Figure 5
The flow diagram is divided vertically into two main sections by a solid vertical line. The left section is titled “System engineering procedure” at the top, and the right section is titled “Safety analysis program”. System engineering procedure section: At the top left corner, a diamond-shaped symbol is shown. Adjacent to this arrow, a filled circular dot appears, labeled “Initial requirements”. Below the “Initial requirements” label, a rounded rectangular box is labeled “Requirement Definition and Analysis”. From the diamond and Initial requirements, a dashed arrow points downward to a box “Requirement Definition and Analysis”. To the right of “Requirement Definition and Analysis”, a rectangular blue box labeled “Data storage” contains the following stacked text: Requirement Diagram, B D D environment, System (operating mode), Use case diagram, and Sequence Diagram. A right-pointing arrow connects “Requirement Definition and Analysis” to this data storage box. Below “Requirement Definition and Analysis”, a dashed downward arrow leads to a rounded rectangular blue box labeled “Functional architecture definition”. To the right of this box, another rectangular “Data storage” box contains: Requirement Diagram, B D D (Layered Functionality), and Demand update. A right-pointing arrow connects “Functional architecture definition” to this data storage box. A dashed horizontal arrow from “Functional architecture definition” extends across the diagram, crossing the vertical divider into the safety analysis program section. Below “Functional architecture definition”, a dashed downward arrow leads to a rounded rectangular blue box labeled “Logical architecture definition”. To the right of this box, a rectangular blue “Data storage” box contains: The composition of B D D logic, I B D logical architecture, and Configuration. A right-pointing arrow connects “Logical architecture definition” to this data storage box. Another dashed horizontal arrow from “Logical architecture definition” extends across the diagram at this level, again extending into the safety analysis program section. Below “Logical architecture definition”, a dashed downward arrow leads to a rounded rectangular blue box labeled “Physical architecture definition”. No data storage box is shown to the right of this box. Dashed arrows from the diamond shape also point downward to “Functional architecture definition” and “Logical architecture definition”. Safety analysis program section (right side) On the right side of the vertical divider, three rounded rectangular green boxes are arranged vertically, forming the safety analysis workflow. At the top right, a rounded rectangular box is labeled “Functional risk assessment”. A dashed arrow extends upward from this box to the diamond shape in the system engineering procedure. To the right of “Functional risk assessment”, a rectangular box labeled “Data storage” contains: Function F M E A and Derived security requirements. A right-pointing arrow connects “Functional risk assessment” to this data storage box. Below “Functional risk assessment”, another rounded rectangular box is labeled “Establishment of Layer Risk Assessment”. To the right of this box, a rectangular blue “Data storage” box contains: Initial and Component F M E A. A right-pointing arrow connects “Establishment of Layer Risk Assessment” to this data storage box. Below this, a third rounded rectangular box is labeled “Fault Propagation and Reliability Assessment”. This box is connected upward and downward by arrows within the safety analysis flow. Below “Fault Propagation and Reliability Assessment”, a rectangular box labeled “Fault storage” contains the text: Fault tree. A downward arrow connects “Fault Propagation and Reliability Assessment” to this fault storage box. A dashed arrow downward arrow from “Establishment of Layer Risk Assessment” points to a diamond shape. The box “Fault Propagation and Reliability Assessment” connects upward to the diamond shape. A dashed line extends from this diamond shape, runs horizontally to the left, and turns vertically upward to the diamond shape in the system engineering procedure. AN arrow from “Initial Component F M E A” points to “Fault Propagation and Reliability Assessment”. Upward arrows labeled “System requirements” from Functional risk assessment“ and ”Establishment of Layer Risk Assessment“ point upward to a horizontal connector. From the connector, an arrow labeled ”Safety Ret“ points to ”Requirement Definition and Analysis“ in the system engineering procedure. An arrow from ”The composition of B B D logic“ in the system engineering procedure points to ”Fault Propagation and Reliability Assessment“ in safety analysis program.Integration process of SafeSysE. Source: Mhenni et al. (2016)