A New Approach to Creating Clear Operational Safety Arguments

The use of Safety Cases has become relatively commonplace, particularly for high hazard industries. Safety cases should provide a compelling argument and evidence to demonstrate that a system is sufficiently safe both in design and in operation. Much of the guidance for developing safety cases has focussed on creating safety cases at design time to support the deployment of a system. Operational safety is significantly less well-handled in current safety case practice. In this paper, to start addressing the challenges of operational safety cases, we propose to extend the ideas of splitting complex safety cases into risk, confidence and compliance arguments to also consider operational safety arguments. We propose that the operational safety arguments should be separate but explicitly connected to the design–time risk argument through the use of operational claim points (OCPs) to ensure clarity in both the design–time risk argument and the operational argument, whilst still ensuring an explicitly defined relationship exists. We describe how this approach can bring a number of benefits by: 1) ensuring that system operators are able to focus on just the operational aspects of the safety case that are relevant to them (hiding irrelevant and potentially confusing design details); 2) making sure that, at the same time, the crucial relationship between the operational safety case and the design-time risk argument is explicitly documented and maintained (helping operators to better understand the safety impact of their work); 3) allowing design-time safety engineers to specify, in the risk argument, safety claims relating to system operation.