Safety arguments addressing localised harm

The format assumes that the safety case addresses all harms potentially arising from the functional system. This, of course, includes harms associated with the intended services (that the functional system is operated to provide), but also includes the potential for the functional system itself to cause harm to those in its environment (e.g. the public) or who participate as part of the functional system (e.g. operators). 

The functional system may provide protections for those in its environment, and the book considers these protections to be services, to be treated in the same way as the intended services. For example, there would be safety criteria derived and shown to be satisfied in the same way as those derived for the intended services, although protection services may be subject to different risk acceptance principles, and could even be approved separately to the intended services.

When functional systems include highly-independent subsystems to provide protection against local harm (e.g. a safety protection system in a process plant, or an emergency response service), separate safety cases are sometimes prepared that treat these protection subsystems as stand-alone functional systems.