Frequently Asked Questions

Is the “web-based” approach of Socrates a source of security concern?

No.  Most organizations with a commercial license for Socrates deploy this tool on their own hardware behind their firewall with complete control over how security is managed.  The term “web-based” means that Socrates operates over a network rather than being installed on individual PCs. In addition to facilitating collaboration between authorized users, operating over a network is advantageous for IT security management because it provides centralized control over access to the tool and stored data. Being “web-based” also means that users simply use a browser to access Socrates rather than installing software on their own notebook computer.

Can an assurance argument created using Socrates be easily shared with other stakeholders?

Yes.  In addition to a report-style copy of the argument that can be generated in .docx or .pdf format, Socrates provides an export function that allows user to filter the information in an argument to enhance communication so that only the information pertinent to the stakeholders can be shared with them. It is also very easy to give stakeholders “read-only” access to a live version of the argument, provided they have been given appropriate access by administrators.

Does Socrates depend on other tools?

No. Socrates does not depend on other tools that must be used in conjunction with Socrates. Recognizing that there is not a “one size fits all” approach, Socrates was designed to accommodate individual choices about what other tools are used for safety assurance. You can decide to use Socrates without the need to buy other tools. The choice is entirely yours.

Can Socrates exchange data with other tools?

Yes. You can integrate other tools in your ecosystem with Socrates using its REST API programming interface. Almost anything that a user can do using the browser UI can also be done through the programming interface. You also have an option to export arguments, or selected elements of an argument, into a CSV file. A typical use of this export capability is generating a list of test results that are required to finish an assurance case.

What’s the difference between Socrates and just using a simple drawing tool?

A drawing tool just creates an image that can be pasted into a report. Each time a change is made, it can be tedious and time-consuming to re-draw the image. Often no one bothers to re-draw the image until it’s time to issue the report. Socrates provides a user with a completely different experience. With Socrates, a user creates and maintains an internal representation of an argument that is rendered in either a graphical or tabular format. Changes are easily made, such that the argument is automatically rendered to show the result of the changes. Socrates also provides a variety of features that operate on the underlying representation of an argument.

Does Socrates automate the task of generating an assurance case?

Socrates automates some of the tedious and error-prone tasks of creating and maintaining assurance cases. Socrates also provides static analysis of assurance case arguments to flag rule violations. Other features of Socrates such as the ability to create and instantiate re-useable patterns also helps users work more efficiently. There is no reason why Socrates couldn’t be used to display an automatically generated argument imported into Socrates using the REST API. However, the intent of Socrates is to support critical thinking rather than replace critical thinking.

What is an “assurance case”?

In general, an assurance case is a claim supported by a reasoned and compelling argument based on a body of evidence, where the claim offers assurance about a system, product, service or process. The assurance case often takes the form of a report. The assurance case is sometimes represented in a structured format, such as tree-shaped graph or table, which might be embedded in a report. When an assurance case offers assurance about safety, it can be called a “safety assurance case” or more simply, a “safety case”. There are other kinds of assurance cases. For example, a “security assurance case” offers assurance about the security of a system, product, service or process.

What is a “live safety case”?

“Live” in this context means that Socrates is acquiring numerical data from an external source that is typically an indicator of performance. Sometimes called Key Performance Indicators (KPI) or Safety Performance Indicators (SPI), these indicators can be attached to specific nodes of an argument. For example, there might be an indicator that represents the frequency at which a particular safety condition is violated during testing or operational use of a system. As the external data is updated, the indicators displayed to the Socrates user are refreshed. With indicators, Socrates can be used as a “dashboard” in the operationalization of a safety process.

Can Socrates be used for Systems Theoretic Process Analysis (STPA)?

While Socrates is not designed specifically to support STPA, it can be used in conjunction with this popular method of analysis. For example, when using the Eliminative Argumentation (EA) approach within Socrates, Unsafe Control Actions (UCA) identified using STPA could be mapped directly to defeater nodes.

The safety cases produced by our company typically reference a large volume of documents such as design reviews and test reports that serve as evidence. Does Socrates manage these documents?

Socrates allows browsable links to be created from nodes in an argument to any document or other artifact that the user can access through the browser. This approach has several advantages over a tool that maintains an internal copy of documents. Socrates also shows users which artifacts are referenced and the location of these references in the argument.

Is Socrates compatible with various published standards such as ISO 26262 in the automotive industry, RTCA DO-178C in the aerospace industry and CENELEC EN 50126 in the rail industry?

Socrates is not tied to the use of any particular standard or other form of guidance. Socrates includes a feature to support traceability from nodes of an argument to any list of “shall statements”, such as elements parsed out of a published standard. CSL can also help with providing re-useable argument patterns based on published standards.

Our aircraft company is interested in using Socrates to support the development of System Safety Assessment (SSA) reports in accordance with SAE ARP 4754a. We’ve considered SSA software tools that provide an integrated set of tools for specific purposes including methods described in SAE ARP 4761 such as FMEA and FTA. How is Socrates different than such tools?

Socrates offers users something very different than a toolbox.  The aim of Socrates is to help users combine the results of analysis, testing, reviews, and other such activities into a single unified comprehensive “argument” that speaks directly to the ultimate purpose of a SSA, namely, to demonstrate that the aircraft and systems, as implemented, meet the safety requirements established by the PSSA.  A toolbox alone is not enough to explain why all of the evidence adds up to a sound conclusion.  Socrates allows a user to gather evidence produced by other tools and then combines this evidence into a reasoned and compelling argument.

I have a colleague who is opposed to the tree-shaped graphical representations of assurance arguments. He believes that arguments for real-world systems are too big and complex to represent graphically. Can Socrates manage large, complex arguments?

Socrates includes a variety of features intended to support large arguments. For example, arguments can be organized into sub-arguments which can be selectively displayed so that the user controls how much detail is visible.   Another powerful feature is the ability to apply filters to arguments to provide limited views of an arguments from different perspectives, e.g., only show branches of the argument that are incomplete. Also, for users who simply don’t like graphical representations, Socrates provides users with the option of rendering arguments in a tabular format.  Socrates users can switch between graphical and tabular formats with a single mouse click.

Is Socrates capable of representing a very large argument?

The largest argument created using Socrates that we know of, so far, has approximately 3,000 nodes.  Most of the time, Socrates users are viewing only a limited portion of a large argument, and so rendering the argument is very efficient.  This  PDF shows an example of a medium-size argument created using Socrates for the CERN Large Hadron Collider Machine Protection System.

Outside a core team using Socrates to create and maintain arguments, can Socrates be used by others with read-only access to arguments?

Yes. While a licensed copy of Socrates provides a limited number of seats for users who can edit arguments, a standard license also includes an unbounded number of “read-only” seats. A Socrates user in your organization with administrative privileges can add number of read-only users at no extra cost.  This can be a great way to provide other stakeholders, such as developers and executive decision-makers, with direct visibility into the state of an evolving assurance case. See Socrates License Details for more information

Outside a core team using Socrates to create and maintain arguments, can Socrates be used by others with read-only access to arguments?

A licensed copy of Socrates provides a limited number of seats for users who can create and maintain arguments.  See Socrates License Details for more information.  However, a standard license also includes an unbounded number of “read-only” seats.

Can everyone with access to Socrates in our organization see everything being done using Socrates?

Multiple arguments can be created and maintained within an instance of Socrates deployed by an organization. By default, arguments are private with access restricted to specific users by invitation.  However, it is possible to grant access to particular arguments for all users, if so desired.

What is Goal Structuring Notation (GSN)?

Goal Structuring Notation (GSN) is graphical notation that can be used to represent a structured argument. This notation is defined in a community standard developed by the SCSC Assurance Case Working Group (ACWG).  GSN, including the use of dialectics, is one of several notations supported by Socrates.

What is Eliminative Argumentation (EA)?

Eliminative Argumentation (EA) is a variant of Goal Structuring Notation (GSN) that may be used to systematically improve confidence in a safety case via “defensible reasoning” wherein reasons to doubt safety claims are introduced and subsequently eliminated.  This concept was first described by John Goodenough, Charles Weinstock, and Ari  Klein at the Carnegie Mellon University (CMU) Software Engineering Institute (SEI). EA is supported by Socrates and has been used extensively by CSL in client projects.  Several publications elaborate on CSL’s experience with EA including “Eliminative Argumentation for Arguing System Safety – A Practitioner’s Experience” and “Incremental Assurance Through Eliminative Argumentation”.

I have used the Claims, Argument, Evidence (CAE) notation to create safety case arguments in the nuclear energy industry. Could Socrates be used to create such arguments?

Yes.  Socrates supports the use of the CAE notation.

My team already has some safety case arguments created using a legacy tool. It could be quite tedious to re-create these arguments by hand. Would it be possible to automatically import this into Socrates?

This depends on whether the legacy tool provides a means to export arguments in a format that represents the structure of an argument, i.e., not just an image.  If so, then it should be a simple task to create a script that pushes an exported argument into Socrates using its REST API.  CSL could help with this task, if so desired.

We are interested in using Socrates to support the development of a safety case for a rail signalling system in accordance with CENELEC EN 50129, but the need to provide an “argument” is not mentioned in this standard. What would be the point of using Socrates for CENELEC EN 50129 compliant safety case if there are no arguments to be made?

It’s true that this particular standard does not focus on argumentation.  CENELEC EN 50129 takes a prescriptive approach by specifying the structure of a safety case leaving a user of this standard to fill in details, e.g., evidence of safety management, evidence of quality management, etc.  This prescriptive approach might work well enough for well established technology.  Socrates could be used to provide logical structure for managing this evidence using a pre-defined template based on CENELEC EN 50129.  However, like many other industries, rail signalling technology is rapidly evolving with new kinds of sensors and the use of Machine Learning for advanced automation.  Instead of a prescribed structure approach to developing a safety case, managing safety risk associated with emergent technology will depend on critical thinking – and this is where Socrates would be especially helpful.

For the certification of airborne software in the aerospace industry, the concept of “overarching properties” is emerging as an alternative design assurance approach to RTCA DO-178C. Could Socrates be used to create assurance arguments for overarching properties?

Yes, we have used Socrates to create an argument represented in NASA’s FAN approach to assurance argumentation for overarching properties. The ability of Socrates to render arguments in a tabular format was especially useful in the case of making FAN style arguments.

How steep is the learning curve for Socrates?

Most new users of Socrates learn how to perform basic tasks such as navigating an argument within a few minutes. Most basic tasks only involve simple point-and-click interactions.  More advanced features require more time to learn, but much can be done with Socrates before learning everything that it offers.