STPA application for safety assessment of generic missile systems

Abstract

System safety engineering on large and complex programs is all too often deferred to later in program lifecycle development. Whether due to schedule or budget constraints, a combination of the two, or another program factor, this moves the effort to a time in the program lifecycle when much of the system design is fixed. This deferral means that safety assessments often result in hazard mitigation and risk acceptance, instead of system design and development with an integrated safety analysis approach. An integrated approach enables the design team to more effectively address safety as part of the evolution of the design space solution to reduce risk and develop solutions that require less mitigation. One way to solve this issue is to apply a System-Theoretic Process Analysis (STPA) methodology to the existing design and development process employed on these programs. This methodology can be applied to programs that are still in the early lifecycle stages of development, or to programs that already exist and may be mature, but are being integrated into a larger system for operations. In both cases, STPA can provide a methodical and effective means to including safety assessment and developing applicable hazard mitigations. The Raytheon Missile Systems (RMS) Functional Reliability and System Safety (/RSSE) Assessment Design Guide outlines an approach to functional analysis from a systems engineering, reliability engineering, and safety engineering perspective. STPA is a process that fits in the framework outlined in the _/RSSE Assessment Design Guide to provide the safety engineering perspective and enhance the system definition for the program. The application of STPA to Generic Raytheon Missile Systems (GeRMS) demonstrates how this improves system safety assessments for programs and how it can be integrated into existing program processes.