Safety cases

Individuals and organisations are expected to act responsibly to prevent harm to others, and to employees. The last half century has seen increasing legal provisions to ensure that organisations in particular are held accountable for such harm, and regulators have been appointed in appropriate industry sectors to ensure that the potential for harm is kept to an acceptably low level.

In most industry sectors where an organisation offers a service with safety implications (referred to in the book as Service Providers), legal frameworks require the production of a safety case, by the responsible project, to show that the service is/will be acceptably safe.

The fundamental purpose of a safety case is to demonstrate to the Service Provider and to other parties that the service or services provided by the Service Provider’s functional system are acceptably safe.

To be clear, due to the variation in definitions of a safety case, the book considers a safety case to consist of a safety argument (including its supporting evidence) only. The purpose of this safety argument is to demonstrate that the available evidence provides sufficient confidence that valid safety criteria have been defined according to the relevant acceptable risk criteria, and that the implementation planned by the project is predicted to satisfy those criteria. A safety case that fails to provide this argument is considered invalid, requiring additional work, and perhaps new material from additional project activities, in order to successfully make this argument.

Safety cases are primarily required to argue about the safety of the services delivered by a functional system in its operational context, which may require some adjustment of perspective for those working to supply products to organisations that operate systems and so provide services.

Safety cases may be prepared to address the safety of new services, changes to existing services, extant services, decommissioning, and any associated transitional activities. Additionally, suppliers sometimes produce speculative safety cases for the systems or services they offer, stating the assumed operational environment, use cases and risk acceptability criteria.

In some industries, the majority of the safety case addresses the prevention of local harm, with the safe delivery of the actual output produced playing a lesser part. Protection against local harm is itself a service, and are treated as such within the Safety Case Report format.

Sometimes generic safety cases may have to be produced for a product, rather than for the services provided using these products when deployed in a specific environment or application. The contents of the book may require customisation for such situations, but should still be informative and may suggest aspects not previously considered that Safety Case Reports for such situations should address.

The production of a valid safety case is outside the scope of the book, which assumes the existence of a valid safety case from which to generate an Safety Case Report.

The safety case naturally only addresses the safety of the proposed service. There are many aspects of a service (or product) that need to be evaluated to determine its acceptability, e.g. whether the service provided is financially viable or likely to meet customer’s requirements and expectations. Whilst the concept of a safety case can be extrapolated to address such issues, the cost of assuring them to the same extent required for safety would usually be considered unpalatable.