TutorialsMost of the tutorials are already recorded and can be viewed at any time. The tutorials introduce the basic concepts behind STAMP, STPA, and CAST so that newcomers can follow the presentations throughout the workshop.
Note that the tutorials and the workshop are not training classes.
|STAMPing into the Future: Leveling Up Safety at Google
Tim Falzone (Google)
The presenters will show how they are approaching the challenges of integrating STAMP methods into Google's engineering culture:
- Preventing waterfall delivery of analysis results
- Teaching control structure modeling and UCAs
- Working with an informal requirements engineering culture
|Empirical Evaluations of STPA in the Aviation Industry
John Thomas (MIT)
Over the last decade, STPA use in aviation has led to thousands of publications including findings and lessons learned from industry use. Past MIT STAMP/STPA workshops have hosted 60 presentations from the aviation industry with independent evaluations and findings from applying STPA. This talk will review the empirical data that exists from the aviation industry to date, including lessons learned, mistakes to avoid, and what is known and not yet known about STPA in aviation.
|Implementing STAMP at the world's largest airline
Stephen Palyok (American Airlines)
- The program structure of American Airline's STAMP program
- CAST/STPA is widely accepted and understood at American Airlines
- CAST leads to deeper insights compared to traditional industry methods
- STAMP helps reinforce resiliency within our systems
|Application of CAST to Producibility Loss in Aerospace Manufacturing
John Barstow (MIT)
Aerospace manufacturing faces a challenge in combining cutting-edge technology and long product lifecycles, which can lead to significant process model divergence within production systems and result in producibility problems. This talk presents a CAST analysis of a loss of producibility following a transfer of a manufacturing process from one facility to another.
-Configuration control measures must be designed with an understanding of their limitations, and assumptions about supplier processes must be carefully validated.
-Production organizations must be designed for the task they are assigned to accomplish, based on experience and experimentation whenever possible.
|STAMP Considerations at Embraer
Carina Carla Aparecida Felipe da Silva (Embraer)
This presentation highlights how the STAMP application integrates Embraer Requirements Engineering process.
|System Safety for Teams of Collaborative Controllers
Andrew Kopeikin (MIT)
Teams of controllers exhibit complex collaborative interactions that can be defined and captured using Systems Theory or STAMP. This talk defines those interactions and introduces extensions to STAMP/STPA to systematically identify causal factors associated with collaboration. The technique has been demonstrated to help analyze novel human-machine and multi-machine teaming systems.
|Using STPA to Improve Robotic Manufacturing of a Rocket Motor
Bryan Smith (Northrop Grumman), Jeremy Hatch (Northrop Grumman), Paul Clark (Northrop Grumman), Garrett Cranney (Northrop Grumman)
Application of STPA to solid rocket manufacturing, particularly with respect to automated propellant cutting, has provided insight into the design and development of the process. Some of those key insights are:
1. A change in the perspective of the analysis from motor centric to robot centric
2. Inclusion of an independent chip catcher
3. How to handle abort commands with this delicate process
The framework provided by STPA has been influential in seeing the overall connectivity of the various components in the control structure and consequently in designing a better process.
|Google STAMPing into the Future: Deep Dive
Ruben Barroso (Google)
This talk will share a few lessons that we've learned while incorporating safety into Google's engineering culture in the areas of education, SME engagement, analysis completeness, and CAST.
|STPA and CAST at American Airlines: Deep Dive
Stephen Palyok (American Airlines)
Lessons learned and strategy from our implementation of STAMP at American Airlines.
- Feedback is important
- Union buy-in is critical
- CAST/STPA is different than traditional models
- STPA can be used on existing systems. Even less complex systems!
|Panel and Q&A: Introducing STAMP / STPA / CAST into an organization
Gus Larard (Air Hong Kong), Stephen Palyok (American Airlines), Tim Falzone (Google), Bill Young (USAF, ret.), Marcos Viana Tavares (Embraer)
|Discussion of FAQ submitted by workshop attendees
Nancy Leveson and John Thomas
|Analyzing Operational Decision-Making of Radiotherapy with Systems-Theoretic Process Analysis
Lawrence Wong (UC San Diego Health), Todd Pawlicki (UC San Diego Health)
- Systems-Theoretic Process Analysis (STPA) is applied to investigate decision-making for a novel approach to radiotherapy.
- The analysis process spanned the phases of STPA familiarization, results generation, and results finalization. Facilitation of the analysis was achieved through videos, electronic worksheets, and virtual meetings.
- Nontrivial causal scenarios involve inaccessibility of feedback, mismatch between the feedback and the mental model required for good decision-making, and under-specification of control input.
- STPA provides an effective technique to examine operational decision-making in radiotherapy. Targeted facilitation to leverage domain expertise is a feasible app
|Application of STPA to the U.S. Diagnostic Laboratory Data Ecosystem
Rodrigo Rose (MIT), Polly Harrington (MIT)
This presentation outlines the preliminary findings from an application of STPA to the safety of diagnostic medical data in the United States. We present a model of the sociotechnical system, developed through 30+ interviews with subject matter experts representing laboratories, care facilities, health IT vendors, regulatory bodies, public health agencies, patients, and more. We identify UCAs and scenarios, and provide both targeted and general recommendations to improve the safety of the ecosystem, with
particular attention to missing or weak control loops.
|Developing Control Structures for Complex Sociotechnical Systems
Polly Harrington (MIT), Rodrigo Rose (MIT)
Developing a comprehensive control structure for sociotechnical systems presents challenges for the adoption of STPA. We present a process for iteratively developing a control structure. Using the diagnostic laboratory data ecosystem as a case study, we will walk through the process of starting from scratch and iteratively fine tuning a control structure. Topics include identifying missing information, interview techniques, and common obstacles and ways to address them.
|STPA driven design for digital twin and lessons learned for facilitators
Meaghan O'Neil (System Design and Strategy and INCOSE), Richard Bye (Network Rail)
This presentation will provide recommendations for the application of STPA in the early phase of design. It will include a specific focus on:
-Facilitation of STPA
-Application of STPA outcomes to the design of digital twins
|Human Factors in the Control Loop: A Case Study of the Use of STPA for a Rail Innovation Project
Richard Bye (Network Rail), Meaghan O'Neil (System Design and Strategy Ltd)
Although human-system integration approaches are necessary for the effective design of socio-technical systems, there are few methods that can successfully combine the considerations of mental models with those of technology process models. This presentation will demonstrate that:
- STPA control structures are useful cognitive artifacts that offer decision making stability in the face of strategic uncertainty.
- Blending STPA with human factors methods can surface system vulnerabilities and unlock opportunities for creative decision making and innovation.
- STPA provides structure and processes to consider humans and machines as collaborative agents during the design of complex systems.
|Introducing STPA to a Regulator: Lessons Learned from Providing STPA Training and Facilitation
John Thomas (MIT)
- The Nuclear Regulatory Commission (NRC) has investigated STPA and CAST through a series of formal training classes and workshops
- NRC staff including Digital I&C, Human Factors, PRA, Fault Tree Analysis, Cyber Security, and other SMEs participated
- NRC staff learned the methods, applied them in hands-on work shops, evaluated the methods, and developed conclusions and recommendations
- This talk will review the findings developed by NRC staff related to future STPA and CAST use by regulators as well as by industry
|Prioritizing the Results from STPA - Case Study of Battery Ferry
Hyungju Kim (Norwegian University of Science and Technology (NTNU))
- Introduction to a novel power supply concept for battery ferries and its demonstration
- STPA results of the novel concept: main findings and challenges
- Prioritizing the results: method and results
- Discussion for prioritizing STPA results and future works
|The utilization of STPA on the ship navigation system
Marios-Anestis Koimtzoglou (National Technical University of Athens (NTUA)), Nikolaos P. Ventikos (National Technical University of Athens (NTUA)), Konstantinos Louzis (National Technical University of Athens (NTUA))
The talk will refer to the application of STPA on a ship’s navigation system in order to identify leading indicators for monitoring the level of marine safety, including the following aspects:
- The importance of establishing efficient leading indicators concerning accidents’ prevention in the maritime domain.
- The way STPA was applied.
- The results of the implemented methodology, including the control structure and the assumption based leading indicators. The derived leading indicators are related to human factor, concerning aspects such as fatigue and situational awareness.
- Discussion about the usefulness of STPA as a method for establishing leading indicators in the maritime domain.
|RAAML Compliant Based STPA Tool Integration at L3Harris Technologies
Reid Archibald (L3Harris)
- L3H SAS is increasingly utilizing MBSE techniques to design system architectures
- STPA has been adopted within L3H SAS as a safety analysis method because it can be incorporated into a MBSE environment
- OMG recently released (2021) a new standard, Risk Analysis and Assessment Modeling Language, which includes standard relations for creating STPA elements within a SysML model.
- L3H SAS has recently developed a RAAML compliant tool to perform STPA analysis within a SysML model. This presentation highlights some of the lessons learned along this journey.
|STPA Applied for Energetic Materials Handling in Research Laboratories
Karen Stephanie de Andrade (Brazilian Air Force / LMU)
In this presentation, we will exhibit a fascinating research that showcases the successful application of STPA (Systems-Theoretic Process Analysis) to a unique system. Our analysis focused on activities with energetic materials in research laboratories by identifying potential hazards, reducing damages and mishaps, optimizing performance, and minimizing wasted time and materials. We will discuss how the use of STPA led to the discovery of new solutions and opportunities for improving safety and operational efficiency in the laboratory.
|STPA Automation Tool
Andrew Miller (Motional AD)
STPA Automation Tool:
- Provide a template for the STPA analysis
- Guide the user through the STPA process
- Automate some of the manual work that is necessary to perform an STPA
Tool is built in Google Sheets and will be free for use in the STAMP community.
|STPA Standards, Certification, and Accreditation
John Thomas (MIT), William Young (USAF, ret.)
This talk will review the state of industry standards that incorporate STPA and recent milestones in STPA certification. A uniform set of requirements has been defined for individual certification, and the International Center for STAMP Certification and Accreditation has been created to oversee accreditaion of qualified STAMP/CAST/STPA educational programs. The center's mission is to enable high-quality CAST and STPA work products by recognizing qualified practitioners and defining a uniform standard for CAST and STPA practice, facilitation, and training.