Safety Cases for Residential Buildings

In response to the Hackett report on Grenfell, the UK government is introducing legislation which will require safety cases for large residential buildings:

When residents move into a building that falls under the new set of rules, it will need to be registered with the Building Safety Regulator and apply for a Building Assurance Certificate. The Accountable Person will need to conduct and maintain a safety case risk assessment for the building and appoint a Building Safety Manager to oversee it day to day. [Emphasis added]

A safety case is a structured argument, supported by evidence, showing that a system (in this case a building) is safe for its intended purpose. Safety cases were originally developed for complex systems like aircraft and oil rigs, but the Grenfell disaster showed that large residential buildings can also be complex systems that harbour unexpected safety hazards.

Safety cases are now well established as key components of complex engineering projects, but for the construction and building management industries they are a new and unknown quantity. What does a “structured argument” look like? Where does it come from? How is this different from the regulatory compliance that the building industry has always undertaken?

Goal Structuring Notation

To get a Building Assurance Certificate you need to give the Regulator something that they can understand quickly. Human languages are not very good for complex arguments.  You need to explain chains of inference with lots of references to evidence and other bits of the argument. Doing this with hundreds of bits of evidence is hard to get right, and the result is even harder for the Regulator to read and verify.

Goal Structuring Notation (GSN) solves this problem. You write each fact you need to prove as a “goal”. Your top goal is “The building is safe for its intended purpose”. Underneath that you write sub-goals which add up to the top goal. Keep on breaking down goals like this until you get down to detailed goals like “Each flat is fitted with a mains-powered smoke alarm with a standby battery” which can be checked against evidence (such as plans or an inspection report).

There is no standard form or template for a GSN argument, so writing them takes a bit of practice. Regulations often have an argument embedded within them. For instance, the UK residential fire safety guidance (para 1.10) say: “Each flat in a block should have alarms as set out in paragraphs 1.1 to 1.4. With effective compartmentation, a communal fire alarm system is not normally needed“. So one of your goals will be “There are appropriate provisions for the early warning of fire”, and this will depend on a sub-goal that shows how you meet paragraphs 1.1 to 1.4 and also on a goal relating to compartmentation. The resulting argument looks like this:

An example GSN diagram arguing that smoke detectors in flats are sufficient.
Example GSN Argument for Smoke Detectors

The side bubble labelled “J3.1” is a “justification” explaining why this argument is valid. The bottom bubble “Sn1” is a “solution” which describes the evidence. Goal “G2.1.1” is expanded into sub-goals in a separate argument elsewhere in the Safety Case.

The Diametric Safety Case Manager

The Diametric Safety Case Manager (DSM) is a program for editing and managing large, complex safety cases. The diagram above was produced in it, but it is much more than just a drawing tool. Once you have your safety argument in GSN you can use the DSM query features to generate custom reports for different stakeholders or to find out the impact on the safety case from any proposed renovations.

You can download the DSM with a trial license. Once you have it installed you can try it out with this example file: Fire Safety Case for a Building (63 downloads) . Or you can just read a report produced automatically from that file.

To see how to build up a safety case using the DSM, try looking at our demonstration videos.