP
48:and
33:safe
283::
151:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.