Safety Specification of the Active Traffic Management Control System for English Motorways

This paper describes the process by which the safety requirements for a future motorway control system were derived. Although the problem domain was found to be amenable to standard analysis techniques, it was necessary to adapt the techniques used to allow for domain specific factors and behaviours, for example, the indirect nature of the causal link between a failure within the system boundary and the subsequent occurrence of an accident on the road. The process was based on domain-specific hazard classifications, a Hazard and Operability (HAZOP) study, Fault Tree Analysis (FTA), and other tools and techniques adapted to support their use within the road transport domain. The objective of the paper is to critically review the utility of the tools and techniques used during these specification activities, and provide guidance for their future use.