Specialist Areas
SHIP: Safety Case Structure
The safety case should be developed in parallel with the design. It will tend to evolve and become more detailed as the system is developed. At each stage, the basis for the safety arguments should be clear. The safety case should:- make an explicit set of claims about the system
- provide a systematic structure for marshalling the evidence
- provide a set of safety arguments that link the claims to the evidence
- make clear the assumptions and judgements underlying the arguments
- provide for different viewpoints and levels of detail
- claims about properties of the system or subsystem
- evidence which is used as the basis of the safety argument
- arguments linking the evidence to the claims
- inference rules that provide the logical basis for the steps in an argument
The actual nature of the argument and the inference mechanism can vary depending on the system design and the safety case strategy. For example, an argument could be:
- Deterministic, where the evidence can be axioms, the inference mechanism is the rules of predicate logic, and the safety argument is a proof using
those rules.
- Probabilistic, where the evidence could be component failure rates and assumptions of independence, and the inference mechanism is statistical
analysis.
- Qualitative, where the evidence might be adherence to standards, design rules, or guidance. The inference mechanism is some form of acceptance criterion based on this.
