Safety Analysis for Software – How to Maintain Safety Models
Safety analysis is a method performed by safety engineering to ensure that systems provide acceptable levels of security, adhering to strict guidelines. The purpose of safety engineering is to assure that a life-critical system behaves as needed, even when components fail. Keeping safety models up-to-date is an iterative process that needs to be constantly refined.
Analysis techniques of safety analysis
Analysis techniques can be divided into qualitative and quantitative methods. Both approaches focus on finding causal dependencies between a hazard on the system-level and failures of individual components. Qualitative approaches ask: “What must go wrong, such that a system hazard may occur?” while quantitative methods focus on estimating probabilities, rates and/or severity of consequences.
Traditionally, safety analysis techniques rely solely on skill and expertise of the safety engineer. In the last decade, model-based approaches have come to the forefront and are now considered the norm. In contrast to traditional methods, model-based techniques try to derive relationships between causes and consequences from some sort of model of the system. When there are changes to the system hardware, both approaches may be used to ask: “Has anything changed that will impact the safety models?” This tedious, iterative process can help ensure that safety standards are met effectively.
Traditional methods for safety analysis
The two most common fault modeling techniques are called “fault tree analysis” and “failure mode and effects analysis.” These techniques represent ways of finding problems, allowing one to prepare to cope with failures.
Fault tree analysis
Fault tree analysis (FTA) is a top-down, deductive analytical method. In FTA, initiating primary events, including component failures, human errors and external events, are traced through Boolean logic gates to an undesired top event with the intent to identify ways to make top events less probable, and verify that safety goals have been achieved. Examples where this would be used include aircraft crashes or nuclear reactor core melts.
A fault tree diagram
FTA may be qualitative or quantitative. When failure and event probabilities are unknown, qualitative fault trees may be analyzed for minimal cut sets. For example, if any minimal cut set contains a single base event, then the top event may be caused by a single failure. Quantitative FTA is used to compute top event probability, and generally uses computer software such as CAFTA from the Electric Power Research Institute or SAPHIRE from the Idaho National Laboratory.
Failure mode and effects analysis
Failure Mode and Effects Analysis (FMEA) is a bottom-up, inductive analytical method that can be performed at either the functional or piece-part level. For functional FMEA, failure modes are identified for each function in a system or equipment item, usually with the help of a functional block diagram. For piece-part FMEA, failure modes are identified for each piece-part component (for instance, a valve, connector, resistor or diode). The effects of the failure mode are described and assigned a probability based on the failure rate and failure mode ratio of the function or component.
Once a failure mode is identified, it can usually be mitigated by adding extra or redundant equipment to the system. The modifications will require the safety models to be revisited to ensure they still accurately reflect the system. This can be a daunting task for typically small safety engineering teams, but it must be done.
Performance is a software and engineering services firm that provides innovative, turnkey solutions for safety-critical projects. We specialize in serving clients in the avionics, aerospace/defense, healthcare and energy markets whose missions require meticulous attention to detail. Safety is one element you will not want to compromise. Confidently choose a professional who will ensure that your next safety analysis project runs smoothly and contact us today.