How can safety analyses be carried out with high quality and low manual effort?

1. Introduction

In the article "When do I need which safety analyses in a development project?", a variant of the V-model of system development was presented. This V-model includes the safety analyses which have to be carried out during product development. In this V-model, the product to be developed is broken down into product architecture levels. For each product architecture level, design specifications and safety analyses are created. The safety analyses are used to check the design specifications and supplement them with aspects of functional safety, e.g. safety ratings and safety mechanisms.

In this V-model, the following safety analyses are to be carried out depending on the product architecture level considered:

• at the top or first product architecture level: a Preliminary Hazard Analysis (PHA) or a Hazard Analysis and Risk Assessment (HARA),
• at the second and all lower product architecture levels: a combination of FTA (deductive analysis), FMEA (inductive analysis) and DFA (dependent failure analysis).

With the exception of the highest product architecture level, the safety analysis methods to be carried out at each product architecture level are essentially the same. These safety analyses are preferably initiated at the second product architecture level and are subsequently extended for the descending order of product architecture levels.

Section 2 describes how this can be done efficiently and with high quality. Section 3 summarizes the key take-aways.

2. Semi-automated safety analyses – what can be automated and what not?

In the V-model of system development according to the autoConform® methodology and software, a design specification document is created for each product architecture level. This document contains:

• the external interfaces of all elements of the product architecture level under consideration and
• the chains of effects, represented by “generalized signals”, between the elements.

A “generalized signal” represents the transfer of information, material or energy. Such a signal can be either “intended” or “unintended”, with the latter being referred to as "disturbance".

Intended signals are of one of the types:

• A: acoustic (radiative and structure-borne)
• C: communication
• E: electromagnetic (conductive)
• G: gaseous chemicals
• L: liquid chemicals (including water)
• M: mechanical (solid and fluid
• and other.

Unintended signals are of one of the types:

• u_A: acoustic disturbance (radiative and structure-borne)
• u_C: unintended communication
• u_D: dirt and dust
• u_E_LF: conductive electrical low-frequency disturbance (≤150kHz)
• u_E_RF: conductive electrical radio frequency disturbance (150kHz…150MHz)
• u_F: floating potentials (including ESD)
• u_G: unintended gaseous chemicals
• u_H: humidity (including moisture and condensation)
• u_L: unintended liquid chemicals
• and other.

Semi-automated safety analyses

The design specifications of each product architecture level specify all signal connections and the type of every signal. With this information, the following safety analyses can be carried out semi-automatically:

• Qualitative Fault Tree Analysis (FTA) to trace the chains of effects and identify safety-critical events,
• FMEA for the identification and evaluation of simple errors,
• DFA for the analysis of multiple failures, especially dependent failures.

The analyses are carried out iteratively at each product architecture level. Safety requirements derived from the safety analyses are automatically incorporated into the requirement specifications of the respective product architecture level.

Limits of automation

Automation reaches its limits where specific decisions and evaluations are required, e.g.:

• Assessment of external influences such as UV radiation or mechanical stress,
• Evaluation of the non-technical (e.g. financial) impact of technical measures,
• Risk assessment of complex scenarios.

3. Summary

Semi-automated safety analyses as offered by the autoConform® methodology and software provide:

• Higher quality: Complete and consistent results,
• Less effort: Significantly reduced manual work,
• Efficiency: Faster created and updated.

Through the combination of automation and engineering expertise, safety analyses can be carried out with both unprecedented completeness and in a standards-compliant and efficient manner.