en_GB EN
en_GB EN de_DE DE
Seite wählen

autoConform® Methodology, Software and Engineering Services

What are the prerequisites for system analyses?

1. Introduction

Functional safety standards require that a safety-critical product is developed according to the V-model of system development. Fig. 1 shows how the V-model is implemented by the autoConform® methodology and software.

Fig. 1: System development V-model of the autoConform® methodology and autoConform® software

As can be seen in Fig. 1, safety analyses are foreseen at every product architecture level. These safety analyses comprise

  • a Preliminary Hazard Analysis (PHA) or a Hazard Analysis and Risk Assessement (HARA) at the product or system level; and
  • a combination of a deductive analysis (Fault Tree Analysis, FTA), an inductive analysis (Failure Modes and Effects Analysis, FMEA) and a Dependent Failure Analysis (DFA) at all other product architecture levels.

Cybersecurity analyses of the system typically have to be conducted in addition to safety analyses.

Furthermore, it is recommended to perform complexity analyses of the product’s architectural design as unnecessary complexity reduces product quality, especially reliability, and increases product development, manufacturing and maintenance/service costs.

All of these analyses have some prerequisites in common which are described in Section 2. Section 3 summarizes the main insights of this article.

2. Prerequisites for System Analyses

The first prerequisite is derived from the fact that all system analyses are based on the static product architectural design. Therefore, the product architectural design must be suitably documented, and the documented product architectural design must be complete from the top level down to the product architecture level to be analyzed. If one or more product elements are missing in the product architectural design, or if the product architectural design contains „loose ends“ in the form of open or disconnected interfaces and signals, then the analysis performed on this basis may be misleading. This is because the „loose ends“ may result in important failure propagation or intrusion paths being overlooked, or in a grossly underestimated system complexity.

Prerequisite #1: Prior to performing an analysis at a particular product architecture level, the static product architectural design must be complete from the top product architecture level down to the product architecture level to be analyzed.

The second prerequisite is derived from the fact that all of the analyses mentioned in the introduction have to be conducted top-down. For instances, there is little point in performing safety analyses at the subsystem level if no safety analysis has been done at the product or system level. This is because we first need to know which safety goals and safety requirements the entire product needs to satisfy, before we can break down these product safety requirements into safety requirements for the product elements.

Prerequisite #2: An analysis at a particular product architecture level should only be conducted after having completed the corresponding analyses at all higher product architecture levels.

Some analyses not only depend on the static product architectural design, but can become much easier if other analyses had been done before. For instance, safety and cybersecurity analyses generally get more and more elaborate the more complex the system is. So investigating system complexity and reducing system complexity as much as possible should always be done before conducting safety and cybersecurity analyses. Another example is the order in which safety analyses are conducted at a particular product architecture level. An FTA reveals both the single-point failures and the multiple-point failures. The analysis and treatment of single-point failures is typically done by an FMEA, and the analysis and treatment of multiple-point failures by a DFA. Therefore, it makes sense to perform the safety analyses at a particular product architecture level in the order FTA first, FMEA second, DFA third.

Prerequisite #3: If a particular analysis would benefit from the results of other analyses, those other analysis should be done first.

The recommended order of system analyses is this.

a) At the product or system level:

  1. Complexity analysis,
  2. PHA/HARA,
  3. Cybersecurity analysis.

b) At all other product architecture levels:

  1. Complexity analysis,
  2. FTA,
  3. FMEA (or another inductive method like an FMEDA),
  4. DFA,
  5. Cybersecurity analysis.

3. Summary

All system analyses are based on the static product architectural design which must be complete, i.e., free of missing elements or unconnected interfaces and signals.

All system analyses must be performed top-down, starting at the top product architecture level which is the product or system level.

The system analyses are recommended to be conducted in a particular order:

  1. Complexity analysis,
  2. Deductive analysis (typically a Fault Tree Analysis (FTA)),
  3. Inductive analysis (typically a Failure Modes and Effects Analysis (FMEA)),
  4. Dependent Failure Analysis (DFA), and
  5. Cybersecurity analysis.
Download
Download
What are the prerequisites for system analyses?

Your contact person:

Request an initial consultation
Previous post
Next post

Please enter your name and email address to receive the document by email

Please enter your name and email address to receive the document via email

Accessibility

Accessibility

Increase Font SizeDecrease Font SizeLight contrastHigh contrastHighlight LinksReset Settings