2022 STAMP Workshop Presentations
Tutorials
Most of the tutorials are already recorded and can be viewed at any time. The tutorials introduce the basic concepts behind STAMP, STPA, and CAST so that newcomers can follow the presentations throughout the workshop.
Note that the tutorials and the workshop are not training classes.
View Tutorials
Workshop Presentations
Monday, June 6
Scaling STPA at Google
Tim Falzone (Google)
(show description)This talk will cover the path Google has taken to introduce and scale up the use of STPA in our engineering organizations. We will discuss lessons that we have learned, show examples of results and findings, and highlight key insights that we have had along the way. |
SAE J-3187 STPA Recommended Practices - Update
Mark A Vernacchia (General Motors Company)
(show description)- The publication of J-3187 marks the conclusion of a three (3) year effort to develop and publish the first authoritative document addressing the use of STPA for system critical system evaluation.
- During its development, content making it valuable to other industries has been added to produce a more comprehensive document useful to aerospace, defense, regulatory agencies, and such. J-3187 enhancements to include more cross industry content are planned.
- J-3187 was written by experienced STPA practitioners who shared their collective knowledge on how to develop appropriate safety requirements to prevent or manage potential hazards discovered during the STPA process.
( slides) |
A Systemic Approach to Aircraft System Supportability
Carina Carla Aparecida Felipe da Silva (EMBRAER), Claudio Medrado Filho (EMBRAER), Alexandre Magno Pinto (EMBRAER)
(show description)This presentation explores supportability of an aircraft system aiming to proactively incorporate it in concept definition in the Systems Engineering Processes. System-Theoretic Accident Model and Process (STAMP) approach provided the foundation for the analysis conducted herein, strengthening the perspective on how to avoid value losses related to support activities. Results bring important life cycle concerns into consideration for a “design-in” perspective for an aircraft system in conceptual studies.
( slides) |
ICAO Safety Management Panel and the need for improved safety risk management methodology and tools
João Garcia (Vice-Chair of SMP at ICAO), Bongi Mtlokwa (Chair of SMP at ICAO)
|
Operationalizing Positive Culture in Aerospace Manufacturing Using CAST, Systems Engineering Principles and Human Factors Methods
Jess Reid (Boeing), Liisa Hammer (Boeing)
(show description)Negative safety culture in a manufacturing environment is detrimental to not only personnel safety but also product safety and quality, and has subsequent undesirable impacts on schedule and morale. Implementing positive culture change in an organization to address these problems is no easy feat. By applying systems thinking with Systems-Theoretic Accident Model and Processes (STAMP), systems engineering principles and human factors methods, we have identified systemic causal factors of the negative safety culture and applied targeted actions to improve the culture across all organizational levels and multiple site locations in a way that will last and transcend personnel turnover.
( slides) |
System-Theoretic Process Analysis (STPA) Evaluation of Boeing's Automated Test Maneuvers (ATM) System
Darren McDonald (Boeing), Shannon Clark (Boeing), Jordan Stringfield (Boeing), Dulnath Wijayratne (Boeing)
(show description)The Boeing Company's Automated Test Maneuvers (ATM) system is designed to execute flight test maneuvers with consistent, error free computer generated inputs. In this presentation, we’ll show how Boeing used the STPA process to generate requirements for special test equipment and we’ll discuss how the verification of those requirements in our simulator and ground tests uncovered some software bugs, test documentation and crew actions that needed correcting before first flight.
( slides) |
A Top-Down, Safety-Driven Approach to Architecture Development for Complex Systems
Justin Poh (MIT)
(show description)Modern systems are becoming more complex, interconnected and software intensive. As a result, it is becoming more challenging to develop good system architectures using current methods that rely on decomposition. Instead, the architecture development process should consider system-level interactions and unsafe behaviors early so that the necessary interactions and behaviors can be designed into systems from the beginning. This talk will discuss a new approach to architecture development that does this by integrating STPA into the architecture development process and using the analysis results to drive the identification of system requirements and the development of a system architecture.
( slides) |
Tuesday, June 7
Lessons Learned from STPA applications
Meaghan ONeil (System Design and Strategy Ltd)
(show description)- Lessons learned from a systems engineer with 18+ years’ experience who has applied STPA as well as served as an STPA trainer, coach, and facilitator. These are based on experiences from applying STPA in several domains including: Healthcare delivery, medical device, automotive, aviation, manufacturing.
- Common challenges team face when applying STPA
- Recommendations on applying STPA
( slides) |
Applying CAST to Analyze an Incident in Radiation Therapy
Natalia Silvis-Cividjian (Vrije Universiteit Amsterdam)
(show description)Radiation therapy is a technique that treats cancer using ionizing radiation. The challenge is to maximize the dose in the tumor while sparing healthy tissue. The process is complex involving hardware, software and people and therefore suitable to be modelled using STAMP. We applied STAMP-CAST to understand one incident occurred in a radiation therapy center. In this presentation we show how CAST helped us to:
- Share responsibility while avoiding blame
- Reach and interview involved persons “close to the fire”
- Suggest recommendations to improve safety culture in RT
- Raise new human factors-related research questions
( slides) |
Clinical Governance Hazard Analysis; Using STAMP to Detect Knowledge Flow Hazards in a Major Health Care Organisation.
Wallace Grimmett (MATER Health)
(show description)The task facing our clinical governance team was to analyse how a healthcare structure learns and passes that knowledge through the organisation. The hypothesis being explored was a lack of correct knowledge for any operator critically affects the process model. For the purposes of hazard analysis, there was little difference between the analysis of the physical systems analysed by STPA, and the more ethereal “knowledge flow.” Indeed, exploration of this concept by the team proved useful in identifying hazards, leading to insights into how to mitigate these hazards. Importantly the STPA proved easy to explain to an uninitiated senior executive.
( slides) |
Safety in Hospital Medication Administration Applying STAMP Processes
Elizabeth White Baker (Virginia Commonwealth University)
|
Applying CAST to healthcare investigations: does it add more?
Nick Woodier (Healthcare Safety Investigation Branch), Helen Jones (Healthcare Safety Investigation Branch), Matt Wain (Healthcare Safety Investigation Branch)
(show description)- Application of CAST to a medication incident in English healthcare.
- Discussion of the complexity of the English healthcare system and its impact on safety.
- Reflections on the usability of CAST for organisation-based healthcare investigators.
- Reflections on the comparison of findings between SEIPS and CAST for the incident of interest.
( slides) |
Introducing STPA to Interventional Radiology within a Large Hospital
Patrick Samedy (Memorial Sloan Kettering Cancer Center), Bae Chu (Memorial Sloan Kettering Cancer Center), Michael Bellamy (Memorial Sloan Kettering Cancer Center), Jasmine Ghorbani (Memorial Sloan Kettering Cancer Center), Darby O'Keefe (Memorial Sloan Kettering Cancer Center), Melissa Marquez (Memorial Sloan Kettering Cancer Center)
(show description)- How STPA was introduced to a complex subsystem of a large healthcare institution
- Performing STPA with a multidisciplinary team in a virtual setting
- Key impacts of a systems approach
( slides) |
Wednesday, June 8
Using STPA to assure a safe operation of autonomous mobile robots in public spaces
Danilo da Costa Ribeiro (Continental Teves AG & Co. oHG.), Tim Brockmeyer (Continental Teves AG & Co. oHG.), Martin Griesser (Ph.D.) (Continental Teves AG & Co. oHG.)
(show description)The introduction of autonomous mobile robots in everyday life, although very exciting, comes with new hazards. These must be identified and mitigated. This enables a broad operation and public acceptance can be achieved.
- Scope of the presentation: Autonomous mobile robots at Continental and how a public operation can be enabled.
- Challenge: Lack of established safety standard and experience for this specific type of complex operation.
- Development: STPA was used to model the system (robots and environment), identify hazards, and generate requirements.
- Results: Benefits and challenges from using STPA in the development of a robust safety assessment.
( slides) |
STPA for Autonomous Vehicles Functions
Anas Shahzad (Volvo Cars), Mona Noori (Volvo Cars), Ali Nouri (Volvo Cars)
(show description)- Autonomous Driving (AD) promises to make the roads safer by replacing humans with software and hardware. However, AD is complex and software-intensive, and to assess its safety, analysis methods should be employed along with testing and validation to catch the mistakes during the design phase.
- STPA can be used to find functional insufficiencies and misuses as proposed by ISO/FDIS 21448 (safety of intended functionality). In this presentation, STPA is applied on a closed-loop AD function architecture. Based on the iterative STPA steps, unsafe control actions were identified and consequently critical safety requirements were specified, and two examples are presented.
( slides) |
STPA and Autonomy : Friends or foes ? A case study analysis
Laure Buysse (KU Leuven), Manie Conradie (Sirris), Dries Vanoost (KU Leuven), Davy Pissoort (KU Leuven)
(show description)Autonomous systems offer tremendous opportunities. However, analysing and assuring the safety of these systems remains a major challenge. Due to their rising complexity, the increasing popularity of AI and inclusion of COTS, through-life safety assurance is by no means straightforward. STPA is a promising analysis technique, but has yet to be studied in depth in the field of autonomous systems. This presentation discusses difficulties, benefits and provides general guidance around applying STPA to autonomous systems. The work presented here is based on practical case studies. An autonomous mobile robot is used throughout the presentation to illustrate the results.
( slides) |
Thursday, June 9
Use of STPA for analyzing information gaps in distributed autonomous systems
Tom McDermott (Stevens Institute of Technology), Dennis Folds (Lowell Scientific Enterprises)
|
Application of STPA-Sec in military systems
Gabriel Luis de Oliveira (AEL Sistemas), Amanda Iriarte Quilici (AEL Sistemas)
(show description)The purpose of this presentation is to share the experience of applying the STPA in a military Data Link project at AEL Sistemas, focusing on the security area. It will describe the way we introduce the framework inside the company and the effort necessary to perform it. Furthermore, we will explain about our outputs and why the STPA was a benefit when applied in the security analysis, being an advantage not only to the project but to the company as a whole. The analysis itself is confidential and only illustrative examples will be shown.
( slides) |
Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System
Paulo Mendes (Xmobots), Marcelo Sousa (UNIFEI)
(show description)- Application of the STPA technique in the development of the power generation system of a hybrid agricultural drone.The system has a generator that uses the fuel energy and transform to electrical energy, to supply the drone consumption. The system also has a battery pack as backup.
- With STPA technique it was possible to obtain a robust product at a low cost. The requirements, besides defining a minimum life limit for each piece of equipment, provided the necessary guidance for the development of the embedded software.
- As a secondary objective to use the guidance promoted by the technique in the maintainability of the aircraft.
( slides) |
A Structured and Comprehensive Air Vehicle Risk Assessment
Laurence H Mutuel (Bell Textron)
(show description)* How STPA is used to complement techniques from SAE ARP4761 and MIL-STD-882E at the safety process level
* How STPA is used to complement techniques from SAE ARP4761 and MIL-STD-882E at the system safety and software system safety activity level
* What we learned from combining the techniques and what is the value of STPA
( slides) |
Friday, June 10
Offshore Oil Wells Integrity: Subsea Christmas Tree Analysis Using System-Theoretic Process Analysis (STPA)
Lucas Ribeiro de Almeida (University of São Paulo), Marco Aurélio Pestana (University of São Paulo), Joaquim Rocha dos Santos (University of São Paulo), Marcelo Ramos Martins (University of São Paulo)
(show description)- An analysis using STPA of a Subsea Christmas Tree (oil rig equipment) was conducted following the steps described in the STPA handbook.
- A strange behavior was detected in the SCS of the system, with great potential to generate loss scenarios.
- STPA could identify causal factors related and not related to component failure events in a more manageable way by structuring the loss scenario generation.
- It was identified that only one third of the loss scenarios are related exclusively to physical equipment failures. Thus, it’s reasonable to conclude that STPA can expressively potentialize an analysis using PRA.
( slides) |
STPA for Passenger Ship Safety Analysis in Bangladesh
Md Imran Uddin (Accident Research Institute (ARI), Bangladesh University of Engineering and Technology (BUET)), Dr. Zobair Ibn Awal (Bangladesh University of Engineering and Technology (BUET))
(show description)- Being a riverine country, inland water transport is the most popular mode of transport in Bangladesh. However, more than 90% of fatalities in inland waterways are involved with passenger ships (launch, steamer, trawler, boat, etc.).
- This study aims to perform a hazard analysis by applying STPA to assess safety situation of passenger ship operation in Bangladesh.
- The study revealed that majority of Unsafe Control Actions (UCA) exist in ‘bridge deck’ of passenger ship and most contributing category of causal factor responsible for occurrence of UCA is ‘human factor’. Besides, predominant category of safety requirements is ‘team management’ among ship crews.
( slides) |
Using CAST for additional risk detection in boiler explosions in Brazil
Renan Guimarães Landi (University of São Paulo), Carlos Lahoz (Aeronautics Institute of Technology), Uiara Montedo (University of São Paulo)
(show description)- CAST is used to analyse one of the worst boiler accidents in Brazil, based on the official accident reports.
- CAST identified flaws in the common engineering assumptions, suggesting better solutions to prevent dysfunctional interactions.
- Important causal factors of the accident, not addressed by official investigations, are highlighted.
( slides) |
A systems theoretic process analysis (STPA) approach for analyzing the governance structure of fecal sludge management in Japan
Nikhil Bugalia (Indian Institute of Technology Madras)
(show description)The study extends the STPA literature by providing a substantial validity of STPA’s capability for analyzing the Fecal sludge management (FSM) governance structure against robust and independent criteria that define the objectives of a “good” governance structure, i.e., efficiency, accountability, and legitimacy. The STPA results identify novel leading indicators to guide policymakers to improve FSM management. The results also provide valuable insights by highlighting the various features contributing to an effective governance structure of the FSM, such as centralized decision-making in combination of hierarchy of goals to establish a clear division of responsibility across various actors.
( slides) |
STPA & Assumption-based indicators applied to teams
Arthur Kelderman (Sunbytes)
(show description)- Application of assumption-based leading indicators and STPA within the context of organizational structures (teams/departments).
- Defining mission capability.
- Securing team mission capability (protecting against loss of team mission capability) through the use of an effective tailored control structure, including a clear set of assumption-based leading indicators helping loop management and execution to recognize shifting conditions (creating situational awareness).
- After action review and what’s next.
( slides) |