Introduction Safety critical systems are defined as
Safety-critical systems are defined as those systems where failure could result in the loss of life or injury to people, damage to equipment or to the environment . Safety standards, e.g., , , , , , expect appropriate safety analysis tasks to be integrated within the design and development life TKI258 early, iteratively and on an ongoing basis. Generally this is taken to mean they should occur during the requirements capture and high level specification phases (e.g., see , , , ), and is consistent with studies that have shown that a large proportion of anomalies occurs there , .
A challenging trend from an engineering viewpoint is the use of Commercial Off The Shelf (COTS) (Commercial Off The Shelf) components in safety-critical systems. COTS components ostensibly reduce costs and development time for complex systems. However, there are obvious difficulties in incorporating such ‘black-box’ components in the safety critical software engineering setting, and care is needed in the management of assumptions and expectations across supply chains.
Other work by the second and third authors has considered the challenge of early life cycle safety integration, leading to an approach to safety able to deliver early life-cycle models of requirements and high-level architectural design amenable to a wide range of safety analyses. This work is based on Problem Oriented Engineering (POE; see, for instance, , , ), an emerging framework for engineering as problem solving . POE has developed (since 2001) into a collection of thought tools for the problem solving activities that underpinning design and engineering. As such POE research encompasses both theory and application, spanning the continuum from speculative thinking to experimentation and empirical work. POE has been extensively validated in industrial practice , , , , ,  with increasing evidence of beneficial process improvement, which was also a concern in this study.
Overview of the case study
Problem oriented engineering POE is an emerging framework for engineering, the creative, iterative and often open-ended undertaking of designing and building products, systems and processes that address real-world problems. POE is design theoretic, by which we mean it provides a theory that characterises the elements of problem solving in terms of the effect they have on the process of design rather than on an artefact. Design in POE can use many types of design activities, including Weick\'s ‘sensemaking’ , various formal and informal refinement techniques, Jackson\'s problem progression , the use of architectures, etc, each of which is captured by the effect it has on design (see  for details). Previous studies , ,  have shown that POE to be a good fit for system safety. In particular, General Dynamics, UK (GDUK) has used POE techniques in the safety-critical development of many military systems since 2007, including in the design of the stores management system for the Royal Navy Wildcat Helicopter and the Harrier JumpJet. GDUK has also used POE to introduce requirements models amenable to safety analysis in the early stages of their safety-critical product development process, thereby allowing early investigation of safety behaviour and identification of safety anomalies, and improving design processes for military systems. In the case of the Wildcat Helicopter, POE allowed the early identification of twelve interaction issues whose resolution led to an improved design. One contribution to knowledge of that research is the POE Safety Pattern (PSP; ), shown on the right of Fig. 6, a process pattern for capturing high-level descriptions of system requirements and domain properties and assumptions through detailed problem models coupled with their traceable and justifiable step-wise transformation to specifications and high-level architectural design artefacts, with the essential quality that those problem models are amenable to various forms of safety analysis. The steps of the PSP are described in Table 1. The use of the PSP will be discussed in detail in the case study.