The main tasks of define analysis scope activity are:
Define the system boundary
Defining accidents and unacceptable losses forthe system
Identifying system hazards
Define safety constraints and safetyrequirements of the system
The difference between system accident and system hazardare:
· System Accident (Loss)
An undesired or unplanned event thatresults in a loss, including loss of human life or human injury, propertydamage, environmental pollution, mission loss, etc.–May involve environmentalfactors outside our control
· System Hazard
A system state or set of conditions that,together with a particular set of worst-case environment conditions, will leadto an accident (loss).–Something we can control in the design
Following sub-step will describe how toidentify them.
Before we analysis the system, we must have a clearunderstanding of the system, this including the system function behaviors,system elements and system boundary.
For this step, all the system accidents and unacceptablelosses need be listed as the table below
Use the following table to list the entire system hazards.
Based on identified the system hazards, the system safetyconstraints and system safety requirements could be made in order to makesystem safe.
This system safety requirements or constraints must be madeat the highest level.
For better understand of this step and to know what kind ofdetailed structure shall be made, I found ACC-BCM system structure o on theinternet for reference
When the fundamental preparations are done, the STPA analysiswork could be started. This step could be split into two sub-steps: step1-a and step 1-b.
This step is to identify unsafety control actions, whichcould cause the system hazards. This could be done in a systematic way by usingfollowing table.
The lower level system constraints could be derived from theidentified UCAs.
Once the control structure has been revised, causalscenarios can be identified for each of the unsafe control actions. The causalfactors in below picture can be used to guide the generation of causalscenarios. Notice that more design information may be incorporated at thisstage, such as information about the controller process model and other controlinputs.
Following table could be used to define the causal scenariosthat violate the system constraints.
STPA could also used for software safety analysis named as SW-STPA. Unlike the general form of the safety control structure of STPA, the SW-STPA have no actuators, sensors controllers and controlled processes. The safety control structure shall make some adaption when development control structure in SW-STPA. the generic safety control structure of SW-STPA is demonstrated below.
Maybe in the future I have a better understanding of STPA and SW-STPA, a seprate blog about SW-STPA are condsidered to be written.
[1] Systems Theoretic ProcessAnalysis (STPA)-MIT Clause, Internet
[2] Integrated Approach toRequirements Development and Hazard Analysis, SAE Technical Paper 2015-01-0274
功能安全沙龙 is used as an Wechart Public Account for the technical sharing platform on following topics :
ISO-26262
SOTIF/ ISO 21448
Cyber-security/J3061 or ISO-21434
Powertrain Control of PHEV and EV
ADAS or ADS or AD vehicles
联系客服