Tailoring STPA for SOTIF: Terminology Mapping and Methodological Extension

Abstract

According to ISO 21448, it is essential to consider the Safety of the Intended Functionality (SOTIF) to ensure the safety of automated vehicles. A key objective for SOTIF is the identification and analysis of triggering conditions and functional insufficiencies. To support this objective, ISO 21448 suggests the System Theoretic Process Analysis (STPA) as a suitable analysis technique. Although STPA is a promising hazard analysis method, it was not specifically developed for SOTIF. Consequently, it is necessary to create a terminology mapping and methodological extension in order to adapt STPA for SOTIF. For example, STPA terms such as ``loss'' have more specific meanings than their ISO 21448 counterparts. At the same time, SOTIF requires a systematic analysis of scenarios to identify triggering conditions and functional insufficiencies. Although STPA is suitable for scenario-based analyses, it does not guide the scenario specification. To address the identified gaps, this article proposes the use of SOTIF-specific terminology mapping and an extension to the STPA method. These extensions include a behavior specification and hazard identification approach, building the foundation for a STPA tailored for SOTIF. With these changes, it becomes possible to trace the STPA artifacts to ISO 21448 objectives.