The safety requirements documented for each tier in [Q] shall be validated in order to check that they adequately capture the intent of the more abstract safety requirements defined at the previous tier.
This will require that it is checked that each of the higher level requirements can be satisfied if the safety requirements for this tier are correctly implemented. It is therefore important that the validation activities focus on the semantic equivalence of the safety requirements at different tiers.
Demonstrating that the intent of the safety requirements is captured requires more than simply stating that a relationship exists between safety requirements at different tiers. Some explanation and justification for the sufficiency of that relationship must be provided. Concepts such as “Rich Traceability” [12] could help in this regard.
Ensuring the intent of the safety requirements is maintained throughout decomposition may often be more challenging for AS than it is for traditional systems due to the sometimes large ”semantic gaps“ that can exist. The nature of these gaps and the challenges of addressing them for AS is discussed in more detail in [7].
The output from the safety requirements validation activity shall be documented in the safety requirement justification report ([R]).