Research and application of the BFM-STAMP hazard analysis method

The traditional hazard analysis approaches applied to the socio-technical systems can not cover the complex organization structures, the interactions between systems and human behaviors, the interrelated factors among sub-systems and safety culture of specific societies. This paper presents the STAMP hazard analysis methodology based on formalization model (BFM-STAMP), which can solve the above issues. The hierarchical control models and the process models of the socio-technical system are built with Colored Petri Nets (CPN) due to its strong structural character and executable ability. The hazard identification (HAZID) is carried out by following the guided principles and the obtained hazard log consisting of a range of hazard control actions. Finally, this method is applied in the CTCS-3 Train Control System, and the process of HAZID is elaborated with the scenario of Temporary Speed Restriction (TSR) issued. Compared with the hazard log generated by HAZOP, the hazard log generated by BFM-STAMP covers not only all the subsystem failures, but also the deviation of interactions among subsystems from design intent, human errors and socio-technical drawbacks related to the CTCS-3 Train Control System, which is of great importance to the safety of this system.