The UCA (Unsafe Control Action) table in Astah System Safety is a critical tool for analyzing control actions that have been defined in the Control Structure Diagram. In this table, you scrutinize each control action in the context of specific scenarios to identify which actions could be unsafe and potentially lead to hazards. This focused analysis is essential for pinpointing and addressing safety risks within the system, ensuring a thorough and effective STPA process.

section divider

Open an UCA Table

To open a UCA (Unsafe Control Action) table in Astah System Safety, you first need to have a Control Structure Diagram created within your project. This diagram should define the various control actions. Once this diagram is in place, you can proceed to identify UCAs by clicking on [Identify UCA (Unsafe Control Action)] in the [STPA Procedure] tab.
Identify Unsafe Control Actions in Astah System Safety

Or go to [Diagram] – [STAMP/STPA] – [UCA Table] to open the UCA table.
Create a UCA Table in Astah System Safety

When you open a UCA (Unsafe Control Action) table in Astah System Safety, it will display a list of Control Actions as depicted in your Control Structure Diagram. It’s important to note that any edits made to the Control Action names, as well as their source and target names within this table, will be reflected in the Control Structure Diagram. This interconnected functionality ensures consistency and accuracy across your STPA analysis documentation.

section divider

Four Guide words in the column

There are four ways a control action can be unsafe and these are included in the columns as “guide words” by default:

1. Not Providing – Not providing the control action leads to a hazard.
2. Providing causes hazard – Providing the control action leads to a hazard.
3. Too early / Too late – Providing a potentially safe control action but too early or too late.
4. Stop too soon / Applying too long – The control action is applied too long or is stopped too soon.

In Astah System Safety’s UCA table, by thoroughly filling out all four columns for each control action, you effectively test whether each control action meets critical safety requirements: being the correct action, provided at the right time, and lasting for the appropriate duration. If a control action fails to meet these requirements in any aspect, it can be identified as an Unsafe Control Action. This methodical approach is key in ensuring that all control actions are safe and appropriate for their intended contexts in the system.

In the UCA (Unsafe Control Action) table, it is important to specify for each UCA the specific hazard it leads to, as well as the context in which the control action becomes unsafe. This approach ensures a clear understanding of the risk associated with each control action, facilitating more targeted and effective safety measures.

section divider

Identify as UCA

  1. Double-click the column under guide words to open an [UCA] dialog appears.

  2. Click [Add UCA] button.
    Add UCA

  3. UCA box is automatically checked and ID is automatically added. Now specify why you identify this as UCA.

  4. Then double-click the [Violating Safety Constraint] field to open. Then you will see a list of Safety Constraints which you defined in the Loss Hazard Safety Constraint Table. Select one that this Control Action does violates.

  5. Now the Control Action is identified as UCA and it shows the description and the ID of Safety Constraint that the Control Action is violating in the UCA table.
    UCA Sample
section divider

Identify as Non-UCA

When filling out the UCA (Unsafe Control Action) table in Astah System Safety, it is recommended to complete all fields for each control action. Avoid leaving any fields blank or simply marking them as N/A, even for control actions identified as Non-UCA. Instead, for these actions, specify the reasons why they are considered safe. This comprehensive approach ensures a thorough analysis and provides clear documentation for why certain actions are deemed safe, contributing to a more robust and transparent safety analysis process.

  1. Double-click the column under guide words to open an [UCA] dialog appears.
  2. Click [Add UCA] button.
    Identify as Non-UCA

  3. Now specify the reason why this Control Action is identified as non-UCA.

    – The ‘UCA’ checkbox will be unchecked
    – ID will not be added
    – You cannot select the Safety Constraint because this Control Action is not violating any.