This tutorial will introduce you to the concept of safety cases. Safety cases are structured arguments that support the claim that a system is safe to be used for a given application in a given environment. Several standards require the production of such safety cases as a prerequisite for approval. The tutorial will highlight good and bad practices when developing safety cases and will introduce you to a notation specifically developed for the generation of safety cases, the Goal Structuring Notation (GSN). There will be practical examples which need to be solved by the attendees, so that hands-on practice and experience is gained.
Detailed outline of the tutorial:
Introduction (1h): The tutorial will start with a survey of current safety standards (IEC 61508, ISO 26262, EN 50128, DO-178C,...) and analyse their views and requirements regarding safety cases. We will then delve into the nature of safety cases, briefly touch their historical origins, and clearly consider what can and what can't be expected from a safety case. Based on our practical experience we will also highlight some typical bad practices when constructing safety cases. This helps to correctly and critically read them, and is also a helpful guideline for reviewing other safety documentation. This part of the tutorial is largely a presentation.
Goal Structuring Notation (45min): We will now introduce the main elements of the Goal Structuring Notation (GSN), which is a helpful tool to document safety cases. The presentation of the notation will be interleaved with brief examples, excercises and questions, so that attendees have the chance to fully understand the meaning and purpose of the various symbols. A structured method how to proceed when drafting safety cases will also be presented. Hence, this part of the tutorial is much more interactive, requiring active participation of attendees.
Case Study (45min): A realistic case study will then be handed out. It is expected to be solved as a group work (groups of 3-5 people are expected). The task of the groups will be to draft and present a sound safety argument for a given claim that the system in the case study is acceptably safe for a specific application in a given environment. GSN shall be used as a notation for this purpose. At the end, the groups present their solutions, and the advantages/disadvantages of the presented solutions are discussed. This part of the tutorial is a group work.
Concluding Remarks (30min): Finally, we will bring some concluding remarks, consisting of hints how to avoid common errors and fallacies in safety cases, show some examples of real-world safety cases and a we will finish with a personal conclusion.
