SHIP: Technical Approach

The state of the art reviews confirmed that it was difficult to assess the impact of plant design faults on safety and reliability in a quantitative manner. The review also showed that there were a number of design and assessment methods in the software field which were potentially applicable to plant as a whole. Some potentially applicable techniques from the computing field which could be investigated in SHIP were:

• Software-derived reliability growth modelling techniques applied to the plant as a whole. This addresses the impact of design faults
• The theory underlying common cause failure in software which should be equally applicable to design faults in plant
• Strategies for detecting and mitigating design-related failures
• Formal methods, to support deterministic safety arguments, and to provide additional rigour to current plant safety analysis techniques

Such methods have to be integrated with evidence from more conventional sources in order to make an overall safety assessment. The SHIP project decided to base its safety assessment methodology on the well-established "safety case" approach which is standard practice in a number of industries (e.g. nuclear and oil and gas). The SHIP project has developed this safety case approach through a combination of theoretical and practical studies. The theoretical studies have covered:

• the basic structure and arguments made in a safety case
• the methods for representing arguments and combining evidence
• the application of software analysis techniques at the plant level

In the practical studies, we have examined:

• the application of the safety case approach to specific safety cases
• the application of specific reliability analysis methods to field data

We have also considered the potential impact of our research work on current industrial practice and standards.