The introduction of more intelligence into vehicle control systems increases functionality but at the same time threatens to overload the driver. A second and potentially more serious effect is that the driver's understanding of how the vehicle is behaving may be incorrect. The user interface may have the capacity to misrepresent important information.
The SUSI™ methodology devised to assess hazard driving system design is directed towards this problem. SUSI™ exploits modem software design methods to represent human and machine behaviour in a uniform context. A form of HAZOP is then used to draw out potential hazards from which risk assessment and risk mitigation actions can be developed.
SUSI™ has been applied in the automotive environment and has shown its utility at various stages of the design process.