Description | Industry |
Innovation and Lessons Learned from Applying STPA for Medical Device – Next Generation Automated External Defibrillator (AED) Mark A. Vernacchia (The SSE Group, LLC)
Lawrence Wong (UC San Diego Health) ▷ Show description- Showcase the benefits of applying STPA to AED and the lessons learned regarding the analysis process and documentation.
- STPA was useful in elucidating and characterizing these problems, including language barrier, rescuer stress, coordination among multiple bystander rescuers, etc.
- The STPA analysis decisions include choice of hazard statements, the rationale for arranging the elements in the control structure, the identification of unsafe control actions and causal scenarios, and results organization.
- The presentation concludes with discussion of potential AI requirements for designing next generation AEDs. STPA, STAMP, AI, artificial, intelligence, medical, safety | Medical |
The Design of Early System Concepts using Systems Theory Alex Hillman (MIT) ▷ Show description-Introduces Systems-Theoretic Concept Design, an extension of STAMP to build early concepts for novel systems in aerospace and defense
-Existing models for early concepts are usually built using the DoDAF OV-1, which in reality contains very little information nor is it effective at bringing stakeholders together to consider a new system's intent, assumptions for its development, or constraints in the solution space
-Defense Systems are employed in a Portfolio-of-Systems, and STCD is a process to generate a first design artifact for a new system that captures this particular context STAMP, Design, Systems Theory, Concept Generation, systems analysis, systems modelling | Defense |
Application of CAST in Site Identification Safety in Interventional Radiology (IR) Jasmine Ghorbani, Melissa Marquez, and Patrick Samedy (Memorial Sloan Kettering Cancer Center) ▷ Show description- Safety Analysis Overview: Approach, Project Management, Findings, Implementation Plans
- Experience with CAST Application: Application Specifics, Comparison with Traditional RCA, Complements with Human Factors Methods, Timeline, Lessons Learned/Takeaways, Future Applications
- Key Findings:
-- CAST can generate unique findings outside of traditional RCA, SEIPS PETT Scan,
etc.
-- Control structures are effective models to visualize systems and identify
areas of focus and improvement
-- CAST is a valuable and feasible tool to be used in safety analyses of health
systems Systems Safety, Healthcare, Interventional Radiology, Site Identification, Wrong Site Procedures, Human Factors, Safety Culture, Complex Systems | Healthcare |
STPA Applied to Safety of Healthcare Data Rodrigo Rose and Polly Harrington (MIT) ▷ Show description- We demonstrate an application of STPA to a complex, sociotechnical system
- We identify systemic factors that underly adverse events involving laboratory medicine
– We propose recommendations to address the systemic factors Healthcare, sociotechnical, safety, data | Healthcare |
STPA Applied to a Machine Learning Aircraft Before Flight Testing Ryan Bowers (US Air Force) ▷ Show descriptionThis talk investigates the utility of STPA for analyzing safety before flight testing an Uncrewed Air Vehicle (UAV) controlled by a neural network-based flight autonomy software. The host UAV included various control regimes and handoffs over the course of a sortie including human control, traditional autopilot, and an artificial intelligence autonomy software trained using Deep Reinforcement Learning (DRL) machine learning techniques. The flight test operational environment included flight in both civil and restricted airspace, and at least one nearby crewed chase aircraft to observe the UAV in flight. STPA was applied after traditional airworthiness and safety assessment processes but before flight test to identify and mitigate potential new hazards associated with the UAV technology and its operation. Artificial intelligence, machine learning, autonomy, flight test | Aviation |
STPA Applied to Rotorcraft Flight Controls Dave Cummins (Bell Flight)
John Thomas (MIT)
Rodrigo Rose (Beta) ▷ Show descriptionSTPA was applied to human interaction with a rotorcraft flight control system. The findings identified hazardous functionality outside of failure condition assessment alone. STPA identified previously overlooked causes including:
- Unintuitive design
- Missing functionality and feedback
- Implicit and flawed assumptions about operator beliefs Operator feedback, flight control, flight control modes | Aviation |
STPA at Boeing: Driving Safety Requirements for Future Aircraft Design Verdiana Ciriello and Paul Lambertson (Boeing) ▷ Show descriptionDuring our STPA project for future aircraft design, we used a diverse team which included test pilots, engineers and designers to work on the project. Pilot involvement has been a unique and extremely helpful addition: they are inherently “systems thinkers” and fantastic at supporting all phases of the STPA process. We used STPA in the concept development phase to uncover unknown unknowns, before an aircraft architecture was developed, allowing us to use the control structure as a basis for future aircraft architecture. Our biggest finding so far has been that STPA allowed us to develop a set of requirements where 90% of them were either improving a previous set or were new requirements Boeing, Product Development, systems engineering, aircraft design, pilots | Aviation |
Managing Technical Project Risks Using STPA Shufeng Chen (WMG, University of Warwick) ▷ Show descriptionThe author would like to present a recent application of STPA to model the structure of a government-funded project related to the development of EVs. The analysed system involves a diverse range of stakeholders, including regulators and funding authorities from the Government, certification agencies related to vehicle type approval and ISO26262 certification, funded stakeholders involving the EV OEM and its tier 1 and tier 2 suppliers, vendors of relevant parts, and the public.
Motivations of the application:
1. To provide project stakeholders insights into the project structure.
2. To identify existing or potential flaws of the project structure.
3. To create a blame-free working culture. Project risks, system-thinking, teamwork. | Automotive |
Using STPA to Design Resilient Systems: A Real-World Guide to Human-Centred Cognitive Engineering Richard Bye (Network Rail) ▷ Show descriptionThis presentation will describe how STPA is being used to design resilient, human-centred systems for the GB rail industry, showing that by integrating STPA with human factors analysis and cognitive systems engineering it’s possible to create cost-effective approaches to enhance safety and performance in complex safety-critical environments. The talk will outline:
-The theoretical foundations that underpin the analysis and design of distributed human-machine systems.
-Real-world examples of STPA applications.
-How STPA has helped to identify i) hidden socio-technical system risks and ii) opportunities to tackle problems of communication, coordination and control. Human Factors, Rail, Cognitive Systems Engineering, Resilience, Ergonomics, Case Study, Real-World Application | Rail |
How to Teach (and Not to Teach) STPA in Big Tech Garrett Holthaus (Google) ▷ Show descriptionThis talk presents lessons learned from teaching STPA at Google:
- Traditional STPA examples of physical systems are not easily relatable for software developers, and can lead to skepticism regarding STPA’s value
- We achieved higher learner engagement by giving examples of STPA applied to actual Google infrastructure and software
- We increased interest in STPA by emphasizing STPA’s ability to analyze feedback paths, something not addressed by other software design/risk analysis methodologies.
- To accommodate busy schedules, we are pursuing a tiered approach with initial, short tutorials to capture interest, then a multi-day workshop to practice applying STPA on a real system.
Training
Software systems
Adoption | Internet |
OEM & Supplier Use of STPA for Advanced Driver-Assistance Systems Kilian Zwirglmaier, Jeff Stafford, Shabin Mahadevan, and Ali Abbaspour (Qualcomm) ▷ Show description- Leveraging STPA to enable effective collaboration on safety case development between OEM and SEooC ADAS stack supplier for complex driving automation features.
- STPA supports OEM’s validity of SEooC assumptions.
- Integrating STPA into existing OEM safety process.
- Practical application demonstrates the use of abbreviated STPA method through a case study on an ADAS SEooC system integrated into an OEM vehicle.
Acronymns: ADAS: Advanced Driver-Assistance Systems; Item: System at the vehicle level; OEM: Original Equipment Manufacturer; SEooC: Safety Element out of Context; SOTIF: Safety of the Intended Functionality Automotive, safety, ADAS | Automotive |
Integrating a Systematic Approach for Conceptional Architecture Development into STPA Process Stefan Heiss (ZF) ▷ Show descriptionExpansion of STPA process for:
- systematically identifying potential conceptional architecture candidates
- and decision for optimal conceptional architecture
- shown by a simplified pedestrian collision avoindance example.
STPA, Conceptional Architecture, Emergency Braking System, Systems Engineering, Problem Space, Solution Space | Automotive |
Value-by-Design: Using STPA as a tool for Value-based Engineering Florian Wagner and Andreas Kerschl (msg Plaut Austria) ▷ Show description- Value-Based Engineering (VBE) integrates ethical values into system design, supported by the IEEE 7000 standard
- STPA was used as a tool to fulfill the standard's requirements
- A charging app example was used to illustrate the approach
- The study shows STPA's suitability for achieving VBE goals
- Future work will focus on practical application with the necessary personnel to further validate and refine the methodology STPA, Value-based Engineering, Ethical Requirements, IEEE 7000 | Automotive |
A Case Study on Electric Vehicle Safety with a Novel Quantification and Prioritization Approach Jithin T J, Udaya Joshi, Akshara Selvaraj, Monith Biswojyothi, and Rajarajan Kesavelu (Mercedes-Benz Research & Development India (MBRDI)) ▷ Show description- A case study demonstrating application of STPA techniques to assess safety of electric vehicles
- Introducing a method to complement the STPA results for prioritizing the causes and to derive cause-effect relations
- Results identifies causal paths to the hazards and estimates unique KPIs for prioritizing causes Electric vehicles, EV safety, EV Fire, STPA, HCN, Network Theory, Hazard Analysis, Battery Fire, Battery safety | Automotive |
Application of STPA in Military Systems with a Human Factors Approach Gabriel Luis de Oliveira, Gabriela Pereira Henrique, and Carolina Pires Duarte Villela (AEL Sistemas) ▷ Show descriptionThis talk will present the experience of applying the STPA in a military datalink System of Systems, focusing on a human factors approach;
The discussion covers:
• Dissemination of STPA inside the company and the effort necessary to perform the methodology;
• Complementation of traditional human factors analysis focusing on showing compliance with MIL-STD-561C;
• Advantages of Causal Scenarios generation based on Engineering for Humans Extension;
Since the analysis is confidential, only illustrative examples will be shown. STPA, Engineering for Humans, Human Factors, Military | Aviation |
Case Study: Application of STPA approach in the development of a Fuel-Cell Propulsion System Edem Tsei, Shaarujan Prabakaran, Jean Machado, and Daqing Yang (Cranfield Aerospace Solutions (CAeS)) ▷ Show descriptionThe main goal of this case study is to establish provisional targets for thrust responsiveness thrust response targets, based on safety constraints identified during the application of STAMP process.
The methodology selected to perform this case study will obey the following sequence:
i) Survey airworthiness requirements related to thrust responsiveness;
ii) Apply STAMP process to identify safety constrains;
iii) Definition of thrust response safety requirements. Hydrogen Fuel Cell Propulsion system | Aviation |
Performance-based Audit Checklists Using Systemic Approach to Safety Kateřina Grötschelová, Andrej Lališ, and Natalia Guskova (CTU in Prague) ▷ Show descriptionThe Civil Aviation Authority (CAA) aimed to modernize audit processes by improving data and information exchange with overseen organizations to enhance safety evaluations and reduce subjectivity. This shift supports the transition from compliance- to performance-based oversight. The STAMP approach was used to create performance-based audit questions linked to regulatory requirements and tested in real audits. Three CAA departments joined in testing the approach, with two finding it beneficial for audits, while the third, focused on technical audits, remained unconvinced. This method supports detailed, context-rich inquiries, enhancing the understanding of processes and safety performance. Audit, Aviation, Data collection, Oversight, Safety | Aviation |
STPA at Europe's Rail Felix Schaber (Hitachi Rail) ▷ Show descriptionThis presentation shares opportunities, challenges and lessons learned in integrating STPA as part of Europe’s Rail landscape.
Topics include:
- Strategies to integrate exisiting requirements into the STPA process
- Linking STPA results to solution concepts
- Validating assumptions Rail, ERJU, ETCS, Moving Block | Rail |
Maritime Autonomy Using STAMP and STPA – Insights and Lessons Learned Xin Qi (L3Harris Technologies (MAPPS)) ▷ Show description-Insights and lessons learned from applying STPA.
-Benefits and current limitations of applying STPA.
-Evaluation and comparative studies with traditional approaches.
-I recommend system designers to use STPA to strengthen the safety and reliability of systems. software system, STPA, IPMS | Maritime |
STPA for Data-Driven Safety: A Google Case Study Ruben Barroso (Google) ▷ Show descriptionIn this session, we will take you on our STPA adoption journey at Google. We'll cover:
- The big picture: Adoption of STPA at Google
- 3 adoption challenges
- Deep-dive: Google Maps data product risks STPA Google Risk | Internet |
Offshore Oil Wells Integrity: Safety Analysis of an Offshore Oil Well at the Production Phase Using STPA Lucas Ribeiro de Almeida, Joaquim Rocha dos Santos, and Marcelo Ramos Martins (LabRisco/USP) ▷ Show description- An STPA was conducted for an offshore oil well during production phase and satisfactory results were obtained.
- It was also possible to identify the impact of the granularity of the analysis on the results (high-level and high-detailing).
- A comparison of STPA results and a Fault Tree Analysis pointed out the significant contributions the STPA can bring to the safety analysis, emphasising the differences in how each technique deals with component failures. Safety, STPA, Oil, Gas, Offshore | Process |
MicroSTAMP: Towards a Free and Open-Source STPA Compliant Web Tool Based on Microservices Architecture Rodrigo Martins Pagliares, João Hugo Marinho Maimone, Thiago Franco de Carvalho Dias, Gabriel Piva Pereira, Gabriel Francelino Nascimento, and Fellipe Guilherme Rey de Souza (Universidade Federal de Alfenas, UNIFAL-MG - Brazil)
Gabriel Kusumota Nadalin (Universidade Federal de São Carlos, UFSCAR - Brazil) ▷ Show descriptionThis talk will introduce MicroSTAMP, a free and open-source tool designed to support STPA using a microservices-based architecture. We will explore the key features that make MicroSTAMP a valuable resource for analysts conducting STPA, focusing on its flexibility, scalability, and the APIs it provides to support each step of the STPA. Additionally, the talk will cover the advantages and disadvantages of using a microservices architecture in the context of STPA applications, including the possibility of integration with other tools and the challenges of managing multiple microservices and databases. MicroSTAMP, Microservices, Open-source, Software integration, STPA tool, | Automotive, Tools |
Lessons Learned about Commercial Aviation Safety Assessment Standards Rodrigo Rose (MIT) | Aviation |
Developing STPA Scenarios John Thomas (MIT) ▷ Show descriptionLearn and apply new STPA scenario development guidance on an example to produce formal scenarios in STPA. 4 four class feedback method new scenario generation classification archetypes classes | General |
STPA for Data-Driven Safety: A Google Case Study Ruben Barroso (Google) ▷ Show descriptionIn this session, we will take you on our STPA adoption journey at Google. We'll cover:
- The big picture: Adoption of STPA at Google
- 3 adoption challenges
- Deep-dive: Google Maps data product risks STPA Google Risk | Internet |
STPA Applied to Rotorcraft Flight Controls David Cummins (Bell Flight)
John Thomas and Rodrigo Rose (MIT) ▷ Show descriptionSTPA was applied to human interaction with a rotorcraft flight control system. The findings identified hazardous functionality outside of failure condition assessment alone. STPA identified previously overlooked causes including:
- Unintuitive design
- Missing functionality and feedback
- Implicit and flawed assumptions about operator beliefs Operator feedback, flight control, flight control modes | Aviation |
Lessons Learned and Best Practices Applying CAST Stephen Palyok (American Airlines) ▷ Show descriptionBest practices for facilitating a CAST, to include:
- The facilitator's roles and responsibilities
- The size, knowledge, and roles of the project group
- Structure of interviews and investigation
- How to report out CAST to non-technical leaders Aviation, Airline, CAST, Systems Thinking, American, | Aviation |
STPA for Resiliency, Autonomy, and MBSE (Oh My) Kip Johnson (AF Institute of Technology) ▷ Show descriptionLightning talk will highlight recent and current STPA research at AFIT to include: autonomous fighter aircraft, resilient space architecture, and SysML-RAAML integration efforts to achieve DOD digital engineering mandates. STPA, coordination, space architecture, autonomy, RAAML, MBSE | Aviation |
STPA Applied to a Machine Learning Aircraft Before Flight Testing John Thomas (MIT)
Ryan Bowers (US Air Force) ▷ Show descriptionThis talk investigates the utility of STPA for analyzing safety before flight testing an Uncrewed Air Vehicle (UAV) controlled by a neural network-based flight autonomy software. The host UAV included various control regimes and handoffs over the course of a sortie including human control, traditional autopilot, and an artificial intelligence autonomy software trained using Deep Reinforcement Learning (DRL) machine learning techniques. The flight test operational environment included flight in both civil and restricted airspace, and at least one nearby crewed chase aircraft to observe the UAV in flight. STPA was applied after traditional airworthiness and safety assessment processes but before flight test to identify and mitigate potential new hazards associated with the UAV technology and its operation. Artificial intelligence, machine learning, autonomy, flight test | Aviation |
How to Teach (and Not to Teach) STPA in Big Tech Garrett Holthaus (Google) ▷ Show descriptionThis talk presents lessons learned from teaching STPA at Google:
- Traditional STPA examples of physical systems are not easily relatable for software developers, and can lead to skepticism regarding STPA’s value
- We achieved higher learner engagement by giving examples of STPA applied to actual Google infrastructure and software
- We increased interest in STPA by emphasizing STPA’s ability to analyze feedback paths, something not addressed by other software design/risk analysis methodologies.
- To accommodate busy schedules, we are pursuing a tiered approach with initial, short tutorials to capture interest, then a multi-day workshop to practice applying STPA on a real system.
Training
Software systems
Adoption | Internet |
How to Introduce STPA to Leadership John Thomas (MIT)
Bill Young (Security Concepts and Strategic Design, LLC) ▷ Show descriptionInstructors will share successful approaches to introduce STPA to management executives. Participants will be asked for questions they've gotten from their leadership and any stumbling blocks encountered when introducing new approaches. A set of slides to introduce STPA to leadership will be provided to participants. | General |
STPA Applied to Coordination and Teaming Andrew Kopeikin (MIT)
Kip Johnson (AF Institute of Technology) ▷ Show description-Introduce STPA for coordination and teaming, and analysis of unsafe collaborative control
-Beneficial for those wanting to learn additional STPA guidance to model and design multi-controller system architectures and interactions
-Discussions and examples from the aerospace industry | General |
Overview: VisualPro STPA Tool BumSeok (Dave) Kim (VWAY) ▷ Show descriptionThis lightning talk will provide a quick overview of the VisualPro STPA Tool STPA tool
CAST tool
Integrated tool | Tools |
Overview: STPAmaster Lite Andrej Lališ (AKAENE Partners) ▷ Show descriptionThis lightning talk will provide a quick overview of the STPAmaster Lite tool automation; hazard analysis; software tools; System-Theoretic Process Analysis | Tools |
VisualPro STPA Tool by VWAY BumSeok Kim (VWAY) ▷ Show description- Auto-report data to Word, Excel, and Powerpoint
- Integrated analysis support with CAST, FMEA, and FTA
- Support for user customization capabilities | Tools |
STPAmaster Lite - the New STPA Automation Tool Andrej Lališ (AKAENE Partners) ▷ Show descriptionSTPAmaster is a solution to integrate STPA with safety management systems and systems engineering applications. Some of its core features were implemented into the “STPAmaster Lite”, a free Google Sheets-based STPA tool. Its main features are:
- Support of the entire STPA
- Automation of routine work
- Check for basic errors
- Simple and universal application | Tools |
STPA Applied to Destructive Human Behaviors Elizabeth Baker (VCU) ▷ Show description- Destructive behaviors (DB) are those exhibited by individuals who injure themselves or others and are unable to continue to function as part of a unit.
- Using STPA to understand the causes underlying DB onset within key at-risk Navy populations
- Presents an example of applying STPA to investigate organizational and leadership aspects of an organization’s safety management system
- Gives insight into the utility of using STPA to evaluate social and organizational aspects of the system for hazards safety management system; human factors; social systems; organization factors | Healthcare |
Augmented Reality for Crisis Management in the Operating Room: A System-Theoretic Process Analysis Approach Ryan Harari (Harvard) ▷ Show description- This work utilizes a systematic approach (STPA) to better understand OR crises (e.g. asystolic cardiac arrest, air embolism, unexplained hypotension/hypoxia), which can be crucial for designing effective support tools and protocols to enhance patient safety.
- Detailed analysis of unsafe control actions and inadequate feedback for each role (surgeon, anesthesiologist, nurse) helps in understanding specific pitfalls and improving response strategies during OR crises.
- Identifies potential mental model flaws that could affect decision-making processes.
- Designed and tested an AR application to address some potential decision-making pitfalls due to flawed mental models. STPA, Patient Safety, Control Actions, Mental Models, Augmented Reality (AR)
| Healthcare |
Innovation and Lessons Learned from Applying STPA for Medical Device – Next Generation Automated External Defibrillator (AED) Mark A. Vernacchia (The SSE Group, LLC)
Lawrence Wong, PhD (Department of Radiation Medicine and Applied Sciences, UC San Diego) ▷ Show description- Design improvements to address ineffective user-device interactions.
- STPA's usefulness in elucidating and characterizing these problems, including language barrier, rescuer stress, coordination among multiple bystander rescuers, etc.
- Analysis decisions included choice of hazard statements, the rationale for arranging the elements in the control structure, the identification of unsafe control actions and causal scenarios, and results organization are explored.
- Presentation facilitates wider application of STPA for medical device design by showcasing the ability to innovate the next generation of AED with the use of STPA and highlighting key analysis decisions and results. STPA medical devices processes next generation AED SAE STPA Recommended Practice J3187-5 | Healthcare |
Application of CAST in Site Identification Safety in Interventional Radiology (IR) Jasmine Ghorbani, Melissa Marquez, and Patrick Samedy (Memorial Sloan Kettering Cancer Center) ▷ Show description- Safety Analysis Overview: Approach, Project Management, Findings, Implementation Plans
- Experience with CAST Application: Application Specifics, Comparison with Traditional RCA, Complements with Human Factors Methods, Timeline, Lessons Learned/Takeaways, Future Applications
- Key Findings:
-- CAST can generate unique findings outside of traditional RCA, SEIPS PETT Scan,
etc.
-- Control structures are effective models to visualize systems and identify
areas of focus and improvement
-- CAST is a valuable and feasible tool to be used in safety analyses of health
systems Systems Safety, Healthcare, Interventional Radiology, Site Identification, Wrong Site Procedures, Human Factors, Safety Culture, Complex Systems | Healthcare |
STPA Applied to Safety of Healthcare Data Rodrigo Rose and Polly Harrington (MIT) ▷ Show description- We demonstrate an application of STPA to a complex, sociotechnical system
- We identify systemic factors that underly adverse events involving laboratory medicine
– We propose recommendations to address the systemic factors Healthcare, sociotechnical, safety, data | Healthcare |
The Role of the STAMP Model in the Emergence of AI Perils Mikela Chatzimichailidou (University College London)
Ioannis Dokas (Democritus University of Thrace)
Liucheng Guo (Tangi0 LTD) ▷ Show description- Focus: ethical and safety concerns of AI
- Key issues: (1) the value of introducing a universally accepted definition of safe AI; (2) the value of appropriate standardisation and interoperability in AI.
- Problem: how do we regulate something we do not understand or something that is constantly changing?
- Solution: use of STAMP (and STPA principles) to help understand the meaning of ‘safe AI’ and lay the foundation and structure towards regulating AI safety
- Outcome: create a set of regulatory AI Accountability and Responsibility Tools based on STAMP in collaboration with regulators AI safety, regulations, STAMP model, uncertainty | AI |
Using ChatGPT to Perform STPA John Thomas (MIT) ▷ Show description- Summarizes observations from using ChatGPT to perform STPA.
- Compares the differences between coaching a human STPA team vs. coaching ChatGPT to perform STPA correctly and fix mistakes
- Briefly models the human facilitator / ChatGPT control loop to identify concerns to mitigate | AI |
Boeing High Energy Management System (HEMS) Lori Smith, Marc Nance, Phil Specht, Jesse Goodman, and Peregrin Spielholz (Boeing) ▷ Show description- As aerospace products have become increasingly complex, defining and ensuring worker safety during building, testing and maintaining products has also become more challenging.
- Engineering team selected STPA as the analysis method to determine how future aircraft and other products can be designed to reduce the risk to mechanics and maintainers as they conduct their tasks.
- STPA was used to analyze each of the subsystems with the goal of writing a set of system-level requirements to be included in the design of the next models of aircraft.
- The systems analysis using STPA resulted in generating a robust set of requirements that were complete and of high quality. High Energy management on aircraft worker safety | Aviation |
Generating STPA UCAs for Flight Testing Dulnath Wijayratne, Jordan Stringfield, and Darren McDonald (Boeing) ▷ Show descriptionThe authors of this presentation struggled to produce a set of UCAs that felt complete in regards to flight test applications. They developed a technique to visualize control actions in the time domain to aid in UCA development
- Understanding our Struggle with UCA development
- Visualizing UCAs using timing diagrams
- Using the visualization to develop UCAs. UCA, flight test, timing, phases | Aviation |
STPA at Boeing: Driving Safety Requirements for Future Aircraft Design Verdiana Ciriello and Paul Lambertson (Boeing) ▷ Show descriptionDuring our STPA project for future aircraft design, we used a diverse team which included test pilots, engineers and designers to work on the project. Pilot involvement has been a unique and extremely helpful addition: they are inherently “systems thinkers” and fantastic at supporting all phases of the STPA process. We used STPA in the concept development phase to uncover unknown unknowns, before an aircraft architecture was developed, allowing us to use the control structure as a bases for future aircraft architecture. Our biggest finding so far has been that STPA allowed us to develop a set of requirements where 90% of them were either improving a previous set or were new requirements Boeing, Product Development, systems engineering, aircraft design, pilots | Aviation |
Using STPA to Identify and Challenge Assumptions During Aircraft Certification Kyle Ryan (Boeing)
Dave Cummins (Bell Flight)
John Thomas (MIT)
Aaron Katz (NATCA Human Performance) ▷ Show descriptionDuring civil aircraft certification, we often make assumptions used to bound failure condition effects, their classification, and therefore the resulting design level of rigor. This presentation will show some ways in which STPA can be used to challenge the assumptions made, and provide useful insight into their validity early on in the safety assessment process. Transponder, human factors, workload, degraded safety margins, collision, ATC | Aviation |
Comparison of Hazard Analysis Methods Applied to Flight Safety Systems Antonio Vinicius Diniz Merladet (Brazilian Air Force)
Chiara Manfletti (Technical University of Munich. Chair of Space Mobility and Propulsion)
Carlos Henrique Netto Lahoz (Aeronautics Institute of Technology (ITA))
Diogo Silva Castilho and Rodrigo de Melo Silveira (Brazilian Air Force) ▷ Show description- Comparisons of STPA with Traditional Hazard Analysis Methods for applications related with Flight Safety Systems for Launch Vehicle Operations.
- Some Safety Constraints, Loss Scenarious and Recommendations obtained by STPA application were not acquired from other applications.
- The research highlights advantages of STPA in front of other hazard analysis methods based on the results of this specific application. Comparison of hazard analyses methods; STPA; FTA; FMEA; HAZOP; FHA; CCA. | Aviation |
STPA for Security - What We've Learned Over a Decade Bill Young (Security Concepts and Strategic Design, LLC) STPA-Sec, System Security Engineering, Cybersecurity, System Analysis | |
FAQ about STAMP / STPA / CAST Nancy Leveson (MIT) ▷ Show descriptionQuestions (and answers) that were most frequently asked by STAMP Workshop participants this year. | General |
STPA Standards John Thomas (MIT) ▷ Show descriptionSummary of international standards and industry guidance documents that involve STPA | General |
STPA Adoption Hurdles - an Experience-Based Perspective Sushil Birla, Mauricio Gutierrez, and Norbert Carte (U.S. Nuclear Regulatory Commission (NRC)) ▷ Show description* Overview of the NRC staff’s recent efforts to grow the capability to review an applicant’s STPA.
* Lessons learned to support capabilities to review STPA-based or STPA-informed submittals. NRC, Nuclear, Regulation, Regulator | Nuclear |
Applying STPA in Car Series Production Sebastian Kaiser and Florian Wagner (msg Plaut Austria GmbH) ▷ Show description- ISO 26262 work products are obligatory for certification and assessment in the European Automotive industry
- Deriving ISO 26262 and ISO 21434 work products efficiently from STPA results
- Prioritizing STPA results in line with ISO 26262 Automotive
STPA prioritization
ISO 26262
Car series production | Automotive |
Managing Technical Project Risks Using STPA Shufeng Chen (WMG, University of Warwick) ▷ Show descriptionThe author would like to present a recent application of STPA to model the structure of a government-funded project related to the development of EVs. The analysed system involves a diverse range of stakeholders, including regulators and funding authorities from the Government, certification agencies related to vehicle type approval and ISO26262 certification, funded stakeholders involving the EV OEM and its tier 1 and tier 2 suppliers, vendors of relevant parts, and the public.
Motivations of the application:
1. To provide project stakeholders insights into the project structure.
2. To identify existing or potential flaws of the project structure.
3. To create a blame-free working culture. Project risks, system-thinking, teamwork. | Automotive |
Limitations of Commercial Aviation Safety Assessment Standards Rodrigo Rose (MIT) | Aviation |
Recommendations for Flight Safety Systems Through STPA Application Antonio Vinicius Diniz Merladet (Brazilian Air Force)
Carlos Henrique Netto Lahoz (Aeronautics Institute of Technology (ITA))
Chiara Manfletti (Technical University of Munich)
Diogo Silva Castilho and Rodrigo de Melo Silveira (Brazilian Air Force) ▷ Show description- Application of STPA to improve safety measures for Launch Vehicles and Flight Operations.
- Proposure of safety measures for Launch Vehicles and Flight Operations.
- Safety recommendations obtained from systemic analysis and previous launch operations and evaluation processes of flight safety systems.
- Recommendations were compared with international standards and regulations with suggest improvements to obtain suggestions of improvement and to promote uniformity. Launch Vehicles; Launch Operations; Flight Termination Systems; FTS; Flight Safety Systems; FSS. | Aviation |
Applying STAMP at an Enterprise Level to Improve Human Factors Integration in the Design, Operation and Maintenance of the GB Railway System Richard Bye (Network Rail)
Meaghan O'Neil (System Design and Strategy) ▷ Show descriptionFocusing on the management of safety and performance risks on railway infrastructure projects, we have applied STPA to model the feedback loops and enterprise-wide controls that are activated by the integration of human factors interventions as part of engineering safety management.
This presentation will highlight how the work has allowed us to:
-Understand the processes and incentives which govern system development.
-Identify opportunities to improve the efficiency with which human-centred design is embedded into projects at all phases of the lifecycle.
-Create a reference model to test and iterate structural changes for the coordination and control of human systems integration. STPA Enterprise Application
Rail
Human Factors and Ergonomics
Human Systems Integration
Safety Management System
HF | Rail |
STPA at Europe's Rail Felix Schaber (Hitachi Rail) ▷ Show descriptionThis presentation shares opportunities, challenges and lessons learned in integrating STPA as part of Europe’s Rail landscape.
Topics include:
- Strategies to integrate exisiting requirements into the STPA process
- Linking STPA results to solution concepts
- Validating assumptions Rail, ERJU, ETCS, Moving Block | Rail |
Architecture Viewpoints of STPA Analysis Thiago R. da Costa, Bruna S. Queiroz, and Carina Carla A. F. Silva (EMBRAER) ▷ Show descriptionFor this presentation, the authors will discuss about how the STPA results should be integrated into an Architecture Framework to communicate the recommendations, requirements and scenarios to the project team and stakeholders.
Architecture framework is important as it helps to manage the complexity of the system and to create visualizations, models, and viewpoints, which must be understandable. Architecture frameworks establishes which results are focused on a set of objectives and integrates different perspectives for managing decisions, information, interfaces.
Thus, it will be presented an Architectural Framework containing a set of viewpoints for the STPA Analysis and its typical contents. Aviation, Architecture Framework, STPA, Viewpoints | Aviation |
STAMP and ISO 20517: Cybersecurity for Space Standard Carlos Lahoz (Instituto Tecnologico de Aeronautica IT) ▷ Show descriptionThe lightning talk will highlight the new ISO standard in construction, which explains the kinds of cyber threats in space, the goals of this initiative, and how STPA was recommended as a better approach to cybersecurity analysis to be applied in space systems. cybersecurity, space system, STPA | Space |
STAMPing into the Future: Leveling Up Safety at Google Tim Falzone (Google) ▷ Show descriptionThe presenters will show how they are approaching the challenges of integrating STAMP methods into Google's engineering culture:
- Preventing waterfall delivery of analysis results
- Teaching control structure modeling and UCAs
- Working with an informal requirements engineering culture | Communications/IT |
Empirical Evaluations of STPA in the Aviation Industry John Thomas (MIT) ▷ Show descriptionOver the last decade, STPA use in aviation has led to thousands of publications including findings and lessons learned from industry use. Past MIT STAMP/STPA workshops have hosted 60 presentations from the aviation industry with independent evaluations and findings from applying STPA. This talk will review the empirical data that exists from the aviation industry to date, including lessons learned, mistakes to avoid, and what is known and not yet known about STPA in aviation. | Aviation |
Implementing STAMP at the World's Largest Airline Stephen Palyok (American Airlines) ▷ Show description- The program structure of American Airline's STAMP program
- CAST/STPA is widely accepted and understood at American Airlines
- CAST leads to deeper insights compared to traditional industry methods
- STAMP helps reinforce resiliency within our systems | Aviation |
Application of CAST to Producibility Loss in Aerospace Manufacturing John Barstow (MIT) ▷ Show descriptionAerospace manufacturing faces a challenge in combining cutting-edge technology and long product lifecycles, which can lead to significant process model divergence within production systems and result in producibility problems. This talk presents a CAST analysis of a loss of producibility following a transfer of a manufacturing process from one facility to another.
Key findings:
-Configuration control measures must be designed with an understanding of their limitations, and assumptions about supplier processes must be carefully validated.
-Production organizations must be designed for the task they are assigned to accomplish, based on experience and experimentation whenever possible. | Aerospace, Aviation, Manufacturing |
STAMP Considerations at Embraer Carina Carla Aparecida Felipe da Silva (Embraer) ▷ Show descriptionThis presentation highlights how the STAMP application integrates Embraer Requirements Engineering process. | Aviation |
System Safety for Teams of Collaborative Controllers Andrew Kopeikin (MIT) ▷ Show descriptionTeams of controllers exhibit complex collaborative interactions that can be defined and captured using Systems Theory or STAMP. This talk defines those interactions and introduces extensions to STAMP/STPA to systematically identify causal factors associated with collaboration. The technique has been demonstrated to help analyze novel human-machine and multi-machine teaming systems. | Aviation |
Using STPA to Improve Robotic Manufacturing of a Rocket Motor Bryan Smith, Jeremy Hatch, Paul Clark, and Garrett Cranney (Northrop Grumman) ▷ Show descriptionApplication of STPA to solid rocket manufacturing, particularly with respect to automated propellant cutting, has provided insight into the design and development of the process. Some of those key insights are:
1. A change in the perspective of the analysis from motor centric to robot centric
2. Inclusion of an independent chip catcher
3. How to handle abort commands with this delicate process
The framework provided by STPA has been influential in seeing the overall connectivity of the various components in the control structure and consequently in designing a better process. | Defense, Space, Manufacturing, Robotics |
Google STAMPing into the Future: Deep Dive Ruben Barroso (Google) ▷ Show descriptionThis talk will share a few lessons that we've learned while incorporating safety into Google's engineering culture in the areas of education, SME engagement, analysis completeness, and CAST. | Communications/IT |
STPA and CAST at American Airlines: Deep Dive Stephen Palyok (American Airlines) ▷ Show descriptionLessons learned and strategy from our implementation of STAMP at American Airlines.
- Feedback is important
- Union buy-in is critical
- CAST/STPA is different than traditional models
- STPA can be used on existing systems. Even less complex systems! | Aviation |
Panel and Q&A: Introducing STAMP / STPA / CAST into an Organization Gus Larard (Air Hong Kong)
Stephen Palyok (American Airlines)
Tim Falzone (Google)
William Young (USAF, ret.)
Marcos Viana Tavares (Embraer) | Aviation, Communications/IT, Defense |
Discussion of FAQ Submitted by Workshop Attendees Nancy Leveson and John Thomas | General |
Analyzing Operational Decision-Making of Radiotherapy with Systems-Theoretic Process Analysis Lawrence Wong and Todd Pawlicki (UC San Diego Health) ▷ Show description- Systems-Theoretic Process Analysis (STPA) is applied to investigate decision-making for a novel approach to radiotherapy.
- The analysis process spanned the phases of STPA familiarization, results generation, and results finalization. Facilitation of the analysis was achieved through videos, electronic worksheets, and virtual meetings.
- Nontrivial causal scenarios involve inaccessibility of feedback, mismatch between the feedback and the mental model required for good decision-making, and under-specification of control input.
- STPA provides an effective technique to examine operational decision-making in radiotherapy. Targeted facilitation to leverage domain expertise is a feasible app | Healthcare |
Application of STPA to the U.S. Diagnostic Laboratory Data Ecosystem Rodrigo Rose and Polly Harrington (MIT) ▷ Show descriptionThis presentation outlines the preliminary findings from an application of STPA to the safety of diagnostic medical data in the United States. We present a model of the sociotechnical system, developed through 30+ interviews with subject matter experts representing laboratories, care facilities, health IT vendors, regulatory bodies, public health agencies, patients, and more. We identify UCAs and scenarios, and provide both targeted and general recommendations to improve the safety of the ecosystem, with
particular attention to missing or weak control loops. | Healthcare |
Developing Control Structures for Complex Sociotechnical Systems Polly Harrington and Rodrigo Rose (MIT) ▷ Show descriptionDeveloping a comprehensive control structure for sociotechnical systems presents challenges for the adoption of STPA. We present a process for iteratively developing a control structure. Using the diagnostic laboratory data ecosystem as a case study, we will walk through the process of starting from scratch and iteratively fine tuning a control structure. Topics include identifying missing information, interview techniques, and common obstacles and ways to address them. | Healthcare |
STPA Driven Design for Digital Twin and Lessons Learned for Facilitators Meaghan O'Neil (System Design and Strategy / INCOSE)
Richard Bye (Network Rail) ▷ Show descriptionThis presentation will provide recommendations for the application of STPA in the early phase of design. It will include a specific focus on:
-Facilitation of STPA
-Application of STPA outcomes to the design of digital twins | Rail |
Human Factors in the Control Loop: A Case Study of the Use of STPA for a Rail Innovation Project Richard Bye (Network Rail)
Meaghan O'Neil (System Design and Strategy Ltd) ▷ Show descriptionAlthough human-system integration approaches are necessary for the effective design of socio-technical systems, there are few methods that can successfully combine the considerations of mental models with those of technology process models. This presentation will demonstrate that:
- STPA control structures are useful cognitive artifacts that offer decision making stability in the face of strategic uncertainty.
- Blending STPA with human factors methods can surface system vulnerabilities and unlock opportunities for creative decision making and innovation.
- STPA provides structure and processes to consider humans and machines as collaborative agents during the design of complex systems. | Rail |
Introducing STPA to a Regulator: Lessons Learned from Providing STPA Training and Facilitation John Thomas (MIT) ▷ Show description- The Nuclear Regulatory Commission (NRC) has investigated STPA and CAST through a series of formal training classes and workshops
- NRC staff including Digital I&C, Human Factors, PRA, Fault Tree Analysis, Cyber Security, and other SMEs participated
- NRC staff learned the methods, applied them in hands-on work shops, evaluated the methods, and developed conclusions and recommendations
- This talk will review the findings developed by NRC staff related to future STPA and CAST use by regulators as well as by industry training classes courses education facilitating facilitators | Nuclear, Energy |
Prioritizing the Results from STPA - Case Study of Battery Ferry Hyungju Kim (Norwegian University of Science and Technology - NTNU) ▷ Show description- Introduction to a novel power supply concept for battery ferries and its demonstration
- STPA results of the novel concept: main findings and challenges
- Prioritizing the results: method and results
- Discussion for prioritizing STPA results and future works | Maritime |
The Utilization of STPA on a Ship Navigation System Marios-Anestis Koimtzoglou, Nikolaos P. Ventikos, and Konstantinos Louzis (National Technical University of Athens - NTUA) ▷ Show descriptionThe talk will refer to the application of STPA on a ship’s navigation system in order to identify leading indicators for monitoring the level of marine safety, including the following aspects:
- The importance of establishing efficient leading indicators concerning accidents’ prevention in the maritime domain.
- The way STPA was applied.
- The results of the implemented methodology, including the control structure and the assumption based leading indicators. The derived leading indicators are related to human factor, concerning aspects such as fatigue and situational awareness.
- Discussion about the usefulness of STPA as a method for establishing leading indicators in the maritime domain. | Maritime |
RAAML Compliant Based STPA Tool Integration at L3Harris Technologies Reid Archibald (L3Harris) ▷ Show description- L3H SAS is increasingly utilizing MBSE techniques to design system architectures
- STPA has been adopted within L3H SAS as a safety analysis method because it can be incorporated into a MBSE environment
- OMG recently released (2021) a new standard, Risk Analysis and Assessment Modeling Language, which includes standard relations for creating STPA elements within a SysML model.
- L3H SAS has recently developed a RAAML compliant tool to perform STPA analysis within a SysML model. This presentation highlights some of the lessons learned along this journey. | Defense |
STPA Applied for Energetic Materials Handling in Research Laboratories Karen Stephanie de Andrade (Brazilian Air Force / LMU) ▷ Show descriptionIn this presentation, we will exhibit a fascinating research that showcases the successful application of STPA (Systems-Theoretic Process Analysis) to a unique system. Our analysis focused on activities with energetic materials in research laboratories by identifying potential hazards, reducing damages and mishaps, optimizing performance, and minimizing wasted time and materials. We will discuss how the use of STPA led to the discovery of new solutions and opportunities for improving safety and operational efficiency in the laboratory. | Laboratory |
STPA Automation Tool Andrew Miller (Motional AD) ▷ Show descriptionSTPA Automation Tool:
- Provide a template for the STPA analysis
- Guide the user through the STPA process
- Automate some of the manual work that is necessary to perform an STPA
Tool is built in Google Sheets and will be free for use in the STAMP community. | Automotive, Tools |
STPA Standards, Certification, and Accreditation John Thomas (MIT)
William Young (U.S. Air Force - USAF, ret.) ▷ Show descriptionThis talk will review the state of industry standards that incorporate STPA and recent milestones in STPA certification. A uniform set of requirements has been defined for individual certification, and the International Center for STAMP Certification and Accreditation has been created to oversee accreditaion of qualified STAMP/CAST/STPA educational programs. The center's mission is to enable high-quality CAST and STPA work products by recognizing qualified practitioners and defining a uniform standard for CAST and STPA practice, facilitation, and training. certificate training classes courses education facilitating facilitators | General |
Welcome and New Developments in STAMP/STPA/CAST Nancy Leveson and John Thomas | |
Scaling STPA at Google Tim Falzone (Google) ▷ Show descriptionThis talk will cover the path Google has taken to introduce and scale up the use of STPA in our engineering organizations. We will discuss lessons that we have learned, show examples of results and findings, and highlight key insights that we have had along the way. | Communications/IT |
SAE J-3187 STPA Recommended Practices - Update Mark A Vernacchia (General Motors - GM) ▷ Show description- The publication of J-3187 marks the conclusion of a three (3) year effort to develop and publish the first authoritative document addressing the use of STPA for system critical system evaluation.
- During its development, content making it valuable to other industries has been added to produce a more comprehensive document useful to aerospace, defense, regulatory agencies, and such. J-3187 enhancements to include more cross industry content are planned.
- J-3187 was written by experienced STPA practitioners who shared their collective knowledge on how to develop appropriate safety requirements to prevent or manage potential hazards discovered during the STPA process. | Automotive |
A Systemic Approach to Aircraft System Supportability Carina Carla Aparecida Felipe da Silva, Claudio Medrado Filho, and Alexandre Magno Pinto (EMBRAER) ▷ Show descriptionThis presentation explores supportability of an aircraft system aiming to proactively incorporate it in concept definition in the Systems Engineering Processes. System-Theoretic Accident Model and Process (STAMP) approach provided the foundation for the analysis conducted herein, strengthening the perspective on how to avoid value losses related to support activities. Results bring important life cycle concerns into consideration for a “design-in” perspective for an aircraft system in conceptual studies. | Aviation |
ICAO Safety Management Panel and the Need for Improved Safety Risk Management Methodology and Tools João Garcia (Vice-Chair of SMP at ICAO)
Bongi Mtlokwa (Chair of SMP at ICAO) | Aviation |
Operationalizing Positive Culture in Aerospace Manufacturing Using CAST, Systems Engineering Principles and Human Factors Methods Jess Reid and Liisa Hammer (Boeing) ▷ Show descriptionNegative safety culture in a manufacturing environment is detrimental to not only personnel safety but also product safety and quality, and has subsequent undesirable impacts on schedule and morale. Implementing positive culture change in an organization to address these problems is no easy feat. By applying systems thinking with Systems-Theoretic Accident Model and Processes (STAMP), systems engineering principles and human factors methods, we have identified systemic causal factors of the negative safety culture and applied targeted actions to improve the culture across all organizational levels and multiple site locations in a way that will last and transcend personnel turnover. | Aviation |
System-Theoretic Process Analysis (STPA) Evaluation of Boeing's Automated Test Maneuvers (ATM) System Darren McDonald, Shannon Clark, Jordan Stringfield, and Dulnath Wijayratne (Boeing) ▷ Show descriptionThe Boeing Company's Automated Test Maneuvers (ATM) system is designed to execute flight test maneuvers with consistent, error free computer generated inputs. In this presentation, we’ll show how Boeing used the STPA process to generate requirements for special test equipment and we’ll discuss how the verification of those requirements in our simulator and ground tests uncovered some software bugs, test documentation and crew actions that needed correcting before first flight. flight test | Aviation |
A Top-Down, Safety-Driven Approach to Architecture Development for Complex Systems Justin Poh (MIT) ▷ Show descriptionModern systems are becoming more complex, interconnected and software intensive. As a result, it is becoming more challenging to develop good system architectures using current methods that rely on decomposition. Instead, the architecture development process should consider system-level interactions and unsafe behaviors early so that the necessary interactions and behaviors can be designed into systems from the beginning. This talk will discuss a new approach to architecture development that does this by integrating STPA into the architecture development process and using the analysis results to drive the identification of system requirements and the development of a system architecture. | Aviation |
Lessons Learned from STPA Applications Meaghan O'Neil (System Design and Strategy Ltd) ▷ Show description- Lessons learned from a systems engineer with 18+ years’ experience who has applied STPA as well as served as an STPA trainer, coach, and facilitator. These are based on experiences from applying STPA in several domains including: Healthcare delivery, medical device, automotive, aviation, manufacturing.
- Common challenges team face when applying STPA
- Recommendations on applying STPA | Healthcare |
Applying CAST to Analyze an Incident in Radiation Therapy Natalia Silvis-Cividjian (Vrije Universiteit Amsterdam) ▷ Show descriptionRadiation therapy is a technique that treats cancer using ionizing radiation. The challenge is to maximize the dose in the tumor while sparing healthy tissue. The process is complex involving hardware, software and people and therefore suitable to be modelled using STAMP. We applied STAMP-CAST to understand one incident occurred in a radiation therapy center. In this presentation we show how CAST helped us to:
- Share responsibility while avoiding blame
- Reach and interview involved persons “close to the fire”
- Suggest recommendations to improve safety culture in RT
- Raise new human factors-related research questions | Healthcare |
Clinical Governance Hazard Analysis; Using STAMP to Detect Knowledge Flow Hazards in a Major Health Care Organisation. Wallace Grimmett (MATER Health) ▷ Show descriptionThe task facing our clinical governance team was to analyse how a healthcare structure learns and passes that knowledge through the organisation. The hypothesis being explored was a lack of correct knowledge for any operator critically affects the process model. For the purposes of hazard analysis, there was little difference between the analysis of the physical systems analysed by STPA, and the more ethereal “knowledge flow.” Indeed, exploration of this concept by the team proved useful in identifying hazards, leading to insights into how to mitigate these hazards. Importantly the STPA proved easy to explain to an uninitiated senior executive. | Healthcare |
Safety in Hospital Medication Administration Applying STAMP Processes Elizabeth White Baker (Virginia Commonwealth University) | Healthcare |
Applying CAST to Healthcare Investigations: Does It Add More? Nick Woodier, Helen Jones, and Matt Wain (Healthcare Safety Investigation Branch) ▷ Show description- Application of CAST to a medication incident in English healthcare.
- Discussion of the complexity of the English healthcare system and its impact on safety.
- Reflections on the usability of CAST for organisation-based healthcare investigators.
- Reflections on the comparison of findings between SEIPS and CAST for the incident of interest. | Healthcare |
Introducing STPA to Interventional Radiology Within a Large Hospital Patrick Samedy, Bae Chu, Michael Bellamy, Jasmine Ghorbani, Darby O'Keefe, and Melissa Marquez (Memorial Sloan Kettering Cancer Center) ▷ Show description- How STPA was introduced to a complex subsystem of a large healthcare institution
- Performing STPA with a multidisciplinary team in a virtual setting
- Key impacts of a systems approach | Healthcare |
Using STPA to Assure a Safe Operation of Autonomous Mobile Robots in Public Spaces Danilo da Costa Ribeiro, Tim Brockmeyer, and Martin Griesser (Ph.D.) (Continental Teves AG & Co. oHG.) ▷ Show descriptionThe introduction of autonomous mobile robots in everyday life, although very exciting, comes with new hazards. These must be identified and mitigated. This enables a broad operation and public acceptance can be achieved.
- Scope of the presentation: Autonomous mobile robots at Continental and how a public operation can be enabled.
- Challenge: Lack of established safety standard and experience for this specific type of complex operation.
- Development: STPA was used to model the system (robots and environment), identify hazards, and generate requirements.
- Results: Benefits and challenges from using STPA in the development of a robust safety assessment. | Robotics, Automotive |
STPA for Autonomous Vehicles Functions Anas Shahzad, Mona Noori, and Ali Nouri (Volvo Cars) ▷ Show description- Autonomous Driving (AD) promises to make the roads safer by replacing humans with software and hardware. However, AD is complex and software-intensive, and to assess its safety, analysis methods should be employed along with testing and validation to catch the mistakes during the design phase.
- STPA can be used to find functional insufficiencies and misuses as proposed by ISO/FDIS 21448 (safety of intended functionality). In this presentation, STPA is applied on a closed-loop AD function architecture. Based on the iterative STPA steps, unsafe control actions were identified and consequently critical safety requirements were specified, and two examples are presented. | Automotive |
STPA and Autonomy: Friends or Foes? a Case Study Analysis Laure Buysse (KU Leuven)
Manie Conradie (Sirris)
Dries Vanoost and Davy Pissoort (KU Leuven) ▷ Show descriptionAutonomous systems offer tremendous opportunities. However, analysing and assuring the safety of these systems remains a major challenge. Due to their rising complexity, the increasing popularity of AI and inclusion of COTS, through-life safety assurance is by no means straightforward. STPA is a promising analysis technique, but has yet to be studied in depth in the field of autonomous systems. This presentation discusses difficulties, benefits and provides general guidance around applying STPA to autonomous systems. The work presented here is based on practical case studies. An autonomous mobile robot is used throughout the presentation to illustrate the results. | Robotics, Automotive |
Use of STPA for Analyzing Information Gaps in Distributed Autonomous Systems Tom McDermott (Stevens Institute of Technology)
Dennis Folds (Lowell Scientific Enterprises) | Aviation, Maritime |
Application of STPA-Sec in Military Systems Gabriel Luis de Oliveira and Amanda Iriarte Quilici (AEL Sistemas) ▷ Show descriptionThe purpose of this presentation is to share the experience of applying the STPA in a military Data Link project at AEL Sistemas, focusing on the security area. It will describe the way we introduce the framework inside the company and the effort necessary to perform it. Furthermore, we will explain about our outputs and why the STPA was a benefit when applied in the security analysis, being an advantage not only to the project but to the company as a whole. The analysis itself is confidential and only illustrative examples will be shown. | Aviation |
Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System Paulo Mendes (Xmobots)
Marcelo Sousa (UNIFEI) ▷ Show description- Application of the STPA technique in the development of the power generation system of a hybrid agricultural drone.The system has a generator that uses the fuel energy and transform to electrical energy, to supply the drone consumption. The system also has a battery pack as backup.
- With STPA technique it was possible to obtain a robust product at a low cost. The requirements, besides defining a minimum life limit for each piece of equipment, provided the necessary guidance for the development of the embedded software.
- As a secondary objective to use the guidance promoted by the technique in the maintainability of the aircraft. | Aviation |
A Structured and Comprehensive Air Vehicle Risk Assessment Laurence H Mutuel (Bell Textron) ▷ Show description* How STPA is used to complement techniques from SAE ARP4761 and MIL-STD-882E at the safety process level
* How STPA is used to complement techniques from SAE ARP4761 and MIL-STD-882E at the system safety and software system safety activity level
* What we learned from combining the techniques and what is the value of STPA | Aviation |
Offshore Oil Wells Integrity: Subsea Christmas Tree Analysis Using System-Theoretic Process Analysis (STPA) Lucas Ribeiro de Almeida, Marco Aurélio Pestana, Joaquim Rocha dos Santos, and Marcelo Ramos Martins (University of São Paulo) ▷ Show description- An analysis using STPA of a Subsea Christmas Tree (oil rig equipment) was conducted following the steps described in the STPA handbook.
- A strange behavior was detected in the SCS of the system, with great potential to generate loss scenarios.
- STPA could identify causal factors related and not related to component failure events in a more manageable way by structuring the loss scenario generation.
- It was identified that only one third of the loss scenarios are related exclusively to physical equipment failures. Thus, it’s reasonable to conclude that STPA can expressively potentialize an analysis using PRA. | Process |
STPA for Passenger Ship Safety Analysis in Bangladesh Md Imran Uddin (Accident Research Institute - ARI, Bangladesh University of Engineering and Technology - BUET)
Dr. Zobair Ibn Awal (Bangladesh University of Engineering and Technology - BUET) ▷ Show description- Being a riverine country, inland water transport is the most popular mode of transport in Bangladesh. However, more than 90% of fatalities in inland waterways are involved with passenger ships (launch, steamer, trawler, boat, etc.).
- This study aims to perform a hazard analysis by applying STPA to assess safety situation of passenger ship operation in Bangladesh.
- The study revealed that majority of Unsafe Control Actions (UCA) exist in ‘bridge deck’ of passenger ship and most contributing category of causal factor responsible for occurrence of UCA is ‘human factor’. Besides, predominant category of safety requirements is ‘team management’ among ship crews. | Maritime |
Using CAST for Additional Risk Detection in Boiler Explosions in Brazil Renan Guimarães Landi (University of São Paulo)
Carlos Lahoz (Aeronautics Institute of Technology)
Uiara Montedo (University of São Paulo) ▷ Show description- CAST is used to analyse one of the worst boiler accidents in Brazil, based on the official accident reports.
- CAST identified flaws in the common engineering assumptions, suggesting better solutions to prevent dysfunctional interactions.
- Important causal factors of the accident, not addressed by official investigations, are highlighted. | Process |
A Systems Theoretic Process Analysis (STPA) Approach for Analyzing the Governance Structure of Fecal Sludge Management in Japan Nikhil Bugalia (Indian Institute of Technology Madras) ▷ Show descriptionThe study extends the STPA literature by providing a substantial validity of STPA’s capability for analyzing the Fecal sludge management (FSM) governance structure against robust and independent criteria that define the objectives of a “good” governance structure, i.e., efficiency, accountability, and legitimacy. The STPA results identify novel leading indicators to guide policymakers to improve FSM management. The results also provide valuable insights by highlighting the various features contributing to an effective governance structure of the FSM, such as centralized decision-making in combination of hierarchy of goals to establish a clear division of responsibility across various actors. | Infrastructure, Process, Organizational |
STPA & Assumption-Based Indicators Applied to Teams Arthur Kelderman (Sunbytes) ▷ Show description- Application of assumption-based leading indicators and STPA within the context of organizational structures (teams/departments).
- Defining mission capability.
- Securing team mission capability (protecting against loss of team mission capability) through the use of an effective tailored control structure, including a clear set of assumption-based leading indicators helping loop management and execution to recognize shifting conditions (creating situational awareness).
- After action review and what’s next. | Organizational |
Welcome, Introduction, and New Developments | |
Tutorial: Identifying Leading Indicators Nancy Leveson (MIT) | |
A Sensor Architecture View of the System Control Loop Kristin Nelson-Patel (Akamai Technologies) | Communications/IT |
Tutorial: Enhancing Human Factors Analysis John Thomas (MIT) STPA Human Factors Engineering for Humans new model interactions HF | General |
Security Policy William Young (U.S. Air Force) | General |
Safety-Guided Design: Integrating STPA into the Systems Engineering Process for the Safety of Remote Health Workers Ashley Brooks and Prof. Washington Ochieng (Imperial College London) | Healthcare |
Introducing STAMP to a Major Health Organisation Wallace Grimmett (MATER) ▷ Show descriptionThe aim of this presentation is to outline why a large health care organization chose a Safety 3 approach for a re-organization of Quality and safety Department. Partly it was serendipity; the state health department was issuing guidelines Clinical Incident Guidelines for directors and executive of private hospitals, while its own staff struggled with the practicalities of the same guidelines. Concurrently a major private health organisation was looking at revamping its quality and safety processes. Into this mix STAMP has obvious appeal. It has utility. It is easy communicate it's principles and much of the existing process can be preserved. | Healthcare |
Effectiveness of CAST, 5M and HFACS in Accident Investigation and Prevention LtCol Günter KÄFER (Austrian Air Force)
Ioana KOGLBAUER (Graz University of Technology, Austria) ▷ Show descriptionA re-investigation of a helicopter accident, originally investigated after the 5M-model, shows the broader approach and better effectiveness of CAST compared to 5M. An additional HFACS overlay to the results of the 5M and CAST analysis clearly points out the narrow, "front-line-workers"-oriented approach of 5M an the systemic, management-oriented approach of CAST. Simplification and reductionism by 5M seems to be better suited for short-term, "in the field" risk assessments. For an accident investigation, a more open and holistic approach like CAST appears to be recommended. human factors | Aviation |
STPA at Google Tim Falzone (Google)
John Thomas (MIT) ▷ Show descriptionGoogle has applied STPA as part of Site Reliability Engineering to identify undesirable software interactions and prevent them during design. | Communications/IT |
An STPA on OpenAPS - a Linux Medical Device Milan Lakhani (Codethink)
Kate Stewart (Linux Foundation) | Healthcare |
Leveraging STPA to Create an Improved Risk Matrix Sam Yoo and Dro Gregorian (MIT) ▷ Show description- The risk matrix is a widespread assessment tool that measures probability/severity of a risk to help decision makers
- STPA is applied to improve the risk matrix by introducing a measure of mitigation effectiveness as a proxy for probability.
- A new STPA-Informed Risk Matrix (SRM) is introduced by using two separate methodologies: the scenario based approach and hazard based approach.
- The SRM combines the strengths of STPA and traditional risk assessment to better equip decision makers, particularly with new complex systems. risk matrix prioritize prioritization prioritizing SMS | Aviation, General |
STPA Return on Investment – an Industry Perspective Marc Nance (Boeing Retired, STAMP Engineering Services)
Mark Vernacchia (General Motors - GM)
Lori Smith (Boeing Retired, STAMP Engineering Services) ▷ Show description"Foresight is not about predicting the future; it’s about minimizing surprise”. This quote from futurist Karl Schroeder is relevant to STPA’s value. One of the first management questions asked when considering STPA is what Return On Investment does it provide? This can become a chicken-or-egg dilemma as business leaders rightfully ask what “returns” can be expected from the additional “investment” in performing STPA. This presentation will discuss both “returns” and “investment” for a variety of projects of different sizes and types across several large industry sectors. It will also touch on initial thoughts of how STPA works in a scaled agile framework environment. | General |
Industrialization of STAMP Gus Larard (Air Hong Kong/Cathay Pacific) | Aviation |
Introducing STAMP/STPA at Embraer Viana Tavares (Embraer) ▷ Show descriptionThe following Embraer applications will be covered:
1) STPA – Product Development
2) STPA-Sec – Product Development
3) CAST – Group Study that includes ANAC | Aviation |
Industrialization of STAMP Mark A Vernacchia (General Motors - GM) | Automotive |
Analyzing National Responses to COVID-19 Pandemic Using STPA Shufeng Chen (WMG, University of Warwick) ▷ Show descriptionThis talk descries the application of STPA to analyse the national-level responses to the COVID-19 pandemic. The analysis treated various stakeholders as a part of the system, including W.H.O, relevant departments of the Governments, relevant organizations (i.e. Public Health Service, Vaccine Research, Police & Military, Essential and Non-essential Service Providing Companies, and Media Companies), and the General Public, and it analyses the interactions between these stakeholders. Two example UCAs (from the Public Health Service and Vaccine Research), together with their loss scenarios and proposed requirements, will be presented in this talk. | Healthcare |
STPA in Support of Next-Gen Automotive E/E Architecture Development Sandro Nüesch and Christoph Ainhauser (Huawei Technologies Duesseldorf GmbH)
Gereon Hinz, Odysseas Papanikolaou, Diego Ortiz (STTech GmbH) ▷ Show description- To enable the vehicles of the future, the automotive industry requires a new generation of centralized, software-defined E/E architectures (EEA).
- STPA was applied on an assumed function (L3 Highway Pilot - HWP) to derive safety requirements for a proposed EEA.
- The HWP control loop from the STAMP control structure was mapped onto the EEA design. Detail of the EEA was used to identify loss scenarios on technical level and requirements meaningful to EEA development.
- As future work it is envisioned to apply STPA on a large collection of functions. By mapping sets of functions onto the out-of-context EEA design, the corresponding safety assurance can be provided. | Automotive |
STPA Applied Before the SolarWinds Attack Michael Bear (BAE)
John Thomas (MIT)
William Young (U.S. Air Force - USAF) | Supply Chain, General |
Calculating Safety Level in Real Time: An Extension of STPA Apostolos Zeleskidis, Ioannis M. Dokas, and Basil Papadopoulos (Democritus University of Thrace) | General |
Applying STPA in Development of Autonomous Container Handling Machinery Eetu Heikkilä (VTT Technical Research Centre of Finland Ltd.) ▷ Show descriptionThis presentation describes application of STPA on an autonomous container handling system. As one of the first applications of STPA in the heavy mobile machinery sector, we evaluate the suitability of STPA in this context by comparing the method with HAZOP. This includes definition of evaluation criteria for the comparison. The study suggests that STPA is a useful method in identification of accident scenarios related to autonomy. | Robotics, Process, Automotive |
Key Safety Indicators Using STPA Stuart Williams (University of Strathclyde, Glasgow) ▷ Show descriptionThis presentation summarizes the research done by the author for his PhD at the Maritime Safety Research Centre in the Department of Naval Architecture at the University of Strathclyde.
- STPA was used to model the safety management approaches at a cruise ship and a ferry operator to develop a set of key safety indicators.
- As a result of this work the two ship operators have modified their sets of safety indicators and their tracking processes.
- This research fills a gap in the use of safety indicators in the maritime domain by developing a set of safety indicators to provide ship operator with better feedback on the state of their safety management approaches. | Maritime |
Consideration of STPA in Civil Aviations Eric M Peterson and Linh Le (Federal Aviation Administration - FAA) ▷ Show descriptionIn consideration of congressional mandates and safety recommendations resulting from the 737MAX events, and in conjunction with its overall objective to improve the system safety assessment process (independent of the MAX events), the FAA seeks commercial aviation industry's experience in using STPA (or other tools/methods) in their product development and system safety assessments. Providing such information to the FAA is voluntary. All information will be treated as confidential and will be de-identified if the FAA uses it in future guidance materials. | Aviation |
Hazard Analysis of Teaming Systems Andrew Kopeikin (MIT) ▷ Show descriptionTeaming systems include multiple controllers, human and/or autonomous, acting interdependently to achieve a common goal. There is increasing interest in fielding teaming systems in both military and civilian applications. For example, future manned helicopters will team with multiple UAS systems to execute a mission, and human-autonomy teams are envisioned to enable Urban Air Mobility. A systematic and rigorous hazard analysis method is needed to enable safety driven design of such systems to enhance V&V and certification. This talk will discuss some of the properties associated with teaming systems, and explore how a Systems Theoretic framework can enable this analysis. | Aviation, Aerospace |
Incorporating STPA into DOD Acquisition Program (GBSD) Drake Mailes (U.S. Air Force - USAF) ▷ Show descriptionA short review of the work involved in getting STPA written into the contract on an extensive DoD Acquisition program. This lightning-fast presentation will describe our approach, mindset, as well as the contract language the program office adopted. You should leave with an idea of incorporating STPA into your own contracts and avoiding some of the pitfalls we discovered. Sentinel security cyber | Aerospace, Defense |
Are You Having Success with Machine Learning? Michael Schmid (MIT) | |
Safety Analysis of Interoperability Conformance Profiles in Medical Information Exchange Jens Weber (University of Victoria) ▷ Show description- Experiences of using STPA for hazard analysis of an interoperability conformance profile for medical information systems
- STPA is used at the level of conformance requirements
- A real-world case study in British Columbia | Healthcare |
Safety Analysis of a Low-Cost Insulin Infusion Pump Using STPA: A Case Study with Brazilian Company Aldo Martinazzo, Luiz Eduardo Martins, and Tatiana Cunha (Federal University of São Paulo)
Sebastião Vagner Aredes (DeltaLife) ▷ Show description- The low-cost insulin infusion pump is under development in Brazil by the Federal University of São Paulo in cooperation with DeltaLife, a Brazilian company of medical equipment
- The purpose of the safety analysis using STPA was to support the insulin pump architectural design from a safety perspective.
- The Control Structure Model allowed a better interaction with team members of heterogeneous specialties, including health care, software development, electronic design, and mechanical design.
- Requirements were generated to implement safeguards in architectural design and to define behavioral procedures for insulin pump user. | Healthcare |
STPA Results from Agility Prime (Flying Cars) Matthew Aust, Elizabeth Pennington, and William Young (U.S. Air Force) ▷ Show descriptionThe Agility Prime program is a collaboration between the USAF, the FAA, and commercial entities to support civil airworthiness objectives for novel aircraft including eVTOL, unmanned, and crewed aircraft. Agility Prime has selected STPA to accelerate novel aircraft development including designing for safety and security objectives. This talk will provide a brief overview of Agility Prime and how STPA is being used. | Aviation, Defense |
Safety Analysis for an In-Wheel Electric Motor Powertrain Joaquim Maria Castella Triginer and Helmut Martin (Virtual Vehicle) ▷ Show descriptionThe European project HiPERFORM addresses the challenge of reducing CO2 emissions with the introduction of advanced wide-bandgap semiconductor technologies. The powertrain (PT) use case conceives such capabilities increasing levels of power density and improving efficiency. This presentation provides the results of the PT safety analysis following the ISO 26262 standard of the Road vehicles – Functional safety on the concept phase level together with the STPA analysis support. The STPA analysis includes the study of the unsafe control actions applied to relevant loss scenarios of the PT in-wheel motors and the design and analysis of the process model for support validation activities. | Automotive |
Using STPA to Address Challenges in Achieving SOTIF Amardeep Sidhu (Arriver) ▷ Show description- ISO/PAS 21448 safety of the intended functionality (SOTIF) is an upcoming standard aimed at ensuring absence of unreasonable risk due to functional insufficiencies, performance limitations, and foreseeable misuse of intended functionality.
- STPA is applied on a toy ADAS system to study the use of STPA as an aid to achieve SOTIF.
- The systematic approach of STPA in identifying unsafe scenarios is shown to directly help in creating artifacts related to ISO/PAS 21448 Clauses 6, 7, and 8.
- Observations and key takeaways from applying STPA to achieve SOTIF are elaborated.
| Automotive |
Airliner Loading Error - Who’s Fault? Gus Larard (Air Hong Kong/Cathay Pacific) | Aviation |
STPA Evaluation of Potential Conflicts Between Large Commercial Air Traffic and Small Uncrewed Aircraft Systems in the Terminal Airspace Paul Stanley and Victor Arcos Barraquero (Boeing) ▷ Show description- The rapid increase in availability and use of Small Uncrewed Aircraft Systems (sUAS) presents a potential challenge to ensuring safe separation in the crowded terminal airspace.
- The system for this analysis comprises several distinct entities and organizations, so an emphasis was placed on ease of communicating the conclusions to all stakeholders.
- By allocating requirements to system entities to address each causal scenario, and evaluating the current state of validation and verification for each requirement, we are able to focus discussions with stakeholders on a manageable and prioritized requirement set. STPA allows consistent traceability between the requirements and hazards. | Aviation |
Discussion on STPA Validation, Replicability and Analyst Bias Idoaldo Lima (RWTH Aachen) ▷ Show descriptionSTPA includes input from analyst’s and topic-expert’s perspective, possibly leading to bias and reducing replicability from a different group of analysts.
In a validation and replicability study for our application “STPA applied for Safety, Security and Privacy Issues in Smart Airport Terminal New Concepts”, we gave a student the same input parameters and standard STPA procedure to develop a separate application.
We gained valuable intel on different ways to model and implied assumptions, while finding similar control actions and constraints, leading up to similar scenarios.
In order to enhance reproducibility, associated assumptions are essential, besides STPA inputs, method and results. | Aviation |
Cybersecurity Incident Analysis by CAST Using the Report of Unauthorized Access to the Information System Tomoko Kaneko (National Institute of Informatics) ▷ Show descriptionThis was the first case study of cybersecurity incident analysis by CAST in Japan. Results of the experiment, CAST has proven to be crucially effective as it can be applied to the analysis of cybersecurity incidents about "Report of unauthorized access to the information system of National Institute of Advanced Industrial Science and Technology (AIST)". I am a leader of the Japanese STAMP community. I will introduce that CAST Handbook have translated into Japanese with JAXA members. | Communications/IT |
Applying CAST to Human Error Related Manufacturing Mishaps Jess Reid, Emily Howard, PhD, and Kyle Ryan (Boeing) ▷ Show descriptionTraditionally, Boeing utilizes chain of event problem-solving to investigate manufacturing mishaps, which treats mishaps as isolated incidents that are the result of human error. To better address the complexities in large organizations, Boeing is exploring CAST to address process and organizational improvements. We conducted CAST investigations on five separate incidents and identified common factors among them. We mapped these common factors to different parts of the control structure model and gained insight on how these seemingly 'isolated incidents' were influenced by systemic cultural and organizational issues. Based on these results, Boeing is exploring CAST as an investigation technique to be used across the enterprise. | Manufacturing |
Using STPA to Identify Conflicts in Coal Mining Safety Procedures Alicja Krzemień and Stanisław Prusek (GIG Research Institute) ▷ Show description- This presentation analyses control actions within underground coal mines related to methane and ventilation control measures.
- Methane is an odourless gas, which is explosive within a certain proportion in the air and can also lead to suffocation.
- Given the complexity of the operational control measures that should be adopted, unsafe control actions are possible.
- Critical unsafe actions appear when different system-level hazards occur simultaneously or very close to each other.
- After identifying these cases with STPA, the most restrictive control measure should be applied in the first place to eliminate unsafe control actions effectively.
| Mining |
Open STPA with RAAML and Gaphor Dan Yeaw and Kyle Post (Ford Motor Company) ▷ Show descriptionDo you want the ability to easily apply STPA using modern engineering tools? What about using a common language so that you can easily share the information with stakeholders? Come learn about the STPA portions of the Risk Analysis & Assessment Modeling Language (RAAML) and the open source tool that has implemented STPA called Gaphor.
- RAAML is a standardized modeling language from the OMG that is out for final release now.
- Gaphor is an open source modeling tool written in Python.
- Together they form a great combination for you to quickly complete STPA for your next project. | Tools |
Welcome Nancy Leveson and John Thomas (MIT) | |
Tutorial: Introduction to STAMP Nancy Leveson (MIT) | General |
Tutorial: Introduction to STPA John Thomas (MIT) training classes courses education | General |
Tutorial: STPA Very Short Aircraft Example John Thomas (MIT) training classes courses education | Aviation |
Tutorial: STPA Very Short Automotive Example John Thomas (MIT) training classes courses education | Automotive |
Tutorial: STPA Very Short UAV Example John Thomas (MIT) training classes courses education | Aviation |
Tutorial: STPA Interactive Exercise (Aerial Refueling) John Thomas (MIT) training classes courses education | Aviation, Defense |
Tutorial: CAST Introduction Nancy Leveson (MIT) | Healthcare, Aviation |
Tutorial: CAST Simple Healthcare Example Lawrence Wong | Healthcare |
Tutorial: STPA for Security (Aerial Refueling) William Young (U.S. Air Force - USAF) | Aviation, Defense |
Tutorial: Designing an Effective SMS Nancy Leveson (MIT) | Organizational |
Tutorial: Planning and Implementing STPA (and CAST) John Thomas (MIT) training classes courses education facilitating facilitators | General |
Overview of STPA in Industry Standards John Thomas (MIT) | General |
ISO/PAS 21448, ISO 26262 Update Kyle Post (Ford) | Automotive |
SAE STPA Recommended Practices Update Mark Vernacchia (General Motors - GM) | Automotive |
ISO Space System Cybersecurity Carlos Lahoz (ITA/Brazil) | Space |
ASTM Standard Guide for Application of STPA to Aircraft Ricardo Moraes (Embraer) | Aviation |
Integration of STPA into EPRI Risk-Informed Digital Engineering Framework Matt Gibson (EPRI) | Nuclear, Energy |
STPA Use in the U.S. Air Force Dan Montes (U.S. Air Force - USAF) | Aviation, Defense |
Introduction and Training of STPA at L3Harris Technologies Reid Archibald (L3Harris) | Defense |
STAMP at Akamai Michael Stone (Akamai) | Communications/IT |
Use of STPA in the Development of a Reactor Protection System Paul Butchart (NuScale) | Nuclear, Energy |
STPA Use at Ford Motor Company Kyle Post (Ford) | Automotive |
STPA Industrialization and Adoption in Industry Mark Vernacchia (General Motors - GM) | Automotive |
STAMP at FedEx Air Operations Scott Reeves (FedEx) | Aviation |
STAMP at Embraer Ricardo Moraes (Embraer) | Aviation |
Importance of Organizational Culture in Effective Safety Management Gus Larard (Air Hong Kong/Cathay Pacific) | Aviation, Organizational |
Maintaining Safety in Future Gas Systems Ben Riemersma (TU Delft) | Process |
Comparative Analysis of Hazard and Operability Study (HAZOP) and Systems Theoretic Process Analysis (STPA) Faisal Jamal (Fatima Group)
John Thomas (MIT) | Process |
When STPA Results Surprise You: An Industry Case Study Employing STPA, Fault Trees, FMEA, and HAZOP John Thomas (MIT) | General |
Safety Assurance: Is It Possible? Nancy Leveson (MIT) | General |
Use of STPA in Practice: Lessons Learned John Thomas (MIT) training classes courses education facilitating facilitators common mistakes | General |
Improved Risk Management Gregory Pope (Lawrence Livermore National Laboratory - LLNL) risk matrix likelihood probability | Manufacturing, Organizational, Nuclear |
STPA Applied to Factory Automated Ground Vehicles Lori Smith (Boeing) | Robotics, Automotive |
STPA Applied to Serviceability and Diagnostics Hannah Slominski | Automotive |
Industry Trials to Evaluate STPA’s Effectiveness and Practicality for Digital Control Systems John Thomas (MIT)
Matt Gibson (EPRI) | Nuclear, Energy |
Using a Conceptual Architecture to Improve Development of Complex, Control-Based Systems Nancy Leveson (MIT) | Robotics, Aviation, Space |
Early Conceptual Design of Future Manned and Unmanned Aerial Vehicles Elias Johnson (MIT) | Aviation, Defense |
Model-Based Certification of Automated Vehicles Michael Schmid (MIT) | Automotive |
Virtual Button and Graphical Interface System Safety Evaluation Using STPA Jesse Johnston and Mark Vernacchia (General Motors - GM) | Automotive |
Estimating Security Risk Using Adversary Capability David Weller-Fahy (Lincoln Laboratory) | Aviation |
Applications of STPA in Software Testing Anders Dinsen (ASYM APS) | |
STPA Applied for Safety, Security, and Privacy Issues in Smart Airport Terminal New Concepts Idoaldo Lima and Max Schwienhorst (RWTH Aachen University)
Johannes Reichmuth (RWTH Aachen University, German Aerospace Center (DLR)) | Aviation |
Early Australian Experience with Using CAST to Investigate Medical Events Wallace Grimmett (FANZCA, University of Queensland, RAAF) | Healthcare |
Implementing CAST in Healthcare Lawrence Wong (MIT)
Todd Pawlicki (University of California-San Diego) | Healthcare |
Hints on Using CAST for Accident Analysis Nancy Leveson (MIT) | Space |
CAST: A Pilot Incapacitation Elias Nikolaidis (Air Hong Kong) | Aviation |
CAST Implementation and Integration Darren Straker (Hong Kong Air Accident Investigation Authority - AAIA) | Aviation |
CAST Flydubai CFIT Example Darren Straker (Hong Kong Air Accident Investigation Authority - AAIA) | Aviation |
Assuring Maritime Autonomy Through STPA and STAMP Giles Howard (L3Harris) | Maritime |
STPA Applied to Military Certification Process Antonio Merladet (Brazilian Air Force, Technological Institute of Aeronautics)
Carlos Lahoz (Technological Institute of Aeronautics)
Rodrigo Silveira (Brazilian Air Force, Technological Institute of Aeronautics) | Aviation, Defense |
Identifying Loopholes in Emergency Response Plans with STECA George Kafoutis and Ioannis Dokas (Democritus University of Thrace)
Konstantinos Andritsos (University of Leiden) | Infrastructure |
Identification of Causation Scenarios and Application of Leading Indicators in the Interconnection Mode of Urban Rail Transit Based on STPA Mo Li, Fei Yan, Nannan Xiang, Ru Niu, Tao Tang, and Jidong Lv (Beijing Jiaotong University) | Rail |
Tutorial: STAMP Introduction and Overview Nancy Leveson (MIT) | |
Tutorial: STPA Introduction John Thomas (MIT) | Space |
Tutorial: Introduction to CAST Nancy Leveson (MIT) | Maritime, Process |
Tutorial: STPA and CAST Facilitation John Thomas (MIT) | |
Tutorial: Identifying Leading Indicators Nancy Leveson and Diogo Castilho (MIT) SMS safety management systems | Aviation |
Tutorial: Enhancing Human Factors Analysis John Thomas (MIT) | |
Tutorial: STPA-Sec William Young (U.S. Air Force - USAF) | Space |
Welcome Nancy Leveson and John Thomas (MIT) | |
Risk Management Using STPA Restarting Widget Production Greg Pope (Lawrence Livermore National Laboratory - LLNL) | Manufacturing, Organizational, Nuclear |
STPA Analysis of Safety Measures for Zenuity’s Auto Valet Parking Demo Amardeep Sidhu and Shabin Mahadevan (Zenuity) | Automotive |
Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA) Mike Hurley and Jim Wankel (BAE Systems) | Defense |
Methodological Findings from Applying STPA in Cyber Security Case Studies Anna G. (UK National Cyber Security Centre) | Communications/IT, Manufacturing, Aviation |
Active STPA – a Systems-Based Hazard Analysis for Safety Management Systems (SMS) Diogo S. Castilho (MIT) leading indicators sms safety management | Aviation |
STPA Applied to Autonomous Vehicles John Thomas (MIT) | Automotive |
STPA at Akamai Michael Stone (Akamai) | Communications/IT |
Overview of STAMP and STPA for Product and Production Systems Engineering Marc Nance (Boeing) | Aviation, Defense |
ASTM Standard Guide for the Application of STPA to Aircraft – WK 60748 Felipe X. de Oliveira (Embraer) | Aviation |
Implementing Systems Theory in Accident Investigation Using the MIT STAMP Based Approach CAST Darren Straker (Hong Kong Air Accident Investigation Authority - AAIA) | Aviation |
GA Upset CAST Scott Reeves (FedEx Air Operations) | Aviation |
Integrating STPA in Large Organizations Mark Vernacchia (General Motors - GM) | Automotive |
STPA in Industry Standards John Thomas (MIT) | |
STPA Applied to New Generation Intelligent Rover System Development John Thomas and Nancy Leveson (MIT)
Naoki Ishimama and Masa Katahira (JAXA)
Nobuyuki Hoshino and Kazuki Kakimoto (JAMSS) | Space |
Cyber-Risk Analysis of Ship Systems Using STPA Rishikesh Sahay and Daniel A. Sepulveda (DTU) | Maritime |
Improving the Risk Matrix Nancy Leveson (MIT) | General |
Increasing Learning from Accidents: A Systems Approach Illustrated by the UPS Flight 1354 Birmingham Airport Accident Shem Malmquist
Nancy Leveson
James Perry
Gus Larard
Darren Straker | Aviation |
STPA Applied to New Satellite Development and Lessons Learned Keisuke Sugawara, Naoki Ishihama, and Masafumi Katahira (JAXA) | Space |
Abstraction & Decomposition: Performing Multi-Level Analysis Using STPA Rashmi Hegde and Sandro Nuesch (Ford) | Automotive |
STAMP for Hospital Safety Lawrence Wong (MIT)
Lisa Singer (Dana-Farber Cancer Institute) | Healthcare |
Using STAMP for Analysis of Security and Data Privacy Nívio P. Souza, Cecília A. C. Cesar, Juliana M. Bezerra, and Celso M. Hirata (ITA) | Communications/IT |
Common Mistakes Using STAMP and Its Tools Nancy Leveson (MIT) | General |
Common Mistakes in STPA and CAST John Thomas (MIT) | General |
STPA Applied to Launch Operations Management Antonio Diniz Merladet (Brazil Air Force)
Carlos Lahoz (ITA)
Antonio Silveira (Brazil Air Force)
Sérgio Fugivara | Space |
STPA for Security of Aircraft Systems David Weller-Fahy, Melva James, Eric Quintero, and Gabriel Elkin (Lincoln Laboratory)
Rodolfo Cuevas (Boston Cybernetics Institute)
Michael McPartland (Lincoln Laboratory) | Aviation |
STPA Analysis of Aircraft Landing Phase with Focus on Runway Excursion Christianne Reiser (Embraer)
Carlos Lahoz and Emilia Villani (ITA) | Aviation |
Application of STPA for Human Data Annotation as Part of Automated Driving Vehicle Development Shawn Cook and Hsing-Hua Fan (General Motors - GM) | Automotive |
STPA of Demand -Side Load Management in Smart Grids Stylianos Karatzas and Athanasios Chassiakos (University of Patras) | Energy |
Tutorial: STAMP Intro and Overview of STPA and CAST Nancy Leveson (MIT) | |
Tutorial: STPA and CAST Facilitation John Thomas (MIT) | |
Tutorial: Creating and Using Leading Indicators Nancy Leveson (MIT) biases assumption based planning | Aviation |
Tutorial: STPA Intro and Exercise (Chemical Plant) John Thomas (MIT) | Process |
Tutorial: CAST Intro, Examples, and Practice Nancy Leveson (MIT) | Aviation |
Tutorial: STPA in Cybersecurity Col. William Young (U.S. Air Force - USAF)
Reed Porada (Lincoln Laboratory) | |
Introducing CAST into the Safety Investigation of Accidents and Incidents Involving French State Aircraft Anthony Vacher (French Military Health Service)
Anne-Emmanuelle Priot
Léonore Bourgeon | Aviation |
STPA-Sec Case Study of a Next Generation Refueling Aircraft Captain Martin Span, Major Logan Mailloux, and Col. William Young (U.S. Air Force) | Aviation |
Comparative Analysis of an Aviation Accident Reassessed Using CAST and STAMP/STPA Darren Straker (Straker System Safety (United Arab Emirates and New Zealand)) | Aviation |
STPA Applied to Air Force Acquisition Technical Requirements Development Maj. Sarah Summers (MIT / Edwards Air Force Base) | Aviation, Defense |
Minimizing Human Error in Automotive Systems John Thomas and Jeremiah Robertson (MIT) | Automotive |
Combining STPA with Compiler Technology to Identify Vulnerabilities and Hazards in Software-Controlled Systems Gregory Pope (Lawrence Livermore National Laboratory - LLNL) | Defense |
Lessons Learned from STAMP Safety and Security Analysis for L4 Autonomous Driving Shefali Sharma, Adan Flores, and Carlos Moreno (University of Waterloo)
Chris Hobbs (QNX Software Systems Limited)
Jeff Stafford (Renesas Electronics America Inc.)
Kamal Lamichhane, Sebastian Fischmeister, Waleed Khan, and Sebastian Fischmeister (University of Waterloo) | Automotive |
Enhanced Guidance for CAST Contextual Factors: Application to Stop Signal Overruns at U.S. Freight Railroads Megan France, Jordan Multer, and Hadar Safar (U.S. DOT Volpe Center)
Emilie Roth (Roth CogniCve Engineering) | Rail |
STPA Analysis of Aircraft Loss of Control Accidents Shem Malmquist (Malmquist Safety Engineering)
Nancy Leveson (MIT) | Aviation |
Introducing STPA into Transport Aircraft Standards Steve Beland (The Boeing Company) | Aviation |
Introducing STPA into Auto Standards Mark Vernacchia (General Motors - GM) | Automotive |
Introducing STPA into General Aviation Aircraft Standards Felipe Oliveira (Embraer) | Aviation |
Introduction and Use of STPA/CAST at Boeing Marc Nance (The Boeing Company) | Aviation, Defense |
Use of STPA Within the GM System Safety Process Mark Vernacchia (General Motors - GM) | Automotive |
Challenges and Plans for Introducing STPA Marcos Viana Tavares (Embraer) | Aviation |
Introducing STAMP, STPA, and CAST into Our Fertilizer Manufacturing Business Faisal Jamal (Fatima Group) | Process |
Embedding STAMP in Teaching Software Testing Natalia Silvis-Cividjian (Vrije Universiteit) | |
A Global System Analysis of the Bhopal Disaster Kai-Ren Wang, Jao-Jia Horng, Kartik Sharma, and Yeh-Chung Chien (National Yunlin University of Science and Technology) | Process |
STAMP-Based Methodology for Real-Time Analysis of Pilot-Machine Interaction in a Non-Intrusive Manner Vatsal Pant (ISAE-Supaero (France)) | Aviation |
Risk Management in Smart Port Cities Using STPA: Patras Port City as a Case Study in Mediterranean Framework Yorgos Stephanedes (University of Patras (Greece))
Charalampos Sipetas (University of Massachusetts, Amherst)
Dimitra Chondrogianni and Stelios Karatzas (University of Patras (Greece)) | Infrastructure |
Sociotechnical/STAMP Analysis of Commuter Rail System Larry Hettinger (Liberty Mutual)
Megan France (U.S. DOT Volpe Center)
Jordan Multer
Marvin Dainoff (Liberty Mutual)
Susan Jeffries | Rail |
Safety Control Structure for Commercial Trucking Lauren Murphy
Marvin Dainoff and Larry Hettinger (Liberty Mutual)
Megan France (U.S. DOT Volpe Center)
Yueng-Hsiang Huang
Michelle Robertson
Susan Jeffries | Automotive |
STPA Analysis of the Process Involved in Enforcing Road Safety in Austria Ioana Koglbauer (Graz University of Technology, Austria)
Marianne Kraut (Reco-Tech GmbH, Austria) | Automotive |
Extending STPA to Improve the Analysis of User Interface Software in Medical Devices Yi Zhang (U.S. Food and Drug AdministraKon (FDA))
Paolo Masci and Jose Campos (University of Minho, Portugal))
Paul Jones (FDA/CDRH) | Healthcare |
Use of STPA to Design Safer Opioid Prescribing Processes Basma Bargal, James Benneyan, and Joseph Eisner (Northeastern University)
Alev Atalay (Brigham and Women’s Hospital)
Sara Singer (Harvard School of Public Health) | Healthcare |
CAST Analysis of Pregnancy Events in the U.K. Due to Isotretinoin Administration Sophia Trantza and Brian Edwards (University of Hertfordshire (London, U.K.))
Ioannis Dokas (Democritus University of Thrace (Xanthi, Greece))
Webley Sherael (University of Hertfordshire (London, U.K.)) | Healthcare |
Application of STPA in Radiation Therapy: A Preliminary Study Natalia Silvis-Cividjian (Vrije Universiteit)
Wilko Verbakel and Marjan Admiraal (VU Medical Center) | Healthcare |
Experiences with STPA in Radiation Therapy Todd Pawlicki (University of California San Diego and UCSD Medical Center) | Healthcare |
CAST Analysis of the International Space Station EVA 23 Suit Water Intrusion Mishap Akshay Kothakonda (MIT) | Space |
Building Behavior Competency into STPA Process Models for Automated Driving Systems Shawn Cook, Hsing-Hua Fan, Krzysztof Pennar, and Padma Sundaram (General Motors - GM) | Automotive |
Systems Approach to Create “Interesting” Test Scenarios for Autonomous Vehicle: Introducing an Extension to STPA Siddartha Khastgir (University of Warwick, U.K.) | Automotive |
Applying CAST to the Asiana 214 Accident John Thomas (MIT)
Shem Malmquist (Malmquist Safety Engineering) | Aviation |
STPA Application in Hydropower: Piloting Experience Peter To and Roman Dusil (BC Hydro, Canada) | Energy |
The Challenges of Supporting STPA with a Software Tool Martin Rejzek (Zurich University of Applied Sciences)
Svana Bjornsdottir and Christopher Brown (Stiki Information Security) | Tools |
A Systems Analysis of the 1998 Sydney Water Crisis Hew Merrett, Jiao-Jia Horng, and Wei-Tong Chen (National Yunlin University of Science and Technology) | Infrastructure |
The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems Nektarios Karanikas, Selma Piric, and Robert Jan de Boer (Amsterdam University of Applied Sciences)
Alfred Roelen (Netherlands Aerospace Center)
Steffan Kaspers and Robbert van Aalst (Amsterdam University of Applied Sciences) | Aviation |
Combining STPA and BDD for Safety Analysis and Verification Yang Wang and Stefan Wagner (University of Stuttgart, Germany) | Automotive, Communications/IT |
STPA for Airports: Safety Hazard Analysis for Airport Operations in Hub Airports Idoaldo Lima, Claudio Alves, and Carlos Lahoz (ITA) | Aviation |
Opportunities and Challenges of Applying STPA to Subsea Operations Hyungju Kim and Mary Ann Lundteigen (Norwegian University of Science and Technology) | Maritime |
Using STPA on the Assessment of Nuclear Security Culture Francisco Luiz de Lemos and Malvina Mitake (Institute for Nuclear and Energy Research, Brazil) | Nuclear |
Intro to STAMP and Systems Theory Nancy Leveson (MIT) | |
Tutorial: STPA Introduction John Thomas (MIT) | |
Tutorial: STPA Exercise (Chemical Plant) John Thomas (MIT) | |
Tutorial: STPA Practicum Andrea Scarinci and Diogo Castilho (MIT) | |
Tutorial: CAST Intro and Examples Nancy Leveson (MIT) | Aviation |
Tutorial: CAST Practicum Lorena Pelegrin Alvarez (MIT) | |
Tutorial: Cyber-Security and STPA Col. William Young (U.S. Air Force - USAF) | |
Tutorial: Human-Automation Interaction in STPA Megan France (MIT) | |
Tutorial: STAMP in Workplace Safety Emily Howard, Katherine Belvin, Shawna Murray, and Liz Juhnke (Boeing)
Larry Hettinger (Liberty Mutual)
Megan France (MIT) | |
Welcome to STAMP Workshop 2017 Nancy Leveson (MIT) | |
A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture John Thomas and Nancy Leveson (MIT)
Masa Katahira and Naoki Ishimama (JAXA)
Nobuyuki Hoshino (JAMSS) | Space |
Using STPA Trend Analysis to Detemine Key System Drivers Katherine Belvin (Boeing) prioritize prioritization | Aviation, Manufacturing, Defense |
STPA-Sec for Security of Flight Management System Daniel Pereira (Embraer)
Celso Hirata (ITA)
Rodrigo Pagliares (Unifal-MG)
Francisco de Lemos (IPEN) | Aviation |
Evaluating High Voltage Safety Measures for an Experimental Full-By-Wire Vehicle Utilizing STPA Torben Stolte, Marcus Nolte, Bernd Amlang, and Markus Maurer (Technical University of Braunschweig, Germany) | Automotive |
A Complete STPA Application to the Air Management System of Embraer Regional Jets Family Andrea Scarinci and Felipe Xavier de Oliveira (MIT)
Ricardo Moraes, Amanda Iriarte Quilici, Daniel Patrick, and Danilo da Costa Ribeiro (Embraer) | Aviation |
STAMP Applied to SUAS at Edwards AFB Sarah Summers, Sarah Folse, and Dan Montes (U.S. Air Force - USAF) | Aviation, Defense |
Towards a STAMP-Based Safety Plans Approach for Construction Projects Ioannis Dokas (Democritus University of Thrace, Greece) | Construction |
STPA for the Internet of Things (IOT) Greg Pope (Lawrence Livermore National Laboratory - LLNL) | Communications/IT |
Using STPA to Develop a MIL-STD-882E Compliant FHA and Promote Organizational Change Nicolas Malloy (General Dynamics Missions Systems) | Defense |
The Human Element: Integrating User Research into STPA for Workplace Safety Analysis Liz Juhnke (Boeing) | Aviation, Manufacturing, Defense |
Implementing STPA Successfully in Industry John Thomas (MIT) | |
STPA in Industry: Roles, Resources, and Best Practice Andrea Scarinci (MIT)
Felipe Xavier de Oliveira (Embraer) | Aviation |
Invited Talk: Boston Fire Department Joseph M. Fleming (Deputy Chief, Boston Fire Department) ▷ Show descriptionThis talk explores how the failure to investigate residential fires for “cause of death” instead of simply “cause of the fire” (i.e. is it arson or accidental) has led to the failure to identify simple solutions that could save hundreds of lives per year. | Infrastructure |
CAST Analysis of a Boston Fire Megan France (MIT) | Infrastructure |
STAMP as Risk Analysis Method for Water Supply Systems Aleksandar Sotic (Belgrade Public Water Utility, Serbia)
Marko Ivetic (University of Belgrade, Serbia) | Infrastructure |
STPA During Early Concept Formation for Military Rotorcraft David Horney (U.S. Air Force - USAF/MIT)
Alex Boydston (U.S. Army) | Aviation, Defense |
Analyzing System Changes and Impact on Human Interactions John Thomas (MIT) | General |
CAST Analysis of the 2003 Critical Baby Food Disastrous Event in Israel Michael Schnaid and Daniel Hartmann (Ben Gurion University, Israel) | |
Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality Rene Hosse, Gerrit Bagschik, and Markus Maurer (TU Braunschweig)
Klaus Bengler (TU München )
Uwe Becker (TU Braunschweig) | Automotive |
A STAMP-Based Dissimilarity Indicator for Railway Maintenance Mikela Chatzimichailidou (Imperial College, U.K.) | Rail |
Application of STPA to Understand Marine Operations at Chevron Esteban Montero (Chevron Corporation) | Process, Energy |
STPA Analysis for Clinical Programming Software of Cochlear Implant System for Profoundly Deaf People Kumar Kadupokotla Kumar (Jawaharlal Nehru Technological University, India) | Healthcare |
The Use of STPA for Understanding Cyber Risks in a Physical Supply Chain Daniel Sepulveda (Technical University of Denmark) | Supply Chain |
Extending STPA for Coordination Analysis Kip Johnson (U.S. Air Force - USAF / MIT) | Aviation, Defense |
Application of STPA to a Lane Keeping Assist System Haneet Mahajan, Thomas Bradley, and Sudeep Pasricha (Colorado State University) | Automotive |
CASCAD: Casual Analysis Using STAMP to Connect and Automated Driving Stephanie Alvarez and Yves Page (Renault)
Franck Gurarnieri (Mines ParisTech) | Automotive |
Preliminary CAST Analysis of LaMia CP-2933 Accident Carlos Lahoz and Idoaldo Lima (Instituto Tecnológico da Aeronáutica - ITA) | Aviation |
STPA-Based Model of Threat and Error Management in Dual Flight Instruction Ioana Koglbauer (Technical Univ. of Graz, Austria) | Aviation |
CAST Analysis of the PT-OVC Learjet 35A Accident in Sao Paulo Idoaldo Lima (Instituto Tecnológico da Aeronáutica ITA)
Carlos Lahoz (Instituto de Aeronautica e Espaço – IAE)
Marcelo Sousa (Universidade Federal de Itajubá UNIFEI)
Claudio Alves (Instituto Tecnológico da Aeronáutica ITA) | Aviation |
Applying CAST: Runway Incursion Case Study Simon Whiteley (Whiteley Consulting, U.K.) | Aviation |
Scenarios of Over-Automation in Flight Testing of Manned Aircraft Diogo Castilho (MIT/Brazil Air Force) | Aviation, Defense |
Using STPA in Compliance with ISO26262 for Developing a Safe Architecture for Fully Automated Vehicles Asim Abdulkaleq, Pierre Blueher, and Daniel Lammering (University of Stuttgart, Germany) | Automotive |
STPA Based Hazard and Risk Analysis Tool SAHRA Martin Rejzek and Sven Stefan Krauss (Zurich University of Applied Sciences, Switzerland) | Tools |
Enhanced Risk Management Framework ERMF Martin Rejzek (Zurich University of Applied Sciences, Switzerland)
Svana Helen Björnsdóttir (Stiki Information Services, Iceland) | |
Using STPA Improving Method of Derivation of Safety Requirements for ISO 26262 Development JASPAR Manabu Okada (Nissan Motor Company, Japan) | Automotive |
A Proposal for “Hint Words” to Identify Hazard Causal Factors for Systems Including Human And/Or Organization Yukihiro Mihara and Keisuke Toyama (Information Processing Technology Agency IPA)
Takashi Kawano (East Japan Railway Company)
Shigeru Kanemoto (University of Aizu, Japan) | Rail |
Comparison of Railway System Between U.S. and Japan Yusuke Kaizuka (MIT) | Rail |
STPA Analysis of Auto-Hold Ephraim Chen (MIT/Boeing) | Automotive |
The Case Study of the Results and Considerations in the Autonomous System in Boat Operation in Coastal Area Concerning STAMP/STPA Yasuhiko Kawabe (Nissan/Univance Corporation)
Natthaphon Laochintanasri (Univance Corporation)
Masahiro Udo
Tatsuki Mikami | Maritime |
Cyber/Security Is Not Only a Tech Problem: Embraer Experience Felipe Xavier de Oliveira, Amanda Quilici, Danilo Costa, Ricardo Santos, and Daniel Patrick (Embraer) | Aviation |
STAMP as Risk Analysis Method for Water Supply Systems Sotic Aleksandar Sotic (Belgrade Public Water Utility)
Marko Ivetic (University of Belgrade, Serbia) | Infrastructure |
Using STPA in Compliance with ISO 26262 for Developing a Safe Architecture for Fully Automated Vehicles Daniel Lammering, Pierre Blueher, and Asim Abdulkhaleq (University of Stuttgart, Germany) | Automotive |
Tutorial: Introduction to STAMP Nancy Leveson (MIT) | |
Tutorial: STPA Introduction and Exercise John Thomas (MIT) | |
Tutorial: STECA David Horne and Andrea Scarinci (MIT) | |
Tutorial: CAST Intro Nancy Leveson (MIT) | |
Tutorial: CAST Practicum Elsabé Willaboordse (Dutch Safety Agency)
Andrea Scarinci (MIT)
Carlos Netto Lahoz | |
Tutorial: Security William Young Jr (MIT) | |
Tutorial: New STAMP Applications Nancy Leveson (MIT) workplace safety management leading indicators | |
Tutorial: STAMP Applied to Workplace Safety Emily Howard and Lori Smith (Boeing) | Aviation, Defense |
Systems Thinking and Medical Device Safety Nancy Leveson (MIT) | Healthcare |
Application of Systems and Control Theory-Based Hazard Analysis to Radiotherapy Todd Pawlicki (University of California-San Diego) | Healthcare |
STPA Analysis of Intravenous Patient-Controlled Analgesia John Thomas (MIT)
Ying Hann Ang
Kristie Chung
Olivia Qing Gao | Healthcare |
Human Interaction and Potential Error Evaluation Associated with Shift by Wire Devices Mark A. Vernacchia and Bill Arnold (General Motors - GM) | Automotive |
Engineering for Humans: STPA Analysis of an Automated Parking System John Thomas and Megan France (MIT) | Automotive |
Hazard Analysis for Rotorcraft (UH-60MU) Blake Abrecht (MIT/U.S. Air Force - USAF)
Dave Arterburn (University of Alabama)
David Horney, Jon Schneider, and Brandon Abel (MIT/U.S. Air Force - USAF)
Nancy Leveson (MIT) | Aviation, Defense |
An Approach to Determine Safety Indicators in Radiation Therapy Taylor Harry and Todd Pawlicki (UCSD) | Healthcare |
‘Spaghetti’: Tasty but Messy; Using STAMP to Model a Cancer Diagnosis Progress Maria Mikela Chatzimichailidou and James Ward (University of Cambridge-UK)
Chloe Chan (Lister Hospital-UK)
John Clarkson (University of Cambridge-UK) | Healthcare |
A Systems Approach to the Development of an Aircraft Smoke Control System Danilo da Costa Ribeiro and Amanda Iriarte Quilici (Embraer)
Emilia Villani (ITA) | Aviation, Defense |
CAST Applied to Fukushima Daiichi Nuclear Disaster Daisuke Uesako (MIT and Ministry of the Environment-Japan) | Nuclear, Energy |
A New Approach to Hazard Analysis for Naval Systems Blake Abrecht (MIT / U.S. Air Force) | Maritime |
STPA Used on Dynamic Positioning Odd Ivar Haugen (Marine Cybernetics-Norway) | Maritime |
Safety Thinking in Cloud Software: Challenges and Opportunities Kevin Riggle (Akamai) | Communications/IT |
STPA for Additive Manufacturing Greg Pope (Lawrence Livermore National Laboratory - LLNL) | Manufacturing |
Exploring the Systematic Causes of Beijing Subway PSD Accident Shijie Zhang, Tao Tang, Hongwei Yan, Fei Yan, and Ru Niu (Beijing Jiaotong University-China) | Rail |
Scenario Based STPA Analysis in Automated Urban Guided Transport System Fei Yan and Tao Tang (Beijing Jiaotong University-China) | Rail |
Using STPA for Evaluating Aviation Safety Management Systems Nektarios Karanikas and Mohamed Abrini (Amsterdam University of Applied Sciences-The Netherlands) | Aviation |
Application of STPA on Small Drone Operation: The Approach and First Results Anastasios Plioutsias (National Technical University of Athens-Greece)
Nektarios Karanikas (Amsterdam University of Applied Sciences -The Netherlands)
Maria Mikela Chatzimichilidou (University of Cambridge-UK) | Aviation |
A New Process for Building STPA Causal Scenarios John Thomas (MIT) | |
Deriving Safety Constraints for Unmanned Aircraft Systems (UAS) Yusuke Urano (MIT and Ministry of Land, Infrastructure, Transport and Tourism-Japan) | Aviation |
The Usability of STAMP in Drug Development Veronika Valdova, Ronald L Sheckler, Asim Abdulkhaleq, and Stefan Wagner (University of Stuttgart-Germany) | Healthcare |
Systems-Theoretic Process Analysis of Automobile Features for Lane Management Diogo Castilho, Megan France, and Dajiang Suo (MIT) | Automotive |
Can STPA Contribute to Identify Hazards of Different Nature and Improve Safety of Automated Vehicles? Stephanie Alvarez and Yves Page (Renault)
Franck Gurarnieri (Mines ParisTech) | Automotive |
New Applications of STAMP: Workplace Safety and Engineering Management Nancy Leveson (MIT)
Lori Smith and Emily Howard (Boeing)
Larry Hettinger (Liberty Mutual Research Institute for Safety) | Aviation, Defense |
Applying STPA to Automotive Cyber-Security John Thomas (MIT)
Hideki Nomoto and Michihiro Matsumoto (JAMSS)
Shigeyuki Kawana and Morihiro Kawamura (Toyota Motor Corp)
Shuichi Sato and Katsushi Sanda (Toyota Central R&D Labs)
Nancy Leveson (MIT) | Automotive |
From STPA-Sec to STPA-Priv: Leveraging STPA for Privacy Engineering Stuart Shapiro (MITRE) | |
Understanding STPA-Sec Through a Simple Roller Coaster Example Col. William Young (U.S. Air Force War College) | |
Evaluation of a Safety Engineering Approach for Software-Intensive Systems in the Automotive Domain: An Industrial Case Study Asim Abdulkhaleq (University of Stuttgart)
Sebastian Vöst (BMW-Germany)
Stefan Wagner (University of Stuttgart)
John Thomas (MIT) | Automotive |
A STAMP-Based Hazard Log for Use During Development and Operations Andrea Scarinci (MIT)
Alessandro Giusti (Alitalia Airlines-Italy) | Aviation |
A Different Look at the Entire Accident / Disaster Cycle Affecting Safety of Complex Sociotechnical Systems by Using System-Theoretic Accident Model and Processes (STAMP) Model Daniel Hartmann (Ben Gurion University-Israel) | |
How to Enhance Bowtie Analysis Using STAMP Simon Whiteley (Whiteley Safety Engineering-UK) | Aviation |
Using STAMP to Address Causes and Preventive Measures of Mid-Air Collisions in Visual Flight Ioana Koglbauer (Technical University of Graz-Austria) | Aviation |
Systematic Review on STPA: Final Results Carlos H.N. Lahoz (Instituto de Aeronautica e Espaco IAE-Brazil)
Synara R G Medeiros (Instituto Tecnologico de Aeronautica ITA-Brazil) | |
Tool Assisted Hazard Analysis and Requirement Generation Based on STPA John Thomas and Dajiang Suo (MIT) | Tools |
Using STPA to Analyze Human Interactions with Engineered Systems Jao-Jia Horng (National Yulin Univ. of Science and Technology, Taiwan) | |
The Use of STAMP in the MH-17 Accident Investigation Elsabé Willaboordse (Dutch Safety Agency) | Aviation |
Demo and Improvements to XSTAMPP Tool Asim Abdulkhaleq and Stefan Wagner (University of Stuttgart, Germany) | Tools |
Tutorial: STAMP Overview Nancy Leveson (MIT) | |
Tutorial: CAST Introduction Nancy Leveson (MIT) | |
Tutorial: CAST Example (Train Derailment) Niels Smit (Dutch Safety Board) | Rail |
Tutorial: STPA Introduction John Thomas (MIT) | |
Tutorial: STPA-Sec Blake Abrecht (MIT / U.S. Air Force - USAF)
Dave Arterburn (University of Alabama)
David Horney, Jon Schneider, and Brandon Abel (MIT / U.S. Air Force - USAF)
Nancy Leveson (MIT) | |
Tutorial: STECA Introduction Cody Fleming (MIT) | |
Welcome Nancy Leveson (MIT) | |
From CAST to STPA – Closing the Loop Mike Hurley and Mark Monroe (BAE) | Defense, Process |
Iterative Application of STPA for an Automotive System Padma Sundaram, Mark A. Vernacchia, Dave Hartfelder, and Joseph D’Ambrosio (General Motors - GM)
John Thomas (MIT) | Automotive |
Managing Design Changes Using Safety-Guided Design for a Safety-Critical Automotive System John Sgueglia (MIT) | Automotive |
Application of STPA to Hierarchical Design Approach Tetsunobu Morita (Nissan) | Automotive |
Safety Driven Design with UML and STPA Rejzek Martin, Hilbes Christian, and Krauss Sven (Zurich University of Applied Sciences) | |
STECA (System Theoretic Early Concept Analysis) Applied to NextGen Cody Fleming (MIT) | Aviation |
STAMP/STPA Analysis of Communication Latencies Arising from Remote Testing Xidong Xu and David Allsop (Boeing) | Aviation, Defense |
MH370: STPA Supporting Possible Improvements in Air-Ground Tracking & Communication Systems Lucas Stephane (Florida Institute of Technology) | Aviation |
UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development Kip Johnson (MIT / U.S. Air Force - USAF) | Aviation |
Comparing STPA and FMEA on an Automotive Electric Power Steering System Rodrigo Sotomayor Martinez (MIT) | Automotive |
STAMP and Workplace Safety: There’s More to It Than You Think! Larry Hettinger and Marvin Dainoff (Liberty Mutual Research Institute for Safety)
John Flach (Wright State University) | Process, Rail |
Using STPA to Support Risk Management for Interoperable Medical Systems Sam Proctor and John Hatcliff (Kansas State University)
Anura Fernando (Underwriters Laboratory)
Sandy Weininger (FDA) | Healthcare |
The Use of STAMP for Analyzing a Software Quality Organization Greg Pope (Lawrence Livermore National Laboratory - LLNL) | Organizational, Defense |
Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs Diogo Silva Castilho, Ligia Maria Soto Urbina, and Donizeti de Andrade (Instituto Tecnológico de Aeronáutica, Brazil) | Aviation |
System Theoretic Value Analysis of the United States Coast Guard Search and Rescue Communication System Steven F. Osgood (U.S. Coast Guard) | Aviation, Maritime |
Panel on the Linkages and Connections Between the NIST Cyber Security Framework and STAMP/STPA Scott W. Tousley (Dept. of Homeland Security)
Col. William Young (MIT / U.S. Air Force - USAF) | Defense |
STPA Applied to Port Security Adam Williams (MIT and Sandia) | Infrastructure |
Cyber Security in Aircraft Networks Control Systems Jonas Helfer (MIT) | Aviation, Defense |
Comparing Sensors’ Characteristics on a Robotic System: The EWaSAP Results Against Designers’ Non-Theoretical Approaches Maria Mikela Chatzimichailidou and Ioannis M. Dokas (Democritus University of Thrace) | Robotics |
System Safety in Grid Energy Storage: Challenges and Solutions Through Application of STAMP David Rosewater (Sandia) | Energy |
U.S. Coast Guard Financial Management: A Systems Approach to Business Process Reengineering Scott Peterein (U.S. Coast Guard) | Organizational, Tools |
Measuring the Situation Awareness Provision Capability in Complex Socio-Technical Systems with STAMP Maria Mikela Chatzimichailidou, Stefanos Katsavounis, and Ioannis M. Dokas (Democritus University of Thrace) | Robotics, Aviation |
Intelligent-Controller Extensions to STPA Dan Montes (MIT / U.S. Air Force - USAF) | Aviation, Defense |
XSTAMPP: An eXtensible STAMP Platform as Tool Support for Safety Engineering Asim Abdulkhaleq and Stefan Wagner (University of Stuttgart) | Tools |
A Tool-Based STPA-Process John Thomas and Dajiang Suo (MIT) | Tools |
STPA Analysis of Changes in the Process for Stereotactic Radiosurgery and Radiography Aubrey Samost (MIT)
Todd Pawlicki (U.C. San Diego Medical Center) | Healthcare |
Application of CAST to Hospital Adverse Events Meaghan O’Neil | Healthcare |
STPA in Radiation Oncology J. Daartz (Massachusetts General Hospital)
J. Kang (Volpe) | Healthcare |
Safety Systems Analysis of Brachytherapy Using STPA: A Case Study in Radiation Oncology Andrew Tang and Aubrey Samost (MIT)
Robert Cormack and Antonio Damato (Brigham and Women’s Hospital) | Healthcare |
A Systems Approach to Analyzing and Preventing Hospital Adverse Events Aubrey Samost and Nancy Leveson (MIT)
Sidney Dekker (Griffith University)
Jai Raman (Rush Medical Center) | Healthcare |
Application of STAMP to Project Risk Management: A Workshop Approach Lorena Pelegrin (ILF Consulting) | Process, Organizational |
Comparison of Risk Analysis Methodologies: Risk Analysis for Better Design and Decision Making Svana Bjornsdottir (Stiki/Reykjavík University) | Energy, Healthcare, Infrastructure |
Understanding STAMP/STPA Through a Daily Life Example Rodrigo Martins Pagliares (Instituto Tecnológico de Aeronáutica)
Francisco Lemos (Instituto de Pesquisas Energeticas e Nucleares)
Celso Massaki Hirata (Instituto Tecnológico de Aeronáutica, Brazil) | |
Systematic Review of STPA: A Preliminary Study Carlos H.N. Lahoz (Instituto de Aeronáutica e Espaço, Brazil)
Synara Rosa Gomes de Medeiros (Embraer) | |
Applying CAST to Behavior-Related Product-Safety Accidents Michael Hurley (BAE) | Defense, Organizational |
Analyzing Feature Interaction in Automobiles John Thomas and Seth Placke (MIT) | Automotive |
Use of STPA on Rolls Royce Aircraft Engines William Fletcher (Rolls Royce) | Aviation |
STPA-Sec for Cyber Security/Mission Assurance William Young (MIT / U.S. Air Force - USAF) | Defense |
Extended Human Factors STPA Applied to NextGen Katie Berry and Michael Sawyer (Fort Hill Group) | Aviation |
Adding Human Factors to STPA Hoshino Nobuyuki (Japanese Manned Space Systems-JAMSS) | Space |
Updating the Human Controller Model Cameron Thornberry (USN and MIT) | Aviation |
Application of STPA to an Automotive Shift-by-Wire System Padma Sundaram and Mark Vernacchia (General Motors - GM) | Automotive |
Railway Signalling Accident Analysis Using CAST Chenling Li (Beijing Jiaotong University) | Rail |
STPA Analysis of Interval Management in NextGen Cody Fleming (MIT) | Aviation |
STPA Applied to a Product Filling Slurry Dispenser Dave Holley (BAE) | Process, Defense |
Tool Support for STPA Asim Adhulkhaleq and Stefan Wagner (Univ. of Stuttgart) | Tools |
The Volpe STPA Tool Qi Hommes (Volpe National Transportation Research Center) | Tools |
An STPA Tool Dajiang Suo and John Thomas (MIT) | Tools |
The Use of STAMP in Aircraft Evaluation and Test David Allsop (Boeing) | Aviation, Defense |
SFTA, SFMECA, and STPA Applied to Brazilian Space Software Carlos Lahoz (Instituto de Aeronautica e Espaco, Brazil) | Space |
STPA Application on an In-Service Environment Nawaf Almalik (BAE) | Aviation, Defense |
Using STAMP on Train Control Systems Jintao Liu (Beijing Jiaotong University) | Rail |
ARP 4761 and STPA (Using the Wheel Brake Example in ARP 4761) Cody Fleming (MIT)
Chris Wilkinson (Honeywell) | Aviation |
Application of STAMP to Facilitate Interventions to Improve Platform Safety Robert de Boer (Amsterdam University of Applied Sciences) | Aviation |
Using STAMP to Investigate Decision Making in Public-Private Partnerships Neils Smit (Dutch Safety Board) | Organizational |
Using STAMP Principles in Risk Management of Large Scale Pipeline Projects Lorena Pelegrin (ILF Consulting Engineers) | Process |
Analyzing Safety of Radiation Therapy Procedures Aubrey Samost (MIT)
Todd Pawlicki (UCSD) | Healthcare |
Using CAST for Adverse Event Investigation in Hospitals Meaghan O’Neil (MIT) | Healthcare |
Use of CAST for Medical Devices Homa Alemzadeh (Univ. of Illinois) | Healthcare |
Systems Approach to Pharmaceutical Safety Jonathan Fishbein (Alliance for Clinical Research Excellence and Safety-ACRES) | Healthcare |
Risk Management in the Process Industry Manuel Rodriguez (Technical University of Madrid) | Process |
Analyzing Automobile Recalls Qi Hommes (Volpe National Transportation Research Center) | Automotive |
High-Speed Rail Safety Soshi Kawakami (Japan Central Railway and MIT) | Rail |
Applying STAMP to Safety Standards of Domestic Robots Mitka Eleftheria and Spyridon Mouroutsos (Democritus Univ. of Thrace) | Robotics |
Applying STPA to a Battery Energy Storage System David Rose (Sandia National Lab) | Energy, Process |
A-STPA : An Open Tool Support for System-Theoretic Process Analysis Asim Adhulkhaleq and Stefan Wagner (Univ. of Stuttgart) | Tools |
Applying STAMP/STPA to Analyze the Causes of the Unexpected Fire That Happened at the Heat Treatment Process Naoki Morishita, Chunyao Chuang, Tatsuya Yanagisawa, and Yasuhiko Kawabe (Univance Corp) | Automotive, Process, Manufacturing |
Assessing Workstation Safety Integrating Macroergonomics and STAMP Marvin Dainoff and Michelle Robertson (Liberty Mutual) | |
Welcome Nancy Leveson (MIT) | |
Tutorial: STPA for Beginners John Thomas (MIT) | |
Tutorial: STPA for Advanced Users Cody Fleming (MIT) | |
Tutorial: CAST John Helferich and Connor Dunn (MIT) | |
Extending and Automating STPA for Requirements Generation and Analysis John Thomas (MIT) | General |
A System Theoretic Analysis of U.S. Coast Guard Aviation – CG-6505 Mishap CDR Jon Hickey (United States Coast Guard) | Aviation |
Apply STAMP to Safety Standards of Home-Surveillance Robots Mitka Eleftheria (Democritus University of Thrace) | Robotics |
The Use of STAMP’s Control Structure and System Dynamics to Identify Possible Interventions; a Case Study on an Accident with a Compressed Natural Gaz- Public Transport Coach Niels Smit, Ton van Overbeek, and Kirsten van Schaardenburgh-Verhoeve (Dutch Safety Board) | |
Application of STPA to Engineered Safety Features of a Nuclear Power Plant Dong-Ah Lee, Jang-Soo Lee, Se-Woo Cheon, and Junbeom Yoo (Konkuk University, South Korea) | Nuclear, Energy |
Cyber-Mission Assurance Through System Safety Principles Col William Young (United States Air Force and MIT) | Defense |
Cognitive Resilience Robert J. de Boer (University of Amsterdam, Netherlands) | Aviation |
Principles of Product Safety: Depiction of a Product Safety Management System Using STPA Mike Hurley (BAE Systems) | Defense, Organizational |
Using STPA in the Design of a New Manned Spacecraft Ryo Ujiie and Masafumi Katahira (JAXA) | Space |
Application of STPA to Electric Vehicles Hossam Yahia (Valeo) | Automotive |
Integration of Petri Nets into CAST by the Example of 7.23 Accident Rene Hosse, Dirk Spiegel, and Eckehard Schnieder (University of Braunschweig, Germany) | Rail |
Evaluating the Safety of Digital Instrumentation and Control Systems in Nuclear Power Plants John Thomas (MIT) | Nuclear, Energy |
A Systematic Accident Approach for Chinese Railway Analysis Tao Tang and Niu Ru (Beijing Jiaotong University, China) | Rail |
Nuclear Power STPA Example Ray Torok (EPRI)
Bruce Geddes (SES) | Nuclear, Energy |
Hydropower and Dam Safety - Introducing System Engineering Approaches Pat Regan (FERC)
Greg Baecher (University of Maryland) | Infrastructure |
Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain Asim Adhulkhaleq and Stefan Wagner (Univ. of Stuttgart) | Automotive |
Building a Usable Systems Atlas Michael Stone (Akamai) | |
Using STAMP Method to Analyze Serious Accidents in China Railway System Liu Hong (Nextrans Center and Purdue University) | Rail |
Evaluating Project Safety (System Engineering and Safety Management) in an Organization Lorena Pelegrin (ILF) | |
The Application of STPA in Commercial Product Development to Identify Causal Factors for Economic Losses Stephanie Goerges (Cummins Engine) | Automotive |
STAMP as a Theoretical Framework for Understanding Corporate Moral Failure Wayne Buck (Eastern Connecticut State University) | Organizational |
Analysis of Human-Related Accidents and Assessment of Human Error Based on STAMP Rong Hao (Beihang University, China) | Defense |
Applying STAMP to Environmental, Sociotechnical Systems Daniel Hartmann (Ben Gurion University)
Moshe Weiler (Technion, Israel) | |
A Safety Analysis of Navigation Software Development Management Based on STAMP Xu Xiaojie (Beihang University, China) | Aviation |
Applying STAMP to Occupational Safety Larry Hettinger and Marv Dainoff (Liberty Mutual Research Institute) | |
Safety of Interoperable Systems Sandy Weininger (FDA, CDRH, OSEL)
Dave Arney (MGH and UPenn) | Healthcare |
The Use of STPA in Hazard Analysis and Certification of Integrated Modular Avionics Systems Cody Fleming (MIT) | Aviation |
Compatibility Study of STPA with Automotive Safety Process Padma Sundaram and Dave Hartfelder (General Motors - GM) | Automotive |
Contribution of STAMP to the Risk Management of CO2 Capture, Transport, and Storage Projects Jaleh Samadi (Mines Paris Tech, France) | Process, Organizational |
Early Warnings and STPA Ioannis Dokas (Democritus University of Thrace, Greece) | Infrastructure |
The Use of STPA in Satellite Hazard Analysis Connor Dunn (MIT and U.S. Navy) | Space |
A Systematic Safety Control Approach and Practice on Flight Tests of a Low-Cost Blended-Wing-Body Demonstrator Yi Lu (Purdue University and Beihang University, China) | Aviation |
Using STPA to Help Convert Natural Language into Formal Language Sun Rui (Beihang University, China) | |
Analysis of the Fukushima Disaster: Reinforcement for Using STAMP as a Vector of Safety Governance A. Lucas Stephane (Florida Institute of Technology) | Nuclear |
Risk Management of Hospital Radiation Therapy John Helferich (MIT) | Healthcare |
Integrating State Machine Analysis with STPA Asim Adhulkhaleq and Stefan Wagner (Univ. of Stuttgart) | |
Understanding and Analyzing ‘Safety’ in Body Sensor Networks Philip Asare (University of Virgina, USA) | |
Plenary: Introductory Comments Joseph Sussman (MIT ESD Interim Director) | |
Plenary: Introductory Comments Jamie Peraire (MIT Aero/Astro Department Head) | |
Welcome and STAMP Introduction Nancy Leveson (MIT) | |
Tutorial: STPA Guided Exercise John Thomas (MIT) | Aviation |
Tutorial: STPA Group Exercise (HTV) Takuto Ishimatsu (MIT) | Space |
Tutorial: STPA Group Exercise (Electronic Throttle Control) Qi Hommes (MIT) | Automotive |
Tutorial: CAST Guided Exercise (Food) John Helferich (MIT) | |
Tutorial: CAST Group Exercise (QF32) | Aviation |
Tutorial: CAST Group Exercise (Toyota Unintended Acceleration) | Automotive |
Using STPA in the Development of an Artificial Pancreas Lane Desborough (Medtronics) | Healthcare |
Evaluation of STPA in the Safety Analysis of the Gantry 2 Proton Radiation Therapy System Martin Rejzek (PSI) | Healthcare |
Experiences with STAMP in Aviation Accident Analysis Paul Nelson (ComAir and ALPA) | Aviation |
Introducing STAMP in Road Tunnels Safety Assessment Kostis Karazas (National Technical University of Athens) | Infrastructure |
Analyzing Helicopter Emergency Medical Services Accidents Using STAMP Stathis Malakis (Hellenic Civil Aviation Authority) | Healthcare |
Extending and Automating STPA for Requirements Generation and Analysis John Thomas (MIT) | General |
Introducing STAMP into an Organization John Helferich (MIT) | Organizational |
Spreading an Idea Virus Lane Desborough (Medtronic) | Healthcare, General |
Experiences and Challenges in Using STAMP for Accident Analysis Kirsten van Schaardenburg and Verhoeve and Niels Smit (Dutch Safety Board) | |
Applicability/Compatibility of STPA with FAA Regulations and Guidance Mike Dewalt and Peter Skaves (Federal Aviation Administration - FAA) | Aviation |
Safety Analysis of a Diagnostic Medical Device Vincent Balgos (MIT) | Healthcare |
EWaSAP: An Early Warning Sign Identification Approach Based on STPA Ioannis Dokas (University College Cork, Ireland) | |
Experiences with STPA in Defense Applications Grady Lee (Safeware Engineering) | Defense |
Analysis of Railway Accidents in China Dajiang Suo (Tsinghua University) | Rail |
STPA Analysis of an Adaptive Cruise Control System Qi van Eikema Hommes (MIT) | Automotive |
Particle Accelerators - Their Hazards and the Perception of Safety Kelly Mahoney (Jefferson Labs) | Nuclear, Process |
System Safety for the Oil and Gas Industry Mark Silverstone | Process, Energy |
Can We Apply STAMP/STPA to Occupational Injuries? Marvin Dainoff (Liberty Mutual Research Institute) | |
Radiation Therapy Safety Dan Low (UCLA) | Healthcare |
Why We Need Something New in the Automotive Industry Qi Hommes (MIT) | Automotive |
Dam Safety Patrick Regan (FERC) | Infrastructure |
Analyzing German Vehicle Traffic Using STAMP/STPA Rene Sebastian Hosse (University of Braunscheig) | Infrastructure, Automotive |
Using STAMP/STPA in the Early Architectural Design of a Manned Spacecraft Haruka Nakao (JAMSS) | Space |
Combining STPA and Assurance Cases Stefan Wagner (University of Stuttgart) | |
Handling Multiple Controllers in STPA Ryo Ujiie (JAXA)
Takuto Ishimatsu (MIT) | Space |
Systems Thinking and Web Security Michael Stone (Akamai) | Communications/IT |
Using STPA in the Design of a Nuclear Power Plant Control Room A. Lucas Stephane (Florida Institute of Technology) | Nuclear, Process, Energy |
Integrating Uninhabited Aerial Vehicles into the NAS Natasha Neogi (NASA Langley/NIA) | Aviation |
The STAMP Pyramid Col. William Young (MIT / U.S. Air Force - USAF) | |