How do we know if a complex system is suitably safe?


Evolution in technology results in complexity of various systems making them difficult to predict and control. This further trickles down to a lack of systems assurance across the supply chain, a shortfall that raises eyebrows due to the degree of uncertainty that reflects the lack of a recognized system assurance. Categorically, this problem is common with artificial systems that are subject to subsequent upgrades or are manufactured in global regions with varying technical and operational systems. Previously, various approaches outlining the methodology used to achieve the enabling conditions and engineering processes required during systems development, certification and operations have been well defined. Failure to achieve some of the measures put in place have in recent times resulted in systems malfunction and/or fatal accidents: case and point, the Mars Polar Lander malfunction and the Columbia disaster in 2003. A review of existing literature reveals that several issues which prevent the accurate prediction of system behavior are still unresolved.

In addition, shortfalls in knowledge and practice also lead to inconsistencies in the approach adopted across the supply chain, where the supply chain is characterized as the designer, builder and user communities. In a recent publication, a group of researchers from Cranfield University at the Defence Academy of the United Kingdom: Dr Graham Farnell, Dr Alistair Saddington, and Laura Lacey proposed a novel approach based on a methodology that could address both new and legacy systems. The research team presented an enterprise approach by observing the importance of all organizational contributions to a safe working system throughout the intended project life cycle. The necessity for such a development was largely catalyzed by the need to address the certification of the F-35B stealth fighter for UK operations from 2012 onwards. Their work is currently published in the research journal, Reliability Engineering and System Safety.

The acquisition of the F-35 stealth fighter by the UK authorities provided several challenges, given inconsistencies between US and UK socio-technical policies and in the arrangements necessary to address the variations in technical standards. As such, the researchers adopted a methodical approach. This approach, in part, focused on assessing and comprehending the systems behaviour in two aspects: assurance in complex systems and the shortfalls in knowledge and practice.

The authors reported a pragmatic strategy to achieve systems control by adopting a holistic approach to systems engineering while promoting the development of an enabling environment that can determine system threats and enable appropriate controls. Moreover, the F-35 case study achieved success through a collaborative approach, where the partners added value through the joint development of a common set of objectives representing system requirements and organizational ambitions.

In summary, the study described a new methodology to achieve assurance in novel and complex systems. Remarkably, the proposed holistic approach to systems engineering and assurance was fruitful as in incorporated a systematic coordination process that helped minimize the potential for ‘organizational drift’. Cranfield University scientists highlighted that the presented methodology provided the confidence assessment for a particular product or system while remaining agnostic to regulatory constraints. They further added that the diligent completion of the methodology increases systems confidence and informs the regulatory environment.

How do we know if a complex system is suitably safe? - Advances in Engineering

About the author

Dr Saddington was appointed as a Senior Lecturer in the Aeromechanical Systems Group in 2010. He graduated from Cranfield Institute of Technology (now Cranfield University) with a BEng (First Class) in Aeromechanical Systems Engineering in 1993 and was awarded an EngD in 1997 for research on STOVL propulsion integration.

Following industrial experience with Rolls-Royce (Bristol), where he worked on compressor aerodynamics for the Lockheed F-35 propulsion System, he returned to academia in 1999 with a Lectureship in the Aeromechanical Systems Group. Dr Saddington has experience as an external examiner in both taught and research roles at a number of academic institutions. He is a regular reviewer for academic journals and has acted as a session chair for several aerodynamics conferences. He has published over 70 research articles in books, journals and conference proceedings.

About the author

Graham Farnell is the Engineering Director for BAE SYSTEMS Maritime Services. Graham joined BAE SYSTEMS recently after 30 years in the Royal Air Force where he achieved the rank of Air Vice-Marshal, having undertaken a wide range of operational, engineering, transformation, safety, Type Airworthiness, programme delivery and general management roles.

A systems engineer with programme delivery and general management experience, Graham as the Project Director and Type Airworthiness Authority for the F-35 air system, led the procurement and certification of the F-35 during its introduction to service. Graham led a team to develop the early pathway for the integration of the F-35 air system into the future Carrier Strike capability, working closely with BAE SYSTEMS, Lockheed Martin, the US DoD, the Royal Navy and the Royal Air Force. Graham also performed the roles of Director Safety Improvement and Director Combat Air during his tenure with Defence Equipment and Support. Prior to BAE, Graham led an international NATO procurement agency in the role of General Manager, working with four collaborative partners Germany, Italy, Spain and the United Kingdom, where he successfully advanced the delivery of capability in weaponisation and critical sensor programmes for the Typhoon platform.

Graham holds a first degree in air transport engineering and is an alumnus of Kings College, Cranfield and City universities, a chartered engineer and a Fellow of the Royal Academy of Engineering.

About the author

Laura Lacey is a Lecturer at Cranfield University, UK. She completed her degree in Aerosystems Engineering (MSc) at Loughborough University and Aeromechanical Engineering (BEng) at Cranfield University. She is currently studying for her PhD with Cranfield University.

She lectures on Systems Engineering, Through-life System Sustainment and Military Aerospace and Airworthiness master’s courses and covers the topics of availability, reliability, maintainability and airworthiness. Her lecturing has taken her to Australia, Chile and India. Her specific area of research is no fault found and the links to availability and airworthiness. A conference paper and a report for the UK Ministry of Defence on this area of research have been produced. Additionally, she has produced conference papers and book chapters on dependability, and health and usage monitoring with a focus on the defence environment. She has provided technical expertise and acted as an engineering assessor for Ministry of Defence maintenance contracts.


G.P. Farnell, A.J. Saddington, L.J. Lacey. A new systems engineering structured assurance methodology for complex systems. Reliability Engineering and System Safety, volume 183 (2019) page 298–310.

Go To Reliability Engineering and System Safety

Check Also

DTU Wind Energy developed a fast simulation approach to enable digital twins of large-scale structures - Advances in Engineering

DTU Wind Energy developed a fast simulation approach to enable digital twins of large-scale structures