How to Perform Hazard Analysis on a 'System-of-Systems'
Many people seem to believe that a different type of hazard analysis is required for a “system-of-systems” than for just a complex system. The task to do a system-of-systems hazard analysis has even been added to the official requirements for system safety of military systems in the U.S. (MIL- STD-882) in additional to a task for traditional system hazard analysis. The definition of a system, however, as defined in System Theory, already incorporates all the supposedly new properties. Perhaps the new term has been invented because most of traditional hazard analysis techniques do not scale up to the complexity of modern defense and other systems (essentially what is being called a system-of-systems). Much of the confusion arises from the formal definition of a system. This paper clarifies the definition of a system and shows how STPA can be used for what has been labeled (erroneously) as a system-of-system, without any changes to STPA. A very complex military system, created by composing both existing and new systems, is used as the example.