Comparison of the FMEA and STPA safety analysis methods–a case study (original) (raw)
Related papers
Hazard Analysis of Collision Avoidance System using STPA
As our society becomes more and more dependent on IT systems, failures of these systems can harm more and more people and organizations both public and private. Diligently performing risk and hazard analysis helps to minimize the societal harms of IT system failures. In this paper we present experiences gained by applying the System Theoretic Process Analysis (STPA) method for hazard analysis on a forward collision avoidance system. Our main objectives are to investigate effectiveness in terms of the number and quality of identified hazards, and time efficiency in terms of required efforts of the studied method. Based on the findings of this study STPA has proved to be an effective and efficient hazard analysis method for assessing the safety of a safety-critical system and it requires a moderate level of effort.
Proceedings of the 19th International Conference on Evaluation and Assessment in Software Engineering - EASE '15, 2015
Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of systems. FTA and FMEA are most commonly used by safety analysts. Recently, STPA has been proposed with the goal to better cope with complex systems including software. Objective: This research aimed at comparing quantitatively these three safety analysis techniques with regard to their effectiveness, applicability, understandability, ease of use and efficiency in identifying software safety requirements at the system level. Method: We conducted a controlled experiment with 21 master and bachelor students applying these three techniques to three safety-critical systems: train door control, anti-lock braking and traffic collision and avoidance. Results: The results showed that there is no statistically significant difference between these techniques in terms of applicability, understandability and ease of use, but a significant difference in terms of effectiveness and efficiency is obtained. Conclusion: We conclude that STPA seems to be an effective method to identify software safety requirements at the system level. In particular, STPA addresses more different software safety requirements than the traditional techniques FTA and FMEA, but STPA needs more time to carry out by safety analysts with little or no prior experience.
A Comparison of Two Approaches to Safety Analysis Based on Use Cases
Lecture Notes in Computer Science, 2007
Engineering has a long tradition in analyzing the safety of mechanical, electrical and electronic systems. Important methods like HazOp and FMEA have also been adopted by the software engineering community. The misuse case method, on the other hand, has been developed by the software community as an alternative to FMEA and preliminary HazOp for software development. To compare the two methods misuse case and FMEA we have run a small experiment involving 42 third year software engineering students. In the experiment, the students should identify and analyze failure modes from one of the use cases for a commercial electronic patient journals system. The results of the experiment show that on the average, the group that used misuse cases identified and analyzed more user related failure modes than the persons using FMEA. In addition, the persons who used the misuse cases scored better on perceived ease of use and intention to use.
IT Risk Identification and Evaluation: a Case Study on XYZ University
International Journal on Advanced Science, Engineering and Information Technology, 2019
The purpose of this paper is to demonstrate that Failure Mode Effect Analysis (FMEA) can be applied to the educational field to identify various failure modes and its potential failure effect that could occur in anytime. FMEA is widely used in a design, a manufacturing or assembly process, or a product and service for identifying all possible failures. Risk identification is part of risk management. Therefore it is a critical first step of it. This paper is a case study on XYZ University which trying to implement risk management which only focused on how to identify the risk using FMEA. FMEA needs some parameters to be defined which are severity values, the likelihood of occurrence, and detection. Risk Priority Number (RPN) is a matrix that indicates potential risk calculated by multiplying the three components, and it used to classify which should be taken care of first based on the highest RPN value. Filtering the ticketing system and mapped the incidents that happened to the current business process is how the data collected, also the interview to end user for validation. The result of this paper is astonishing because it is different from the initial expectation that business process like LMS or network facility will get the highest RPN value, but after doing all the process, it is found that telecommunication is at the top. Surely this provides a new perspective to risk management to be slicker in handling potential one.
A review of research on risk analysis methods for IT systems
Proceedings of the 17th International Conference on Evaluation and Assessment in Software Engineering - EASE '13, 2013
Context: At the same time as our dependence on IT systems increases, the number of reports of problems caused by failures of critical IT systems has also increased. This means that there is a need for risk analysis in the development of this kind of systems. Risk analysis of technical systems has a long history in mechanical and electrical engineering. Objective: Even if a number of methods for risk analysis of technical systems exist, the failure behavior of information systems is typically very different from mechanical systems. Therefore, risk analysis of IT systems requires different risk analysis techniques, or at least adaptations of traditional approaches. This means that there is a need to understand what types of methods are available for IT systems and what research that has been conducted on these methods. Method: In this paper we present a systematic mapping study on risk analysis for IT systems. 1086 unique papers were identified in a database search and 57 papers were identified as relevant for this study. These papers were classified based on 5 different criteria. Results: This classification, for example, shows that most of the discussed risk analysis methods are qualitative and not quantitative and that most of the risk analysis methods that are presented in these papers are developed for IT systems in general and not for specific types of IT system, like e-government systems.
Industrial Engineering and Management Systems
Risk management is recognized as a significant element in Information Security Management while the failure mode and effects analysis (FMEA) is widely used in risk analysis in manufacturing industry. This paper aims to present the development work of the Information Security FMEA Circle (InfoSec FMEA Circle) which is used to support the risk management framework by modifying traditional FMEA methodologies. In order to demonstrate the "appropriateness" of the InfoSec FMEA Circle for the purposes of assessing information security, a case study at Hong Kong Science and Technology Parks Corporation (HKSTP) is employed. The "InfoSec FMEA Circle" is found to be an effective risk assessment methodology that has a significant contribution to providing a stepwise risk management implementation model for information security management.
A Survey on Different Software Safety Hazard Analysis and Techniques in Safety Critical Systems
Software safety plays a significant role in safety critical system in various domains like aircraft flight control, nuclear system, medical systems and driver vehicle assistant in automobile. The software for safety critical system must deal with hazard analysis to make the software risk free and fail safe. Hazard is a state or a situation that causes threat to life which will leads to an accident. Hazard analysis identifies the hazards in the system life cycle to make the system safe. Safety is a subset of reliability or a subset of security, safety and security are closely related. The important difference between safety and security is that security focuses on malicious action, safety concerned with well-intended action. This paper presents a review of various software safety hazard analysis like fault tree analysis, event tree analysis, cause-consequence analysis, hazards and operability analysis, failure mode effect analysis and fault hazard analysis in safety critical systems.
Quantitative and Qualitative Approach for IT Risk Assessment
Asia-pacific Journal of Convergent Research Interchange, 2015
Solid administration over every important partner is expected to set up a situation for the free and open exposure and examination of danger. The motivation behind Risk management is to distinguish potential issues before they happen so that hazard taking care of exercises may be arranged and summoned as required over the life of the item or venture to relieve unfavourable effects on accomplishing goals. Hazard administration is a consistent, forward-looking process that is an imperative piece of business and specialized administration forms. Hazard administration ought to address issues that could imperil accomplishment of basic goals. A ceaseless danger administration methodology is connected to successfully foresee and alleviate the dangers that have basic effect on the task. Successful danger administration incorporates early and forceful danger recognizable proof through the coordinated effort and inclusion of pertinent partners.
Improved Safety Analysis Integration in a Systems Engineering Approach
Applied Sciences
The goal of the paper is the integration of safety analysis in a model-based systems engineering approach to ensure consistency between system design and safety artifacts. This integration permits the continuous improvement of the structure and behavior of the system. It also reduces system development time and prevents late detection of errors. To reach this purpose, the SafeSysE methodology is extended. In SafeSysE, a preliminary Failure Mode and Effects Analysis (FMEA) is automatically generated from a SysML model, and this FMEA is then completed by the safety expert but no further development was proposed. The contribution of this paper is to suggest recommendations based on the FMEA analysis in order to enhance the system design and make it comply with safety requirements. First, an updated system structure that may contain redundancy is proposed. Then, a redundancy profile is used to enrich the system model with redundancy information, which will allow the generation of a dyna...