A safety-critical system comprising several interacting and software-intensive systems must be carefully analyzed to detect whether new functional requirements are needed to ensure safety. This involves an analysis of the systemic properties of the system, which addresses the effect of the interaction between systems and system parts. The paper compares two hazard analysis methods, which are often considered well-suited for such software-intensive systems: the Functional Hazard Analysis (FHA) and Systems-Theoretic Process Analysis (STPA). The focus is on the selection and improvement of the best methods, based on the lesson learned from the comparison of FHA and STPA. The analyses cover the hazard analysis processes, systemic properties, and the criteria of requirements. The paper concludes that STPA is the better choice over FHA. Insights are obtained to align both STPA and FHA methods with the broader topic on risk management, that is, hazard analysis method improvement, cautionary thinking, uncertainty management, and resilience management.

必须仔细分析包含多个交互系统和软件密集型系统的关键安全系统，以检测是否需要新的功能要求来确保安全。这涉及对系统的系统属性的分析，该分析解决了系统与系统部件之间交互作用的影响。本文比较了两种危害分析方法，它们通常被认为非常适合此类软件密集型系统：功能危害分析（FHA）和系统理论过程分析（STPA）。根据从FHA和STPA的比较中学到的教训，重点在于最佳方法的选择和改进。这些分析涵盖了危害分析过程，系统特性和要求标准。本文的结论是，与FHA相比，STPA是更好的选择。