Enabling digital transformations in industries and a society


With examination of and reference to System Theoretic Accident Model and Processes (STAMP) and its safety analysis application, "System Theoretic Process Analysis "STPA." IPA/SEC is conducting research and survey of safety analysis and evaluation processes in alignment with Japanese software development standards.


Traditional safety analysis methods are all 40-65 years old, but our systems have changed completely

  • Stamp Background


STAMP: Systems-Theoretic Accident Model and Processes

Premise: Some properties can only be treated adequately in their entirety, taking into account all social and technical aspects. These properties emergently arise from the relationships among the components of the system

  • All mechanisms are explained from the interaction of the components of the system
  • Causes of actions not working, considered as "improper (in)action of control action", are limited
  • STAMP_Figure1

STPA Procedure


Step 0-1: Define Purpose of the Analysis

Define target Accident (prevention target event), Hazards (potential situation to accident) and identify Safety Constraints to control Hazards on the system

Step 0-2:Model the Control Structure

Construct Components (subsystem, equipment, organization) and the Interactions (direction, feedback data). Analyze them in order to draw a Control Structure

Step 1:UCA Identification of Unsafe Control Action

For every Control Action on the Control Structure, identify Unsafe Control Actions which may lead to Hazards by applying four guide words. Control Action is defined as necessary interaction to implement Safety Constraints.

Step 2:HCF Identification of Hazard Causal Factors

For every UCA, construct Control Loop Diagram and identify the Hazard Causal Factors (HCF) using guide words. Identify Loss Scenarios.

Final Step :Countermeasures

Deploy countermeasures as safety analysis results


  • STPA Procedure_Image

IPA/SEC activities in promoting STAMP/STPA

Our goal :
  • To disseminate system-based safety analysis based on STAMP/STPA implemented for Japanese industries
Our activities:
  • Development of processes and guide words of STAMP/STPA through trial analysis
  • Demonstration of the analysis approach on practical systems and services in Japan
  • Dissemination of the approaches with seminars and workshops

STAMP tool STAMP Workbench

  • Methods supported:STPA
  • Features:Open-source, free, easy to use, intended for those interested in using STAMP/STPA on real Systems.

The introductory guidebook of STAMP/STPA

The introductory guidebook of STAMP/STPA

Challenges in STPA application

With few available conceptual and process descriptions, beginners don’t know how to implement STPA.

This introductory guidebook aims:
  • To describe detailed processes in each safety analysis step of STPA, with an example of a train crossing control system
  • To show some examinations on how to derive the output from the input

STAMP Workshop in Japan

IPA/SEC held its first STAMP workshop in cooperation with MIT in Japan.