System Theoretic Process Analysis: A Literature Survey on the Approaches Used for Improving the Safety in Complex Systems

  • Saulo Rodrigues e SilvaEmail author
Conference paper
Part of the Lecture Notes in Information Systems and Organisation book series (LNISO, volume 31)


Computer systems are becoming increasingly complex, especially interactive software systems, namely software user interfaces. The scientific community relies on different methods to assess their safety. This article provides an updated literature survey on hazard analysis approaches used to improve the safety of complex systems. To support the survey, we conceptualise complex systems, highlighting the challenge in terms of assessing their safety. We provide a brief overview on the approaches historically available to tackle issues in those systems, along with their most common methods. Finally, the article focuses in one method of a non-traditional approach, which is described in more details, along with some of its extensions, which seeks to improve the hazard analysis in complex systems.


Complex systems High-assurance systems Design requirements Hazard analysis methods 



We acknowledge Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq) and Instituto Federal de Educação, Ciência e Tecnologia de Goiás (IFG) for the support, as well as Dr. José Creissac, Dr. Paolo Masci,Dr. João Fernandes and Dr. Orlando Belo for the valuable insights.


  1. Abdulkhaleq, A., Vost, S., Wagner, S., & Thomas, J. (2016). An industrial case study on the evaluation of a safety engineering approach for software-intensive systems in the automotive domain.Google Scholar
  2. Abdulkhaleq, A., Wagner, S., & Leveson, N. (2015). A comprehensive safety engineering approach for software-intensive systems based on STPA. Procedia Engineering, 128, 2–11. In Proceedings of the 3rd European STAMP Workshop October 5–6, 2015, Amsterdam.Google Scholar
  3. Antoine, B. (2013). Systems theoretic hazard analysis (STPA) applied to the risk review of complex systems: an example from the medical device industry. (Ph.D. thesis, Massachusetts Institute of Technology).Google Scholar
  4. Bowles, J. B., & Peláez, C. E. (1995). Fuzzy logic prioritization of failures in a system failure mode, effects and criticality analysis. Reliability Engineering & System Safety, 50(2), 203–213.CrossRefGoogle Scholar
  5. Castilho, D. S., Urbina, L. M., & de Andrade, D. (2018). Stpa for continuous controls: A flight testing study of aircraft crosswind takeoffs. Safety Science, 108, 129–139.CrossRefGoogle Scholar
  6. Dehlinger, J., & Lutz, R. R. (2004). Software fault tree analysis for product lines. In Proceedings Eighth IEEE International Symposium on High Assurance Systems Engineering, pp. 12–21. IEEE.Google Scholar
  7. Dokas, I. M., Feehan, J., & Imran, S. (2013). Ewasap: An early warning sign identification approach based on a systemic hazard analysis. Safety Science, 58, 11–26.CrossRefGoogle Scholar
  8. EN, B. (2006). 60812: 2006 analysis techniques for system reliability. Procedure for failure mode and effects analysis (FMEA).Google Scholar
  9. Ericson, C. A. (2005). Event tree analysis. Hazard Analysis Techniques for System Safety, 223–234.Google Scholar
  10. Ericson, C. A. et al. (2015). Hazard analysis techniques for system safety. Wiley.Google Scholar
  11. France, M. E. (2017). Engineering for humans: a new extension to STPA (Ph.D. thesis, Massachusetts Institute of Technology).Google Scholar
  12. Haasl, D. F., Roberts, N., Vesely, W., & Goldberg, F. (1981). Fault tree handbook. Technical report, Nuclear Regulatory Commission, Washington, DC (USA). Office of Nuclear Regulatory Research.Google Scholar
  13. Heinrich, H. W. et al. (1941). Industrial accident prevention. a scientific approach. In Industrial accident prevention. A scientific approach (2nd ed.).Google Scholar
  14. IEC, B. (2001). 61882: 2001: Hazard and operability studies (hazop studies). Application guide. British Standards Institute.Google Scholar
  15. Kenarangui, R. (1991). Event-tree analysis by fuzzy probability. IEEE Transactions on Reliability, 40(1), 120–124.CrossRefGoogle Scholar
  16. Lawley, H. (1974). Operability studies and hazard analysis. Chemical Engineering Progress, 70(4), 45–56.Google Scholar
  17. Leveson, N. (2004). A new accident model for engineering safer systems. Safety Science, 42(4), 237–270.CrossRefGoogle Scholar
  18. Leveson, N. (2011). Engineering a safer world: Systems thinking applied to safety. MIT press.Google Scholar
  19. Leveson, N., & Thomas, J. (2013). An STPA primer. Cambridge, MA.Google Scholar
  20. Leveson, N. G. et al. (2014). Extending the human controller methodology in systems-theoretic process analysis (STPA) (Ph.D. thesis, Massachusetts Institute of Technology).Google Scholar
  21. Leveson, N. G., & Harvey, P. R. (1983). Software fault tree analysis. Journal of Systems and Software, 3(2), 173–181.CrossRefGoogle Scholar
  22. Lipol, L. S., & Haq, J. (2011). Risk analysis method: FMEA/FMECA in the organizations. International Journal of Basic & Applied Sciences, 11(5), 74–82.Google Scholar
  23. Lutz, R. R., & Shaw, H.-Y. (1999). Applying adaptive safety analysis techniques (for embedded software). In Proceedings of 10th International Symposium on Software Reliability Engineering, 1999, pp. 42–49. IEEE.Google Scholar
  24. Masci, P., Zhang, Y., Jones, P., & Campos, J. C. (2017). A hazard analysis method for systematic identification of safety requirements for user interface software in medical devices. In 15th International Conference on Software Engineering and Formal Methods (SEFM 2017), volume LNCS, vol. 10469, Springer. Springer.Google Scholar
  25. NASA, N. (1966). S. Administration. Procedure for failure mode, effects and criticality analysis (FMECA), RM 63TMP-22. NASA, Tech. Rep.Google Scholar
  26. Rasmussen, N. C. (1981). Methods of hazard analysis and nuclear safety engineering. Annals of the New York Academy of Sciences, 365(1), 20–36.CrossRefGoogle Scholar
  27. Reason, J. (1990). Human error. Cambridge university press.Google Scholar
  28. Reifer, D. J. (1979). Software failure modes and effects analysis. IEEE Transactions on Reliability, 28(3), 247–249.CrossRefGoogle Scholar
  29. Robson, C., & McCartan, K. (2016). Real world research. Wiley.Google Scholar
  30. Rosewater, D., & Williams, A. (2015). Analyzing system safety in lithium-ion grid energy storage. Journal of Power Sources, 300, 460–471.CrossRefGoogle Scholar
  31. Song, Y. (2012). Applying system-theoretic accident model and processes (STAMP) to hazard analysis (Ph.D. thesis).Google Scholar
  32. Stadler, J. J., & Seidl, N. J. (2013). Software failure modes and effects analysis. In Reliability and Maintainability Symposium (RAMS), 2013 Proceedings-Annual, pp. 1–5. IEEE.Google Scholar
  33. Standard, U. M. (1980). MIL-STD-1629A. Procedures for Performing a Failure Mode, Effect and Criticality Analysis. Department of Defense, USA.Google Scholar
  34. Stringfellow, M. V. (2010). Accident analysis and hazard analysis for human and organizational factors (PhD thesis, Massachusetts Institute of Technology).Google Scholar
  35. Stringfellow, M. V., Leveson, N. G., & Owens, B. D. (2010). Safety-driven design for software-intensive aerospace and automotive systems. Proceedings of the IEEE, 98(4), 515–525.CrossRefGoogle Scholar
  36. Thimbleby, H. (2010). Press on: Principles of interaction programming. The MIT Press.Google Scholar
  37. Thomas, J., Lemos, F., & Leveson, N. (2012). Evaluating the safety of digital instrumentation and control systems in nuclear power plants. NRC Technical Research Report 2013.Google Scholar
  38. Thomas IV, J. P. (2013). Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis (PhD thesis, Massachusetts Institute of Technology).Google Scholar
  39. Yang, C. (2014). Software safety testing based on STPA. Procedia Engineering, 80, 399–406.CrossRefGoogle Scholar
  40. Young, W. E. (2014). STPA-SEC for cyber security mission assurance. Eng Syst. Div. Syst. Eng. Res. Lab.Google Scholar
  41. Zadeh, L. A. (1962). From circuit theory to system theory. Proceedings of the IRE, 50(5), 856–865.CrossRefGoogle Scholar
  42. Wiegers, K., & Beatty, J. (2013). Software requirements. Pearson Education.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Universidade do MinhoBragaPortugal

Personalised recommendations