CAUSALIS Limited
promoting the safety of systems since 1998

CAUSALIS Ingenieurgesellschaft mbH
since/seit 2015

Publications

A selection of recent publications from Causalis Limited

Technical Report of the INS Project 1234: Improvement of the Applicability of Formal Methods of the Functional Safety Base Standard IEC 61508-3 (DIN EN 61508-3, VDE 0803-3)
This report was created by Dr.-Ing. Bernd Sieker during a project for the German electrotechnical standardisation orginsation DKE, financed by the German Federal Ministry for Economic Affairs and Energy (BMWi). It is the bsais for a New Work Item Proposal for the new version of the International Standard IEC 61508. It contains mathermatical-logical methods and techniques for the specification and development of software for programmable electronic systems to ensure traceability and fulfilment of safety requirements throughout all phases of development.

Resilience is an Emergent System Property: A Partial Argument
Presented at the Safety-Critical Systems Symposiom 2016Systems are collections of objects exhibiting joint behaviour. Sometimes this behaviour is anticipated, sometimes not. We have studied a number of types of complex systems and their failures, including electricity supply grids, motorways, the financial system, and air traffic control. We wish to argue that the resilience of such systems is largely an emergent property of the systems. We illustrate that thesis here through analysis of three electricity blackout events. We consider one event in detail and two others summarily.

Ontological Hazard Analysis of a Communication Bus System
An Ontological Hazard Analysis is performed on an abstract example of a communications bus for a road vehicle. The purpose of this note is paedagogical to show how an OHA proceeds on a E/E/PE example.

SpanAir Accident at Madrid
A Why-Because Analysis of SpanAir Flight 5022 (“JK5022”). The aircraft lifted off from Runway 36L, briefly got airborne, stalled, slid and bounced through uneven terrain, hit obstacles. It finally came to rest, disintegrated and caught fire. Most of the occupants were killed.

European Electricity Blackout (Nov 2006)
A Why-Because Analysis of the Disruption in the European Power Grid in the night between the 4 and 5 November 2006. A high-voltage line had to be turned off to let a cruise ship pass underneath. The following load re-distribution caused many other lines to trip, splitting the European power grid into three parts with a generation/consumption imbalance. In areas with under-generation, consumers had to be disconnected from the grid. During the peak up to 15 million people in Europe were without electricity.

Incident-Reporting using SERAS™ Reporter and SERAS™ Analyst
A case study of Why-Because Analysis starting with SERAS™ Reporter and following with SERAS™ Analyst.

Definitions for Safety Engineering
We give the definitions of common concepts in safety related systems which we have found to work the best.

An Overview of IEC 61508 on E/E/PE Functional Safety
What IEC 61508 is about, how it is standardised, how used.

Reverse Engineering Examples
This paper presents two reverse-engineered analyses, 1. different take-off configurations of an Airbus A320 plane, which were developed based on information published in the aircraft’s FCOM (Flight Crew Operating Manual) and 2. the interaction between multiple components controlling the fuel flow in Boeing’s B777 aircraft.

Bieleschweig IX – Analyzing the Brazilian MidAir
The slides of the talk “Analysing the Brazilian MidAir” held by J. Stuphorn at the IX. Bieleschweig Workshop at Germanischer Lloyd in Hamburg, Germany. This analysis presents an approach to causal accident investigation based on incomplete information, demonstrated on the increasingly detailed information available after the collision of a Boeing B737 and an Embraer Legacy over the Amazonas.

Why-Because Analysis using SERAS™ Analyst
In this brochure, the functionality and possibilities of WBA and its support with SERAS™ Analyst are described.

Amazonas MidAir Collision – WBA of public information
Causal Analysis of the Amazonas Mid-Air near GOL flight 1907 and an Embraer Legacy operated by US based ExcelAire based on information made public in newspapers, magazines and preliminary accident reports.