SaCS: A Method and a Pattern Language for the Development of Conceptual Safety Designs

Flight control systems, railway interlocking systems, and nuclear reactor protection systems are examples of safety critical systems from different industrial domains. A safety critical system within any of these domains requires some type of acceptance from a safety authority prior to commissioning. The minimum prerequisite for achieving acceptance is to comply with relevant normative requirements from regulations and standards. Safety standards and guidelines typically define the safety objectives to be met by a system and by the process of developing the system. In this thesis we present a method and a pattern language called Safe Control Systems (SaCS) for development of conceptual safety designs. By a conceptual safety design we mean an early stage specification of system requirements, system design, and safety case for a safety critical system. The SaCS method consists of: (1) The SaCS process – a process for the systematic application of patterns as development support. (2) The library of SaCS patterns – a collection of patterns providing guidance on effective solutions to different challenges relevant when developing conceptual safety designs. The library is structured into patterns for requirements capture, system design and safety assurance in the form of a safety case. (3) The SaCS pattern language – a language for defining patterns and for specifying the application of patterns for safety design conceptualisation. The three artefacts are complementary and their integration represents a combined approach to pattern-based development. The patterns in the library represent safety engineering best practices inspired by international safety standards and guidelines. Applying patterns according to the SaCS process supports establishing the evidence that the conceptualisation of systems is being performed according to a suitable process and according to accepted practices. The pattern language supports the specification of patterns and the documentation of their use. The SaCS method has been evaluated in three different studies: (1) Study 1 – a case study on safety design conceptualisation of a nuclear power plant control system; (2) Study 2 – a case study on safety design conceptualisation of a railway interlocking system; (3) Study 3 – an analytic evaluation of the suitability of the SaCS pattern language for its intended task. The experiences and results from the different evaluations indicate that the SaCS method facilitates the development of conceptual safety designs by systematically combining and applying patterns as development support.