Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry
Thesis (Ph. D.)--Massachusetts Institute of Technology, Engineering Systems Division, 2013. === This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === Cataloged from student-submitted PDF version of thesi...
Main Author: | |
---|---|
Other Authors: | |
Format: | Others |
Language: | English |
Published: |
Massachusetts Institute of Technology
2013
|
Subjects: | |
Online Access: | http://hdl.handle.net/1721.1/79424 |
id |
ndltd-MIT-oai-dspace.mit.edu-1721.1-79424 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-MIT-oai-dspace.mit.edu-1721.1-794242019-05-02T16:17:42Z Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry Antoine, Blandine Nancy Leveson, Olivier de Weck, Joseph Sussman and Christian Hilbes. Massachusetts Institute of Technology. Engineering Systems Division. Massachusetts Institute of Technology. Engineering Systems Division. Engineering Systems Division. Thesis (Ph. D.)--Massachusetts Institute of Technology, Engineering Systems Division, 2013. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references. Traditional methods to identify and document hazards, and the corresponding safety constraints, are lacking in their ability to account for human, software and sub-system interactions in highly technical systems. STAMP, a systems-theoretic accident causality model, was created to overcome these limitations. The application of STAMP hazard analysis method STPA to five sub-systems of the Paul Scherrer Institute's experimental PROSCAN proton therapy system demonstrated how STPA can augment design and risk review of existing complex systems. Two of the five human controllers active in treatment delivery, two of the four process attributes controlled by the PROSCAN facility, and one of the four control loops that control the beam to target alignment attribute were analyzed. In doing so, the following contributions were made: - Analyzed the regulations currently in place in the US and Europe for the marketing of external beam radiotherapy devices and, more generally, medical devices that do not contain radioactive materials, concluding that STPA would be acceptable in both regulatory systems; - Provided experience in applying STPA to a complex device. Information on efficacy was derived by comparing STPA results with an existing safety assessment but a more formal counterpart is needed for stronger evidence. Information on learnability and usability was obtained when an informal workshop showed that system designers, in the course of one day, could be taught to use STPA to push their thinking about yet to be designed system elements; - Demonstrated the applicability of STPA to an experimental radiotherapy facility and, through this feasibility check, potentially influenced the state of the art in hazard analysis of medical devices and health care delivery; - Advanced the STPA methodology by creating notations and a process to document, query and visualize the possibly large number of hazardous scenarios identified by STPA analyses, with the goal of facilitating their review and use by their intended audience; Showed how STPA is complementary to more traditional hazard analysis techniques such as fault and event trees. Their respective strengths can be summoned when STPA is used to identify areas on which to focus the investigation lens of traditional hazard analysis techniques. Keywords: STAMP, STPA, hazard analysis, risk analysis, risk management, proton therapy, medical devices, safety, certification by Blandine Antoine. Ph.D. 2013-07-09T19:30:13Z 2013-07-09T19:30:13Z 2013 2013 Thesis http://hdl.handle.net/1721.1/79424 849655099 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 260 p. application/pdf Massachusetts Institute of Technology |
collection |
NDLTD |
language |
English |
format |
Others
|
sources |
NDLTD |
topic |
Engineering Systems Division. |
spellingShingle |
Engineering Systems Division. Antoine, Blandine Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry |
description |
Thesis (Ph. D.)--Massachusetts Institute of Technology, Engineering Systems Division, 2013. === This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === Cataloged from student-submitted PDF version of thesis. === Includes bibliographical references. === Traditional methods to identify and document hazards, and the corresponding safety constraints, are lacking in their ability to account for human, software and sub-system interactions in highly technical systems. STAMP, a systems-theoretic accident causality model, was created to overcome these limitations. The application of STAMP hazard analysis method STPA to five sub-systems of the Paul Scherrer Institute's experimental PROSCAN proton therapy system demonstrated how STPA can augment design and risk review of existing complex systems. Two of the five human controllers active in treatment delivery, two of the four process attributes controlled by the PROSCAN facility, and one of the four control loops that control the beam to target alignment attribute were analyzed. In doing so, the following contributions were made: - Analyzed the regulations currently in place in the US and Europe for the marketing of external beam radiotherapy devices and, more generally, medical devices that do not contain radioactive materials, concluding that STPA would be acceptable in both regulatory systems; - Provided experience in applying STPA to a complex device. Information on efficacy was derived by comparing STPA results with an existing safety assessment but a more formal counterpart is needed for stronger evidence. Information on learnability and usability was obtained when an informal workshop showed that system designers, in the course of one day, could be taught to use STPA to push their thinking about yet to be designed system elements; - Demonstrated the applicability of STPA to an experimental radiotherapy facility and, through this feasibility check, potentially influenced the state of the art in hazard analysis of medical devices and health care delivery; - Advanced the STPA methodology by creating notations and a process to document, query and visualize the possibly large number of hazardous scenarios identified by STPA analyses, with the goal of facilitating their review and use by their intended audience; Showed how STPA is complementary to more traditional hazard analysis techniques such as fault and event trees. Their respective strengths can be summoned when STPA is used to identify areas on which to focus the investigation lens of traditional hazard analysis techniques. Keywords: STAMP, STPA, hazard analysis, risk analysis, risk management, proton therapy, medical devices, safety, certification === by Blandine Antoine. === Ph.D. |
author2 |
Nancy Leveson, Olivier de Weck, Joseph Sussman and Christian Hilbes. |
author_facet |
Nancy Leveson, Olivier de Weck, Joseph Sussman and Christian Hilbes. Antoine, Blandine |
author |
Antoine, Blandine |
author_sort |
Antoine, Blandine |
title |
Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry |
title_short |
Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry |
title_full |
Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry |
title_fullStr |
Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry |
title_full_unstemmed |
Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems : an example from the medical device industry |
title_sort |
systems theoretic hazard analysis (stpa) applied to the risk review of complex systems : an example from the medical device industry |
publisher |
Massachusetts Institute of Technology |
publishDate |
2013 |
url |
http://hdl.handle.net/1721.1/79424 |
work_keys_str_mv |
AT antoineblandine systemstheoretichazardanalysisstpaappliedtotheriskreviewofcomplexsystemsanexamplefromthemedicaldeviceindustry |
_version_ |
1719038091952390144 |