Proving the design in the safety case

It is becoming increasingly common to require a safety case to be provided for a safety-critical system prior to its deployment. This paper discusses some work under way to provide an effective way of structuring the safety case, and relating the emerging design to the safety analysis. It proposes a new way of organising and structuring development and assessment processes to encourage the stronger integration of design and analysis. Part of the aim is to facilitate change management. A ´top down´ development model is assumed, and the need for investigating different designs, including assessing different design strategies for their safety properties, is recognised. The key concepts of goal structures constituting the basis of the process model are reviewed.