A crucial aspect of safety case management is the ongoing maintenance of the safety argument through life. Throughout the operational life of any system, the corresponding safety case can be challenged by changing regulatory requirements, additional safety evidence and a changing design. In order to maintain an accurate account of the safety of the system, all such challenges must be assessed for their impact on the original safety argument. This is increasingly being recognised by many safety standards. However, many safety engineers are experiencing difficulties with safety case maintenance at present, the prime reason being that they do not have a systematic and methodical approach by which to examine the impact of change on safety argument. This paper presents an approach that begins to address these difficulties by defining a process, based upon the principles of goal structuring, for the systematic impact assessment of safety case challenges.
Tim P. Kelly, John A. McDermid