A systematic approach to eliminating hazards
Before companies place a new product on the market, they must ensure it does not pose any intolerable risks to humans or the environment. In order to do so, they carry out hazard and risk analyses. Researchers at the ZHAW School of Engineering are working on such analysis methods and the challenges connected with their application.
From cars to lifts and coffee machines – in our everyday lives, we all use technical devices and machines that we must be able to rely on. We need to rely on the cruise control in our cars to maintain a constant speed, on lifts not to open their doors while moving, and on coffee machines to make our coffee without giving us an electric shock. Ensuring the safety of these products is the responsibility of the people who produce them or who place them on the market. This is why hazard and risk analyses are an essential part of product development. “Making sure that my coffee machine doesn’t give me an electric shock is relatively easy, since it’s such a simple system”, says Martin Rejzek of the Institute of Applied Mathematics and Physics (IAMP). “On the other hand, when we have to deal with systems like a manufacturing plant or a driver assistance system in a car, it’s more challenging. These systems are more complex and more interlinked, and they can interact with humans in a wide variety of ways, so it is crucial to carry out systematic risk analyses.”
Martin Rejzek is among the researchers at the IAMP Safety-Critical Systems Research Lab who are working on how the STPA hazard analysis method can be applied. STPA, a promising method developed at the Massachusetts Institute of Technology, is being further developed and adapted to a wide range of applications worldwide. “Hazard analysis methods like STPA are based on a functional perspective, and that is crucial for today’s systems”, says Martin Rejzek. “Systems today carry out a great many functions, which are often implemented with software. This means that a simple way of thinking based on system failure doesn’t go very far, because software doesn’t just fail.” According to Rejzek, one advantage of the functional perspective is that the details of the system’s implementation are of secondary importance: “For example, in the analysis of a driver assistance system, it isn’t relevant what type of engine the car has been fitted with. This doesn’t make any difference with regard to the functions of the assistance system, so the STPA method can be used very early on in the development process.”
“Initial analyses should be carried out as early as possible in the development process so that hazards are identified well before the finished product stage.”
The IAMP works mainly with STPA. The purpose of this method is to systematically identify hazards and then take measures that prevent these hazards from occurring in the first place. “STPA takes users through the analysis process without imposing too many restrictions”, says Martin Rejzek. “It goes top-down from the overall system to individual subsystems and functions.” In a project funded by the Federal Commission for Technology and Innovation (CTI), researchers at the IAMP, in collaboration with industry partner Curtiss-Wright Antriebstechnik, have examined how STPA can be used in the development of control systems for machines. “On the one hand, the method needs to be integrated in the regulatory process, as the producer has to meet many requirements”, says Martin Rejzek. “On the other hand, initial analyses should be carried out as early as possible in the development process so that hazards are identified well before the finished product stage.” Using a real product development process as a case study, the researchers have been able to show how STPA can be integrated in the development of control systems for machines. The Curtiss-Wright Antriebstechnik company can now use the method in future product development.
Another research project, with industry partner F. Hoffmann-La Roche, shows that STPA can also be used beyond the product development phase. This ongoing project is investigating an organisational operating process, as Martin Rejzek explains: “Here we use STPA to analyse a part of the quality management system in order to show that suitable quality control is ensured.” These research projects at the IAMP demonstrate the diverse potential applications of STPA as a hazard analysis method.