Skip to main content
European Commission logo

Enhanced Safety Assessment for Complex Systems

European Union
Geo-spatial type
Project Acronym
STRIA Roadmaps
Vehicle design and manufacturing (VDM)
Transport mode
Airborne icon
Transport policies
Environmental/Emissions aspects,
Societal/Economic issues,
Transport sectors
Passenger transport,
Freight transport


Background & Policy context

The unavoidable increase in the complexity of systems means that there must be a suitable boost in the capability of safety engineers to maintain safety levels. <?xml:namespace prefix = o ns = 'urn:schemas-microsoft-com:office:office' />

ESACS intended to develop an environment and a safety method to help safety engineers in the assessment of complex systems, so that there will be no detriment to the safety of systems due to their increase in complexity.

This implies a positive effect on the environment. The ability to at least maintain safety levels ensures that the situation is appropriate for the protection against an increase in possible incidents or accidents and hence environmental damage. Significant environmental savings that may be gained, as a consequence of using this enhanced safety assessment environment and method, lie, for instance, in the areas of petroleum refineries, chemical plants, and in the nuclear energy sector.

The safety issues dealt with in the ESACS project are related to certification aspects, hence there could be an impact on standards, e.g. resulting in a refinement of ARP 4754 in addressing complex systems development.

The ESACS approach, drawing on the use of formal methods, virtual prototyping and simulation, and formal verification engines, is now in the prototype stage, but has the potential to become a common practice applied to the whole system engineering process and related discipline in the future.

A follow-on project ISAAC (Improvement of Safety Activities in Aeronautical Complex systems; FP6 1st call, start date 1/2/2004) will further improve and enlarge the scope of ESACS results and applicability.


The technical and scientific objectives of ESACS are to define a method supported by tools to improve the ability of the safety engineer to satisfy the objectives of the systems safety analysis methodology, as defined by internal company directives or by ARP4761 for complex systems development. <?xml:namespace prefix = o ns = 'urn:schemas-microsoft-com:office:office' />

A common environment of design and safety was set up consisting of tools (in the area of 'formal methods' and in the area of 'safety tools') to generate parts of the safety analysis (e.g. Fault Tree Analysis) using information extracted directly and automatically from a formal system model, this way improving the effectiveness of the link between design and safety processes.

Applications of the new methodology and tools will initially be in the aeronautical sector.

In a subsequent phase the methodology and the tools may also be applied to other industrial domains that deal with safety or cost critical applications (aerospace, railways, automotive, defence, etc.).

The forecast added values resulting from ESACS are:

  • Increased efficiency in applying the current safety process for aeronautical products;
  • Reduced development/production time and costs;
  • Increased level of competitiveness of the European aircraft industry;
  • Increased opportunities for employment in European i

The ESACS technical work was methodologically organised in the following work packages:

  • WP1 deals with the identification of the requirements needed for the Complex Systems safety assessment / certification process. The requirements are identified through the analysis of the applied System Safety Assessment procedures. The aim is to find the points / development phases where the safety analysis process would benefit from the addition of a toolset / environment and method, and the required attributes of the tools and method. This toolset / environment and method should support the current safety process in achieving the required objectives and better integrate the safety process with the design / development process.
  • WP2 represents the core of the project, dealing with the development of an enhanced safety analysis methodology and a tool-based environment. Results from WP2 will provide a closer link between system modelling tools (like STATEMATE, SCADE, etc.) and the safety analysis techniques (classical ones like FTA or FMEA, as well as new ones developed within ESACS), and it will provide novel powerful analysis techniques based on formal verification methods used on a system model enriched also with failed behaviours.
  • WP3 deals with the definition of the case studies that were used to validate the outputs of WP2.
  • WP4 represents the application of the methodology and of the environment to the case studies.
  • WP5 represents the dissemination / exploitation. Papers were prepared and conferences were attended. Certification authority representatives were involved in the project to inform them of project result and obtain their feedback. This feedback was positive and supported the follow-on project ISAAC.

At the end of the project, the following conclusions can be drawn: the success of the project is pointed out from the achievement of its technical objectives, i.e. the establishment of a methodology and of an environment able to better integrate the safety process with the design / development process.


Parent Programmes
Institution Type
Public institution
Institution Name
European Commission, Directorate-General for Research (DG Research)
Type of funding
Public (EU)


Lead Organisation
EU Contribution
Partner Organisations
EU Contribution


Contribute! Submit your project

Do you wish to submit a project or a programme? Head over to the Contribute page, login and follow the process!