Safety Factories for Cyber-Physical Systems

• Safety Factories are cyber-physical system development environments that integrate machine-processable safety artifacts into CI/CD pipelines.
• They enable continuous safety builds and automated impact analyses, ensuring that system changes consistently validate safety claims.
• Leveraging mono-repositories and live, interactive models, Safety Factories enhance accountability, traceability, and overall safety assurance.

Safety Factories are defined as an evolution of software factories, extending the automation, discipline, and rigor of software development pipelines to the safety engineering domain in cyber-physical systems. This approach advocates integrating safety tooling, formal models, and automated consistency checks directly into software build and delivery pipelines, thereby bridging the current disconnect between rapid software evolution and systematic safety assurance in safety-critical systems (Cârlan et al., 10 Sep 2025).

1. Definition and Concept

Safety Factories are presented as cyber-physical system development environments in which safety engineering work products—such as hazard analyses, safety cases, and risk assessments—are captured as machine-processable artifacts alongside code and tests. Rather than treating safety engineering as a set of isolated, manual, often document-based processes, Safety Factories formalize these safety artifacts using semantically rich domain-specific languages. These artifacts are integrated into mono-repositories (the “single source of truth” approach), version controlled, and subject to the same automation and transparency guarantees as modern software development life cycles.

The core idea is “safety as code”: every artifact related to safety is created, stored, versioned, and processed as an executable model, not as static documentation. This enables Safety Factories to run continuous “safety builds” (analogue to continuous software builds), automatically check for consistency, and trigger impact analyses as part of the overall continuous integration/continuous delivery (CI/CD) pipeline.

2. Integration of Safety and Software Development

Safety Factories integrate safety engineering and software development via several key mechanisms:

• Machine-Processable Safety Artifacts: Safety work products are encoded using formal, semantically rich representations (domain-specific languages or model formats), ensuring all claims, evidence, and constraints are automatically verifiable.
• Continuous Automated Safety Builds: Parallel to system builds, the safety build system performs automatic consistency checks. Each system version is continuously assessed to ensure that software changes do not invalidate safety claims. This process can be informally described as:

$S = f(\text{Artifacts}, \text{Checks})$

where $S$ is the safety consistency score as a function of artifacts (hazard logs, requirements, safety cases) and checks (performed by tools in the pipeline).

• Automated Impact Analysis: Any change in the repository (not only in explicitly safety-related code) triggers automated analysis to determine which safety artifacts are affected. This ensures changes are systematically propagated through requirements, hazard mappings, and safety-cases, reducing the risk of stale or inconsistent safety documentation.
• Live, Interactive Documentation: Safety documentation is maintained as live, queryable models—not static PDF reports—so both developers and assessors can interact with up-to-date safety information directly in the development environment.
• Unified Repository and Change Tracking: All versions of code, models, and safety evidence are co-located, enabling the use of version control systems for tracking every change, author, and rationale associated with safety artifacts.

3. Benefits and Challenges

Benefits

• Holistic Safety Assurance: Embedding safety checks into the CI/CD pipeline ensures each system increment is validated not only for functional correctness, but also for safety compliance.
• Automation Efficiency: Automated consistency checks and impact analyses reduce manual effort, accelerate iteration, and minimize human error in safety documentation.
• Single Source of Truth: A mono-repository ensures all stakeholders interact with “living” safety cases and up-to-date artifacts, reducing redundancy and miscommunication.
• Improved Accountability: Version control enables fine-grained traceability and auditability for every change to a safety artifact.

Challenges

• Tool Isolation and Fragmentation: Safety engineering tools frequently operate in silos with non-standardized formats, complicating integration with software toolchains.
• Management of Temporarily Inconsistent States: During development, legitimate but temporary inconsistencies or “unknowns” may lead to automated check failures. Designing tolerant mechanisms (e.g., whitelists for transient issues) is complex.
• Cultural Change: Transitioning from document-centric, manual safety practices to “as code” methods requires a significant shift for safety engineers and organizational processes.
• Complexity in Defining Automated Checks: Overly strict checks may stifle development; lax checks may miss critical safety breaches. Calibrating automation appropriately is a non-trivial engineering and management problem.

4. Best Practices

The transfer of best practices from software engineering to safety includes:

• Treating Safety Artifacts as Code: Version-control, build, and test all safety artifacts in the same way as software modules.
• Mono-Repository as Source of Truth: Store all relevant artifacts—software, tests, safety cases—in a unified repository.
• Automate Impact and Consistency Checks: On every change, automatically assess which artifacts are affected and run checks to maintain safety case validity.
• Embrace Live, Interactive Models: Favor live, model-based safety documentation over static reports, enabling immediate feedback and up-to-date queries.
• Leverage Version Control for Accountability: Every edit to a safety artifact is attributable, ensuring transparency and supporting robust safety culture.

5. Operationalization and Future Research

Ongoing research directions identified in the paper include:

• Operationalization in Practice: Pilot projects (e.g., FASTEN) are exploring practical deployments of Safety Factories, focusing on end-to-end process integration and organizational impact.
• Refinement of Automated Checks: Further research is needed to develop advanced automated analysis tools that are sufficiently precise and robust for industrial-scale safety assurance.
• Expansion of Machine-Processable Languages: New domain-specific modeling languages and semantic tools are under development to better express safety requirements, hazard logic, and assurance arguments.
• Deeper Pipeline Integration: The trajectory is towards safety being an equally responsive and incremental process as the software it supports, tightly integrated with agile delivery and continuous deployment.
• Change Management and Cultural Adoption: Successful adoption of Safety Factories will require not only technical tooling but also strategies for organizational and cultural transformation in safety engineering communities.

6. Conclusion

Safety Factories represent a shift from manual, episodic, and document-centric safety assurance to an automated, continuous, and model-driven paradigm in cyber-physical system development. By formalizing safety artifacts, integrating them in version-controlled environments, automating consistency checks and impact analyses, and embedding safety verification in CI/CD pipelines, Safety Factories provide a robust foundation for ensuring that safety-critical systems evolve rapidly while retaining strong safety guarantees (Cârlan et al., 10 Sep 2025). While challenges remain in tool integration, managing development-time inconsistencies, and cultural adoption, the Safety Factories approach establishes a clear path toward scalable, accountable, and adaptive safety assurance in modern cyber-physical systems.