Tiered Model-Based Safety Assessment.

Processes and techniques used for assessing the safety of a complex system are well-addressed by safety standards. These standards usually recommend to decompose the assessment process into different stages of analysis, so called tiered safety assessment. Each analysis stage should be performed by applying recommended assessment techniques. To provide confidence in the correctness of the whole analysis, some verification techniques, usually traceability checking, are applied between two stages. Even if the traceability provides some confidence in the correctness of the decomposition, the following problems remains How to model the system behaviours at each stage of safety assessment? How to efficiently use these stages during the design process? What is the formal relationship between these modelling stages? To tackle these problems, we propose a way to specify, formalize and implement the relations between assessment stages. The proposal and its pros & cons are illustrated on a Remotely Piloted Aircraft System (RPAS) use-case.