Class description

With the increasing complexity of systems today, new causes of accidents are being found that have their roots in the complex automation we’re building and human interactions with them. In this class, you will learn about the foundations of system safety as well as the latest generation of system and safety engineering based on systems theory and systems thinking. The approach, System Theoretic Process Analysis (STPA), is used widely across many industries including defense, aerospace, automotive, nuclear power, and other industries. The approach is designed to handle enormously complex systems and so-called “systems of systems.”

The class will be useful to any engineers, managers, or practitioners who have an interest in making safer systems. There are no prerequisites. The class is intended for those who are new to STPA.

The class will cover:

• Fundamental concepts and principles in system safety
• The Systems View of software and human interactions
• Modeling safety control structures in STPA
• Lessons learned across industries, common mistakes, and solutions
• The STPA process step-by-step
• Using STPA to avoid errors and flaws that lead to costly rework
• Identifying STPA Losses, Hazards, Unsafe Control Actions, and Loss Scenarios
• Anticipating and analyzing human error using STPA
• Using STPA to identify functional automation requirements (including missing requirements)
• Using STPA to produce automation that accounts for and reduces human error
• Designing safety into complex systems containing hardware, software, and human components

Logistics

The class will be held virtually across eight Zoom sessions in November. Each session is four hours long.

Levels of enrollment

Three levels of enrollment are offered at different price points.

1.      Live Instruction (~20 hours)

Participants can join 5 of the 8 virtual sessions that are focused on explaining each topic. Participants may not join 3 of the virtual sessions that are focused on live STPA exercises with instructor feedback and discussions. This option does not include the certificate assessment, so no certificate will be provided. If needed, a letter can be provided to confirm attendance.

 2.      Live Instruction with Exercises (~32 hours)

Participants can join all 8 virtual sessions, including the live STPA exercises. This option does not include the certificate assessment, so no certificate will be provided. If needed, a letter can be provided to confirm attendance.

 3.      Full class, project, and certification assessment (~40 hours)

Participants join all 8 virtual sessions and submit 4 individual STPA assignments during the course. The final assignment is used to determine if all the participant has correctly demonstrated all of the certification criteria. The certificate must be earned and is not guaranteed. The certificate is valid for 2 years.

Recording

Although this class will be held through live sessions, the intent is to record the sessions and use the videos to produce a self-paced course in the future. Participants will be asked to mute their audio during the class instruction and use the chat feature for questions and comments to enable a clean recording. Video and audio from participants won't be used in future classes. By enrolling, you consent to having the class recorded and the videos used for future classes.

Participant Requirements

All participants should have a camera and microphone. The intent is to enable a form of visual and social feedback similar to an in-person learning environment. Participants will be muted during the class instruction to enable a clean recording. Participants can unmute during breaks, at the end of a session, and during group exercises for informal discussions and questions.

Participants should block their calendar, silence their phones, and make arrangements to remove other interruptions during scheduled sessions in order to replicate an in-person learning environment to the extent possible. This is a lesson learned and a recommendation from previous participants who did not remove distractions and reported they struggled due to missed content that turned out to be critical. The learning objectives for this class cannot be achieved with interruptions and distractions, just as in a physical classroom.

It is helpful, but not required, for participants to have access to a tablet or similar device with a stylus for drawing diagrams in a collaborative environment during the group exercise sessions.

Reading Assignments

The class will follow the STPA Handbook, which is available from MIT as a free PDF download. Class participants will be expected to read Chapter 2 (40 pages) either before or during the class. Chapter 1 is also required for any participants with a background in traditional safety, and optional for others.

-         Read STPA Handbook Chapter 1 (13 pages)

-         Read STPA Handbook Chapter 2 (40 pages)

-         Optional: Read other chapters in STPA handbook as appropriate

Offline Activities

Those in the certificate track must submit four activities throughout the class. The activities involve applying a portion of STPA to a real system, and each one usually takes about 1-4 hours to complete. The later activities require more time to complete than the earlier activities.

Each activity will be reviewed, and individual instructor comments will be provided. The assignments are cumulative, so comments can be addressed in the next assignment submission. The final assignment is evaluated against the criteria for the STPA Practitioner Certificate. If all criteria are met, a certificate valid for two years is issued. Enrollment does not guarantee a certificate. In previous years, about 80% of those enrolled in the certificate option were able to earn their certificate.

Extensions

Each activity will have a due date. Extensions can be requested, but they must be approved in advance by the instructor. To request an extension, send a brief explanation to the instructor and propose the soonest practical due date for the extension. No extension will be granted without specifying the new deadline. The reason is to prevent past experiences where extensions were abused or misinterpreted as indefinite extensions. When there is no clear deadline, competing priorities tend to only accumulate week after week while the relevant lessons from class and the sense of urgency begin to fade.

Use of Class Materials

The instructional materials provided in this course, including but not limited to slides, videos, and written documents, are the exclusive property of the instructor and are protected under applicable copyright laws. Enrolled participants are granted a limited, non-transferable license to use these materials solely for personal educational purposes.

Distribution of these materials to individuals not enrolled in this course is strictly prohibited. Any commercial exploitation of the materials, including but not limited to selling, reproducing, or using the materials for promotional purposes of any kind, is expressly forbidden without the prior written consent of the instructor. Unauthorized use of these materials may result in civil and/or criminal penalties.