Tool Qualification Considerations for Tools Supporting STPA

Abstract

We evaluated tool qualification requirements for hazard and risk analysis software tools, particularly for tools supporting System-Theoretic Process Analysis (STPA), and compared the tool qualification approaches of safety standards IEC 61508, EN 50128, DO-178C/DO-330 and ISO 26262. Our software tool SAHRA integrates STPA in an existing engineering toolchain by providing an extension for the UML/SysML modeling tool Sparx Systems Enterprise Architect. We found that the qualification of this tool according to the mentioned safety standards was not straightforward and required further analysis. Therefore, we analyzed the tool risks and found that those depend on many factors such as process risks, risks from tool errors, tool integration risks and operational scenarios regarding the use of the tool in the development lifecycle. We selected four operational scenarios for tools supporting STPA to evaluate tool qualification requirements. After concluding that a tool qualification is required, we used a multi-domain tool qualification development lifecycle guided by DO-330 for SAHRA.