Seminar: New Safety Analysis Techniques

  Event description   Programme    


New Safety Analysis Techniques

Thursday 12 November, 2020 - Online, Free to Members

This seminar took place in an online format in the afternoon of 12th November. 

Slides from the event together with a video of each presentation are available to full SCSC members.  Please see the programme tab for the list of talks and links to slides and videos.

This seminar will look at emerging, novel and recently established techniques for analysing aspects of safety systems: their overall properties, their architecture and interactions, their environment and their justification.

Safety systems require analysis for potential failures that can lead to hazards. Traditional techniques tend to have limited applicability in today's world of highly complex, interconnected, continually updated systems. Learning systems bring new analysis problems as the faults may be contained in the training data rather than the system itself.

Techniques such as STAMP/STPA will be covered as well as emerging methods for analysing hazards in context (Environmental Survey Hazard Analysis). The Functional Resonance Analysis Method (FRAM) will be explained via a healthcare example. The final talk of the day will look at Dialetic Arguments in safety cases.

A wrap up session at the end of the day will discuss the most promising techniques for specific areas.

Speakers include:

Chris Harper, Bristol Robotics Laboratory - Environmental Survey Hazard Analysis – Current Developments

Mark Sujan, Human Factors Everywhere Ltd. - Managing the deteriorating patient – A FRAM analysis

Simon Whiteley, Whiteley Aerospace - Overview of STAMP & STPA Hazard Analysis

Yvonne Oakshott, Leonardo - Dialectical Argumentation

Membership details can be found here:


Talks Detail:

Managing the deteriorating patient – A FRAM analysis

Authors: Mark Sujan, Laura Pickup, Peter McCulloch
Presenter: Mark Sujan


The Functional Resonance Analysis Method (FRAM) is based on principles from Resilience Engineering.  The underlying thinking is that safety management might benefit from analysing everyday work (i.e. what works) to complement the traditional focus on risks and how to control them.  In this presentation, I give a brief introduction to FRAM, and I illustrate its application with an example from healthcare.  I will discuss what we have learned from using FRAM, and how this compares and contrasts with methods such as Human Reliability Analysis.  


Dr Mark Sujan is a Chartered Ergonomist (C.ErgHF).  He is founder of Human Factors Everywhere, a small company dedicated to helping people adopt human-centred approaches for running a safe and secure business.  He is a visiting academic at the Nuffield Department of Surgical Sciences at the University of Oxford.  


Overview of STAMP & STPA Hazard Analysis

Presenter: Simon Whiteley


This session will provide an overview of the STAMP Accident Causality Model and a straight forward introduction to the Hazard Analysis method based upon STAMP known as STPA: Systems Theoretic Process Analysis.


Simon Whiteley is a System Safety Engineering Consultant at Whiteley Aerospace. He has a BEng in Aerospace Engineering and an MSc in Safety Critical Systems Engineering. Simon has worked across all parts of the Engineering, Product & Project Lifecycle, across many industry sectors including Civil & Defence Aerospace (Airlines, large multi-engine, fast jet & rotary), Air Traffic Control (ATC), Weapon Systems, Defence Maritime, Defence Nuclear, Armoured Automotive, Healthcare & Government IT, Rail, Pharmaceuticals & Energy (Oil & Gas). Simon provides individual and group training & coaching to individuals and organisations across diverse industry sectors and supports them in achieving fantastic results using STAMP, STPA & CAST.


Environmental Survey Hazard Analysis – Current Developments

Presenter: Chris Harper


Environmental Survey Hazard Analysis is a new variant of preliminary hazard identification aimed at autonomous system applications. Since autonomous systems must (in principle) operate without any human intervention at all for extended periods of time, they are required to perform a variety of ‘non-mission’ tasks associated with general survival in their operating environment, as well as those tasks that define the purpose(s) for which they were commissioned (their ‘mission tasks’). Traditional hazard identification methods are not well suited to identification of non-mission tasks (and their associated hazards) so ESHA was developed to fill this gap.


Dr Chris Harper is currently a Research Fellow in Robotics Safety and Control at Bristol Robotics Laboratory, University of the West of England, and has been a systems and software safety assurance engineer for over twenty five years in various industries including aerospace, rail, defence, nuclear energy, software systems, and robotics. He was involved in the development of the ISO 13482 standard, which was the first international standard on safety requirements for mobile service robots. His research interest is in the safety assurance of artificial intelligence and autonomous systems, including safety assurance methods, high integrity design principles, safety validation, and safety argumentation.


Dialectic Argumentation

Presenter: Yvonne Oakshott


Assurance Cases have been criticised in the past for presenting a “rose-tinted” view of a risk based argument, by over emphasising the high level claims, which can lead to bias and insufficient focus on the wider picture. Dialectic Argumentation provides a framework for creating, challenging and questioning assurance cases. The basic principles can be found in legal records from the 1900s, but a number of issues have prevented the adoption of a wider approach to challenging arguments through the use of dialectic argument. These include lack of awareness, a reluctance to accept techniques that are not routinely used, and the minimal availability of concrete examples. This presentation raises the profile of dialectic argumentation, by explaining the concept and the benefits of a dialectic approach and providing examples of how to construct dialectic challenges in an assurance case.


Yvonne Oakshott is a Principal Software and System Assurance Engineer at Leonardo MW in Yeovil. She is a Chartered Engineer and has over 35 years of experience in the Aerospace sector. Yvonne was previously working on a cross industry project developing certification approaches for future air systems and is currently working on safety and cybersecurity assurance for Leonardo aircraft. She was a primary contributor to the development of the IAWG (Industrial Avionic Working Group) Modular Software Safety Case Process (IMSSC) from initial concept to final delivery into the public domain and to the subsequent application on a number of programmes, including Weapons Integration UK (WIUK). Yvonne is a contributor to the SCSC Assurance Case Working Group (ACWG), is co-author of several papers and is an experienced presenter

SCSC.UK uses anonymous session cookies please see Privacy policy

© SCSC 2022