+ All Categories
Home > Documents > Implementing STPA successfully in...

Implementing STPA successfully in...

Date post: 10-Mar-2018
Category:
Upload: hoangkhue
View: 227 times
Download: 2 times
Share this document with a friend
32
Implementing STPA successfully in industry Dr. John Thomas Experiences across industries (Automotive, Aviation, Space Systems, Chemical, Oil & Gas, Nuclear Power, Defense, Healthcare, Medical Devices, Particle Accelerators, National Labs, Universities) Any questions? Email me! [email protected]
Transcript
Page 1: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully in industry

Dr. John Thomas

Experiences across industries

(Automotive, Aviation, Space Systems, Chemical, Oil & Gas, Nuclear Power, Defense, Healthcare, Medical Devices, Particle Accelerators, National Labs, Universities)

Any questions? Email me! [email protected]

Page 2: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

• Learning STPA

• Selecting a suitable system

• Assembling a team

• Planning an STPA project

• Support and buy-in from high-level management

• Data!

Page 3: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Learning enough to adopt STPA

CostEffort

needed Scalability Effectiveness

Reading existing papers, reports, books Free High High Low

Attending MIT STAMP workshop Low Low Low Med

Participating in existing STPA project Low Med Low Med

Attending STPA training session Med Med MedHigh (but quality varies!)

Dedicated project-based workshop & education

High Med LowExtremely

High!

Online education (planned by Leveson/Thomas)

Free Low High <unknown>

Page 4: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Complexity makes STPA shine!• The more complex the

problem, the more powerful STPA will be

• Choose systems where there is opportunity to be surprised

• Potential for unexpected behavior or unanticipated interactions

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 5: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Complexity makes STPA shine!• Systems with many

interactions, where systems are being made

• Different decision-makers trying to work together: computers, humans, organizations, etc.

• Especially incentives to optimize locally, but not necessarily globally

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 6: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Complexity makes STPA shine!

Maximize impact• Identify areas of concern, start

there• Start with high-severity

problems like risky phases of operation (e.g. docking HTV)

• Choose systems where people aren’t sure if you already addressed everything

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 7: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Complexity makes STPA shine!

Maximize impact

Functional analysis• Focus on people or machines

providing functions• Not just purely physical

phenomenon• Material flammability?

• Physical metal fatigue?

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 8: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Not best choice for purely physical phenomena!

Metal Fatigue Material flammability

Page 9: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

STPA is a great choice as soon as you consider the

bigger picture!

HOWEVER

Page 10: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

• STPA is a great choice as soon as you consider the bigger picture!

“Oakland Firefighters Say Their Department Is So Badly Managed, Ghost Ship Warehouse Wasn't Even In Its Inspection Database”

“FAA orders airlines to inspect 737s for cracks: three days earlier, undetected cracks widened into a five-foot hole in the roof of a Southwest 737, forcing an emergency landing”

Page 11: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Interdisciplinary team• Depends on the problem and control

structure!

May include:

• Maintenance expert

• Regulations expert

• Operators (e.g. Pilots)

• Software experts

• Testers

• Etc.

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 12: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Interdisciplinary team

STPA Facilitator• Methodology guidance and

expertise, help avoid common traps, help review results, etc.

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 13: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Interdisciplinary team

STPA Facilitator

Personalities Matter!• Need open-minded people

who want to try something new

• Need “systems thinkers” who recognize impact of indirect interactions

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 14: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Interdisciplinary team

STPA Facilitator

Personalities Matter!• Designers: Most knowledge,

but can get defensive• Outsiders: Not defensive, but

may have less knowledge• Tradeoff!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 15: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Interdisciplinary team

STPA Facilitator

Personalities Matter!• Need people not afraid to dig

deeper, suggest fundamental changes, question long-held assumptions, shed light on systemic problems

• Sometimes less experience helps!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 16: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Develop a plan• Guided by STPA Facilitator• Start with project goals

• Pilot demonstration, analyze whole system, just learn STPA, provide comparison data, produce facilitators, etc.?

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 17: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Develop a plan• Guided by STPA Facilitator• Consider constraints

• Available resources

• Budget

• Schedule

• Current projects

• Look at past experiences• What worked, didn’t work

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 18: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Generic plan may include• Identify goals• Select project• Preparation• Preliminary STPA work• Workshop• Follow-up activities• Solutions development• Consequences of solutions• Summarize conclusions/key

findings

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 19: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Ideal STPA project• Still in early concept • Not yet finished or

implemented• STPA is most powerful when

used early!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 20: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Select project

Team Preparation• Identify core STPA team• Gather info about the system

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 21: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Select project

Team Preparation

STPA Preparation (quick)• High-level control structures• Initial UCAs, some scenarios• Anticipate major questions and

identify any roadblocks• Identify any additional experts

needed

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 22: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Workshop!• Bring together interdisciplinary team,

perhaps 5-12 people

• STPA overview and training (if new to STPA)

• Review prepared control structures

• Perform STPA, iterate and add details as appropriate

• Generate new questions, identify follow-up activities and outstanding areas

• Tends to produce lots of critical results very quickly!• 70% of final results may be generated here

• Usually within 3-5 days

• Disseminate big issues immediately!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 23: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfullySelect project

Team Preparation

STPA Preparation (quick)

Workshop

Finish STPA for identified areas• Iterate on outstanding areas• Follow-up activities, check

assumptions made• Incorporate new changes, new

details if needed• Review results

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 24: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfullySolutions Workshop

• Identify solutions for unsolved or stubborn issues

• Phase 1: Generation• Encourage creativity, cross-

pollination of ideas

• Wild suggestions encouraged (they trigger other ideas)

• Phase 2: Building practical solutions• Select, adapt, and combine

solutions to ensure feasibility

• Consequences of solutions

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 25: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Summarize conclusions/key findings

• Ideally, detailed findings already given to engineering team

• Need high-level message for managers and decision-makers

• Find the powerful results, the “aha moments”

• Identify other teams, groups, departments that would benefit

• Spread the word!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 26: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

Generic plan may include• Identify goals• Select project• Preparation• Preliminary STPA work• Workshop• Follow-up activities• Solutions development• Consequences of solutions• Summarize conclusions/key

findings

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 27: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

• STPA encourages high-impact long-term solutions that may involve fundamental changes, not just minor low-level patches

• Helps to know managers want these proposals, not just temporary or superficial recommendations!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 28: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

• Sometimes seen as a competitive advantage• Secrecy

• “We want to be recognized as a leader in our industry”• We want everyone to know

we were first!

• Learning STPA• Selecting a suitable system• Assembling a team• Planning an STPA project• Support and buy-in

Page 29: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Data from 4 projects

45%

15%

20%

20%

Learning how thesystem works

Applying STPA

Finding answers toquestions raised

Identifying solutions

53%

14%

5%

19%

9% Learning how thesystem worksLearning STPA

Applying STPA

Finding answers toquestions raisedIdentifying solutions

73%

16%

11%Learning how thesystem works

Applying STPA

Finding answersto questionsraised

50%

10%

11%

29%

Learning how thesystem works

Learning STPA

Applying STPA

Finding answers toquestions raised

Page 30: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Time spent developing Step 1 UCA table

0

10

20

30

40

50

60

0 1 2 3 4 5

Data!

Minutes

Trial #

Page 31: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Time spent developing Step 2 scenarios

Data!

Minutes

Trial #

0

10

20

30

40

50

60

70

80

90

0 1 2 3 4 5 6 7

Page 32: Implementing STPA successfully in industrypsas.scripts.mit.edu/home/wp-content/uploads/2017/04/...Implementing STPA successfully •Learning STPA •Selecting a suitable system •Assembling

Implementing STPA successfully

• Learning STPA

• Selecting a suitable system

• Assembling a team

• Planning an STPA project

• Support and buy-in from high-level management

• Data!

Any questions? Email me! [email protected]

Thank you!


Recommended