Safety cases & safety assessments

When a system (e.g. an aircraft) is delivered and in its pristine condition, it has an initial level of safety often justified by the designer´s “System Safety Assessment”, which is often archived after certification. However, safety is not self-sustaining [SAE ARP 5150] - it depends on numerous factors, including the original design; manufacturing; operating crew and maintenance actions; operational and environmental effects; quality of spare parts; modifications; configuration control; etc. Once released into service, the system is continually evolving and changing and should do so under the control of the operator´s live “Safety Case”. Within the aviation context Duane Kritzinger explores the relationship between the Safety Assessment and the Safety Case.