Multi-view safety cases

Due to high levels of complexity in the design and operation of safety-critical systems, the size and complexity of safety-cases continues to grow. This presents considerable challenges to the development, review and maintenance of safety cases. The independent review into the Nimrod crash in 2006 pointed out the dangers of poor practices in safety cases. It noted that the UK Health and Safety Executive (HSE) has also found a number of problems with safety case practices in its role as regulator. In the past, the area of software architecture has been plundered to provide techniques that aid safety case construction and presentation. This paper argues that this can continue to bear fruit, and demonstrates how the principles of multi-view architecture can be used to produce multi-view safety cases. Multi-view safety cases have the potential to filter information of interest to stakeholders, thus reducing complexity and increasing comprehension of the safety argument. Modifiability and extensibility could be improved, as changes to the safety case can be reviewed more easily through relevant stakeholders´ views.