STPA stands for Systems-Theoretic Process Analysis. It is a structured approach to hazard analysis that focuses on understanding the complex interactions within a system that can lead to accidents, rather than just the failure of individual components. STPA is based on the premise that safety is an emergent property of the system as a whole and cannot be fully understood by looking at parts in isolation.
STPA is part of a broader framework known as STAMP (Systems-Theoretic Accident Model and Processes), which was developed by prof. Leveson at MIT. STAMP is a new way of thinking about safety that considers the relationships between the components of a system, including software, human decision-making, and organizational factors.
STPA (Systems-Theoretic Process Analysis) can help you understand how safety works in your organization or in terms of your product/service. It is a technique to predict how and why accidents could happen and by this support adoption of appropriate prevention.
The technique can be applied within safety management systems, safety studies or during systems development in any high-risk industry. It provides you with detailed scenarios and requirements that ensure safety is designed in your organization or system rather than assured by external protections, redundancy or overdesign that typically come at higher costs and with limited effectiveness.
The commonly used methods of hazard analysis, such as Failure Mode and Effects Analysis (FMEA), Fault Tree Analysis (FTA), and Hazard and Operability Study (HAZOP), including newer approaches based for example on Reason’s (Swiss cheese) model have several known disadvantages. Most notably they focus on errors and failures, limiting their scope to certain issues. They heavily rely on expert knowledge about the analyzed system/product, providing limited guidance on how to perform the analysis. For complex systems, they can easily become resource-intensive and impractical to capture all the cause-effect relationships.
The benefits of using STPA (Systems-Theoretic Process Analysis) for hazard analysis include a systems-focused approach, where analysts can consider the entire system as a whole at any point. The method is capable of identifying more hazards than the currently used approaches and it is suitable for all applications, including those at early design stages and for cases where no historical data exist. It can be applied in any industry and simultaneously for safety as well as other system-level properties, such as security, reliability, resilience or quality. STPA may be used with other model-based approaches such as model-based systems engineering (MBSE) or business process modeling (BPM). It is generally more efficient and effective than the current approaches to hazard identification.
Systems-Theoretic Process Analysis (STPA) has been successfully applied across various industries, demonstrating its versatility and effectiveness in identifying and mitigating hazards in complex systems. Some notable examples of STPA applications in different sectors include aerospace, automotive, nuclear and chemical industry, maritime, railway. You can find example presentations or published papers of successful STPA applications both by academia and various industries.
Implementing Systems-Theoretic Process Analysis (STPA) presents some challenges that organizations and practitioners may encounter. These challenges stem from the nature of STPA as a comprehensive, systems-focused approach to hazard analysis, which requires a deep understanding of the system under analysis.
Most notably, STPA represents a shift from traditional hazard analysis techniques, requiring practitioners to learn and adopt a new mindset that focuses on systems theory and control structures, which may not be for everyone. Training and supervised practice is a must.
Next, STPA requires analysts to obtain a deep understanding of the analyzed system that may be limited by incomplete or conflicting descriptions. This process often requires iterative discussions with stakeholders, engineers, and system users and typically takes about 50% of the time to complete the analysis.
STPA may generate large amounts of data, including numerous loss scenarios and unsafe control actions. Managing this data and ensuring consistency and traceability throughout the analysis process can be challenging, especially with the current lack of suitable software tools.
Organizations need to understand how to effectively integrate STPA with their existing safety and risk management frameworks, which may require adjustments. STPA is not a replacement of the currently used processes but rather their extension.
Automating the Systems-Theoretic Process Analysis (STPA) can be challenging due to the complexity and depth of the analysis required. However, there are efforts and tools under development aimed at supporting the automation of STPA.
Several tools aim to support STPA, CAST, and other STAMP-based methods. Some of these are open-source and free, and they offer features such as model-based support, control structure diagram generation, and integration with model-based system engineering. Examples of these tools include STPA Viewpoint for Capella, STPAmaster, Depict, XSTAMPP, RM Studio, SAHRA, STAMP Workbench, VisualPro SA, and CAIRIS. Note that for learning and testing the STPA, free tools such as STPAmaster Lite, will likely suffice. Many organizations start STPA implementation with common spreadsheet editors (such as Microsoft Excel or Google Documents), in combination with free diagramming tools, such as yEd graph editor or draw.io, that offer them the necessary flexibility to learn and perform the analysis.
