Spaces:
Sleeping
Sleeping
| ,req,label,v6,Unnamed: 3,v5.2,dominio,ano,titulo,link,slide,obs,obs v6 | |
| 20,"When two aircraft are on a collision course, TCAS must always provide an RA to avoid the collision.",constraint,mitigate,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,, | |
| 21,TCAS must not provide RAs that degrade vertical separation.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,, | |
| 22,TCAS must always provide an RA in time to prevent an NMAC.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,, | |
| 23,The pilot must always follow the RA provided by TCAS.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,42,, | |
| 24,The system must not disrupt the pilot and ATC operations during critical phases of flight nor disrupt aircraft operation.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,43,, | |
| 25,The pilot of a TCAS-equipped aircraft must have the option to switch to the Traffic-Advisory mode where traffic advisories are displayed but display of resolution advisories is prohibited.,constraint,prevent,,constraint1,aerospace,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,43,, | |
| 29,Doors must not be opened until train is stopped and aligned with platform.,constraint,prevent,,constraint1,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,, | |
| 30,Doors must not be closed if someone is in the doorway.,constraint,prevent,,constraint1,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,, | |
| 31,"If a person is detected in doorway during door closing, door closing must be stopped and reversed.",constraint,mitigate,,constraint2,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,, | |
| 32,Train must not move with doors open.,constraint,prevent,,constraint1,train,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,49,, | |
| 38,The flight crew must not execute the ITP when it has not been approved by ATC.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 39,The flight crew must not execute an ITP when the ITP criteria are not satisfied.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 40,"The flight crew must execute the ITP with correct climb rate, flight levels, Mach number, and other associated performance criteria.",constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 41,The flight crew must not continue the ITP maneuver when it would be dangerous to do so.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 42,The flight crew must not abort the ITP unnecessarily. (Rationale: An abort may violate separation minimums),constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 43,"When performing an abort, the flight crew must follow regional contingency procedures.",constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 44,The flight crew must not execute the ITP before approval by ATC.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 45,The flight crew must execute the ITP immediately when approved unless it would be dangerous to do so.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 46,The crew shall be given positive notification of arrival at the requested FL.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,82,, | |
| 47,Approval of an ITP request must be given only when the ITP criteria are met.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,, | |
| 48,Approval must be given to the requesting aircraft only.,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,, | |
| 49,Approval must not be given too early or too late (needs to be clarified as to the actual time limits).,constraint,prevent,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,, | |
| 50,An abnormal termination instruction must be given when continuing the ITP would be unsafe.,constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,, | |
| 51,An abnormal termination instruction must not be given when it is not required to maintain safety and would result in a loss of separation.,constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,, | |
| 52,An abnormal termination instruction must be given immediately if an abort is required.,constraint,mitigate,,constraint1,aviation,2012,STPA and CAST Tutorial,http://psas.scripts.mit.edu/home/get_pdf.php?name=1-2-Beginners-Tutorial-part2.pdf,84,, | |
| 60,Pilot must execute maneuver once it is approved.,constraint,prevent,,constraint1,aviation,2012,STPA Guided Exercise (aerospace example),https://psas.scripts.mit.edu/home/get_pdf.php?name=1-3-Advanced-Experienced-STPA-Guided-Exercise.pdf,30,, | |
| 61,Pilot must not perform ITP when criteria are not met or request has been refused.,constraint,prevent,,constraint1,aviation,2012,STPA Guided Exercise (aerospace example),https://psas.scripts.mit.edu/home/get_pdf.php?name=1-3-Advanced-Experienced-STPA-Guided-Exercise.pdf,30,, | |
| 62,Pilot must start maneuver within X minutes of re-verifying ITP criteria.,constraint,prevent,,constraint1,aviation,2012,STPA Guided Exercise (aerospace example),https://psas.scripts.mit.edu/home/get_pdf.php?name=1-3-Advanced-Experienced-STPA-Guided-Exercise.pdf,30,, | |
| 79,The failures in the Train Control System must be identified and provided as feedback to the dispatcher of CTC in time.,constraint,detect,,constraint1,train,2012,Analysis of Railway Accidents in China,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-13-Suo-Analysis-of-Railway-Accidents-in-China.pdf,13,stamp, | |
| 80,The dispatcher in the CTC and the watch keeper should identify the potential danger in the railway line and command the train to slow down or stop in emergency situations.,constraint,detect,,constraint1,train,2012,Analysis of Railway Accidents in China,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-13-Suo-Analysis-of-Railway-Accidents-in-China.pdf,13,stamp, | |
| 84,ACC should not let the vehicle gets in contact with the object ahead.,constraint,prevent,,constraint1,automotive,2012,STPA Analysis of an Adaptive Cruise Control System,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-14-Qi-STPA-Analysis-of-an-Adaptive-Cruise-Control-System.pdf,7,, | |
| 85,ACC should not brake too abruptly.,constraint,prevent,,constraint1,automotive,2012,STPA Analysis of an Adaptive Cruise Control System,http://psas.scripts.mit.edu/home/get_pdf.php?name=2-14-Qi-STPA-Analysis-of-an-Adaptive-Cruise-Control-System.pdf,7,, | |
| 91,ACC must not violate separation requirements with object ahead.,constraint,prevent,,constraint1,automotive,2013,Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Leveson-tutorial-intro.pdf,24,, | |
| 92,ACC must not brake too abruptly.,constraint,prevent,,constraint1,automotive,2013,Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Leveson-tutorial-intro.pdf,24,, | |
| 95,Toxic chemicals must not be released.,constraint,prevent,,constraint1,nuclear,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,30,, | |
| 103,Pilot must execute maneuver once it is approved.,constraint,prevent,,constraint1,aviation,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,48,, | |
| 104,Pilot must not perform ITP when criteria are not met or request has been refused.,constraint,prevent,,constraint1,aviation,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,48,, | |
| 105,Pilot must start maneuver within X minutes of re-verifying ITP criteria.,constraint,prevent,,constraint1,aviation,2013,STPA Beginner’s Tutorial,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/Basic_STPA_Tutorial1.pdf,48,, | |
| 112,"The SIAS must operate when the 4 events—LOCA, 2ndHSL, S/WP-Ex, or REA—occur.",constraint,mitigate,,constraint1,nuclear,2013,Application of STPA to Engineered Safety Features of a Nuclear Power Plant,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/01_Lee_STPA_ESFCCS.pdf,14,, | |
| 113,"The CSAS must operate when the three events—LOCA, S/WP-Ex, or the SIAS—occur.",constraint,mitigate,,constraint1,nuclear,2013,Application of STPA to Engineered Safety Features of a Nuclear Power Plant,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/01_Lee_STPA_ESFCCS.pdf,14,, | |
| 114,The CREVAS must operate when the two events—High-level radioactive at air intakes of MCR or the SIAS—occur.,constraint,mitigate,,constraint1,nuclear,2013,Application of STPA to Engineered Safety Features of a Nuclear Power Plant,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/01_Lee_STPA_ESFCCS.pdf,14,, | |
| 140,Vehicle must illuminate the brake light to warn vehicle in the back.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,, | |
| 141,Brake light command must illuminate early within X-seconds before stopping vehicle.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,, | |
| 142,Vehicle must brake when vehicle detected slowed or stopped object (at a few X-meters within the preset value of the safety distance) in its path.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,, | |
| 143,The intervention between ACC system and driver should be limited to the traffic environment and conditions.,constraint,prevent,,constraint1,automotive,2013,Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Abdulkhaleq_STAMP_2013.pdf,11,, | |
| 145,Train must run within limited speed.,constraint,prevent,,constraint1,train,2013,Using STAMP method to analyze serious accidents in China Railway system,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/02_Hong_Serious_accidents_analysis_China_railway_STAMP.pdf,6,, | |
| 146,Driver must know the correct limited speed through different kinds of ways (e.g. IC cards and the scheduler).,constraint,detect,,constraint1,train,2013,Using STAMP method to analyze serious accidents in China Railway system,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/02_Hong_Serious_accidents_analysis_China_railway_STAMP.pdf,6,, | |
| 158,NSS should develop NS following the top-level requirements from NSI.,constraint,prevent,,constraint1,aviation,2013,A Safety analysis of Navigation Software Development Management Based on STAMP,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_XuXiaojie-STAMP_Analysis_Navigation_Software_Development_Management.pdf,11,, | |
| 159,NSI should ensure NS accept from NSS is conform to the its requirements.,constraint,prevent,,constraint1,aviation,2013,A Safety analysis of Navigation Software Development Management Based on STAMP,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_XuXiaojie-STAMP_Analysis_Navigation_Software_Development_Management.pdf,11,, | |
| 162,The Control system shall determine the axle torque request periodically.,constraint,detect,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 163,The Control System shall not miscalculate the Axle Torque request.,constraint,detect,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 164,Output Control shall be synchronized with Input request.,constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 165,System shall be made aware of the Axle Torque Command determination status.,constraint,detect,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 166,"System shall be able to control the actuator (Throttle, Spark, Fuel, etc.), when required.",constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 167,"Control system shall control the actuator (Throttle, Spark, Fuel, etc.) correctly in response to axle torque request.",constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 168,"Actuator (Throttle, Spark, Fuel, etc.) Control shall be synchronized with axle torque request.",constraint,prevent,,constraint1,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 169,"If the control propulsion output stops, System propulsion output shall be gradually ramped to zero with operator notification. Graceful transition to a safe state.",constraint,mitigate,,constraint2,automotive,2013,Compatibility Study of STPA with Automotive Safety Process,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_Sundaram_GM_STPA_Study_Presentation_MIT.pdf,22,, | |
| 180,"Radiation and toxic, radioactive, or energetic materials must not be released within range of humans or other systems.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 181,"Radioactive, toxic, or energetic materials must be stored away from humans.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 182,"Satellite, satellite components, and satellite debris must not impact other systems or debris during launch, on orbit, or during disposal.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 183,"Satellite must not radiate energy until on orbit, separated from, and clear of launch vehicle and debris.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 184,Radiated energy frequencies should be selected so as to be different from those used by other systems if possible.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 185,"Radiated energy must not be directed at and/or reach other systems using the same frequency if possible. Otherwise, radiation must be at sufficiently low power so as to prevent disruption or damage of other systems.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 186,Satellite must not operate in an environment that poses the risk of excessive radiation or impact from energetic materials.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 187,Satellite must be able to operate for the design life.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 188,Satellite must be able to operate onboard instrumentation.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 189,"Satellite must be launched into correct orbit, or means to correct for different orbits must exist.",constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 190,Data obtained by instrumentation must be stored and/or transmitted to supporting infrastructure.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 191,Satellite must maintain means of transmitting science data to supporting systems.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 192,Satellite must maintain means of communication with supporting systems.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 193,Satellite must maintain means of control.,constraint,prevent,,constraint1,aerospace,2013,The Use of STPA in Satellite Hazard Analysis,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/03_Dunn_STAMP_Conference_Presentation.pdf,11,, | |
| 196,The operator should always be able to control the attitude and flight path during the whole flight.,constraint,prevent,,constraint1,aviation,2013,A systematic safety control approach and practice on flight tests of a low-cost blended-wing-body demonstrator,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_LuYi_Presentation_2rd_STAMP_Workshop.pdf,16,, | |
| 197,The vehicle should keep adequate distance and height against the people and properties on the ground.,constraint,prevent,,constraint1,aviation,2013,A systematic safety control approach and practice on flight tests of a low-cost blended-wing-body demonstrator,https://psas.scripts.mit.edu/home/wp-content/uploads/2013/04/04_LuYi_Presentation_2rd_STAMP_Workshop.pdf,16,, | |
| 215,The software must receive the NAV_ON to initialize the flight time.,constraint,prevent,,constraint1,aviation,2014,"SFTA, SFMECA, and STPA Applied to Brazilian Space Software",https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/STPA_Workshop2014-LAHOZ.pdf,14,, | |
| 216,The ignition of the second rocket stage (2E) must be detected.,constraint,detect,,constraint,aviation,2014,"SFTA, SFMECA, and STPA Applied to Brazilian Space Software",https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/STPA_Workshop2014-LAHOZ.pdf,14,constrainjt, | |
| 217,The separation of the first rocket stage (1E) must be detected.,constraint,detect,,constraint,aviation,2014,"SFTA, SFMECA, and STPA Applied to Brazilian Space Software",https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/STPA_Workshop2014-LAHOZ.pdf,14,constrainjt, | |
| 229,Software must complete calculations within 2 minutes.,constraint,prevent,,constraint1,medicine,2014,Analyzing Safety of Radiation Therapy Procedures,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/CBCT_ONLY_SRS_STPA_STAMPCONF_ASedit_3-24.pdf,24,, | |
| 233,Temperature must never violate maximum value.,constraint,prevent,,constraint1,industry,2014,Risk Management in the Process Industry,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Rodriguea_STPA_DH_final.pdf,31,é constraint mas está vago (ruim), | |
| 234,Pressure must never violate maximum value.,constraint,prevent,,constraint1,industry,2014,Risk Management in the Process Industry,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Rodriguea_STPA_DH_final.pdf,31,é constraint mas está vago (ruim), | |
| 235,Level must never violate maximum value.,constraint,prevent,,constraint1,industry,2014,Risk Management in the Process Industry,https://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Rodriguea_STPA_DH_final.pdf,31,é constraint mas está vago (ruim), | |
| 238,Toxic plant chemicals must not be released into the atmosphere.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,, | |
| 239,Radioactive materials must note be released.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,, | |
| 241,Vehicles must always maintain safe distances from each other.,constraint,prevent,,constraint1,automotive,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,, | |
| 243,Food products with pathogens must not be sold.,constraint,prevent,,constraint1,food,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,10,, | |
| 252,Computer must open water valve whenever catalyst valve is open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,, | |
| 253,Computer must open water valve within X seconds of catalyst valve open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,, | |
| 254,Computer must not close water valve while catalyst valve open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,, | |
| 255,Computer must not close water valve before catalyst valve closes.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,, | |
| 256,Computer must not open catalyst valve when water valve not open.,constraint,prevent,,constraint1,nuclear,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,52,, | |
| 257,Pilots must not execute maneuver when ITP criteria are not satisfied.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,, | |
| 258,"Pilots must not execute maneuver with incorrect climb rate, final altitude, etc.",constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,, | |
| 259,Pilots must not begin to execute maneuver before approval.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,, | |
| 260,Pilots must execute maneuver within X minutes of reassessment.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,, | |
| 261,Pilots must not stop maneuver before reaching designated altitude (except in emergency temination).,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,, | |
| 262,Pilots must not climb/descent beyond designated altitude.,constraint,prevent,,constraint1,aviation,2015,STPA Introduction,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-STPA-Tutotrial.pdf,78,, | |
| 270,Vehicle must maintain safe distance from nearby vehicles.,constraint,prevent,,constraint1,automotive,2015,Iterative Application of STPA for an Automotive System,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Sundaram-Iterative-Application-for-GM.pdf,8,, | |
| 271,Vehicle must maintain safe distance from terrain and other obstacles.,constraint,prevent,,constraint1,automotive,2015,Iterative Application of STPA for an Automotive System,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Sundaram-Iterative-Application-for-GM.pdf,8,, | |
| 272,Vehicle must not expose occupants to harmful effects and/or health hazards.,constraint,prevent,,constraint1,automotive,2015,Iterative Application of STPA for an Automotive System,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Sundaram-Iterative-Application-for-GM.pdf,8,, | |
| 273,UAS operations shall not lead to a loss of minimum separation requirements.,constraint,prevent,,constraint1,aviation,2015,UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/04/Johnson_STAMP-2015-Presentation_Final.pdf,14,, | |
| 274,UAS operations shall not induce or contribute to a controlled flight into terrain maneuver.,constraint,prevent,,constraint1,aviation,2015,UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/04/Johnson_STAMP-2015-Presentation_Final.pdf,14,, | |
| 275,UAS operations shall not induce or contribute to loss of aircraft controlled flight.,constraint,prevent,,constraint1,aviation,2015,UAS-NAS Integration: A Cognitive Sys Eng Framework for Safety Model Development,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/04/Johnson_STAMP-2015-Presentation_Final.pdf,14,, | |
| 290,The app must inform the display of the pump command status.,constraint,prevent,,constraint1,medicine,2015,Using STPA to support Risk Management for Interoperable Medical Systems,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Procter-Using-STPA-for-RM-in-Interoperable-Medical-Systems.pdf,25,, | |
| 291,The app must command the pump to stop if the patient's vital signs indicate over-infusion.,constraint,prevent,,constraint1,medicine,2015,Using STPA to support Risk Management for Interoperable Medical Systems,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Procter-Using-STPA-for-RM-in-Interoperable-Medical-Systems.pdf,25,, | |
| 292,The app must inform the display of the status of the patient's vital signs.,constraint,prevent,,constraint1,medicine,2015,Using STPA to support Risk Management for Interoperable Medical Systems,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Procter-Using-STPA-for-RM-in-Interoperable-Medical-Systems.pdf,25,, | |
| 302,The takeoff must be aborted at the first sign of loss of directional control.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 304,Directional deviations must be corrected smoothly and continuously.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 305,Yawing at brakes release must be counteracted quickly.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 306,Side stick command should be applied to the side of the wind after releasing the brakes.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 307,Side stick command must be gradually reduced as the aircraft gains speed.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 308,"After rotation, the skid angle must be reduced to keep wings leveled.",constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 309,The transition of primary flight controls in the rotation should be performed smoothly and continuously.,constraint,prevent,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 311,"When the bursting of a tire at high speed is suspected and the pilot decides to continue, the landing gear must not be retracted.",constraint,mitigate,,constraint1,aviation,2015,Application of STPA for Hazard Analysis on Light Aircraft Crosswind Takeoffs,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Castilho-Crosswind-Takeoffs.pdf,35,, | |
| 317,Unauthorized individuals must not access the port system infrastructure.,constraint,prevent,,constraint1,maritime,2015,STPA Applied to Port Security,http://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Williams-Port-Security.pdf,17,, | |
| 323,Aircraft must not be operated when hazardous FLS is installed.,constraint,mitigate,,constraint1,aviation,2015,Cyber Security in Aircraft Networks Control Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Helfer-aviation-software-presentation.pdf,10,, | |
| 324,Aircraft component must not be powered up when hazardous FLS is installed.,constraint,prevent,,constraint1,aviation,2015,Cyber Security in Aircraft Networks Control Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2015/03/2015-Helfer-aviation-software-presentation.pdf,10,, | |
| 327,A collision between the ACROBOTER robotic platform and an unknown object must be avoided at all times.,constraint,prevent,,constraint1,robot,2015,Comparing Sensors’ Characteristics on a Robotic System: The EWaSAP Results Against Designers’ Non-Theoretical Approaches,https://prezi.com/w6ww9e0b2bnu/comparing-sensors-characteristics-on-a-robotic-system-the-ewasap-results-against-designers-non-theoretical-approaches/?utm_campaign=share&utm_medium=copy,27,, | |
| 329,The ACROBOTER robotic platform must not release the payload.,constraint,prevent,,constraint1,robot,2015,Comparing Sensors’ Characteristics on a Robotic System: The EWaSAP Results Against Designers’ Non-Theoretical Approaches,https://prezi.com/w6ww9e0b2bnu/comparing-sensors-characteristics-on-a-robotic-system-the-ewasap-results-against-designers-non-theoretical-approaches/?utm_campaign=share&utm_medium=copy,27,, | |
| 364,IPMS must send STOP command to PCA when patient has been given too much opiod.,constraint,mitigate,,constraint1,medicine,2016,STPA Analysis of Intravenous Patient-Controlled Analgesia,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/06/31-Thomas-W2016.pdf,18,, | |
| 365,IPMS must not sent STOP command unless an emergency condition is indicated.,constraint,prevent,,constraint1,medicine,2016,STPA Analysis of Intravenous Patient-Controlled Analgesia,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/06/31-Thomas-W2016.pdf,18,, | |
| 366,IPMS must sent STOP command within TBD seconds of emergency.,constraint,prevent,,constraint1,medicine,2016,STPA Analysis of Intravenous Patient-Controlled Analgesia,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/06/31-Thomas-W2016.pdf,18,, | |
| 401,Aircraft must maintain separation with other aircraft.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca, | |
| 402,Aircraft must maintain its control and maintain airframe integrity.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca, | |
| 403,Aircraft must maintain separation with ground or obstacles on ground.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca, | |
| 404,Aircraft on ground must maintain separation with other objects and must not leave the paved area.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca, | |
| 405,Aircraft must not enter a runway without clearance.,constraint,prevent,,constraint1,aviation,2016,17-Deriving safety constraints for Unmanned Aircraft Systems (UAS),https://psas.scripts.mit.edu/home/wp-content/uploads/2016/05/17-Urano-W2016.pdf,22,steca, | |
| 415,"Vehicle must not violate minimum safety distance to objects, road users, vehicles, etc.",constraint,prevent,,constraint1,automotive,2016,20-Can STPA contribute to identify hazards of different nature and improve safety of automated vehicles?,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/04/20-Alvarez-W2016.pdf,12,, | |
| 416,Vehicle must not leave the roadway.,constraint,prevent,,constraint1,automotive,2016,20-Can STPA contribute to identify hazards of different nature and improve safety of automated vehicles?,https://psas.scripts.mit.edu/home/wp-content/uploads/2016/04/20-Alvarez-W2016.pdf,12,, | |
| 443,Workers shall not be exposed to hazardous energy.,constraint,prevent,,constraint1,industry,2017,STAMP in Workplace Safety,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/2017-MIT-Tutorial-Howard_Release.pdf,9,, | |
| 451,ACS must provide attitude maneuver commands when ASTRO-H is rotating.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 452,ACS must not provide attitude maneuver commands in the same direction as rotation.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 453,ACS must not provide attitude maneuver commands when ASTRO-H is not rotating.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 454,ACS must provide attitude maneuver commands that are sufficient to slow ASTRO-H quickly.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,,"""too late"" parece UCA. confirmar" | |
| 455,ACS must not provide attitude maneuver commands too late after ASTRO-H has rotated too far.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 456,ACS must not provide attitude maneuver commands too early to achieve desired attitude.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 457,ACS must not stop providing attitude commands too soon before attitude has stabilized.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 458,ACS must not continue providing attitude maneuver commands too long after attitude has stabilized.,constraint,prevent,,constraint1,aerospace,2017,A Process for STPA: STAMP Accident Model of HITOMI and Expansion to Future Safety Culture,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Thomas-A-Process-for-STPA.pdf,9,, | |
| 469,The flight crew must never violate predetermined minimum/maximum altitude.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec, | |
| 470,The flight crew must never violate the minimum distance to other aircraft.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec, | |
| 471,The flight crew must have control of the aircraft all the time.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec, | |
| 472,The aircraft must never fly off the route specified at the flight plan.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec, | |
| 473,No access to aircraft equipment (electronic or physical) shall be allowed without authorization.,constraint,prevent,,constraint1,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,stpa-sec, | |
| 474,Aircraft must be dispatched.,constraint,prevent,,constraint,aviation,2017,STPA-Sec for Security of Flight Management System,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Felipe-Oliveira_STPASec-For-Flight-Management-System.pdf,6,constraint. stpa-sec, | |
| 483,The AMS must not let the air temperature reach values out of the prescribed limits for the destination environment.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,, | |
| 484,The AMS must not let the air pressure reach values out of the prescribed limits for thedestination environment.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,, | |
| 485,The AMS must not extract air from from the inappropriate sources at the inappropriate.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,, | |
| 486,The AMS must not transport air to inappropriate environments at inappropriate times.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,, | |
| 487,The AMS must not distribute air inside the aircraft which is unacceptably contaminated.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,, | |
| 488,The AMS must avoid H2O/Ice accumulation.,constraint,prevent,,constraint1,aviation,2017,A complete STPA Application to the Air Management System of Embraer Regional Jets family,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Andrea-Scarinci_STPA-Application-Air-Management-System-Commercial-Aviation.pdf,7,, | |
| 502,"Aircraft shall not enter a controlled airspace without broadcasting their location through Mode C, ADS-B, or IFF.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 503,Aircraft shall not enter a controlled airspace without verbal confirmation from the controller.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 504,"In areas where terrain masking may occur, the controller shall maintain awareness of aircraft that have requested access to the airspace.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 505,"When spin zones are in use, the controller shall not consider the area clear or safe.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 506,Controllers shall not approve requests for access to zones other than those that they are controlling.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 507,Controllers shall confirm that an aircraft has exited the zone via both voice communications and radar confirmation.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 508,Controllers shall monitor radar returns of aircraft that are ascending/descending to ensure minimum separation requirements.,constraint,detect,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,29,, | |
| 509,Controllers shall confirm that there are no rocket tests ongoing.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 510,Controllers shall confirm that the small arms range is inactive.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 511,UAS operator shall read back airspace clearance to controller.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 512,UAS operator shall immediately notify the losing controller if the UAV is incapable of exiting the old airspace.,constraint,mitigate,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 513,Wing safety shall ensure that the UAV software is updated with new airspace boundaries when they are changed.,constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 514,UAS operator shall immediately inform the controller if the UAV position becomes unclear.,constraint,mitigate,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 515,UAS operator shall immediately inform the controller in the event of a UAV malfunction.,constraint,mitigate,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 516,"UAS operations shall, when possible, be conducted well away from the boundaries of the airspace.",constraint,prevent,,constraint1,aviation,2017,STAMP applied to SUAS at Edwards AFB,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Sarah-Summers_Folse_STPA-Applied-To-SUAS-Use-At-Edwards-AFB.pdf,30,, | |
| 519,Radio communication should be in the disposal of the spotter and the operators.,constraint,prevent,,constraint1,other,2017,Towards a STAMP-Based Safety Plans Approach for Construction Projects,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Ioannis-Dokas_Towards-A-STAMP-Based-Safety-Plans-Approach-For-Construction.pdf,15,, | |
| 520,The spotter should have in his disposal visual signs to attract the attention of the operators.,constraint,prevent,,constraint1,other,2017,Towards a STAMP-Based Safety Plans Approach for Construction Projects,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Ioannis-Dokas_Towards-A-STAMP-Based-Safety-Plans-Approach-For-Construction.pdf,15,, | |
| 521,The spotter should be in a positions which will provide him the maximum possible observation range and minimum blind spots.,constraint,prevent,,constraint1,other,2017,Towards a STAMP-Based Safety Plans Approach for Construction Projects,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Ioannis-Dokas_Towards-A-STAMP-Based-Safety-Plans-Approach-For-Construction.pdf,15,, | |
| 531,Doors shall open at station when train is completely stopped and aligned with platform.,constraint,prevent,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,, | |
| 532,Doors shall remain closed when train is moving.,constraint,prevent,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,, | |
| 533,"Doors shall remain open when someone is in the doorway, the train shall not move until the doors close.",constraint,prevent,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,, | |
| 534,The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed.,constraint,mitigate,,constraint1,train,2017,STPA for the Internet of Things (IOT) ,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Greg-Pope_STPA-For-IoT-And-Mobile-Software_Slides.pdf,32,, | |
| 542,The aircraft must maintain minimum separation from potential sources of collision.,constraint,prevent,,constraint1,aviation,2017,STPA During Early Concept Formation for Military Rotorcraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/05/STAMP-2017-Workshop-STPA-Presentation-Approved-For-Release.pdf,6,, | |
| 543,The aircraft must be controllable by the pilot or piloting function in an OPV (optionally piloted vehicle) at all times.,constraint,prevent,,constraint1,aviation,2017,STPA During Early Concept Formation for Military Rotorcraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/05/STAMP-2017-Workshop-STPA-Presentation-Approved-For-Release.pdf,6,, | |
| 544,Airframe integrity must not be lost during flight.,constraint,prevent,,constraint1,aviation,2017,STPA During Early Concept Formation for Military Rotorcraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/05/STAMP-2017-Workshop-STPA-Presentation-Approved-For-Release.pdf,6,, | |
| 548,Autopilot must send objects to Autopilot HMI when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,, | |
| 549,Autopilot must send road signs to Autopilot HMI when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,, | |
| 550,Data Fusion and Assessment must provide assessed environment model to Autopilot when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,, | |
| 551,Driver must brake Model S when required.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,, | |
| 552,Driver must not perform other tasks when not allowed.,constraint,prevent,,constraint1,automotive,2017,Evolution Issues of Automated Driving Functions by Application of Systemic Accident Analysis: On the Example of the Tesla Model S Fatality,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/HosseBagschik_Tesla-Model-S-Fatality_v5.pdf,22,, | |
| 557,correct patient results must be reported to the Audiologist.,constraint,prevent,,constraint1,medicine,2017,STPA analysis for Clinical Programming Software of Cochlear Implant System for Profoundly Deaf People,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Kadupukotla-Satish-Kumar_STPA-Analysis-Of-Clinical-Programming-Software-For-Cochlear-Implant-System.pdf,38,, | |
| 558,Patient results must be reported to the Audiologist in a useable time frame.,constraint,prevent,,constraint1,medicine,2017,STPA analysis for Clinical Programming Software of Cochlear Implant System for Profoundly Deaf People,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Kadupukotla-Satish-Kumar_STPA-Analysis-Of-Clinical-Programming-Software-For-Cochlear-Implant-System.pdf,38,, | |
| 572,The LKA system must not allow the vehicle switch to lanes without the correct turn-indicator being actuated.,constraint,prevent,,constraint1,automotive,2017,Application of STPA to a lane keeping assist system,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Haneet-Singh_Application-Of-STPA-To-A-Lane-Keeping-Assist-System.pdf,12,, | |
| 573,The LKA system must not perform corrective action if the correct turn-indicator is actuated (if the direction of deviation is the same as the turn-indicator).,constraint,prevent,,constraint1,automotive,2017,Application of STPA to a lane keeping assist system,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Haneet-Singh_Application-Of-STPA-To-A-Lane-Keeping-Assist-System.pdf,12,, | |
| 574,The LKA system must verify that corrective action has beenperformed either from its inputs or feedback from the electrical steering system.,constraint,prevent,,constraint1,automotive,2017,Application of STPA to a lane keeping assist system,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/Haneet-Singh_Application-Of-STPA-To-A-Lane-Keeping-Assist-System.pdf,12,, | |
| 578,The aircraft must be maneuvered within the safety envelope.,constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,, | |
| 579,"Separation from other aircraft, terrain, obstacles must be maintained.",constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,, | |
| 580,The FI must assist the trainee in enforcing these safety constraints.,constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,, | |
| 581,The FI must take over the control to enforce these safety constraints if necessary.,constraint,prevent,,constraint1,aviation,2017,STPA-Based Model of Threat and Error Management in Dual Flight Instruction,https://psas.scripts.mit.edu/home/wp-content/uploads/2017/03/Ioana-Koglbauer_STPA-based-Model-Of-Threat-And-Error-Management-In-Dual-Flight-Instruction.pdf,6,, | |
| 588,TCAS must not interfere with the ground ATC system or other aircraft transmissions to the ground ATC system.,constraint,prevent,,constraint1,aviation,2018,Creating and Using Leading Indicators,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/other-Leveson-PUB-Leading-Indicators.pdf,28,, | |
| 589,TCAS must not disrupt the pilot and ATC operations during critical phases of flight nor disrupt aircraft operation.,constraint,prevent,,constraint1,aviation,2018,Creating and Using Leading Indicators,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/other-Leveson-PUB-Leading-Indicators.pdf,29,, | |
| 596,Toxic chemicals must be contained within plant equipment.,constraint,prevent,,constraint1,nuclear,2018,STPA Intro,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/JThomas-Batch-reactor-exercise.pdf,5,, | |
| 597,"Plant must be operated within limits (pressure, temperature, etc.).",constraint,prevent,,constraint1,nuclear,2018,STPA Intro,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/JThomas-Batch-reactor-exercise.pdf,5,, | |
| 598,"If toxic chemicals are not contained, damage must be mitigated.",constraint,mitigate,,constraint2,nuclear,2018,STPA Intro,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/JThomas-Batch-reactor-exercise.pdf,5,, | |
| 606,A/C must maintain minimum safe separation distance.,constraint,prevent,,constraint1,aviation,2018,STPA-Sec Case Study of a Next Generation Refueling Aircraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SPAN-STAMP_KC-X-STPA-SEC_FINAL_PA_Approved.pdf,8,stpa-sec, | |
| 608,A/C must maintain minimum safe altitude limits.,constraint,prevent,,constraint1,aviation,2018,STPA-Sec Case Study of a Next Generation Refueling Aircraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SPAN-STAMP_KC-X-STPA-SEC_FINAL_PA_Approved.pdf,8,stpa-sec, | |
| 611,Msn critical systems must be available when required to perform primary msn.,constraint,prevent,,constraint1,aviation,2018,STPA-Sec Case Study of a Next Generation Refueling Aircraft,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SPAN-STAMP_KC-X-STPA-SEC_FINAL_PA_Approved.pdf,8,stpa-sec, | |
| 646,Path panning must include the ability to pass through an intersection in movement calculation before moving forward into an intersection.,constraint,prevent,,constraint1,automotive,2018,Building Behavior Competency into STPA Process Models for Automated Driving Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Wed-cook-PUB-MIT_STAMP_2018_AV_Pres_Rev_MIT2.0.pdf,11,, | |
| 647,Sensor processing must have confidence and reduce false positive in distinguishing true moving target.,constraint,prevent,,constraint1,automotive,2018,Building Behavior Competency into STPA Process Models for Automated Driving Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Wed-cook-PUB-MIT_STAMP_2018_AV_Pres_Rev_MIT2.0.pdf,11,, | |
| 648,Sensor processing must have foliage as a class in machine learning list.,constraint,prevent,,constraint1,automotive,2018,Building Behavior Competency into STPA Process Models for Automated Driving Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Wed-cook-PUB-MIT_STAMP_2018_AV_Pres_Rev_MIT2.0.pdf,11,, | |
| 657,The public must not be exposed to pathogens in drinking water.,constraint,prevent,,constraint1,water,2018,A Systems Analysis of the 1998 Sydney Water Crisis,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Thurs-Merrett-PUB-Sydneys-Water-quality-Crisis-systems-analysis_v2.pdf,6,, | |
| 658,Public health measures must reduce risk of public exposure to unsafe water during incidents.,constraint,prevent,,constraint1,water,2018,A Systems Analysis of the 1998 Sydney Water Crisis,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/Thurs-Merrett-PUB-Sydneys-Water-quality-Crisis-systems-analysis_v2.pdf,6,, | |
| 665,SMS shall be designed according to standards.,constraint,prevent,,constraint1,aviation,2018,The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SMS-assessment-tool_MIT-STAMP-2018.pdf,21,, | |
| 666,SMS shall be implemented according to standards.,constraint,prevent,,constraint1,aviation,2018,The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SMS-assessment-tool_MIT-STAMP-2018.pdf,21,, | |
| 667,SMS shall be suitably scaled for the organization.,constraint,prevent,,constraint1,aviation,2018,The AVAC-SMS Metric for the Self-Assessment of Aviation Safety Management Systems,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/SMS-assessment-tool_MIT-STAMP-2018.pdf,21,, | |
| 689,SGC system must stop compressing gas when gas leaks to the environment.,constraint,mitigate,,constraint1,other,2018,Opportunities and Challenges of Applying STPA to Subsea Operations,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/STPA-to-Subsea-20180329-Kim.pdf,14,, | |
| 690,SGC system must be protected from abnormal operating conditions that can damage valuable components.,constraint,prevent,,constraint1,other,2018,Opportunities and Challenges of Applying STPA to Subsea Operations,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/STPA-to-Subsea-20180329-Kim.pdf,14,, | |
| 691,SGC system must always produce gas with maximum capacity.,constraint,prevent,,constraint1,other,2018,Opportunities and Challenges of Applying STPA to Subsea Operations,https://psas.scripts.mit.edu/home/wp-content/uploads/2018/04/STPA-to-Subsea-20180329-Kim.pdf,14,, | |
| 702,"Controller shall not open Door while train is moving, only when stopped.",constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 703,Controller shall not close Door while a passenger is in the doorway.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 704,Controller shall open Door in an emergency.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 705,Controller shall open Door when Train is stopped in Station.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 706,Controller shall report the state of the Door to the next-higher level of control.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 707,Controller shall allow time for passengers to exit & enter before attempting to close the door.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 708,The Controller shall warn passengers when the door is about to open or close.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 709,When the Train is stopped and not in a station and no emergency exists the Controller shall not open the door.,constraint,prevent,,constraint1,train,2019,Safety Guided Design Using STPA and Model Based System Engineering (MBSTPA),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Hurley__PUB__Safety-Guided-Design-Using-STPA-and-Model-Based-System-Engineering_x.pdf,4,, | |
| 718,Aircraft must maintain criteria for stable approaches.,constraint,prevent,,constraint1,aviation,2019,Active STPA – A Systems-based Hazard Analysis for Safety Management Systems (SMS),http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/1-Tues-Morn__Diogo-Castilho-on-Active-STPA.pdf,13,, | |
| 747,"At the launch rail, vehicle stages must be prevented from igniting before planned, even when subjected to commands or electric discharges.",constraint,prevent,,constraint1,aerospace,2019,STPA Applied to Launch Operations Management,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Merladet__PUB__STPA-MIT-STAMP-WORKSHOP-2019-28-03-19.pdf,13,, | |
| 748,"In the event of an unintended ignition, the vehicle must remain fixed to the launching rail, avoiding an unplanned route.",constraint,mitigate,,constraint1,aerospace,2019,STPA Applied to Launch Operations Management,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Merladet__PUB__STPA-MIT-STAMP-WORKSHOP-2019-28-03-19.pdf,13,, | |
| 749,"Vehicle stages and interfaces must be designed so that, in the event of an unintended ignition, they do not result in the vehicle explosion.",constraint,mitigate,,constraint1,aerospace,2019,STPA Applied to Launch Operations Management,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Merladet__PUB__STPA-MIT-STAMP-WORKSHOP-2019-28-03-19.pdf,13,, | |
| 771,Smartgrid must be able to meet unexpected demands.,constraint,prevent,,constraint1,energy,2019,STPA of Demand -Side Load Management in Smart Grids,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Karatzas__PUB__MIT-STPA-methodology-presentation-v1.pdf,7,, | |
| 772,Smartgrid must be able to meet local energy demands.,constraint,prevent,,constraint1,energy,2019,STPA of Demand -Side Load Management in Smart Grids,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Karatzas__PUB__MIT-STPA-methodology-presentation-v1.pdf,7,, | |
| 773,Smartgrid must be able to keep customers comfortable as desired.,constraint,prevent,,constraint1,energy,2019,STPA of Demand -Side Load Management in Smart Grids,http://psas.scripts.mit.edu/home/wp-content/uploads/2019/04/5-Thurs-Morn__Karatzas__PUB__MIT-STPA-methodology-presentation-v1.pdf,7,, | |
| 802,Vehicle must maintain safe distance from nearby objects.,constraint,prevent,,constraint1,automotive,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,, | |
| 803,Chemical plant must not release toxic chemicals into the atmosphere.,constraint,prevent,,constraint1,nuclear,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,, | |
| 804,Nuclear power plant must not release radioactive materials into environment.,constraint,prevent,,constraint1,nuclear,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,, | |
| 805,Vehicles must always maintain safe distances from each other.,constraint,prevent,,constraint1,automotive,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,, | |
| 807,Food products with pathogens must not be sold.,constraint,prevent,,constraint1,food,2020,Introduction to STPA,https://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/JThomas-STPA-Introduction.pdf,58,, | |
| 880,Ego vehicle must not leave the lane unless desired by the driver.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,, | |
| 881,Ego vehicle must not decelerate at rates greater than 4 m/s^2.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,, | |
| 882,Ego vehicle must decelerate at rates greater than 0.9 m/s^2.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,, | |
| 883,Ego vehicle must not accelerate at rates greater than 1 m/s^2.,constraint,prevent,,constraint1,automotive,2021,Using STPA to address challenges in achieving SOTIF,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-29-1230__Sidhu.pdf,14,, | |
| 889,"If ventilation turned off, the workplace must be abandoned immediately.",constraint,mitigate,,constraint2,industry,2021,Using STPA to identify conflicts in coal mining safety procedures,https://psas.scripts.mit.edu/home/wp-content/uploads/2021/06/2021-06-30-1220__Krzemien.pdf,7,, | |
| 920,AV must maintain a safe distance from VRUs and other stationary and moving objects in the surroundings.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,, | |
| 921,AV must adhere to the designated path.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,, | |
| 922,AV must adhere to the allowed operating limits advised by the traffic rules and ODD limitations.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,,falta contexto | |
| 923,AV must provide a comfortable experience to the passengers when driving or stationary.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,, | |
| 924,AV must never lose control.,constraint,prevent,,constraint1,automotive,2022,STPA for Autonomous Vehicles Functions,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-08-1120__Anas%20Shahzad__PUB.pdf,7,, | |
| 938,Aircraft should maintain a safe distance from obstacles and notify the operator when reaching the minimum distance.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,, | |
| 939,The aircraft must maintain constant communication with the base throughout the operation.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,, | |
| 940,The aircraft must be able to generate enough power to keep the systems running properly.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,, | |
| 941,Aircraft shall be capable of remaining airborn in a controlled manner throughout the operation.,constraint,prevent,,constraint1,aviation,2022,Use of the STPA Technique in the Requirements Definition of a Drone Power Generation System,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-09-1130__Paulo%20Mendes__PUB.pdf,6,, | |
| 959,Ship must not violate minimum separation from other ship.,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,, | |
| 960,Ship must not violate minimum separation from any stationary object or underwater object.,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,, | |
| 962,Ship must not enter into an unsafe area (low water-depth or stormy area).,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,, | |
| 963,The ship must be maintained properly so that the occurrence of fire is prevented.,constraint,prevent,,constraint1,maritime,2022,STPA for Passenger Ship Safety Analysis in Bangladesh,https://psas.scripts.mit.edu/home/wp-content/uploads/2022/2022-06-10-1120__Md%20Imran%20Uddin__PUB.pdf,12,, | |
| 994,Safe distance should always be kept and the crew must be aware when it is violated.,constraint,prevent,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,, | |
| 995,Depth should be continuously monitored.,constraint,detect,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,, | |
| 997,The possibility of progressive flooding should be monitored and detected on time.,constraint,detect,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,, | |
| 998,Heat and smoke detectors should trigger an alarm and extinguishing systems.,constraint,detect,,constraint1,maritime,2023,The utilization of STPA on the ship navigation system,https://psas.scripts.mit.edu/home/wp-content/uploads/2023/2023-06-08-1010__Marios-Anestis-Koimtzoglou__PUB.pdf,12,, | |