Hugging Face's logo

Spaces:
andreyunic23
/
beds_pipeline_beds
Sleeping

App Files Community
beds_pipeline_beds
File size: 74,076 Bytes 
76d9a63
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
 
,req,label,v6,Unnamed: 3,v5.2,dominio,ano,titulo,link,slide,obs,obs v6
20,"When two aircraft are on a collision course, TCAS must always provide an RA to avoid the collision.",constraint,mitigate,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,,
21,TCAS must not provide RAs that degrade vertical separation.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,,
22,TCAS must always provide an RA in time to prevent an NMAC.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,,
23,The pilot must always follow the RA provided by TCAS.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,,
24,The system must not disrupt the pilot and ATC operations during critical phases of flight nor disrupt aircraft operation.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,43,,
25,The pilot of a TCAS-equipped aircraft must have the option to switch to the Traffic-Advisory mode where traffic advisories are displayed but display of resolution advisories is prohibited.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,43,,
29,Doors must not be opened until train is stopped and aligned with platform.,constraint,prevent,,constraint1,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,,
30,Doors must not be closed if someone is in the doorway.,constraint,prevent,,constraint1,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,,
31,"If a person is detected in doorway during door closing, door closing must be stopped and reversed.",constraint,mitigate,,constraint2,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,,
32,Train must not move with doors open.,constraint,prevent,,constraint1,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,,
38,The flight crew must not execute the ITP when it has not been approved by ATC.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
39,The flight crew must not execute an ITP when the ITP criteria are not satisfied.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
40,"The flight crew must execute the ITP with correct climb rate, flight levels, Mach number, and other associated performance criteria.",constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
41,The flight crew must not continue the ITP maneuver when it would be dangerous to do so.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
42,The flight crew must not abort the ITP unnecessarily. (Rationale: An abort may violate separation minimums),constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
43,"When performing an abort, the flight crew must follow regional contingency procedures.",constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
44,The flight crew must not execute the ITP before approval by ATC.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
45,The flight crew must execute the ITP immediately when approved unless it would be dangerous to do so.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
46,The crew shall be given positive notification of arrival at the requested FL.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,,
47,Approval of an ITP request must be given only when the ITP criteria are met.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,,
48,Approval must be given to the requesting aircraft only.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,,
49,Approval must not be given too early or too late (needs to be clarified as to the actual time limits).,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,,
50,An abnormal termination instruction must be given when continuing the ITP would be unsafe.,constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,,
51,An abnormal termination instruction must not be given when it is not required to maintain safety and would result in a loss of separation.,constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,,
52,An abnormal termination instruction must be given immediately if an abort is required.,constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,,
60,Pilot must execute maneuver once it is approved.,constraint,prevent,,constraint1,aviation,2012,STPA Guided Exercise (aerospace example),https://psas.scripts.mit.edu/home/get_pdf.php?name=1-3-Advanced-Experienced-STPA-Guided-Exercise.pdf,30,,
61,Pilot must not perform ITP when criteria are not met or request has been refused.,constraint,prevent,,constraint1,aviation,2012,STPA Guided Exercise (aerospace example),https://psas.scripts.mit.edu/home/get_pdf.php?name=1-3-Advanced-Experienced-STPA-Guided-Exercise.pdf,30,,
62,Pilot must start maneuver within X minutes of re-verifying ITP criteria.,constraint,prevent,,constraint1,aviation,2012,STPA Guided Exercise (aerospace example),https://psas.scripts.mit.edu/home/get_pdf.php?name=1-3-Advanced-Experienced-STPA-Guided-Exercise.pdf,30,,
79,The failures in the Train Control System must be identified and provided as feedback to the dispatcher of CTC in time.,constraint,detect,,constraint1,train,2012,Analysis of Railway Accidents in China,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-13-Suo-Analysis-of-Railway-Accidents-in-China.pdf,13,stamp,
80,The dispatcher in the CTC and the watch keeper should identify the potential danger in the railway line and command the train to slow down or stop in emergency situations.,constraint,detect,,constraint1,train,2012,Analysis of Railway Accidents in China,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-13-Suo-Analysis-of-Railway-Accidents-in-China.pdf,13,stamp,
84,ACC should not let the vehicle gets in contact with the object ahead.,constraint,prevent,,constraint1,automotive,2012,STPA Analysis of an Adaptive Cruise Control System,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-14-Qi-STPA-Analysis-of-an-Adaptive-Cruise-Control-System.pdf,7,,
85,ACC should not brake too abruptly.,constraint,prevent,,constraint1,automotive,2012,STPA Analysis of an Adaptive Cruise Control System,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-14-Qi-STPA-Analysis-of-an-Adaptive-Cruise-Control-System.pdf,7,,
91,ACC must not violate separation requirements with object ahead.,constraint,prevent,,constraint1,automotive,2013,Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Leveson-tutorial-intro.pdf,24,,
92,ACC must not brake too abruptly.,constraint,prevent,,constraint1,automotive,2013,Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Leveson-tutorial-intro.pdf,24,,
95,Toxic chemicals must not be released.,constraint,prevent,,constraint1,nuclear,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,30,,
103,Pilot must execute maneuver once it is approved.,constraint,prevent,,constraint1,aviation,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,48,,
104,Pilot must not perform ITP when criteria are not met or request has been refused.,constraint,prevent,,constraint1,aviation,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,48,,
105,Pilot must start maneuver within X minutes of re-verifying ITP criteria.,constraint,prevent,,constraint1,aviation,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,48,,
112,"The SIAS must operate when the 4 events—LOCA, 2ndHSL, S/WP-Ex, or REA—occur.",constraint,mitigate,,constraint1,nuclear,2013,Application of STPA to Engineered Safety Features of a Nuclear Power Plant,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/01_Lee_STPA_ESFCCS.pdf,14,,
113,"The CSAS must operate when the three events—LOCA, S/WP-Ex, or the SIAS—occur.",constraint,mitigate,,constraint1,nuclear,2013,Application of STPA to Engineered Safety Features of a Nuclear Power Plant,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/01_Lee_STPA_ESFCCS.pdf,14,,
114,The CREVAS must operate when the two events—High-level radioactive at air intakes of MCR or the SIAS—occur.,constraint,mitigate,,constraint1,nuclear,2013,Application of STPA to Engineered Safety Features of a Nuclear Power Plant,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/01_Lee_STPA_ESFCCS.pdf,14,,
140,Vehicle must illuminate the brake light to warn vehicle in the back.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,,
141,Brake light command must illuminate early within X-seconds before stopping vehicle.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,,
142,Vehicle must brake when vehicle detected slowed or stopped object (at a few X-meters within the preset value of the safety distance) in its path.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,,
143,The intervention between ACC system and driver should be limited to the traffic environment and conditions.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,,
145,Train must run within limited speed.,constraint,prevent,,constraint1,train,2013,Using STAMP method to analyze serious accidents in China Railway system,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/02_Hong_Serious_accidents_analysis_China_railway_STAMP.pdf,6,,
146,Driver must know the correct limited speed through different kinds of ways (e.g. IC cards and the scheduler).,constraint,detect,,constraint1,train,2013,Using STAMP method to analyze serious accidents in China Railway system,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/02_Hong_Serious_accidents_analysis_China_railway_STAMP.pdf,6,,
158,NSS should develop NS following the top-level requirements from NSI.,constraint,prevent,,constraint1,aviation,2013,A Safety analysis of Navigation Software Development Management Based on STAMP,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_XuXiaojie-STAMP_Analysis_Navigation_Software_Development_Management.pdf,11,,
159,NSI should ensure NS accept from NSS is conform to the its requirements.,constraint,prevent,,constraint1,aviation,2013,A Safety analysis of Navigation Software Development Management Based on STAMP,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_XuXiaojie-STAMP_Analysis_Navigation_Software_Development_Management.pdf,11,,
162,The Control system shall determine the axle torque request periodically.,constraint,detect,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
163,The Control System shall not miscalculate the Axle Torque request.,constraint,detect,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
164,Output Control shall be synchronized with Input request.,constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
165,System shall be made aware of the Axle Torque Command determination status.,constraint,detect,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
166,"System shall be able to control the actuator (Throttle, Spark, Fuel, etc.), when required.",constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
167,"Control system shall control the actuator (Throttle, Spark, Fuel, etc.) correctly in response to axle torque request.",constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
168,"Actuator (Throttle, Spark, Fuel, etc.) Control shall be synchronized with axle torque request.",constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
169,"If the control propulsion output stops, System propulsion output shall be gradually ramped to zero with operator notification. Graceful transition to a safe state.",constraint,mitigate,,constraint2,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,,
180,"Radiation and toxic, radioactive, or energetic materials must not be released within range of humans or other systems.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
181,"Radioactive, toxic, or energetic materials must be stored away from humans.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
182,"Satellite, satellite components, and satellite debris must not impact other systems or debris during launch, on orbit, or during disposal.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
183,"Satellite must not radiate energy until on orbit, separated from, and clear of launch vehicle and debris.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
184,Radiated energy frequencies should be selected so as to be different from those used by other systems if possible.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
185,"Radiated energy must not be directed at and/or reach other systems using the same frequency if possible. Otherwise, radiation must be at sufficiently low power so as to prevent disruption or damage of other systems.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
186,Satellite must not operate in an environment that poses the risk of excessive radiation or impact from energetic materials.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
187,Satellite must be able to operate for the design life.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
188,Satellite must be able to operate onboard instrumentation.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
189,"Satellite must be launched into correct orbit, or means to correct for different orbits must exist.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
190,Data obtained by instrumentation must be stored and/or transmitted to supporting infrastructure.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
191,Satellite must maintain means of transmitting science data to supporting systems.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
192,Satellite must maintain means of communication with supporting systems.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
193,Satellite must maintain means of control.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,,
196,The operator should always be able to control the attitude and flight path during the whole flight.,constraint,prevent,,constraint1,aviation,2013,A systematic safety control approach and practice on flight tests of a low-cost blended-wing-body demonstrator,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_LuYi_Presentation_2rd_STAMP_Workshop.pdf,16,,
197,The vehicle should keep adequate distance and height against the people and properties on the ground.,constraint,prevent,,constraint1,aviation,2013,A systematic safety control approach and practice on flight tests of a low-cost blended-wing-body demonstrator,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_LuYi_Presentation_2rd_STAMP_Workshop.pdf,16,,
215,The software must receive the NAV_ON to initialize the flight time.,constraint,prevent,,constraint1,aviation,2014,"SFTA, SFMECA, and STPA Applied to Brazilian Space Software",https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/STPA_Workshop2014-LAHOZ.pdf,14,,
216,The ignition of the second rocket stage (2E) must be detected.,constraint,detect,,constraint,aviation,2014,"SFTA, SFMECA, and STPA Applied to Brazilian Space Software",https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/STPA_Workshop2014-LAHOZ.pdf,14,constrainjt,
217,The separation of the first rocket stage (1E) must be detected.,constraint,detect,,constraint,aviation,2014,"SFTA, SFMECA, and STPA Applied to Brazilian Space Software",https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/STPA_Workshop2014-LAHOZ.pdf,14,constrainjt,
229,Software must complete calculations within 2 minutes.,constraint,prevent,,constraint1,medicine,2014,Analyzing Safety of Radiation Therapy Procedures,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/CBCT_ONLY_SRS_STPA_STAMPCONF_ASedit_3-24.pdf,24,,
233,Temperature must never violate maximum value.,constraint,prevent,,constraint1,industry,2014,Risk Management in the Process Industry,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Rodriguea_STPA_DH_final.pdf,31constraint mas está vago (ruim),
234,Pressure must never violate maximum value.,constraint,prevent,,constraint1,industry,2014,Risk Management in the Process Industry,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Rodriguea_STPA_DH_final.pdf,31constraint mas está vago (ruim),
235,Level must never violate maximum value.,constraint,prevent,,constraint1,industry,2014,Risk Management in the Process Industry,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Rodriguea_STPA_DH_final.pdf,31constraint mas está vago (ruim),
238,Toxic plant chemicals must not be released into the atmosphere.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,,
239,Radioactive materials must note be released.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,,
241,Vehicles must always maintain safe distances from each other.,constraint,prevent,,constraint1,automotive,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,,
243,Food products with pathogens must not be sold.,constraint,prevent,,constraint1,food,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,,
252,Computer must open water valve whenever catalyst valve is open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,,
253,Computer must open water valve within X seconds of catalyst valve open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,,
254,Computer must not close water valve while catalyst valve open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,,
255,Computer must not close water valve before catalyst valve closes.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,,
256,Computer must not open catalyst valve when water valve not open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,,
257,Pilots must not execute maneuver when ITP criteria are not satisfied.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,,
258,"Pilots must not execute maneuver with incorrect climb rate, final altitude, etc.",constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,,
259,Pilots must not begin to execute maneuver before approval.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,,
260,Pilots must execute maneuver within X minutes of reassessment.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,,
261,Pilots must not stop maneuver before reaching designated altitude (except in emergency temination).,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,,
262,Pilots must not climb/descent beyond designated altitude.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,,
270,Vehicle must maintain safe distance from nearby vehicles.,constraint,prevent,,constraint1,automotive,2015,Iterative Application of STPA for an Automotive System,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Sundaram-Iterative-Application-for-GM.pdf,8,,
271,Vehicle must maintain safe distance from terrain and other obstacles.,constraint,prevent,,constraint1,automotive,2015,Iterative Application of STPA for an Automotive System,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Sundaram-Iterative-Application-for-GM.pdf,8,,
272,Vehicle must not expose occupants to harmful effects and/or health hazards.,constraint,prevent,,constraint1,automotive,2015,Iterative Application of STPA for an Automotive System,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Sundaram-Iterative-Application-for-GM.pdf,8,,
273,UAS operations shall not lead to a loss of minimum separation requirements.,constraint,prevent,,constraint1,aviation,2015,UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/04/Johnson_STAMP-2015-Presentation_Final.pdf,14,,
274,UAS operations shall not induce or contribute to a controlled flight into terrain maneuver.,constraint,prevent,,constraint1,aviation,2015,UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/04/Johnson_STAMP-2015-Presentation_Final.pdf,14,,
275,UAS operations shall not induce or contribute to loss of aircraft controlled flight.,constraint,prevent,,constraint1,aviation,2015,UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/04/Johnson_STAMP-2015-Presentation_Final.pdf,14,,
290,The app must inform the display of the pump command status.,constraint,prevent,,constraint1,medicine,2015,Using STPA to support Risk Management for Interoperable Medical Systems,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Procter-Using-STPA-for-RM-in-Interoperable-Medical-Systems.pdf,25,,
291,The app must command the pump to stop if the patient's vital signs indicate over-infusion.,constraint,prevent,,constraint1,medicine,2015,Using STPA to support Risk Management for Interoperable Medical Systems,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Procter-Using-STPA-for-RM-in-Interoperable-Medical-Systems.pdf,25,,
292,The app must inform the display of the status of the patient's vital signs.,constraint,prevent,,constraint1,medicine,2015,Using STPA to support Risk Management for Interoperable Medical Systems,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Procter-Using-STPA-for-RM-in-Interoperable-Medical-Systems.pdf,25,,
302,The takeoff must be aborted at the first sign of loss of directional control.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
304,Directional deviations must be corrected smoothly and continuously.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
305,Yawing at brakes release must be counteracted quickly.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
306,Side stick command should be applied to the side of the wind after releasing the brakes.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
307,Side stick command must be gradually reduced as the aircraft gains speed.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
308,"After rotation, the skid angle must be reduced to keep wings leveled.",constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
309,The transition of primary flight controls in the rotation should be performed smoothly and continuously.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
311,"When the bursting of a tire at high speed is suspected and the pilot decides to continue, the landing gear must not be retracted.",constraint,mitigate,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,,
317,Unauthorized individuals must not access the port system infrastructure.,constraint,prevent,,constraint1,maritime,2015,STPA Applied to Port Security,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Williams-Port-Security.pdf,17,,
323,Aircraft must not be operated when hazardous FLS is installed.,constraint,mitigate,,constraint1,aviation,2015,Cyber Security in Aircraft Networks Control Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Helfer-aviation-software-presentation.pdf,10,,
324,Aircraft component must not be powered up when hazardous FLS is installed.,constraint,prevent,,constraint1,aviation,2015,Cyber Security in Aircraft Networks Control Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Helfer-aviation-software-presentation.pdf,10,,
327,A collision between the ACROBOTER robotic platform and an unknown object must be avoided at all times.,constraint,prevent,,constraint1,robot,2015,Comparing Sensors’ Characteristics on a Robotic System: The EWaSAP Results Against Designers’ Non-Theoretical Approaches,https://prezi.com/w6ww9e0b2bnu/comparing-sensors-characteristics-on-a-robotic-system-the-ewasap-results-against-designers-non-theoretical-approaches/?utm_campaign=share&utm_medium=copy,27,,
329,The ACROBOTER robotic platform must not release the payload.,constraint,prevent,,constraint1,robot,2015,Comparing Sensors’ Characteristics on a Robotic System: The EWaSAP Results Against Designers’ Non-Theoretical Approaches,https://prezi.com/w6ww9e0b2bnu/comparing-sensors-characteristics-on-a-robotic-system-the-ewasap-results-against-designers-non-theoretical-approaches/?utm_campaign=share&utm_medium=copy,27,,
364,IPMS must send STOP command to PCA when patient has been given too much opiod.,constraint,mitigate,,constraint1,medicine,2016,STPA Analysis of Intravenous Patient-Controlled Analgesia,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/06/31-Thomas-W2016.pdf,18,,
365,IPMS must not sent STOP command unless an emergency condition is indicated.,constraint,prevent,,constraint1,medicine,2016,STPA Analysis of Intravenous Patient-Controlled Analgesia,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/06/31-Thomas-W2016.pdf,18,,
366,IPMS must sent STOP command within TBD seconds of emergency.,constraint,prevent,,constraint1,medicine,2016,STPA Analysis of Intravenous Patient-Controlled Analgesia,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/06/31-Thomas-W2016.pdf,18,,
401,Aircraft must maintain separation with other aircraft.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca,
402,Aircraft must maintain its control and maintain airframe integrity.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca,
403,Aircraft must maintain separation with ground or obstacles on ground.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca,
404,Aircraft on ground must maintain separation with other objects and must not leave the paved area.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca,
405,Aircraft must not enter a runway without clearance.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca,
415,"Vehicle must not violate minimum safety distance to objects, road users, vehicles, etc.",constraint,prevent,,constraint1,automotive,2016,20-Can STPA contribute to identify hazards of different nature and improve safety of automated vehicles?,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/04/20-Alvarez-W2016.pdf,12,,
416,Vehicle must not leave the roadway.,constraint,prevent,,constraint1,automotive,2016,20-Can STPA contribute to identify hazards of different nature and improve safety of automated vehicles?,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/04/20-Alvarez-W2016.pdf,12,,
443,Workers shall not be exposed to hazardous energy.,constraint,prevent,,constraint1,industry,2017,STAMP in Workplace Safety,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/2017-MIT-Tutorial-Howard_Release.pdf,9,,
451,ACS must provide attitude maneuver commands when ASTRO-H is rotating.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
452,ACS must not provide attitude maneuver commands in the same direction as rotation.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
453,ACS must not provide attitude maneuver commands when ASTRO-H is not rotating.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
454,ACS must provide attitude maneuver commands that are sufficient to slow ASTRO-H quickly.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,"""too late"" parece UCA. confirmar"
455,ACS must not provide attitude maneuver commands too late after ASTRO-H has rotated too far.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
456,ACS must not provide attitude maneuver commands too early to achieve desired attitude.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
457,ACS must not stop providing attitude commands too soon before attitude has stabilized.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
458,ACS must not continue providing attitude maneuver commands too long after attitude has stabilized.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,
469,The flight crew must never violate predetermined minimum/maximum altitude.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec,
470,The flight crew must never violate the minimum distance to other aircraft.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec,
471,The flight crew must have control of the aircraft all the time.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec,
472,The aircraft must never fly off the route specified at the flight plan.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec,
473,No access to aircraft equipment (electronic or physical) shall be allowed without authorization.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec,
474,Aircraft must be dispatched.,constraint,prevent,,constraint,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,constraint. stpa-sec,
483,The AMS must not let the air temperature reach values out of the prescribed limits for the destination environment.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,,
484,The AMS must not let the air pressure reach values out of the prescribed limits for thedestination environment.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,,
485,The AMS must not extract air from from the inappropriate sources at the inappropriate.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,,
486,The AMS must not transport air to inappropriate environments at inappropriate times.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,,
487,The AMS must not distribute air inside the aircraft which is unacceptably contaminated.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,,
488,The AMS must avoid H2O/Ice accumulation.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,,
502,"Aircraft shall not enter a controlled airspace without broadcasting their location through Mode C, ADS-B, or IFF.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
503,Aircraft shall not enter a controlled airspace without verbal confirmation from the controller.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
504,"In areas where terrain masking may occur, the controller shall maintain awareness of aircraft that have requested access to the airspace.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
505,"When spin zones are in use, the controller shall not consider the area clear or safe.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
506,Controllers shall not approve requests for access to zones other than those that they are controlling.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
507,Controllers shall confirm that an aircraft has exited the zone via both voice communications and radar confirmation.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
508,Controllers shall monitor radar returns of aircraft that are ascending/descending to ensure minimum separation requirements.,constraint,detect,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,,
509,Controllers shall confirm that there are no rocket tests ongoing.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
510,Controllers shall confirm that the small arms range is inactive.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
511,UAS operator shall read back airspace clearance to controller.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
512,UAS operator shall immediately notify the losing controller if the UAV is incapable of exiting the old airspace.,constraint,mitigate,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
513,Wing safety shall ensure that the UAV software is updated with new airspace boundaries when they are changed.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
514,UAS operator shall immediately inform the controller if the UAV position becomes unclear.,constraint,mitigate,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
515,UAS operator shall immediately inform the controller in the event of a UAV malfunction.,constraint,mitigate,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
516,"UAS operations shall, when possible, be conducted well away from the boundaries of the airspace.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,,
519,Radio communication should be in the disposal of the spotter and the operators.,constraint,prevent,,constraint1,other,2017,Towards a STAMP-Based Safety Plans Approach for Construction Projects,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Ioannis-Dokas_Towards-A-STAMP-Based-Safety-Plans-Approach-For-Construction.pdf,15,,
520,The spotter should have in his disposal visual signs to attract the attention of the operators.,constraint,prevent,,constraint1,other,2017,Towards a STAMP-Based Safety Plans Approach for Construction Projects,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Ioannis-Dokas_Towards-A-STAMP-Based-Safety-Plans-Approach-For-Construction.pdf,15,,
521,The spotter should be in a positions which will provide him the maximum possible observation range and minimum blind spots.,constraint,prevent,,constraint1,other,2017,Towards a STAMP-Based Safety Plans Approach for Construction Projects,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Ioannis-Dokas_Towards-A-STAMP-Based-Safety-Plans-Approach-For-Construction.pdf,15,,
531,Doors shall open at station when train is completely stopped and aligned with platform.,constraint,prevent,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,,
532,Doors shall remain closed when train is moving.,constraint,prevent,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,,
533,"Doors shall remain open when someone is in the doorway, the train shall not move until the doors close.",constraint,prevent,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,,
534,The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed.,constraint,mitigate,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,,
542,The aircraft must maintain minimum separation from potential sources of collision.,constraint,prevent,,constraint1,aviation,2017,STPA During Early Concept Formation for Military Rotorcraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/05/STAMP-2017-Workshop-STPA-Presentation-Approved-For-Release.pdf,6,,
543,The aircraft must be controllable by the pilot or piloting function in an OPV (optionally piloted vehicle) at all times.,constraint,prevent,,constraint1,aviation,2017,STPA During Early Concept Formation for Military Rotorcraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/05/STAMP-2017-Workshop-STPA-Presentation-Approved-For-Release.pdf,6,,
544,Airframe integrity must not be lost during flight.,constraint,prevent,,constraint1,aviation,2017,STPA During Early Concept Formation for Military Rotorcraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/05/STAMP-2017-Workshop-STPA-Presentation-Approved-For-Release.pdf,6,,
548,Autopilot must send objects to Autopilot HMI when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,,
549,Autopilot must send road signs to Autopilot HMI when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,,
550,Data Fusion and Assessment must provide assessed environment model to Autopilot when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,,
551,Driver must brake Model S when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,,
552,Driver must not perform other tasks when not allowed.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,,
557,correct patient results must be reported to the Audiologist.,constraint,prevent,,constraint1,medicine,2017,STPA analysis for Clinical Programming Software of Cochlear Implant System for Profoundly Deaf People,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Kadupukotla-Satish-Kumar_STPA-Analysis-Of-Clinical-Programming-Software-For-Cochlear-Implant-System.pdf,38,,
558,Patient results must be reported to the Audiologist in a useable time frame.,constraint,prevent,,constraint1,medicine,2017,STPA analysis for Clinical Programming Software of Cochlear Implant System for Profoundly Deaf People,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Kadupukotla-Satish-Kumar_STPA-Analysis-Of-Clinical-Programming-Software-For-Cochlear-Implant-System.pdf,38,,
572,The LKA system must not allow the vehicle switch to lanes without the correct turn-indicator being actuated.,constraint,prevent,,constraint1,automotive,2017,Application of STPA to a lane keeping assist system,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Haneet-Singh_Application-Of-STPA-To-A-Lane-Keeping-Assist-System.pdf,12,,
573,The LKA system must not perform corrective action if the correct turn-indicator is actuated (if the direction of deviation is the same as the turn-indicator).,constraint,prevent,,constraint1,automotive,2017,Application of STPA to a lane keeping assist system,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Haneet-Singh_Application-Of-STPA-To-A-Lane-Keeping-Assist-System.pdf,12,,
574,The LKA system must verify that corrective action has beenperformed either from its inputs or feedback from the electrical steering system.,constraint,prevent,,constraint1,automotive,2017,Application of STPA to a lane keeping assist system,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Haneet-Singh_Application-Of-STPA-To-A-Lane-Keeping-Assist-System.pdf,12,,
578,The aircraft must be maneuvered within the safety envelope.,constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,,
579,"Separation from other aircraft, terrain, obstacles must be maintained.",constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,,
580,The FI must assist the trainee in enforcing these safety constraints.,constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,,
581,The FI must take over the control to enforce these safety constraints if necessary.,constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,,
588,TCAS must not interfere with the ground ATC system or other aircraft transmissions to the ground ATC system.,constraint,prevent,,constraint1,aviation,2018,Creating and Using Leading Indicators,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/other-Leveson-PUB-Leading-Indicators.pdf,28,,
589,TCAS must not disrupt the pilot and ATC operations during critical phases of flight nor disrupt aircraft operation.,constraint,prevent,,constraint1,aviation,2018,Creating and Using Leading Indicators,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/other-Leveson-PUB-Leading-Indicators.pdf,29,,
596,Toxic chemicals must be contained within plant equipment.,constraint,prevent,,constraint1,nuclear,2018,STPA Intro,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/JThomas-Batch-reactor-exercise.pdf,5,,
597,"Plant must be operated within limits (pressure, temperature, etc.).",constraint,prevent,,constraint1,nuclear,2018,STPA Intro,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/JThomas-Batch-reactor-exercise.pdf,5,,
598,"If toxic chemicals are not contained, damage must be mitigated.",constraint,mitigate,,constraint2,nuclear,2018,STPA Intro,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/JThomas-Batch-reactor-exercise.pdf,5,,
606,A/C must maintain minimum safe separation distance.,constraint,prevent,,constraint1,aviation,2018,STPA-Sec Case Study of a Next Generation Refueling Aircraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SPAN-STAMP_KC-X-STPA-SEC_FINAL_PA_Approved.pdf,8,stpa-sec,
608,A/C must maintain minimum safe altitude limits.,constraint,prevent,,constraint1,aviation,2018,STPA-Sec Case Study of a Next Generation Refueling Aircraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SPAN-STAMP_KC-X-STPA-SEC_FINAL_PA_Approved.pdf,8,stpa-sec,
611,Msn critical systems must be available when required to perform primary msn.,constraint,prevent,,constraint1,aviation,2018,STPA-Sec Case Study of a Next Generation Refueling Aircraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SPAN-STAMP_KC-X-STPA-SEC_FINAL_PA_Approved.pdf,8,stpa-sec,
646,Path panning must include the ability to pass through an intersection in movement calculation before moving forward into an intersection.,constraint,prevent,,constraint1,automotive,2018,Building Behavior Competency into STPA Process Models for Automated Driving Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Wed-cook-PUB-MIT_STAMP_2018_AV_Pres_Rev_MIT2.0.pdf,11,,
647,Sensor processing must have confidence and reduce false positive in distinguishing true moving target.,constraint,prevent,,constraint1,automotive,2018,Building Behavior Competency into STPA Process Models for Automated Driving Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Wed-cook-PUB-MIT_STAMP_2018_AV_Pres_Rev_MIT2.0.pdf,11,,
648,Sensor processing must have foliage as a class in machine learning list.,constraint,prevent,,constraint1,automotive,2018,Building Behavior Competency into STPA Process Models for Automated Driving Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Wed-cook-PUB-MIT_STAMP_2018_AV_Pres_Rev_MIT2.0.pdf,11,,
657,The public must not be exposed to pathogens in drinking water.,constraint,prevent,,constraint1,water,2018,A Systems Analysis of the 1998 Sydney Water Crisis,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Thurs-Merrett-PUB-Sydneys-Water-quality-Crisis-systems-analysis_v2.pdf,6,,
658,Public health measures must reduce risk of public exposure to unsafe water during incidents.,constraint,prevent,,constraint1,water,2018,A Systems Analysis of the 1998 Sydney Water Crisis,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Thurs-Merrett-PUB-Sydneys-Water-quality-Crisis-systems-analysis_v2.pdf,6,,
665,SMS shall be designed according to standards.,constraint,prevent,,constraint1,aviation,2018,The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SMS-assessment-tool_MIT-STAMP-2018.pdf,21,,
666,SMS shall be implemented according to standards.,constraint,prevent,,constraint1,aviation,2018,The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SMS-assessment-tool_MIT-STAMP-2018.pdf,21,,
667,SMS shall be suitably scaled for the organization.,constraint,prevent,,constraint1,aviation,2018,The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SMS-assessment-tool_MIT-STAMP-2018.pdf,21,,
689,SGC system must stop compressing gas when gas leaks to the environment.,constraint,mitigate,,constraint1,other,2018,Opportunities and Challenges of Applying STPA to Subsea Operations,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/STPA-to-Subsea-20180329-Kim.pdf,14,,
690,SGC system must be protected from abnormal operating conditions that can damage valuable components.,constraint,prevent,,constraint1,other,2018,Opportunities and Challenges of Applying STPA to Subsea Operations,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/STPA-to-Subsea-20180329-Kim.pdf,14,,
691,SGC system must always produce gas with maximum capacity.,constraint,prevent,,constraint1,other,2018,Opportunities and Challenges of Applying STPA to Subsea Operations,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/STPA-to-Subsea-20180329-Kim.pdf,14,,
702,"Controller shall not open Door while train is moving, only when stopped.",constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
703,Controller shall not close Door while a passenger is in the doorway.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
704,Controller shall open Door in an emergency.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
705,Controller shall open Door when Train is stopped in Station.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
706,Controller shall report the state of the Door to the next-higher level of control.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
707,Controller shall allow time for passengers to exit & enter before attempting to close the door.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
708,The Controller shall warn passengers when the door is about to open or close.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
709,When the Train is stopped and not in a station and no emergency exists the Controller shall not open the door.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,,
718,Aircraft must maintain criteria for stable approaches.,constraint,prevent,,constraint1,aviation,2019,Active STPA – A Systems-based Hazard Analysis for Safety Management Systems (SMS),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Diogo-Castilho-on-Active-STPA.pdf,13,,
747,"At the launch rail, vehicle stages must be prevented from igniting before planned, even when subjected to commands or electric discharges.",constraint,prevent,,constraint1,aerospace,2019,STPA Applied to Launch Operations Management,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Merladet__PUB__STPA-MIT-STAMP-WORKSHOP-2019-28-03-19.pdf,13,,
748,"In the event of an unintended ignition, the vehicle must remain fixed to the launching rail, avoiding an unplanned route.",constraint,mitigate,,constraint1,aerospace,2019,STPA Applied to Launch Operations Management,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Merladet__PUB__STPA-MIT-STAMP-WORKSHOP-2019-28-03-19.pdf,13,,
749,"Vehicle stages and interfaces must be designed so that, in the event of an unintended ignition, they do not result in the vehicle explosion.",constraint,mitigate,,constraint1,aerospace,2019,STPA Applied to Launch Operations Management,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Merladet__PUB__STPA-MIT-STAMP-WORKSHOP-2019-28-03-19.pdf,13,,
771,Smartgrid must be able to meet unexpected demands.,constraint,prevent,,constraint1,energy,2019,STPA of Demand -Side Load Management in Smart Grids,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Karatzas__PUB__MIT-STPA-methodology-presentation-v1.pdf,7,,
772,Smartgrid must be able to meet local energy demands.,constraint,prevent,,constraint1,energy,2019,STPA of Demand -Side Load Management in Smart Grids,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Karatzas__PUB__MIT-STPA-methodology-presentation-v1.pdf,7,,
773,Smartgrid must be able to keep customers comfortable as desired.,constraint,prevent,,constraint1,energy,2019,STPA of Demand -Side Load Management in Smart Grids,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Karatzas__PUB__MIT-STPA-methodology-presentation-v1.pdf,7,,
802,Vehicle must maintain safe distance from nearby objects.,constraint,prevent,,constraint1,automotive,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,,
803,Chemical plant must not release toxic chemicals into the atmosphere.,constraint,prevent,,constraint1,nuclear,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,,
804,Nuclear power plant must not release radioactive materials into environment.,constraint,prevent,,constraint1,nuclear,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,,
805,Vehicles must always maintain safe distances from each other.,constraint,prevent,,constraint1,automotive,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,,
807,Food products with pathogens must not be sold.,constraint,prevent,,constraint1,food,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,,
880,Ego vehicle must not leave the lane unless desired by the driver.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,,
881,Ego vehicle must not decelerate at rates greater than 4 m/s^2.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,,
882,Ego vehicle must decelerate at rates greater than 0.9 m/s^2.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,,
883,Ego vehicle must not accelerate at rates greater than 1 m/s^2.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,,
889,"If ventilation turned off, the workplace must be abandoned immediately.",constraint,mitigate,,constraint2,industry,2021,Using STPA to identify conflicts in coal mining safety procedures,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-30-1220__Krzemien.pdf,7,,
920,AV must maintain a safe distance from VRUs and other stationary and moving objects in the surroundings.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,,
921,AV must adhere to the designated path.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,,
922,AV must adhere to the allowed operating limits advised by the traffic rules and ODD limitations.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,,falta contexto
923,AV must provide a comfortable experience to the passengers when driving or stationary.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,,
924,AV must never lose control.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,,
938,Aircraft should maintain a safe distance from obstacles and notify the operator when reaching the minimum distance.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,,
939,The aircraft must maintain constant communication with the base throughout the operation.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,,
940,The aircraft must be able to generate enough power to keep the systems running properly.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,,
941,Aircraft shall be capable of remaining airborn in a controlled manner throughout the operation.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,,
959,Ship must not violate minimum separation from other ship.,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,,
960,Ship must not violate minimum separation from any stationary object or underwater object.,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,,
962,Ship must not enter into an unsafe area (low water-depth or stormy area).,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,,
963,The ship must be maintained properly so that the occurrence of fire is prevented.,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,,
994,Safe distance should always be kept and the crew must be aware when it is violated.,constraint,prevent,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,,
995,Depth should be continuously monitored.,constraint,detect,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,,
997,The possibility of progressive flooding should be monitored and detected on time.,constraint,detect,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,,
998,Heat and smoke detectors should trigger an alarm and extinguishing systems.,constraint,detect,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,,