Standard

SAE J3307

Published

Singles purchase not accessible

This standard can not be purchased as a single sales.

Abstract

This standard documents what is required to execute a System Theoretic Process Analysis (STPA) of safety-critical products or systems in all industries. This standard defines the terminology, the steps in using STPA, the activities flow, and the expected deliverables. This standard may be used when addressing compliance with contractual or regulatory requirements regarding risk assessments, safety assessments, development assurance, system security engineering, or other similar requirements as appropriate. In addition, this standard can be used to demonstrate that an effective STPA evaluation has been conducted when compliance is not of paramount concern. This standard is applicable to a broad set of uses including, but not limited to, corporate product development processes, organizational processes, regulatory groups, supplier processes, defense programs (e.g., government awards a contract to a company and the contract mandates STPA), defense program office (e.g., government safety group applies STPA during a safety review on a project), healthcare safety researchers (not engineers), and site reliability engineering (e.g., Google Maps, where the “controlled process” is a virtual map - pure data rather than a physical process) to name a few. Purpose This standard defines a method or technique for using STPA to identify hazards and losses associated with system misbehaviors that lead to unacceptable losses and for determining the scenarios and causes that lead to such misbehaviors. This standard also addresses the creation of constraints and requirements to prevent or manage causes and/or scenarios associated with identified misbehaviors. This standard may be used to integrate STPA activities into a company-specific development or assurance framework. This document provides a universal definition of STPA that can be applied to any industry. STPA has over a decade of documented use across industries including defense, aviation, space, automotive, healthcare, nuclear, oil and gas, chemical, and others. The purpose of STPA is to provide a systems-based analysis using an extended model of accident causality that includes both traditional and modern causes of losses, such as: • Intended functions or features that inadvertently lead to losses • Unintended functions or features that inadvertently emerge from lower-level functions and interactions • Missing functions or features that are necessary to prevent losses • Interactions among non-failed components, functions, or features that lead to losses • Known random or systemic failures that may only lead to losses in complex, unanticipated ways • Operational conditions and assumptions that can lead to losses • Human interactions, human errors, decision-making, and other human factors • Automation behaviors, interactions, and decision-making that may lead to losses • Automation-induced human errors (e.g., mode confusion) • Missing, dysfunctional, or otherwise flawed requirements • Missing, dysfunctional, or otherwise flawed procedures • Flaws across multiple control layers such as the physical layer, data layer, automated detection and response layer, human operator layer, supervisory layers, management layers, organizational layers, and regulatory layers • Causes of losses related to maintenance, serviceability, adversary behaviors, intentional or unintentional actions, privacy, performance, and other operational considerations • Common cause failures, errors, or other conditions that defeat planned mitigations • Flaws introduced throughout the life cycle including the concept, requirements, design, implementation, test, and operational phases Information marked as “NOTE:” is for guidance in understanding or clarifying associated content.

Document information

  • Standard from SAE_AC
  • Published:
  • Version: 0
  • Document type: IS