Goal-based approach system safety assessment

Unlike the prescriptive approach, the goal-based methodology enables an assessment and re-assessment of risk as operational experience is gained. The intelligence gathered after system go-live provides powerful lessons from which the safety position can be re-evaluated and further evidenced. A simple prescriptive checklist fails to take these important messages into account. 

So, although the goal-based approach provides a designer with acceptable levels of safety which need to be accomplished in the design (as in Chapter 8), the user of the system will need to conduct further assessments (as in Chapter 9) to consider how the system is put into operational use and what risks said use will hold. 

There is no one correct way of conducting a safety assessment. It all depends on the system complexity and on the safety assessment approach utilised (see Chapter 2). That does not mean to say that the assessment has to be analysed from a single approach only for, more often than not, a combined approach is far more feasible to identify and analyse the range of possible hazards (see Chapter 6). The following section will broadly contrast/compare the maimer in which the goal-based approach (Chapter 5) and the risk-based approach (Chapter 4) are applied during a system safety assessment. 

In Chapter 1, we consider the legal issues associated with system safety. The purpose of this chapter is to reinforce the liabilities assumed in the generation of safety related documentation. In Chapter 2 we attempt to put the term safety into perspective, and the basic approaches used to achieve it. The next three chapters will then explore three of these approaches the use of Regulatory Standards is explored in Chapter 3 Chapter 4 considers the risk-based approach, which is widely adopted in the military industry as well as by Health Safety specialists Chapter 5 introduces the civil aeronautical approach to safety assessments, which (for the want of a better term) we shall call the goal-based approach (in contrast to the risk-based approach in Chapter 4) as it provides clear goals (i.e. failure probability targets) for system designers to achieve. 

The next two chapters consider the generic approach to two frequently asked for deliverables. Chapter 8 considers the system safety assessment (SS A), which is usually required for the certification of a new/modified system. In the civil arena, the SS A is often based on the goal-based approach. In contrast, the safety case in considered in Chapter 9. The safety case is the document that manages (via the risk-based approach) the major hazards that an operator/maintainer of a system/facility faces, as well as the means employed to control those hazards. 

For this paper we treat hazard assessment as a combination of two interrelated concepts hazard identification, in which the possible hazardous events at the system boundary are discovered, and hazard analysis, in which the likelihood, consequences and severity of the events are determined. The hazard identification process is based on a model of the way in which parts of a system may deviate fi om their intended behaviour. Examples of such analysis include Hazard and Operability Studies (HAZOP, Kletz 1992), Fault Propagation and Transformation Calculus (Wallace 2005), Function Failure Analysis (SAE 1996) and Failure Modes and Effects Analysis (Villemeur 1992). Some analysis approaches start with possible deviations and determine likely undesired outcomes (so-called inductive approaches) while others start with a particular unwanted event and try to determine possible causes (so-called deductive approaches). The overall goal may be safety analysis, to assess the safety of a proposed system (a design, a model or an actual product) or accident analysis, to determine the likely causes of an incident that has occurred. 

---