A systematic approach to safety case maintenance

A crucial aspect of safety case management is the ongoing maintenance of the safety argument through life. Throughout the operational life of any system, changing regulatory requirements, additional safety evidence and a changing design can challenge the corresponding safety case. In order to maintain an accurate account of the safety of the system, all such challenges must be assessed for their impact on the original safety argument. This is increasingly being recognised by many safety standards. However, many safety engineers are experiencing difficulties with safety case maintenance at present, the prime reason being that they do not have a systematic and methodical approach by which to examine the impact of change on safety argument. The size and complexity of safety arguments and evidence being presented within safety cases is increasing. Nowhere is this more apparent than for Electrical, Electronic and Programmable Electronic systems attempting to comply with the requirements and recommendations of software and hardware safety standards such as IEC 61508 [Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. International Electrotechnical Commission, Draft Standard, 1997] and UK Defence Standards 00-54 [MoD. 00-54 Requirements of Safety Related Electronic Hardware in Defence Equipment. Ministry of Defence, Interim Defence Standard, 1999], 00-55 [MoD. 00-55 Requirements of Safety Related Software in Defence Equipment. Ministry of Defence, Defence Standard, 1997], and 00-56 [MoD. 00-56 Safety Management Requirements for Defence Systems. Ministry of Defence, Defence Standard, 1996]. However, this increase ill safety case complexity exacerbates problems of comprehension and maintainability later on in the system lifecycle. This paper defines and describes a tool-supported process, based upon the principles of goal structuring, that attempts to address these difficulties through facilitating the systematic impact assessment of safety case challenges. (C) 2001 Elsevier Science Ltd. All rights reserved.