Navigation
Minimap of introduction diagram
Minimap of stage diagram

SACE outline

SOC argument pattern

The argument pattern relating to this stage is shown in Figure 16 and key elements from the pattern are described in the following sections.

Figure 16: [N] : Argument Pattern for SOC Assurance

The top claim in this argument pattern is that the SOC that has been specified defines a sufficient mitigation for all of the hazardous scenarios identified at Stage 3 and provided as context to the argument. This is demonstrated through considering each of the identified hazardous scenarios in turn and providing a claim (G3.2) about the sufficiency of the SOC in mitigating each hazardous scenario.

For each of the identified hazardous scenarios, it must be demonstrated that if the SOC is met by the system during operation, the risk associated with that hazardous scenario is sufficiently mitigated. A claim of this nature must be supported for each hazardous scenario. The strategy to demonstrate this is to consider the aspects of the SOC that are relevant to the hazardous scenario under consideration. This will include the relevant safety requirements, and may also include any relevant ROD specifications.

This claim considers the sufficiency of the defined safety requirements in providing mitigation for the hazardous scenario. The SOC justification report ([M]) should demonstrate that this is the case. It is therefore important that the SOC justification report is systematic in its consideration of each identified hazardous scenario and provides explicit justification for each.

Where it has been identified that additional constraints are required as part of the mitigation for the hazardous scenario, it must be demonstrated that those constraints are sufficient (since additional constraints may not always be required as part of the SOC, G3.4 is an optional element of the argument). This is indicated in GSN by the use of an open circle in the argument structure. As discussed in the guidance, the constraints may take the form of RODs, and/or reductions in autonomous capability. In each case, a claim must be made (G3.5 and G3.6 respectively) that justifies the nature of those constraints with respect to the hazardous scenario under consideration. The SOC justification report ([M]) is used as evidence to support these claims.

Continue to: Stage 4. AS safety requirements assurance

Our site depends on cookies to provide our service to you. If you continue to use this site we will assume that you are happy with that. View our privacy policy.