Martin Rejzek is among the researchers at the IAMP Safety-Critical Systems Research Lab who are working on how the STPA hazard analysis method can be applied. STPA, a promising method developed at the Massachusetts Institute of Technology, is being further developed and adapted to a wide range of applications worldwide. “Hazard analysis methods like STPA are based on a functional perspective, and that is crucial for today’s systems”, says Martin Rejzek. “Systems today carry out a great many functions, which are often implemented with software. This means that a simple way of thinking based on system failure doesn’t go very far, because software doesn’t just fail.” According to Rejzek, one advantage of the functional perspective is that the details of the system’s implementation are of secondary importance: “For example, in the analysis of a driver assistance system, it isn’t relevant what type of engine the car has been fitted with. This doesn’t make any difference with regard to the functions of the assistance system, so the STPA method can be used very early on in the development process.”

The IAMP works mainly with STPA. The purpose of this method is to systematically identify hazards and then take measures that prevent these hazards from occurring in the first place. “STPA takes users through the analysis process without imposing too many restrictions”, says Martin Rejzek. “It goes top-down from the overall system to individual subsystems and functions.” In a project funded by the Federal Commission for Technology and Innovation (CTI), researchers at the IAMP, in collaboration with industry partner Curtiss-Wright Antriebstechnik, have examined how STPA can be used in the development of control systems for machines. “On the one hand, the method needs to be integrated in the regulatory process, as the producer has to meet many requirements”, says Martin Rejzek. “On the other hand, initial analyses should be carried out as early as possible in the development process so that hazards are identified well before the finished product stage.” Using a real product development process as a case study, the researchers have been able to show how STPA can be integrated in the development of control systems for machines. The Curtiss-Wright Antriebstechnik company can now use the method in future product development. 

Another research project, with industry partner F. Hoffmann-La Roche, shows that STPA can also be used beyond the product development phase. This ongoing project is investigating an organisational operating process, as Martin Rejzek explains: “Here we use STPA to analyse a part of the quality management system in order to show that suitable quality control is ensured.” These research projects at the IAMP demonstrate the diverse potential applications of STPA as a hazard analysis method.