Embedding STPA into a Highly Successful Risk Management Software Application

; (). Embedding STPA into a Highly Successful Risk Management Software Application: Poster. In: 6th MIT STAMP Workshop. (March 27-30). Boston, USA: Massachusetts Institute of Technology.

Since the introduction of STPA to a broader audience through the book Engineering a Safer World and the first MIT STAMP Workshop in 2012, the interest in this method of hazard analysis has been ever increasing. During the time of introduction to now, STPA has not only been applied to many different domains, has also been constantly developed and extended.

We consider the availability of a professional, state-of-the art software application supporting STPA as a crucial agitator for further evolvement and expansion of STPA. Although some software tools are currently available, we are of the opinion that none fully meets the needs for a productive application of STPA outside of the context of research projects and case studies. Furthermore, we believe enterprises demand not only a professionally developed and highly streamlined software application, but also associated support, such as a proper user manual and instructions, along with regular updates and upgrades. The decision to effectively use STPA requires an investment into more than new software, thorough training of staff and a process supporting lessons learned are crucial. This investment will pay for itself through the additional insights that will be uncovered through the STPA methodology, along with the efficiencies and effectiveness enhanced through the software tool, the investment will pay off double!

Stiki - Information Security, headquartered in Reykjavík, Iceland and the Safety-Critical Systems Research Lab at the Zurich University of Applied Sciences in Switzerland have successfully applied for an EU grant to develop a software solution satisfying the above mentioned characteristics. The software solution being developed will share the same framework as the software toolkit Risk Management Studio, developed by Stiki and available on the global market since 2005. The objectives are to allow enterprises to use STPA as standalone methodology through the software, and integrated into an enhanced enterprise risk management framework, enabling efficient risk identification and management.

The joint development project bases on the software prototype SAHRA, which extends the UML/SysML case tool Enterprise Architect with the ability to perform STPA and on research projects conducted by both partners in the past.

The development work commenced in October 2016 and spans over a total of 30 calendar months. With the poster presented we would not only like to outline the project and its end-result, but also motivate stakeholders interested in participating in this project for example by testing and providing feedback of beta-versions of the application.