[[system theoretic process analysis]]

📚 node [[system theoretic process analysis]]

📓 garden/flancian/system theoretic process analysis.md by @flancian ️👁 ️📝

a [[technique]]
- for [[hazard analysis]]
- by [[nancy leveson]] and [[john thomas]]
- [[pull]] [[stpa handbook]] [[stpa workshop]]
- [[push]] [[stpa]]
  - i love how STPA defers key steps to a later stage so they can be done systemically, once partial but complete initial modeling has taken place.
  - it can be applied recursively. it could be argued that because STPA can be applied recursively the cost of abstraction is minimized or at least bound.
- 4 [[steps]]
  - 1. define the purpose of the analysis, including [[losses]], [[scope]], [[hazards]], [[constraints]] (optionally derived also from [[sub hazards]]).
  - 1. model the control structure
  - 1. identify unsafe control actions
  - 1. identify loss scenarios
- step one: [[define the purpose of the analysis]]
  - start with the [[losses]], which involve something of value to stakeholders
  - continue by defining the [[scope]] of the system
  - find [[hazards]], which are systemic states or conditions to be prevented, and which together with (worst-case) environmental conditions lead to [[losses]].
    - [[hazards]] + [[environmental conditions]] -> [[losses]]
  - find [[system level constraints]].
    - they can look like [[hazards]], inverted.
    - or define how the system must [[minimize losses]] in case the hazards occur.
  - optionally find [[sub hazards]], which might also help define further constraints
- step two: [[model the control structure]]
  - ⥅ [[Pasted image 20210718234132.png]]
  - a control structure is a system model that is composed of feedback control loops.
    - a good control structure will enforce the system level constraints.
  - control goes down, feedback goes up
    - vertical axis represents a hierarchy ([[heterarchy]]? perhaps in voting systems)
  - [[responsibilities]] can be assigned to each control structure entity; they are refinements of [[system level constraints]]
  - [[feedback]] can be derived from [[responsibilities]] (which information does the process model need to contain?)
- step three: [[identify unsafe control actions]]
  - an [[unsafe control action]] is one that, in a particular context, will lead to a [[hazard]].
  - it must include the actual (real) context in which the control action is unsafe, instead of controller beliefs; and it must be linked to a hazard.
  - define [[controller constraints]]: behaviours that need to be satisfied to prevent UCAs. they can usually be derived from negations of the UCAs.
- step four: [[identify loss scenarios]]
  - a [[loss scenario]] describes the [[causal factors]] that can lead to the [[unsafe control actions]] and to [[hazards]].
  - 4a: write scenarios which cause UCAs
  - 4b: write scenarios where control actions are ont followed

⥅ node [[stpa-handbook]] pulled by user

📓 garden/flancian/stpa handbook.md by @flancian

a [[book]].
- [[pull]] [[stpa]]
- [[go]] https://psas.scripts.mit.edu/home/get_file.php?name=STPA_handbook.pdf
  - [[annotate]] https://via.hypothes.is/https://stoa.anagora.org/ipfs/QmY8Xb7bt9ebbQjieoD28y3QMyPuguMQojFDrucegRREmB
    - [[pull]] [[hypothesis]]

[[Chapter 2]]

Good overall summary in the first page:

⥅ [[Pasted image 20210718144905.png]]

I wonder what the formalism is in this diagram. It is not an STPA diagram in the "main" sense as it doesn't model control loops explicitly, but is it part of the STPA framework?

⥅ [[Pasted image 20210718150828.png]]

First step: defining the purpose of the analysis.

⥅ [[Pasted image 20210718150742.png]]

[[Losses]]:

⥅ [[Pasted image 20210718150713.png]]

⥅ [[Pasted image 20210718155038.png]]

[[Stakes]] are [[values]]:

⥅ [[Pasted image 20210718151545.png]]

Definition of [[system]]:

⥅ [[Pasted image 20210718162616.png]]

[[hazards]] + [[environmental conditions]] = [[losses]]

⥅ [[Pasted image 20210718231941.png]]

The heart of STPA: the control loop.

⥅ [[Pasted image 20210718234343.png]]

Refining control structures:

⥅ [[Pasted image 20210719000525.png]]

⥅ [[Pasted image 20210719000516.png]]

⥅ [[Pasted image 20210719001721.png]]

⥅ [[Pasted image 20210719003446.png]]

⥅ [[Pasted image 20210719003520.png]]

On [[control]] proper:

⥅ [[Pasted image 20210719005502.png]]

tips to prevent common mistakes in a control structure:

⥅ [[Pasted image 20210719010243.png]]

Step three:

⥅ [[Pasted image 20210719010634.png]]

⥅ node [[stpa-workshop]] pulled by user

📓 garden/flancian/stpa workshop.md by @flancian

I'm taking part of an [[stpa]] workshop for 2w in [[july 2021]].

📖 stoas

public document at doc.anagora.org/system-theoretic-process-analysis
video call at meet.jit.si/system-theoretic-process-analysis

⥱ context

← back
stpa

↑ pushing here
(none)

↓ pulling this
stpa

→ forward
causal factors
constraints
controller constraints
define the purpose of the analysis
environmental conditions
feedback
hazard
hazard analysis
hazards
heterarchy
identify loss scenarios
identify unsafe control actions
john thomas
loss scenario
losses
minimize losses
model the control structure
nancy leveson
pasted image 20210718234132 png
pull
push
responsibilities
scope
steps
stpa
stpa handbook
stpa workshop
sub hazards
system level constraints
technique
unsafe control action
unsafe control actions

🔎 full text search for 'system theoretic process analysis'