Safety Requirement Patterns for High Consequence Arming Systems

This thesis details research investigating issues with the way in which safety requirements (often termed assertions) are written for the specific application of high consequence arming systems. Existing methods for deriving such requirements focus on the approach through which these systems are designed. Currently this is based upon three main concepts: isolation, incompatibility and inoperability. These are often referred to as the 3I's, and are used in combination with a fourth I of independence. The issue motivating this research is that there is no rigour in the manner in which these are written and no methods exist to ensure completeness of the resultant requirements set. A systems engineering approach has been adopted to perform this research and considers the needs of stakeholders involved in specification of arming system safety requirements, from these requirements of the project are derived. A solution has been presented in the form of a set of 8 templates which allow repeatable specification of assertions, along with a set of 12 patterns which cover realistic and commonly used relationships between these templates. The template assertions are based upon a state machine format and adopt a novel view of the 3I's where attenuation, incompatibility, state changes and race are used to specify lower level and more detailed requirements than the existing methods. Application of the new approach to real industry projects showed that it identified assertions which were missed using the current state of the art methods. Through use of modelling it has also been demonstrated that the new approach produces a complete set of assertions which, when implemented correctly, provide protection against detonation in a given environment. This approach is intended for use alongside existing methods to produce a set of requirements which meet all regulatory needs, inclusive of independence, something which this approach does not consider.