Template:— safety_argument (sfty_arg)
Context:— UK_Defence		 Date: 2010/03/15 15:10:55
Revision: 1.5
CoverContentsDescriptionBus. perspectiveBus. obj.Model diags.Input params.Ref. params.Instantiation pathInstance diags.CharacterizationsIssuesin situ

This section specifies the template safety_argument.

NOTE  The template has been defined in the context of UK_Defence. Refer to the business context for details of related templates.

NOTE  An explanation of a template and the associated instantiation path is provided in the Template overview section.

Description

This template describes how to represent the concept of an safety argument in terms of PLCS model elements (templates, entities and reference data).

Business perspective

A safety argument identifies how a safety claim is supported by a risk mitigation and other evidence and assumptions.

Business object definition

This information object represents the definition of an argument that the related risk mitigation supports the related safety claim.



Figure 1 —  A MOOD Business Architect representation of the Business Object: Safety_argument

Figure 1 —  A MOOD Business Architect representation of the Business Object: Safety_argument

The attributes of the Safety argument object are tabled below.

Attribute name

Attribute description

Attribute type

Optionality
Assumptions This is the reference to the list of assumptions that have been made in developing the safety argument. Assumption Optional [0:?]
Category This is the category of the safety argument.

EXAMPLE    probabalistic, deterministic, qualitative.

intrinsic Mandatory
Developed by This is the reference to the person who has developed the safety argument. Person Mandatory
Evidence This is a reference to the evidence to support the safety argument. Document Mandatory [1:?]
ID This is the identifier of the safety argument. Identifier Mandatory
Judgement This is the judgement that has been reached by the person responsible for development of the safety argument. intrinsic Mandatory
Related risk mitigation This is the reference to the related risk mitigation that supports the related safety case. Risk mitigation Mandatory
Related safety claim This is the reference to the safety claim for which this argument has been developed. Safety claim Mandatory

Table 1 — Safety argument attribute details

NOTE    This template is dependent on entities in the ISO10303-239 Edition 2 schema.

Model diagrams
The EXPRESS-G diagram in Figure 2 shows the templates and EXPRESS entities that are required to represent the template "safety_argument". The text highlighted in blue shows the template parameters.


Figure 2 —  An EXPRESS-G representation of the Information model for safety_argument

Figure 2 —  An EXPRESS-G representation of the Information model for safety_argument

The graphic for the template to be used in other EXPRESS-G diagrams is shown in Figure  3 below.


Figure 3 —  The graphical representation of the safety_argument template

Figure 3 —  The graphical representation of the safety_argument template

Input parameters
The following input parameters are defined for this template:
Assumptions (Type= 'ENTITY (Document)' , Optional)
This is the reference to the list of assumptions that have been made in developing the safety argument.
Category (Type='CLASS')
This is the category of the safety argument.
The following classes and their sub-classes can be used:
classifications: [Probabalistic]
[warning:]Error RDL4: The URI urn:plcs:rdl:uk_defence is not listed in dexlib/data/refdata/rdl_index.xml
[Deterministic]
[warning:]Error RDL4: The URI urn:plcs:rdl:uk_defence is not listed in dexlib/data/refdata/rdl_index.xml
[Qualitative]
[warning:]Error RDL4: The URI urn:plcs:rdl:uk_defence is not listed in dexlib/data/refdata/rdl_index.xml
Developed_by (Type= 'ENTITY (Person)' )
This is the reference to the person who has developed the safety argument.
Evidence (Type= 'ENTITY (Document)' )
This is a reference to the evidence to support the safety argument.
ID (Type='STRING')
This is the identifier of the safety argument.
ID_source_organization (Default=UK_Defence,Type='STRING')
The organization that created the associated identifier. Additionally a Person or Information System could be defined when either of these are the source; see Identifier template characterizations
Judgement (Type='STRING')
This is the judgement that has been reached by the person responsible for development of the safety argument.
Related_risk_mitigation (Type= 'ENTITY (
[warning:]Error ER1: The entity Risk_perception does not exist
Risk_perception)'
[warning:]Error EXP-1: The EXPRESS entity Risk_perception
does not exist in data/schemas/ap239_arm_lf.xml.
)
This is the reference to the related risk mitigation that supports the related safety case.
Related_safety_claim (Type= 'ENTITY (Document)' )
This is the reference to the safety claim for which this argument has been developed.
Reference parameters
The following reference parameters are defined for this template:
doc_asg(Type='ENTITY (Document_assignment)')
Allow the Document_assignment entity instantiated in this path to be referenced when this template is used.
Note: The Document_assignment entity can be referenced in a template path by:
%^target = $safety_argument.doc_asg%
where target is the parameter to which the Document_assignment is bound.
Uniqueness constraints

The following parameter combinations specify a uniqueness constraint:
Unique constraint: safety_argument
Each instance of the entity (Document_assignment) within the data set shall be uniquely identified by a combination of the following parameters on this template (safety_argument) namely: ID, Related_risk_mitigation, Related_safety_claim.
The instance is referenced by the following template parameter: doc_asg.
Instantiation path
The instantiation path shown below specifies the entities that are to be instantiated by the template.
A description of templates and the syntax for the instantiation path is provided in the Templates Help/Information section.
-- Document_assignment
/assigning_document(
    assigned_document=@Related_safety_claim,
    is_assigned_to=@Related_risk_mitigation,
    doc_ass_role='Safety_argument',
    doc_ar_ecl_id='urn:plcs:rdl:uk_defence')/
%^doc_asg = $assigning_document.doc_asg%

-- ID
/identifier(
    ID=@ID,
    source_organization=@ID_source_organization,
    type='ID',
    items=^doc_asg)/

-- Evidence
Document_assignment
Document_assignment.role = '/IGNORE'
Document_assignment.assigned_document -> @Evidence
Document_assignment.is_assigned_to -> ^doc_asg
%^ev = Document_assignment%
/assigning_reference_data(
    class_name='Evidence',
    ecl_id='urn:plcs:rdl:uk_defence',
    items=^ev)/

-- Category
/assigning_reference_data(
    class_name=@Category,
    ecl_id='urn:plcs:rdl:uk_defence',
    items=^doc_asg)/

-- Judgement
/assigning_descriptor(
    descr=@Judgement,
    class_name='Judgement',
    ecl_id='urn:plcs:rdl:uk_defence',
    is_assigned_to=^doc_asg)/

-- Create relationship to Developed_by
Organization_or_person_in_organization_assignment
Organization_or_person_in_organization_assignment.items -> ^doc_asg
Organization_or_person_in_organization_assignment.assigned_entity -> @Developed_by
Organization_or_person_in_organization_assignment.role = '/IGNORE'
%^dev_by = Organization_or_person_in_organization_assignment%
/assigning_reference_data(
    class_name='Developed_by',
    ecl_id='urn:plcs:rdl:uk_defence',
    items=^dev_by)/

-- [optional Assumptions]
Document_assignment
Document_assignment.role = '/IGNORE'
Document_assignment.assigned_document -> @Assumptions
Document_assignment.is_assigned_to -> ^doc_asg
%^ass = Document_assignment%
/assigning_reference_data(
    class_name='Assumptions',
    ecl_id='urn:plcs:rdl:uk_defence',
    items=^ass)/
The following entities are instantiated with attributes as specified:
Entity in path Value Inherited from
Document_assignment.role '/IGNORE'
Organization_or_person_in_organization_assignment.role '/IGNORE'
Document_assignment.role '/IGNORE'
Instance diagrams
The instance diagram in Figure  4 shows an example of the EXPRESS entities and templates that are instantiated by the template:
/safety_argument(Category='Deterministic', Developed_by='#p', Evidence='#e', ID='SA-001', ID_source_organization='UK_Defence', Judgement='Acceptable', Related_risk_mitigation='#rrm', Related_safety_case='#rsc')/
(an illustration of the consolidated safety_argument template is shown in Figure 5 below.)


Figure 4 —  Entities instantiated by safety_argument template

Figure 4 —  Entities instantiated by safety_argument template

The instance diagram in Figure 5 shows the graphic symbol for the template that is to be used in other instance diagrams. The example template is:
/safety_argument(Category='Deterministic', Developed_by='#p', Evidence='#e', ID='SA-001', ID_source_organization='UK_Defence', Judgement='Acceptable', Related_risk_mitigation='#rrm', Related_safety_case='#rsc')/


Figure 5 —  Instantiation of safety_argument template

Figure 5 —  Instantiation of safety_argument template

Characterizations
No common characterizations of the template safety_argument have been identified. However, the ISO 10303-239 EXPRESS model may enable other assignments to the entities instantiated by the template.

© UK MOD 2010 — All rights reserved