Conclusion

We have presented an outline of our safety case methodology. Our safety case approach places the main emphasis on claims about the behaviour of the system (i.e. functional behaviour and system attributes) and suitable arguments to support those claims. The structuring ideas (using claims, argument and evidence) are quite simple, but they should allow quite complex safety cases to be constructed which are both understandable and traceable. The approach also allows for multiplicity of argument approaches.

To implement the safety case we have advocated the integration of safety case development into the design process. By including the safety case and its possible costs in the design trade-offs, unsuitable designs can be avoided together with their attendant costs in safety case construction, project delays and long-term support overheads.

The layered structure of the safety case allows the safety case to evolve over time and helps to establish the safety requirements at each level. For large projects with sub-contractors, this "top-down" safety case approach helps to identify the subsystem requirements and the subsystem safety case can be made an explicit contractual requirement to be delivered by the sub-contractor.

We have developed this methodology over several years. Initially the ideas were the product of research studies, but they have subsequently been adopted in standards and for the development of safety cases for specific systems. The approach has evolved during this period, but the evolution is largely through extensions to the methodology (including long-term support) rather than changing earlier ideas.

We have also developed a computer-based support environment that is introduced in these pages with further details available from the Adelard ASCE web site.