Safe

In this article we pick up the thread of the previous article on the attribute ‘emergent’ with regard to system properties and follow it through on a specific path – that of systems safety. By ‘safety’ we mean not being injurious or dangerous to human life and health. Safety and security are closely related concepts. In the French and Dutch languages they share a single term – ‘sécurité’ and ‘veilig’ respectively, and in English language these terms are often found together in single phrases, such as ‘safe and secure’.
 
The unwanted emergent property related to systems safety is known as ‘hazardous’, being the opposite of ‘safe’. The safety industry has its own set of professional expertswhose main job is safety design and safety engineering in systems of all types. Those of you familiar with SABSA will know that the main uniqueness of the SABSA methodology is Business Attribute Profiling, and that much of the remainder of the framework is synthesised from a mixture of concepts borrowed from other frameworks, methods and standards. So it seems a good idea to examine the concepts and practices of the safety engineering community and see what additional wisdom we might learn from them and perhaps enhance SABSA thinking by adopting and aligning with these ideas. The SABSA Institute is now embarking on this line of enquiry as part of its endeavours to broaden the understanding and practice of risk management.

One of the most eminent thought leaders on safety engineering is Nancy Leveson from MIT, USA. Her book, Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, published in 2012 is currently the most up‐to‐date definitive work on the subject. It departs from previous safety methodologies, such a chain‐of‐events analysis, by taking a systems‐engineering view rather than a component view. The method described in the book for hazard analysis is known as STPA (Systems‐Theoretic Process Analysis) and builds on an accident‐modelling technique known as STAMP (Systems‐Theoretic Accident Model and Process) and an analytic technique for accident investigation known as CAST (Causal Analysis using Systems Theory).

Given the fact that the safety and security professional communities are hardly aware of one another and do not as a rule intermingle, there are surprising conceptual similarities between STPA and SABSA. The potential for enhancing SABSA by cross‐fertilising with STPA thinking seems to be a very good prospect. To demonstrate that, here are some key points that both frameworks share. Both are focused on:

  • Systems engineering as the underlying methodology;
  • Holistic systems analysis versus component analysis;
  • Top‐down decomposition from the highest level value statements;
  • Layered (tiered) systems analysis to reduce complexity and enhance simplicity of design;
  • Treating unwanted events as a control problem not a failure problem;
  • Modelling control systems and analysing the models;
  • Nested and embedded feedback control loops;
  • Organisational governance as being a critical success factor in achieving the objectives, both in systems development and in systems operations, and applied at all governance levels – regulatory, management and technical;
  • Seeing requirements definition as essential to a successful mission and flawed requirements as being the root of many problems;
  • Seeing people and process as an integral part of a system – not just technology;
  • Drawing on finite state machine theory (FSM) to determine safe/secure states and unsafe/insecure states and the events that trigger transition from one finite state to another.
  • Seeing that the interaction between systems components, each working to specification, can be the source of unwanted systems behaviour without any single component failing. (A system property, not a component property).

From the point of view of The SABSA Institute, these similarities mean there is a rich seam of safety knowledge and know‐how to be mined to find new aspects of analysis that can strengthen SABSA. The Institute will therefore be initiating a research project in the near future to investigate the possible advantages of adopting and/or aligning with some of the STPA thinking. Anyone with an interest in participating in this project should let us know by sending a message on www.sabsa.org/contact or by emailing to info@sabsa.org.

The Attributer