STPA-Based Hazard Analysis
Structured analysis engagement; deliverable is a documented hazard analysis report with recommendations
The Problem
You’re deploying a system that could hurt someone, and you don’t have a clear picture of how. Your team doesn’t have the vocabulary, the methodology, or the bandwidth to work through it systematically. Regulatory frameworks like the EU AI Act are beginning to mandate documented risk assessments for high-risk AI systems — if you don’t have this, you’re already behind.
Analyzing potential harm in AI-enabled systems remains genuinely hard. The industry lacks formal alignment on standards, and adding AI into traditional engineering contexts makes everything more complicated. The question isn’t whether you have risk — it’s whether you know what it is.
The Offering
I offer a structured, systematic review of products and systems from conceptual development through deployment. The goal is to give you a realistic understanding of the risks you face in developing, deploying, or using a system. I use several methodologies, primarily System Theoretic Process Analysis (STPA), to identify hazards, constraints, and mitigations for the systems under review. I will work with you, your team, and the system’s stakeholders to validate the work before providing actionable recommendations for how to manage or mitigate your risk to a reasonable level.
The work falls into three phases:
The scoping phase
We will spend the first meetings and exchanges of information getting to know each other and allowing me to understand how much work a thorough analysis will take. I will provide you with a plan and a timeline at the end of the phase. If we are not aligned on the timing or scope, we can end the engagement.
You keep the scoping documents
Use them to conduct your own analysis or bring them to other consultants.
The analysis phase
I will work with you, your team, and the stakeholders of the system–to the extent practical–so I can run a formal analysis of the system. This involves identifying the goals, related harms or losses, the system boundary, and then the control structures in play. I will then carry out the work of identifying hazards and the unsafe control actions that may lead to them and we will discuss where it’s possible to alter the system’s designs or add additional controls to manage the risk.
Recommendations and debrief
After the analysis is complete, I will provide you with a list of prioritized recommendations based upon my finding. Many will be technical changes, though many others may be operational and organizational in nature. We will discuss how you plan to implement them and whether you feel you need to put me on retainer to address questions as they arise.
What’s Included
- Scoping Docs: a plan of action, timeline for delivery, initial assessment of the risk involved with the concept or product based on the information available
- A formal hazard analysis, including: hazards, constraints, causes, and realistic loss scenarios
- Recommendations for managing and mitigating hazards and losses
- A presentation to your leadership (additional fees for traveling to location)
Pricing
Pricing will be set based on the scope of the project. There is a $20,000 minimum for the full project, plus travel expenses, to ensure I have enough time for all three phases (even for small projects). Larger projects may increase in cost up to $120,000 or higher. System complexity, scale, and the criticality of safety within its usage will factor heavily into the cost structure. No matter the size of the project, you will receive a thorough analysis of your system and the recommendations for how to navigate tradeoffs between safety and value.