Developing Compelling Safety Cases

TL;DR

This paper presents a process improvement method for creating safety cases that emphasizes risk focus, system safety, and decision support, aiming to address common weaknesses like confirmation bias and superficial documentation.

Contribution

It introduces a process-oriented approach that enhances safety case practice without new notations, focusing on risk assessment, system safety, and lifecycle decision support.

Findings

Improves safety case quality by emphasizing risk-focused analysis.

Encourages understanding of system safety and decision-making.

Demonstrates application with an infusion pump example.

Abstract

This paper describes a method for creating compelling safety cases. The method seeks to help improve safety case practice in order to address the weaknesses identified in current practice, in particular confirmation bias, after-the-fact assurance and safety cases as a paperwork exercise. Rather than creating new notations and tools to address these issues, we contend that it is improvements in the safety case process that will make the most significant improvement to safety case practice. Our method builds upon established approaches and best practice to create an approach that will ensure safety cases are risk-focused, seek to identify ways in which the system may not be safe (rather than just assuming it is), drive safe design and operation of the system (influencing the system itself rather than just documenting what's there), are used to support decisions made throughout the life of the system, including system operation and change, and encourage developers and operators to think about and understand why their system is safe (and when it isn't). A simple example of an infusion pump system is used to illustrate how the new method is applied in practice.