[SystemSafety] A comparison of STPA and ARP 4761

From: Laurent Fabre < >
Date: Thu, 24 Jul 2014 11:29:27 -0700

Many in the system safety industry have heard of the STAMP / STPA method originally developed by Prof. Nancy Leveson and her team. One of the latest development around this method is that a group at MIT has been comparing the safety assessment process of STPA with SAE ARP 4761 (For readers not familiar with this reference, this is the well established guidance document that describes the safety assessment process in the aerospace industry).
The results of this work have been documented in a report recently released on the MIT web site. The title of the report is "A Comparison of STPA and the ARP 4761 Safety Assessment Process". Here's the link to the report:

This report should be of interest to system safety engineers in the aerospace industry but more generally to engineers in all safety-critical industries that have looked at ARP 4761 as a reference.

Here's the conclusion of this report:

    "This report compares the safety analysis process of ARP 4761 with     STPA, using the wheel brake system example in ARP 4761. We show that     STPA identifies hazards omitted by the ARP 4761 process,     particularly those associated with software, human factors and     operations. The goal of STPA is to identify detailed scenarios     leading to accidents so that they can be eliminated or controlled in     the design rather than showing that reliability goals have been met.     The succeeding verification processes (DO-178C/DO-254) are still     necessary to assure that the requirements provided by the process in     ARP 4754A and supported by STPA, are fully verified.

    In the reality of increasing aircraft complexity and software     control, the traditional safety assessment process described in ARP     4761 omits important causes of aircraft accidents. The general     lesson to be learned from the comparison in this report is that we     need to create and employ more powerful and inclusive approaches to     evaluating safety that include more types of causal factors and     integrate software and human factors directly into the evaluation.     STPA is one possibility, but the potential for additional approaches     should be explored as well as improvements or extensions to STPA.     There is no going back to the simpler, less automated designs of the     past, and engineering will need to adopt new approaches to handle     the changes that are occurring."

I suspect that this conclusion will generate some controversy. I have not read this report yet but I intend to. This document has been published very recently (last month) so it will take some time for system safety practitioners to become aware of it and react. Anyway the SAE S-18 committee and EUROCAE WG-63 currently working on version A of ARP4761 should have a specific interest in this report.

Laurent Fabre

Critical Systems Labs, Inc.  <http://www.criticalsystemslabs.com/>
#140 - 601 West Cordova Street
Vancouver, BC, Canada
V6B 1G1
Tel:  (604) 638-7391

_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Thu Jul 24 2014 - 20:29:28 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST