Goal structuring notation

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Goal structuring notation (GSN) is a graphical diagram notation used to show the elements of an argument and the relationships between those elements in a clearer format than plain text.[1] Often used in safety engineering, GSN was developed at the University of York during the 1990s to present safety cases.[2] The notation gained popularity as a method of presenting safety assurances but can be applied to any type of argument and was standardized in 2011.[1] GSN has been used to track safety assurances in industries such as clinical care[3] aviation,[4] automotive, rail,[5] traffic management and nuclear power[6] and has been used in other contexts such as security cases, patent claims, debate strategy, and legal arguments.[5]

History[edit]

The goal structuring notation was first developed at the University of York during the ASAM-II (A Safety Argument Manager II) project in the early 1990s, to overcome perceived issues in expressing safety arguments using the Toulmin method. The notation was further developed and expanded by Tim Kelly, whose PhD thesis contributed systematic methods for constructing and maintaining GSN diagrams, and the concept of ′safety case patterns′ to promote re-use of argument fragments.[2] During the late 1990s and early 2000s, the GSN methodology was taught on the Safety Critical Systems Engineering course at York, and various extensions to the GSN methodology were proposed by Kelly and other members of the university's High Integrity Systems Engineering group.[7]

By 2007, goal structuring notation was sufficiently popular that a group of industry and academic users came together to standardise the notation and its surrounding methodology, resulting in publication of the GSN Community Standard in 2011. From 2014, maintenance of the GSN standard moved under the auspices of the SCSC's Assurance Case Working Group.[8] As at 2022, the standard has reached Version 3.[1]

Criticism[edit]

Charles Haddon-Cave in his review of the Nimrod accident commented that the top goal of a GSN argument can drive a conclusion that is already assumed, such as that a platform is deemed acceptably safe. This could lead to the safety case becoming a "self-fulfilling prophesy", giving a "warm sense of over-confidence" rather than highlighting uncertainties, gaps in knowledge or areas where the mitigation argument was not straightforward.[4] This had already been recognised by Habli and Kelly, who warned that a GSN diagram was just a depiction, not the safety case itself, and likened it to Magritte's painting The Treachery of Images.[9] Haddon-Cave also criticised the practice of consultants to produce "outsize GSN charts" that could be yards long and became an end in themselves rather than an aid to structured thinking.

See also[edit]

References[edit]

  1. ^ a b c The Assurance Case Working Group (May 2021). Goal Structuring Notation Community Standard Version 3. ISBN 979-8451294949.
  2. ^ a b Kelly, Timothy Patrick (September 1998). Arguing Safety – A Systematic Approach to Managing Safety Cases (PDF) (PhD thesis). University of York.
  3. ^ Ge, Xiaocheng; Rijo, Rui; Paige, Richard F.; Kelly, Tim P.; McDermid, John A. (2012). "Introducing Goal Structuring Notation to Explain Decisions in Clinical Practice". Procedia Technology. 5: 686–695. doi:10.1016/j.protcy.2012.09.076. ISSN 2212-0173.
  4. ^ a b Haddon-Cave QC, Charles (28 October 2009), The Nimrod Review, London: The Stationary Office
  5. ^ a b Cabot, Jordi (12 February 2014). "Goal Structuring Notation – a short introduction". Modeling Languages. Retrieved 21 June 2018.
  6. ^ Spriggs, John (2012). GSN - The Goal Structuring Notation. Springer London. doi:10.1007/978-1-4471-2312-5. ISBN 978-1-4471-2311-8.
  7. ^ Hawkins, R.D.; Kelly, T.P. (July 2010). "A Systematic Approach for Developing Software Safety Arguments". Journal of System Safety. 46 (4): 25–33. ISSN 0743-8826.
  8. ^ The Assurance Case Working Group (Jan 2018). Goal Structuring Notation Community Standard Version 2.
  9. ^ Habli, Ibrahim; Kelly, Tim (August 2007). Safety Case Depictions vs. Safety Cases – Would the Real Safety Case Please Stand Up? (PDF). 23rd International System Safety Conference.