TY - GEN
T1 - Practical Examples of a New Approach to Creating Clear Operational Safety Cases
AU - Fenn, Jane
AU - Hawkins, Richard David
AU - Nicholson, Mark
N1 - This is an author-produced version of the published paper. Uploaded with permission of the publisher/copyright holder. Further copying may not be permitted; contact the publisher for details
PY - 2025/2/6
Y1 - 2025/2/6
N2 - The concept of an ‘Operational Claim Point’, (OCP), has recently been proposed as a mechanism for improving the structuring and clarity of Operational Safety Cases. OCPs provide a mechanism by which arguments and evidence in the operational domain can be explicitly connected to design-time risk arguments. This gives rise to a number of benefits: ensuring that system operators are able to focus on just the operational aspects of the safety case relevant to them (hiding irrelevant and potentially confusing design details); making sure that, at the same time, the crucial relationship between the operational safety case and the design-time risk argument is explicitly documented and maintained (helping operators to better un-derstand the safety impact of their work); and allowing design-time safety engineers to specify, in the risk argument, safety claims relating to system operation. We provide worked examples of how OCPs can be used in practice. Through these ex-amples we explore some of the challenges in creating operational safety cases, in-cluding the link to the operational Safety Management System. We consider the impact of evidence that becomes apparent during operation, indicating unaccepta-ble risk levels, and argument and evidence that may change depending on the spe-cific choices of different operators of the same system.
AB - The concept of an ‘Operational Claim Point’, (OCP), has recently been proposed as a mechanism for improving the structuring and clarity of Operational Safety Cases. OCPs provide a mechanism by which arguments and evidence in the operational domain can be explicitly connected to design-time risk arguments. This gives rise to a number of benefits: ensuring that system operators are able to focus on just the operational aspects of the safety case relevant to them (hiding irrelevant and potentially confusing design details); making sure that, at the same time, the crucial relationship between the operational safety case and the design-time risk argument is explicitly documented and maintained (helping operators to better un-derstand the safety impact of their work); and allowing design-time safety engineers to specify, in the risk argument, safety claims relating to system operation. We provide worked examples of how OCPs can be used in practice. Through these ex-amples we explore some of the challenges in creating operational safety cases, in-cluding the link to the operational Safety Management System. We consider the impact of evidence that becomes apparent during operation, indicating unaccepta-ble risk levels, and argument and evidence that may change depending on the spe-cific choices of different operators of the same system.
M3 - Conference contribution
BT - Safety Critical Systems Symposium (SSS '25)
ER -