System-Theoretic Process Analysis

System-Theoretic Process Analysis (STPA) is a hazard analysis technique developed at MIT, based on systems theory. Its core principle is that accidents are caused not just by component failures, but by flawed interactions among system components and unsafe control actions (UCAs). Unlike traditional bottom-up methods like FMEA, STPA is a top-down approach. It starts by defining system-level losses and hazards, then models the system's control structure to identify UCAs that could lead to those hazards. This makes it ideal for analyzing software-intensive, complex systems. In the automotive industry, STPA is instrumental for conducting the Hazard Analysis and Risk Assessment (HARA) required by ISO 26262 and the Threat Analysis and Risk Assessment (TARA) for ISO/SAE 21434, effectively identifying risks arising from software flaws, complex interactions, and cyber-attacks.

Enterprises apply STPA in four main steps. Step 1: Define the analysis purpose, including identifying unacceptable losses (e.g., injury) and system-level hazards. Step 2: Model the control structure, diagramming the command and feedback loops between controllers, controlled processes, and sensors. Step 3: Identify Unsafe Control Actions (UCAs) by analyzing how providing, not providing, or incorrectly timing a control action could lead to a hazard. Step 4: Identify Loss Scenarios, which are the causal factors leading to UCAs, such as software bugs or component failures. For example, an OEM developing an ADAS uses STPA to identify a UCA like "the emergency brake activates incorrectly on a highway." This analysis traces the cause to a flaw in the sensor fusion algorithm, leading to refined safety requirements compliant with ISO 26262. Implementing STPA can improve hazard identification completeness by over 20% compared to traditional methods.

Taiwanese enterprises face three key challenges with STPA. First, a steep learning curve and a shortage of experts with the necessary systems engineering background. Second, high initial investment in time and resources to build detailed control structure models, which can be a barrier for smaller suppliers. Third, difficulty integrating STPA's abstract findings into existing component-failure-oriented engineering toolchains. To overcome these, a phased approach is recommended. Start with a pilot project on a high-risk subsystem, supported by external consultants for training (6-month timeline). Next, invest in specialized STPA software to improve modeling efficiency. The long-term goal is to establish a process that links STPA outputs (UCAs) to system requirements and test cases, requiring cross-departmental collaboration and a 12-18 month integration plan.

Winners Consulting specializes in System-Theoretic Process Analysis for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact