ABSTRACT
Production and maintenance of a safety case is a common requirement in the railway domain nowadays, both within Europe, due to the regulatory framework enforcing the application of the EN 5012x standards, and outside the continent. Despite that, there are common misconceptions about what are the properties that a safety case should display to be successful in delivering its claim: more often than not, the safety case falls into “traps” that ultimately undermine the credibility of the message it conveys. Starting from the definition of what is the objective of a safety case, three key properties are derived concerning its structure, the validity of its arguments, and its incremental nature. The chapter further elaborates on these properties and on the associated shortcomings and traps that commonly affect safety cases, such as a bureaucratic length of the safety arguments. In order to provide for possible mitigations to these safety case failures, the chapter discusses guidelines defined by regulatory authorities of other domains and the application of the goal structure notation as visual mean to convey the safety arguments.
This chapter discusses what the safety case is, its objectives, and its key properties, addressing common shortcomings in the case preparation. The viewpoint the author has taken is based on a system perspective of the European Committee for Electrotechnical Standardization (CENELEC) approach 1 , nowadays also widely adopted outside Europe.
