1. Introduction
    1. System Requirements
    2. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. Email Configuration
    3. Web Module Setup
    4. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Assets
    5. Asset Categories
    6. Asset Attributes
    7. Threats
    8. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    9. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Risk Assessment Overview
      2. Adding Assets
      3. Adding Risks
      4. Evaluation Values
      5. Evaluating Risks
      6. Various Definitions
      7. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

10.2.Models and Diagrams

The STPA solution provides a modeling and diagramming tool provided by yWorks, the diagramming company. The Models and Diagrams section is shown in the STPA Project Overview panel as child to the STPA Project node.

The STPA Module differentiates between models, diagrams and analyses, allowing users to navigate between while performing the analysis.

The Control Structure (CS – formerly referred to as the Hierarchical Control Structure – HCS) represents an explicit model of the system under analysis. Commonly the CS is represented as a diagram, however, a single CS diagram does not represent the complete information of the model:

  • Descriptions accompanying the modelling elements are not shown on the CS diagram,
  • In certain cases, more than one diagram can be used to represent the system under analysis.

The STPA Module differentiates between the CS Model and the CS Diagram belonging to this model. The STPA Module also provides different ways of viewing the model information. The most common is certainly to view the CS as the diagrams. The STPA Module also allows users to view the information contained in the model in the form of listings.

Besides the CS model and CS diagrams the STPA Module creates the analysis featuring the Unsafe Control Actions and Loss Scenarios. Every analysis references one or multiple CS models.

In the above illustration the STPA project (called “my STPA Project”) contains two CS models labelled “Model 1” and “Model 2” and one analysis labelled “Analysis 1”. The analysis references the “Model 1,” which contains two diagrams, “Diagram 1a” and “Diagram 1b”. For “Model 2” only one diagram, “Diagram 2a”, is present with no analysis.

The differentiation between models, diagrams, and analyses is made to provide maximum flexibility to the analyst:

  • A project may contain multiple models and/or analyses
  • A model may be represented by multiple diagrams
  • An analysis may refer to one single model or multiple model
  • Multiple (separate) analyses may be performed for the same model

The STPA Project Overview panel in the STPA Module displays the structure of models, diagrams, and analyses as shown here:

 

To create a new Diagram right click a Diagram or the model name. Then either choose to add a new diagram or a new sub-diagram.

 

Control Structure Models are created and organized under the section in the STPA Project Overview. CS Models act as container for one or multiple CS Diagrams.

Throughout the STPA process, you may want to close various tabs only to reopen at a later time. Closing a tab in the STPA project is as simple as locating the X in the top-right corner (circled and highlighted below) and clicking to execute.

 

 

Suggest Edit