[B]
Operational Domain Model
[FF]
Key features of Environment Outside ODM
[JJ]
ODM Transition Model
[LL]
Stakeholder Risk Acceptance Definition
[PP]
Out of Context Operation Assurance Argument Pattern
22. Assess AS Operation Outside ODM
23. Assure the Recognition of ODM Boundary
24. Assure Transitions In and Out of ODM
25. Define and Validate a Minimum Risk Strategy for AS Outside ODM
26. Demonstrate Risk Strategy is Satisfied Outside ODM
27. Instantiate Out of Context Operation Assurance Argument Pattern
[GG]
Out of Context Analysis Report
[HH]
Interpretation of ODM Boundary
[II]
ODM Boundary Assessment Report
[KK]
Transition Assessment Report
[MM]
Outside ODM Minimum Risk Strategy
[NN]
Outside ODM Strategy Justification Report
[OO]
Outside ODM Verification Report
[QQ]
Out of Context Operational Assurance Argument
Navigation
Minimap of introduction diagram
Minimap of stage diagram
[B]
Operational Domain Model
[FF]
Key features of Environment Outside ODM
[JJ]
ODM Transition Model
[LL]
Stakeholder Risk Acceptance Definition
[PP]
Out of Context Operation Assurance Argument Pattern
22. Assess AS Operation Outside ODM
23. Assure the Recognition of ODM Boundary
24. Assure Transitions In and Out of ODM
25. Define and Validate a Minimum Risk Strategy for AS Outside ODM
26. Demonstrate Risk Strategy is Satisfied Outside ODM
27. Instantiate Out of Context Operation Assurance Argument Pattern
[GG]
Out of Context Analysis Report
[HH]
Interpretation of ODM Boundary
[II]
ODM Boundary Assessment Report
[KK]
Transition Assessment Report
[MM]
Outside ODM Minimum Risk Strategy
[NN]
Outside ODM Strategy Justification Report
[OO]
Outside ODM Verification Report
[QQ]
Out of Context Operational Assurance Argument

SACE outline

Assess AS operation outside ODM

In assessing the operation of an AS outside its ODM, it is important to understand the characteristics of the outside ODM environment relevant to the AS and its behaviours. Therefore this activity requires a description of the relevant key features that are anticipated in the environment outside of the ODM ([FF]). This is used to establish the scenarios that may arise due to excursions outside of the ODM.

Example 29 - Drone in severe weather conditions

A drone may be blown out to sea due to severe weather conditions and lose contact with its base station. It must be aware that it is now outside of its defined ODM, and that a landing on water may not be appropriate.

Those scenarios shall then be analysed to determine those which may be hazardous. There are a number of techniques that can be applied for this analysis such as Hazop [17], STAMP/STPA [28] or FRAM [13]. The analysis should involve personnel who understand the operating environments and can establish the most likely hazards for the AS if outside of the ODM. The identified hazardous scenarios due to excursions outside the ODM shall be documented in the Out of Context Analysis Report ([GG]) along with details of the analysis performed and any limitations on the analysis, e.g. assumptions regarding the environment outside the ODM.

Continue to: Artefact FF. Description of key features of environment outside ODM

Our site depends on cookies to provide our service to you. If you continue to use this site we will assume that you are happy with that. View our privacy policy.