There are couple of benefits coming from STPA. The most important for all managers and executives are cost effectiveness. So in first chapter, we focus on that. For engineers, more interesting will be a second chapter, were we describe technical benefits of the methodology.

Cost-Effective benefits of STPA

Every project has it’s budget. Very often this budgets are extended, because there have pop up things during the process. It’s always like that. We all know it from the past. STPA analysis are coming much earlier in the system lifecycle, and help to establish human-machine interface, identify hazards, and build up system requirements. Therefore system is reducing amount of unknown-unknowns. Less unknown-unknowns, means less surprises.

What is most important, and most costly, STPA helps to prevent costly redesigns. Everyone involved in engineering, knows that redesigns at the commissioning time, are the most cost consuming. STPA provide systemic approach which have a safety in the center, but it also covers commissioning, long-term operation, maintenance, and end user perspective. STPA is uncovering potential design flaws, and unsafe control actions before they become deeply embedded and expensive to fix. Analysis helps prevent costly redesigns, reduces the likelihood of accidents.

STPA helps to identify the most critical control actions and system vulnerabilities. Safety investments are strategically targeted towards the most effective design, proper training and safety procedures. Starting project with STPA, enables targeting of all the goals, hazards, and hazard mitigations already at the concept level. Therefore invest in STPA can reduce on only rework, but also can help to define a budget more properly. For sure, with use of STPA, we reduce amount of unknown-unknowns in our development.

Everyone know case of Boeing 737-MAX. All planes have been grounded because of a fatal accidents. How to validate costs of this accidents for Boeing? We don’t know, but we know how to avoid it. Use of STPA has a significant impact in cost avoidance. It is achieved through accident prevention. Active identification and mitigation of hazards, can save a lot of money. Ask Boeing if You don’t believe us.

Technical benefits of STPA

Now is time for part of material dedicated more of engineers of people interested in the details. If You are interested in more detail about how to apply STPA, check our white paper.

STPA focuses on the potential accidents, which can occur on the system level. If You are system provider, You can focus on your system and identify all the details of your operation. When You are a component provider, You can focus on the analysis of your component. If You are a system integrator, You can focus on the interactions between the systems and the system components. The biggest difficulty with STPA is zooming in and zooming out the process. How deeply You should go in analysis? Answer is, this depends what is your role in the total system. However STPA is a tool, which enables You a analysis on the all levels, complex project integration, system design and components integration.

Most of safety analysis focuses on failures, but STPA goes above and beyond of this. It focus on all potential hazards, which can occur in the scenario when there is no failure. Which component has failed on Titanic? Accident still occurred. One of my favorite examples of accident without a failure of a component is example from “STPA Handbook”.

Significant benefit of STPA is its systematic approach to establishing a hierarchical control structure for the system. Firstly, this isn’t just a diagram; it’s a powerful model that represents how control is intended to be executed. Secondly, it maps out all controllers (which can be human operators, software algorithms, or physical devices). Control structure maps actuators, how they use to exert control, and the sensors or feedback channels that inform their decisions. Therefore, by constructing this hierarchical model, STPA provides an working framework. It helps understanding responsibilities, control authority, communication pathways, and feedback loops at all levels of the system. This structured view is essential for identifying where and how control might be inadequately applied or lost (where is necessary to do health checks).

STPA methodically determines potential loss scenarios leading to accidents by focusing on “Unsafe Control Actions” (UCAs). Instead of just listing component failure modes, STPA identifies how a controller providing a control action, could lead to a hazard. For each UCA, the analysis then delves into identifying the underlying reasons or “control flaws” that could cause it. These flaws can range from inadequate control algorithms. They can focus on a software controller, missing or incorrect feedback to a human operator, design errors in the control loop, or unexpected interactions with other system components. This systematic exploration provides a much deeper insight into why a system might behave unsafely.

A highly practical benefit of conducting an STPA is the direct generation of clear, actionable safety requirements and constraints. Every Loss scenario is linked to the Unsafe Control Action. Each UCA is linked to the Hazard. Each hazard is linked to the loss. With use of methodology provided by STPA, we can generate clear requirements, which can be easily trackable. These requirements are often more comprehensive and system-focused than those from traditional hazard analyses. STPA Requirements address issues of system design, component interaction, software behavior, and human factors. For example, STPA might lead to requirements for new control logic, improved operator interfaces, specific feedback mechanisms, or refined operational procedures, all directly traceable back to the identified potential for unsafe control.

Engaging in the STPA process significantly enhances the overall understanding of how a system truly behaves. This is something which I personally discovered during the design of Remote Operation Centre. Everyone has idea, and know which function must be provided, but nobody really understand this issues in the details. Use of STPA during the design process, helped to understand engineers and customer, what is technically possible, and how we can close the gaps to provide a safe operation. This deep dive uncovers assumptions and highlights areas where the system’s behavior might be misunderstood or unpredictable. We focus on total clarity in every control action. Which feeback is the most important to operator in certain scenario. Based on this we build up a requirements.

Feel free to contact us directly or check other safety blogs here.