1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating the Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Evaluation Templates
    3. Risk Owner Web Solution
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Maturity and Effectiveness Assessment
    1. Control Assessment Templates
    2. Reporting
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
        1. Models Progress Check
      2. How to: Create CS Diagram
        1. Diagram Elements
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
        1. UCA Progress Check
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

10.3.6.How to: Identify UCAs

 

Identifying UCAs is a key component of the analysis and often requires a lot of time invested to ensure a thorough analysis. To identify the unsafe control actions you will need to review each control action from the diagram. The RM Studio STPA module populates all of the control actions from the control structure model. The UCA Categories (Keywords) used to analyze a control action should be determined prior to beginning the UCA analysis.

From the STPA Project tree you need to double click the UCA node to open, but when you open for the first time the UCA analysis will look blank.

Keywords add new

How to: Setup the UCA Keywords

  1. Open the Keywords from the STPA Project tree.
  2. Click the New item add icon to add a new Keyword or click the to add default Keywords.
    Keywords_default_drop_down
  3. Select a Keyword from the drop down, then click .
  4. Click the Add All Default Keywords button to use all in the UCA analysis and click OK button icon to complete the action.
    Keywords_add_all_default
  5. After selecting default Keywords you should notice the Description text template after each keyword. This text is editable in the Keyword Details pane. The default format (Template; see-below) to auto-populate the UCA once identified. If you have your own UCA Categories (Keywords), then you have the Description field below for you to make your own UCA template.

<Controller> does not provide <ControlAction> when …

UCA Keywords default deployed

How to: Identify Unsafe Control Actions

Here is another example from the STPA Handbook (March 2018) regarding UCA identification:

Identify UCA from STPA handbook

The RM Studio – STPA module has many built in automation in order to ensure quality and completeness of the STPA. In the UCAs identification step the tool will populate the list of Control Actions from the Control Structure model. If you perform the Progress Check for the diagram, then the check ensures all control action connectors have been identified and therefore all CAs are in the list for the UCAs analysis.

  1. The Control Actions are displayed here in the order they were created on the CS model (notice second image of Control Structure with the CAs highlighted).
  2. When the mouse pointer hovers over a CA, the Source and Target are displayed for 5 seconds. This should help the analyst in understanding where the CA is located on the CS model.
  3. The Keywords chosen for this UCA are populated and ready for the safe/unsafe analysis.
  4. Unsafe means that there will be Hazards when the situation described by the Keyword occurs. Click the New item add icon to add a new UCA. Click the Delete icon to delete the UCA (more in depth instructions following the images).
  5. If you create a UCA, a check mark will appear in the box for Assessed indicating that the Keyword has been assessed. If you don’t create a UCA, you can check the box for Assessed to indicate the CA is safe. Safe means that the extraordinary situation described by the Keyword will not cause any Hazards even if it does occur.
  6. Use the N/A to express the Keyword is not applicable. N/A means that the Keyword is not applicable to the Control Action where the situation described by the Keyword will never occur.

UCA analysis with control action list

Control Structure diagram

The “Clear Assessments” button is used to reset the state of a Keyword Assessment. Clicking the Clear Assessments button will delete everything that has been added, such as the Justification of why it is N/A or Safe, and all the UCAs if it is Unsafe.

If you make any changes to the CS model by adding or subtracting CAs, then you will use the refresh icon to update the UCA analysis.

How to: Capture UCA’s

The term “unsafe” refers to the hazards identified through STPA. Hazards can include issues related to loss of human life or injury (traditional safety) but they can also be defined much more broadly to include other losses like a mission loss, loss of performance, environmental losses, etc.

  1. If a Control Action is identified as unsafe, use the New item add icon to create a UCA line and justification field for the UCA.
    Creating new UCA
  2. After clicking the new UCA button the text field auto-populates with the Keyword template set in the Keywords prep.
    <Controller> does not provide <ControlAction> when …
  3. The Justification field is used to describe why the Keyword is identified as Safe for the Control Action. The Assessed check box informs users that the Keyword has been assessed and deemed as a safe control action type.
  4. The Justification field is also used to describe why the Keyword is identified as N/A (not applicable) in this situation.
    New UCA test and justification
  5. The lowest pane has the field for editing the UCA text from the auto-populated template format.
  6. If declaring any assumptions, interpretations, or descriptions regarding the UCA.
  7. UCAs should be linked to at least one System Level Hazard using the selection list on the right-hand side of the UCA Detail Panel. This defines what icon for hazards System Level Hazards may occur if the situation described by the Keyword occurs during its Control Action. UCAs can also be linked to Constraints icon Constraints that may be derived as a countermeasure to the occurrence of the situation described by the Keyword.
    New UCA text and link to hazards or constraints
  8. The clipboard features such as copy, cut, and paste, are enabled between all the separate UCA lists for the Keywords. This allows duplicating UCAs under the same Keyword, or copying UCAs from one Keyword to another. This is done using the common keyboard shortcuts Ctrl+C, Ctrl+X, and Ctrl+V, or via the Context Menu for the lists.

How to: Check the Progress of Identifying UCAs

*Still in development at this time.

Suggest Edit