Safety Cases — How Did We Get Here?

  • Roger Shaw


One of the topic areas chosen for CSR 95 was that of safety cases. Although safety cases are now well enshrined in UK law they are possibly not so well understood outside the UK. The presentation upon which this paper is based aimed to provide background information on safety cases. The paper starts by examining some historical accidents and moves on to discuss the development of safety law in the UK and summarises some of the principles embodied within the Health and Safety at Work Act of 1974. Following this attention is given to risk assessment and the ALARP principle. Safety cases are introduced with specific reference to those industries currently using them. Finally, standards covering the use of Programmable Electronic Systems (PES) in safety related applications are identified and their role in producing safety cases discussed.


International Electrotechnical Commission Probabilistic Risk Assessment Fault Tree Analysis Safety Case Safety Management System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ACA86]
    ACARD. SOFTWARE A vital key to UK competitiveness. HMSO, 1986.Google Scholar
  2. [Arn95]
    Lorna Arnold. Windscale 1957. MacMillan, 2nd edition, 1995.Google Scholar
  3. [Ayt94]
    P. Ayton. On the competence and incompetence of experts. In G. Wright and F. Bolger, editors, Expertise and Decision Support. Plenum Press, 1994.Google Scholar
  4. [Bak93]
    J. II. Baker. An Introduction to English Legal History. Butterworths, 3rd edition, 1993.Google Scholar
  5. [BD96]
    Tony Barrell and Tony Darlison. The safety of PES in the offshore industry. In [Sha96], 1996.Google Scholar
  6. [Bea06]
    W. Beasant. Medieval London, Vol 1, Historical and Social. Adam and Charles Black, 1906.Google Scholar
  7. [Be196]
    Ron Bell. Overview of proposed iec 1508 & implications for plcs. In Proceedings of the 2nd International Symposium on PLCs in Safety Related Applications. EWICS TC7, 1996.Google Scholar
  8. [BF94]
    R. W. Butler and G. B. Finelli. The infeasibility of quantifying the reliability of life-critical real-time software. IEEE Transactions on Software Engineering, 19 (3): 3–12, 1994.Google Scholar
  9. [BH95]
    B. Barrett and R. Howells. Occupational Health and Safety Law. Pitman, 2nd edition, 1995.Google Scholar
  10. [B1o96]
    Robin Bloomfield. The SHIP safety case - a combination of system and software methods. In [Sha961, 1996.Google Scholar
  11. [CEN94]
    CENELEC. prEN 50129: Railway Applications - Safety Related Electronic Systems,1994. DRAFT.Google Scholar
  12. [CEN95]
    CENELEC. prEN 50128: Railway Applications - Software for Railway Control and Protection Systems,1995.Google Scholar
  13. [Chu77]
    R. Chuse. Pressure Vessels. McGraw Hill, 5th edition, 1977.Google Scholar
  14. [CM94]
    J. Clegg and R. McIntosh. Safety case generic issues. In Managing the Safety Case. United Kingdom Offshore Operators Association, December 1994.Google Scholar
  15. [Cu190]
    Lord Cullen. The Public Enquiry into the Piper Alpha Disaster. HMSO, 1990.Google Scholar
  16. [Dep90]
    Department of Energy. Offshore Installations: Guidance on Design, Construction and Certification. HMSO, 4th edition, 1990.Google Scholar
  17. [DMS93]
    A. G. Darlison, F. Maclennan, and R. C. Shaw. Software assessment. Technical Report Paper No 1 Session 1993–1994, Lloyd’s Register Technical Association, 1993.Google Scholar
  18. [EC94]
    D. J. Ewing and J. F. Campbell. Tolerability of risk, safety assessment principles and their implication for probabilistic safety analysis. Nuclear Energy, 2 (33): 85–92, 1994.Google Scholar
  19. [Edw96]
    Chris Edwards. The application of systematic software management to railway systems. In [Sha96], 1996.Google Scholar
  20. [EEM89]
    EEMUA. Safety related instrument systems for the process industries. Technical Report 160, The Engineering Equipment and Materials User Association, 1989.Google Scholar
  21. [Far89]
    David Farmer. So Far as is Reasonably Practicable. Croner Publications Ltd, 1989.Google Scholar
  22. [Fen96]
    N. Fenton. The role of measurement in software safety assessment. In (Sha961, 1996.Google Scholar
  23. [Fox93]
    Charles Fox. UKOOA overview of the voluntary safety case experience. In [HSE93], 1993.Google Scholar
  24. [Fra84]
    Derek Fraser. The Evolution of the British Welfare State. MacMillan, 2nd edition, 1984.Google Scholar
  25. [GAM89]
    GAMBICA. Safety Guidelines: programmable electronic systems in safety related applications. Technical report, The GAMBICA Association, November 1989.Google Scholar
  26. [Gar91]
    Ervon Garrison. A History of Engineering and Technology. CRC Press, 1991.Google Scholar
  27. [Har94]
    S. A. Harbison. Developments in safety standards and regulation. Nuclear Energy, 6 (33): 383–386, 1994.Google Scholar
  28. [HF93]
    John Hendy and Michael Ford. Redgrave Fife Machin Health and Safety. Butterworths, 2nd edition, 1993.Google Scholar
  29. [HK92]
    E. J. Henley and H. Kumamoto. Probabilistic Risk Assessment. IEEE Press, 1992.Google Scholar
  30. [HMG92]
    HMG. New Opportunities for the Railways - The Privatisation of British Rail (Cm 2012). HMSO, 1992.Google Scholar
  31. [HSC93]
    HSC. Ensuring safety on Britain’s railways. Technical report, Department of Transport, January 1993.Google Scholar
  32. [HSE78]
    HSE. CANVEY an investigation of potential hazards from operations in the Canvey Island/Thurrock area. HMSO, 1978.Google Scholar
  33. [HSE81a]
    HSE. CANVEY a second report - a review of potential hazards from operations in the Canvey Island/Thurrock area three years after publication of the Canvey Report. HMSO, 1981.Google Scholar
  34. [HSE81b]
    HSE. Microprocessors in Industry - Safety implications of the uses of programmable electronic systems in factories. HMSO, 1981. HSE Occasional Paper Series: OP2.Google Scholar
  35. [HSE87a]
    HSE. Programmable electronic systems in safety-related applications: Part 1 An introductory guide. HMSO, 1987.Google Scholar
  36. [HSE87b]
    HSE. Programmable electronic systems in safety-related applications: Part 1 general technical guidelines. HMSO, 1987.Google Scholar
  37. [HSE89]
    HSE. Quantified risk assessment: Its input to decision making. HMSO, 1989.Google Scholar
  38. [HSE90]
    HSE. A Guide to the Control of Industrial Major Accident Hazards Regulations 1984. HMSO, 1990.Google Scholar
  39. [HSE91]
    HSE. Successful Health and Safety Management. HMSO, 1991.Google Scholar
  40. [HSE92a]
    HSE. A Guide to the Health and Safety at Work etc Act 1974. HMSO, 1992.Google Scholar
  41. [HSE92b]
    HSE. A Guide to the Offshore Installations (Safety Case) Regulations 1992. HMSO, 1992.Google Scholar
  42. [HSE92c]
    HSE. Management of Health and Safety at Work. HMSO, 1992.Google Scholar
  43. [HSE92d]
    HSE. Safety Assessment Principles for Nuclear Plants. HMSO, 1992.Google Scholar
  44. [HSE92e]
    HSE. The Tolerability of Risk from Nuclear Power Stations. HMSO, 1992.Google Scholar
  45. [HSE93]
    Offshore Safety Cases Conference. Health and Safety Executive, 1993.Google Scholar
  46. [HSE94a]
    HSE. Carriage of Dangerous Goods by Rail. HMSO, 1994.Google Scholar
  47. [HSE94b]
    HSE. Guide to the Approval of Railway Works, Plant and Equipment. HMSO, 1994.Google Scholar
  48. [HSE94c]
    HSE. Railway Safety Cases. HMSO, 1994. [HSE94d] HSE. Railway Safety Critical Work. HMSO, 1994.Google Scholar
  49. [HSE95a]
    HSE. Draft Offshore Installations and Wells (Design and Construction, etc) Regulations. Health and Safety Executive, 1995.Google Scholar
  50. [HSE95b]
    HSE. Generic Terms and Concepts in the Assessment and Regulation of Industrial Risks. Health and Safety Executive, 1995.Google Scholar
  51. [HSE95c]
    HSE. A Guide to the Offshore Installations and Pipeline Work (Man-agement and Administration) Regulations 1995. HMSO, 1995.Google Scholar
  52. [HSE95d]
    HSE. Out of Control - Why control systems go wrong and how to prevent failure. HSE Books, 1995.Google Scholar
  53. [HSE95e]
    HSE. Prevention of Fire and Explosion, and Emergency Response on Offshore Installations. HMSO, 1995.Google Scholar
  54. [HSE95f]
    HSE. The Work of the HSE’s Nuclear Installations Inspectorate. HMSO, 1995.Google Scholar
  55. [Hun96]
    David Hunns. Considerations of the elements of the safety case for a computer based safety system in the nuclear industry. In (Sha96], 1996.Google Scholar
  56. [IEC96]
    IEC. Draft IEC 1508: Functional safety: safety-related systems; Parts 1–7. International Electrotechnical Commission (IEC), 1996.Google Scholar
  57. [IGE89]
    IGE. The use of programmable electronic systems in safety related applications in the gas industry. Technical Report IGE/SR/15 Communication 1417, The Institution of Gas Engineers, 1989.Google Scholar
  58. [IGE94]
    IGE. Programmable equipment in safety related applications. Technical Report IGE/SR/15 Communication 1581, The Institution of Gas Engineers, 1994.Google Scholar
  59. [IRS93a]
    IRSE. Competence assessment in the workplace. Technical Report Licensing Procedure No. 14, Institution of Railway Signal Engineers, November 1993.Google Scholar
  60. [IRS93b]
    IRSE. Licensing of competent personnel. Technical Report Licensing Procedure No. 11, Institution of Railway Signal Engineers, November 1993.Google Scholar
  61. [Jon92]
    David Jones. Nomenclature for Hazard and Risk Assessment in the Process Industries. Institution of Chemical Engineers, 2nd edition, 1992.Google Scholar
  62. [Kee88]
    John Keegan. The Price of Admiralty. Hutchinson, 1988.Google Scholar
  63. [Kin90]
    Ralph King. Safety in the Process Industries. Butterworth - Heinemann, 1990.Google Scholar
  64. [Kle94]
    Trevor Kletz. Learning from Accidents. Butterworth-Heinemann, 1994.Google Scholar
  65. [LA89]
    Frank P. Lees and M. L. Ang, editors. Safety Cases. Butterworths, 1989.Google Scholar
  66. [Lee80]
    Frank Lees. Loss Prevention in the Process Industries Volumes 1 & 2. Butterworth, 1980.Google Scholar
  67. [Lee96]
    Frank Lees. Loss Prevention in the Process Industries Volumes 1 6 2. Butterworth - Heinemann, 2nd edition, 1996.Google Scholar
  68. [Lit91]
    B. Littlewood. Limits to evaluation of software dependability. In B. Littlewood and N. Fenton, editors, Software Reliability and Metrics. Elsevier, 1991.Google Scholar
  69. [LJ95]
    J. R. Lane and M. C. Jones. Performance standards and written schemes - recent experience from the UK offshore industry. Technical Report Paper No 6 Session 1995–1996, Lloyd’s Register Technical Association, 1995.Google Scholar
  70. Me194] Peter Mellor. CAD: computer aided disaster. High Integrity Systems,’1(2):10–156, 1994.Google Scholar
  71. [NAL88]
    NALM. Programmable electronic systems in safety related applications. Technical report, National Association of Lift Makers, 1988.Google Scholar
  72. [Pow93]
    Taf Powell. HSE overview of the voluntary safety cases. In [HSE9S], 1993.Google Scholar
  73. [Ray94]
    David Rayner. Keynote address. In Railway Safety Cases - 250 days Down, 500 To Go. IBC Technical Services Ltd, 1994.Google Scholar
  74. [Ray95]
    David Rayner. Aspects of safety within the privatised railway. In Safety on the Railways. AIC Conferences, June 1995.Google Scholar
  75. [RIA91]
    RIA. Safety related software for railway signalling. Technical Report RIA Technical Specification No 23, Railway Industry Association, 1991.Google Scholar
  76. [Rob72]
    Lord Robens. Safety and Health at Work. Report of the Committee 1970–72. HMSO - Cmnd. 5034, 1972.Google Scholar
  77. [Rus93]
    John Rushby. Formal methods and the certification of critical systems. Technical Report SRI-CSL-93–07, Stanford Research Institute, November 1993.Google Scholar
  78. [Rus96]
    John Rushby. Formal methods and their role in the certification of critical systems. In [Sha96], 1996.Google Scholar
  79. Sha96] Roger Shaw, editor. Safety and Reliability of Software Based Systems. Springer Verlag, 1996.Google Scholar
  80. [Sta94]
    John Stansfeld. The safety case. Technical Report Paper No 3 Session 1994–1995, Lloyd’s Register Technical Association, 1994.Google Scholar
  81. [Str94]
    L. Strigini. Engineering judgement in reliability and safety and its limits: what can we learn from research in psychology? Technical Report SHIP/T/002, City University, 1994.Google Scholar
  82. J. R. Thompson. Engineering Safety Assessment. Longman Scientific and Technical, 1987.Google Scholar
  83. [Tho96]
    Martyn Thomas. Safety cases for software based systems. In [Sha96], 1996.Google Scholar
  84. [Tin92]
    Paul Tindall. U.K. offshore legislation. Technical Report Paper No 6 Session 1991–1992, Lloyd’s Register Technical Association, 1992.Google Scholar
  85. [UKO95]
    UKOOA. Guidelines for instrument-based protection systems. Technical report, United Kindgom Offshore Operators Association, 1995.Google Scholar
  86. [Vil91a]
    Alain Villemeur. Reliability, Availability, Maintainability and Safety Assessment - Volume 1. Methods and Techniques. John Wiley, 1991.Google Scholar
  87. [Vi191b]
    Alain Villemeur. Reliability, Availability, Maintainability and Safety Assessment - Volume 2. Assessment, Hardware, Software Human Factors. John Wiley, 1991.Google Scholar
  88. [Wil94]
    L. G. Williams. Regulation of an ageing nuclear programme. Nuclear Energy, 6 (33): 387–391, 1994.Google Scholar

Copyright information

© Springer-Verlag London Limited 1997

Authors and Affiliations

  • Roger Shaw
    • 1
  1. 1.System Integrity and Risk Management DepartmentLloyd’s RegisterCroydonUK

Personalised recommendations