Funding now available: If you can demonstrate a commitment to the UK Aerospace industry, you may be eligible for up to £9,500 to cover tuition fees through the Aerospace MSc Bursary Scheme.
For general information:
Mr Alex KingTel: +44 (0)1904 325402
Postgraduate Programmes Administrator
Fax: +44 (0)1904 325599
For informal discussion:
Dr Mark NicholsonTel: +44 (0)1904 325568
Fax: +44 (0)1904 325599
Full Time and Part Time - This course is available on both - full time and part time basis. The part time course is typically taken over three years.
Full Time students take 9 Assessed Modules - 7 of which are Core (C) - 2 Optional (O) - Plus a six person-month individual project carried out either at York or on site in industry.
Part Time students take the same format of modules as above, plus a two person-month literature survey on a safety critical systems engineering topic and a four person-month project. See the Project tab for more details.
This modular MSc course is designed to prepare students for work in the demanding field of Safety Systems Engineering (SSE) by exposing them to the latest science and technology within this field.
"The course structure and the core modules cover the fundamentals of system safety in such depth and breadth as to be applicable to any safety standard, for example the ISO 26262. I chose the modules Human Factors for Safety Critical Systems and Computers and Safety and believe this to be a very good combination for anybody working in the automotive industry. Unlike previous degree courses I refer to my York notes a great deal since they are extremely relevant to my day to day safety activities.”
Robert, Jaguar Land Rover
“As a clinician, I have found this course to be absolutely essential. I would recommend that anyone working in healthcare with an interest in patient safety should take the Foundations of System Safety Engineering module at the very least. For those who have a more focused safety role, particularly in healthcare technology, the University offers a number of modules to choose from, working up to the award of a Postgraduate Certificate, Diploma or MSc Safety Critical Systems Engineering.”
Beverley, Department of Health Informatics Directorate
The discipline of SSE has developed over the last half of the twentieth century. It can be viewed as a process of systematically analysing systems to evaluate risks, with the aim of influencing design in order to reduce risks, i.e. to produce safer products. In mature industries, such as aerospace and nuclear power, the discipline has been remarkably successful, although there have been notable exceptions to the generally good safety record, e.g. Fukushima, Buncefield and the Heathrow 777 accident.
Various trends pose challenges for traditional approaches to SSE. For example, classical hazard and safety analysis techniques deal poorly with computers and software where the dominant failure causes are errors and oversights in requirements or design. Thus these techniques need extending and revising in order to deal effectively with modern systems. Also, in our experience, investigation of issues to do with safety of computer systems have given some useful insights into traditional system safety engineering, e.g. into the meaning of important concepts such as the term hazard. The course therefore has a number of optional modules looking at software safety.
Any of the modules listed for this course can also be taken as an individual Continuing Professional Development course. You apply as a short courses attendee.
As a practitioner of system/functional safety in the automotive industry I cannot recommend the MSc in Safety Critical Systems Engineering highly enough. The course structure and the mandatory modules cover the fundamentals of system safety in such depth and breadth as to be applicable to any safety standard. Unlike previous degree courses, I refer to my York notes a great deal, since they are extremely relevant to my day to day safety activities.
Robert Palin, Jaguar Land Rover
The course aims to provide you with a thorough grounding and practical experience in the use of state-of-the-art techniques for development and operation of safety critical systems, together with an understanding of the principles behind these techniques so that you can make sound engineering judgements during the design, deployment and operation of such a system. On completing the course, you will be equipped to play leading and professional roles in safety-critical systems engineering related aspects of industry and commerce.
New areas of teaching are developed in response to new advances in the field as well as the requirements of the organisations that employ our graduates.
We aim to equip you with the knowledge, understanding and practical application of the essential components of Safety Critical Systems Engineering, to complement previously gained knowledge and skills. As a York Safety Critical Systems Engineering graduate, you will have a solid grounding of knowledge and understanding of the essential areas, as represented by the core modules. The optional modules give you the opportunity to gain knowledge in other areas which are of interest and these are taught by recognised experts in those areas.
Information-retrieval skills are an integrated part of many modules; you are expected to independently acquire information from on-line and traditional sources. These skills are required within nearly all modules, are an essential part of project work.
Numeracy is required and developed in some modules. Time management is an essential skill for any student on the course. The formal timetable has a substantial load of lectures and practical sessions. You are expected to fit your private study in around these fixed points. In addition, Open Assessments are set with rigid deadlines, so you must balance your time between the different commitments.
All students in the University are eligible to take part in the York Award in which they can gain certified transferable skills. This includes the Languages for All programme which allows students to improve their language skills.
When you are awarded the MSc in Safety Critical Systems Engineering, you will automatically meet some of the conditions for professional engineering status in the UK, as follows:
This course is recognised by the BCS, the Chartered Institute for IT, in partial fulfilment of the educational requirement for Chartered Engineer (CEng) registration.
This course is also recognised by Institution of Engineering and Technology (IET) for the purposes of partial fulfilment of the educational requirement for CEng registration.
The MSc in Safety Critical Systems Engineering is a full time or part time course comprising:
Modules on the full time scheme are taken over two terms, in the autumn and spring. The project is completed in the summer terms and over the summer vacation.
The modules are taken over two years, in the autumn and spring terms of the first two years. The literature survey is completed in the Summer and vacation term of the second year. The individual project is taken in the third year.
Modules for both part time and full time students are taught full time in York for one week. Its associated assessed exercise, which may be completed on or off site, takes approximately 65 hours in addition. All assessed exercises are open, comprising a report, case study, or documented piece of software. There are no closed examinations. The project is examined by dissertation; the amount of time required to complete it is approximately six person-months.
Each student (part time and full time) is allocated a personal supervisor from within the Department who meets the student regularly to discuss progress during both the teaching and project phases. In addition, industrial supervisors will be responsible for the day to day supervision of projects that are undertaken in industry.
Module Timetable 2013/14
|Foundations of System Safety Engineering (FSSE)||23/09/13||C|
|Systems Engineering for Safety (SEFS)||07/10/13||
(Core from Oct 13)
|Software Requirements and Architectures (SWRE)||21/10/13||O|
|Hazard and Risk Assessment (HRAS)||04/11/13||C|
|System Safety Assessment (SSAS)||02/12/13||C|
|Safety Management Systems (SMSY)||06/01/14||C|
|Safety Case Development & Review (SCDR)||27/01/14||C|
|Computers & Safety (CASA)||24/02/14||O|
|Through Life Safety (TLSA)||10/03/14||C|
|Empirical Methods for LSCITS (EMML)||24/03/13||O|
|Software Testing Analysis and Review (STAR)||07/04/14||O|
|Sensors and Effectors (SAEF)||12/05/14||O|
|Electronic Systems Design (ESDE)||26/05/14||O|
|Predictable Software Systems (PSSY)||09/06/14||O|
|Full Time (90): Independent Study Project (PRCM) Part Time (30): Critical Evaluation PRCE||
Oct 13 - Sept 14
Project Submission: 08/09/14
Project Presentation: tbc
Please Note: This is a provisional timetable and may be subject to change.
The project for part-time students on the MSc in Safety Critical Systems Engineering has two elements:
1. Literature survey (30 credits) on a subject (PCRM) to determine the state of the art in that area. This survey is handed in September of year 2. It must be passed to progress to:
2. A Masters project (60 credits) (PCRC) where a gap in the state of the art identified in the first part is addressed, a proposal made and evidence provided for the proposal. This project is completed in September of a student's third year.
For full-time students the project has a single element: a 90 credit Independent Study Project.
For both full-time and part-time students, the project(s) enable(s) students to:
The project(s) address(es) a major technical problem concerned with real issues. It should, if possible, include the development and application of a practical method, technique or system. It is a natural progression from the taught modules, and builds on material covered in them. Ideally it addresses the problem from a system perspective, including hardware, software and human factors. It will typically have an industrial flavour. If you are a part-time student, you are encouraged, with the help of your managers and academic staff, to select a project which is relevant to your own work in industry.
The project begins at the start of the Summer term after completion of the taught modules, and lasts 18 months part-time / 6 months full-time. For part-time students there are three weeks attendance at York during the project, for progress assessment and access to library facilities: in July near the start of the project; and in the following January and July. Full details are provided during the course.
Past projects have covered a wide range of issues in safety critical systems engineering. A list of titles can be obtained by form the past projects page of Safety Critical Systems Engineering MSc course.
You can apply through our online application system (SELECT).
Typically, you will have achieved at a first degree in a numerate, technical discipline, though industrial experience is also useful. This course is specifically directed at those with several years of industrial experience. If you do not have a first degree but who have relevant expertise, this will be considered on a case by case basis.
You will be are required to nominate two referees, of which at least one should be from the your current employer or place of study. You will normally be interviewed before acceptance either in person if UK based or by telephone for international students.
The University welcomes international students. Read more information specifically for prospective international students.
Non-English speaking candidates are required to have English language qualifications prior to admission.
Non-standard annual tuition fees for postgraduate students in 2013/14 can be found here: Non-Standard Tuition fees for 2013/14
Fees all include all relevant course materials, tuition and examinations and are payable in advance. They do not include text books or living expenses. VAT is not applicable. Find out more about fees and how to pay them.
Modules on this course can be attended individually as a short course.
Discounts may apply if you are a self financing student, to find out if you are eligible to qualify as a self-financing student please contact us at firstname.lastname@example.org.
This scheme will pay MSc tuition fees of up to £9,500 for successful applicants to our MSc in Safety Critical Systems Engineering. Bursaries will be awarded if you can demonstrate your commitment to working in the UK aerospace sector and who have been offered a place on the MSc.
Applications will be accepted before you have the offer of a place on the MSc but will be conditional on receiving, and taking up, the MSc offer from a university.
The purpose of the scheme is to generate a skilled workforce in the aerospace industry, and is backed by the following organisations:
You are advised to apply as soon as possible - once each academic year's quota is achieved, the scheme will be closed.
You can apply for the bursary whether you are planning to study the MSc full-time or part-time. However, if you are a part-time student, please note there are some eligibility requirements that must be met if you already work within the UK aerospace industry:
In both cases 1. and 2. above, you will need a letter of support from your employer to submit with your application.
If you currently work outside the sector, you can apply as an independent candidate without employer support, and you will be eligible (if you are successful) for 100 per cent of the bursary.
The IET position statement issued in October 2009 sets forward 10 principles and two recommendations for Safety-Critical Software-based systems in safety-related applications. Here we show how the MSc Safety-Critical Systems Engineering course can be used to address this position statement.
Principle 1: The fundamental starting point for the development of any SCS is the creation of a rigorous and and consistent statement of user requirements.
Core modules: Foundations of System Safety, Hazard and Risk Assessment and Safety Management Systems.
Optional Modules: System Engineering for Safety, Software Requirements and Architectures, Software Testing Analysis and Review.
Principle 2: Every SCS must have a comprehensive hazard analysis carried out
Core modules: Hazard and Risk Assessment, System Safety Assessment
Optional Modules: Computers and Safety, Through-Life Safety
Principle 3: The architecture of the SCS should avoid major hazards wherever possible.
Core modules: Hazard and Risk Assessment, System Safety Assessment.
Optional Modules: Computers and Safety, System Engineering for Safety, Software Requirements and Architectures, Sensors and Effectors,
Principle 4: Where overall safety depends on correct actions taken by human operators, the human-computer interface and the training of operators should be considered.
Core modules: Foundations of System Safety
Optional Modules: Human Factors for Safety
Principle 5: Every SCS must have a documented safety analysis
Core modules: System Safety Assessment
Optional Modules: Computers and Safety, Software Testing Analysis and Review.
Principle 6: Showing that a particular set of development processes have been followed is never sufficient to demonstrate that the resulting system meets its safety target
Core modules: Foundations of System Safety, Hazard and Risk Assessment, System Safety Assessment
Optional Modules: Computers and Safety, Software Testing Analysis and Review.
Principle 7: Developer's competencies should be appropriate to their project roles and kept current.
Core modules: Foundations of System Safety, Safety Management Systems,
Optional Modules: Ethics of SCS work dealt with throughout the course
Principle 8: Software systems are mathematically formal objects and it is possible to reason about their behaviour and to prove that they have certain properties
Optional Modules: Software Requirements and Architectures, Software Testing Analysis and Review
Principle 9: It is generally impractical to rely on test based evidence in advance of putting a system into widespread service
Core modules: Foundations of System Safety, Hazard Risk Assessment
Optional Modules: Software Requirements and Architectures, Software Testing Analysis and Review, Computers and Safety
Principle 10: There should be regular reviews of systems in service to assess whether the threat profile has changed and whether risks are still as low as reasonably practicable
Core modules: Through Life Safety, Hazard and Risk Assessment, Safety Management Systems
The IET Recommends: