What methodologies are commonly used in safety‑critical system incident analysis and which has Chris Johnson advocated?

1. Common methodological families used in safety‑critical incident analysis

Engineers and investigators routinely apply failure‑mode and effect analysis (FMEA) and fault tree analysis (FTA) to decompose how component faults propagate to hazards, techniques explicitly taught in safety curricula and highlighted as core risk‑analysis tools ^[1]; probabilistic and reliability modelling sit alongside these, often supported by libraries of component architectures and simulation models intended to predict system reliability ^[2]. Complementing component‑centric methods are causal and systemic mapping approaches — retrospective accident reconstruction and structured causal diagrams such as AcciMap or “Conclusions, Analysis, Evidence” styles — that seek to trace interactions across organisational, technical and human layers ^{[2] [5]}. Human factors and interface analyses (black‑box testing, observational operator performance studies, formal HCI analysis) are used to identify how design or procedures contribute to incidents ^{[1] [6]}. For safety cases and certification, safety‑argument development and safety‑case lifecycle reviews are common, because failures often reveal gaps between argument and operational reality ^[7]. In recent years cybersecurity‑aware techniques — forensic attack analysis, SIEM architectures and cyber‑security incident reporting frameworks — have been grafted onto classical safety work to address attacks that can produce safety outcomes ^{[8] [7]}.

2. Johnson’s emphasis: reporting systems, reconstruction and methodological pluralism

Chris W. Johnson has repeatedly argued that reliable incident reporting systems and careful retrospective reconstruction are central to learning from failures, stating that reconstruction “is always necessary during the investigation regardless of the method used” ^{[2] [4]}. His handbook and teaching materials promote the setup of practical incident reporting systems and the conversion of reports into reusable knowledge ^{[4] [9]}. Johnson’s course materials and publications indicate advocacy for applying FMEA and fault trees as core analytic tools while also stressing human‑computer interaction analysis and black‑box testing as part of a balanced investigation portfolio ^{[1] [6]}. His work on incident investigation techniques to inform model‑based design signals endorsement of using investigative findings to improve formal models of interactive safety‑critical systems ^[3].

3. Cyber‑safety and forensic analysis: an added lens in Johnson’s portfolio

Beyond classic safety tools, Johnson has advanced architectures for sharing lessons from cyber‑security incidents in safety contexts and argued for forensic attack analysis when cyber threats can drive safety failures, urging the integration of security incident reporting into safety practice and surveying SIEM and related architectures ^{[8] [7]}. He has also contributed to policy and reporting process design at the EU/ENISA level, indicating practical advocacy not only for analysis techniques but for institutional reporting mechanisms that make learning scalable ^[10].

4. Implicit tensions and alternative viewpoints

Johnson’s pluralist stance — combining FMEA/FTA, human factors, model‑based design and reporting infrastructures — mirrors a broader debate: some practitioners prioritise formal, probabilistic assurance (safety cases, quantitative PRA), while others emphasize organisational learning from narratives and near‑miss databases; Johnson’s work bridges both but places special weight on actionable reporting and reconstruction ^{[7] [4] [2]}. Literature reviews note difficulties in historical analysis and the limits of single methods to capture software and socio‑technical failures, supporting Johnson’s view that multiple, linked methods are required ^{[11] [2]}. Where sources are silent on specific preferences between competing schools (for example, strict co‑assurance versus independent safety/security assurance), reporting cannot assert Johnson’s position beyond documented writings ^{[8] [3]}.

5. Bottom line: what investigators should take from Johnson

Investigators of safety‑critical incidents should expect to combine component‑level tools (FMEA, FTA), human‑systems and HCI analyses, retrospective reconstruction of scenarios, robust incident reporting infrastructures, and — where relevant — cyber‑forensic methods; this multifaceted approach is precisely what Johnson documents and advocates in his handbook, course materials and later work on cyber‑safety and model‑based design ^{[9] [1] [2] [8] [3]}.