pith. sign in

arxiv: 2604.05749 · v1 · submitted 2026-04-07 · 💻 cs.RO · cs.SY· eess.SY

Hazard Management in Robot-Assisted Mammography Support

Ioannis Stefanakos , Roisin Bradley , Radu Calinescu , Beverley Townsend , Tianyuan Wang , Jihong Zhu This is my paper

Pith reviewed 2026-05-10 19:03 UTC · model grok-4.3

classification 💻 cs.RO cs.SYeess.SY
keywords hazard managementrobot-assisted mammographysafety requirementsSHARDSTPAhuman-robot interactionclinical roboticsassistive robots
0
0 comments X

The pith

Robot-assisted mammography safety hinges on managing timing mismatches and state misinterpretations rather than hardware failures.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper applies a combined hazard analysis method to MammoBot, an assistive robot for X-ray mammography. Stakeholder input first defines the full human-robot workflow, after which SHARD identifies technical and procedural deviations while STPA examines unsafe control actions from user interactions. The analysis reveals that many hazards originate in when actions occur or how system state is understood, not in component breakdowns. These findings produce additional safety requirements that limit robot behavior and lessen dependence on flawless human timing or interpretation. A reader cares because the method offers an early, traceable way to design safe close-contact medical robots.

Core claim

Stakeholder-guided process modelling of the mammography workflow, followed by SHARD and STPA, shows that hazards predominantly arise from timing mismatches, premature actions, and misinterpretation of system state. These hazards are converted into refined and additional safety requirements that constrain system behaviour and reduce reliance on correct human timing or interpretation alone.

What carries the argument

Stakeholder-guided process modelling combined with SHARD for deviations and STPA for unsafe control actions arising from user interaction.

If this is right

  • Refined safety requirements constrain robot actions during patient positioning and X-ray support.
  • System behaviour becomes less dependent on precise human timing and correct state interpretation.
  • The traceable analysis supports safety-driven design decisions from early development stages.
  • The same combination of modelling and analysis techniques can apply to other assistive robots in clinical settings.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Interface designs that clearly signal system state could further reduce misinterpretation hazards in similar robots.
  • Field trials with actual patients would test whether the modelled interactions cover all real-world variations.
  • The approach could inform regulatory guidance for embodied AI systems that share physical space with vulnerable users.

Load-bearing premise

The collaborative process model accurately and completely captures all key human-robot interactions and possible deviations in the real clinical mammography workflow.

What would settle it

Observation of an unmitigated safety incident during an actual robot-assisted mammography procedure that stems from an interaction not identified in the modelled workflow.

Figures

Figures reproduced from arXiv: 2604.05749 by Beverley Townsend, Ioannis Stefanakos, Jihong Zhu, Radu Calinescu, Roisin Bradley, Tianyuan Wang.

Figure 1
Figure 1. Figure 1: The MammoBot bimanual assistive system. ( [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: MammoBot end-effectors for patient positioning and support. (a) Right end-effector in the closed configuration (lowered blue “paddle”) to support the upright, forward-facing posture required for the craniocaudal (CC) view. (b) The same end-effector in the open configuration (raised blue arm-supporting “paddle”) to assist the angled, oblique stance with the arm raised for the mediolateral oblique (MLO) view… view at source ↗
Figure 3
Figure 3. Figure 3: Stills from a demonstration video [17] showing the proof-of-concept MammoBot system being tested with the help of a research team member in our [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: UML activity diagram of the MammoBot process. Rounded rectan [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: STPA-based user error analysis for the MammoBot breast screening process. For each action node, potential UCAs are identified and listed beneath the [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗
read the original abstract

Robotic and embodied-AI systems have the potential to improve accessibility and quality of care in clinical settings, but their deployment in close physical contact with vulnerable patients introduces significant safety risks. This paper presents a hazard management methodology for MammoBot, an assistive robotic system designed to support patients during X-ray mammography. To ensure safety from early development stages, we combine stakeholder-guided process modelling with Software Hazard Analysis and Resolution in Design (SHARD) and System-Theoretic Process Analysis (STPA). The robot-assisted workflow is defined collaboratively with clinicians, roboticists, and patient representatives to capture key human-robot interactions. SHARD is applied to identify technical and procedural deviations, while STPA is used to analyse unsafe control actions arising from user interaction. The results show that many hazards arise not from component failures, but from timing mismatches, premature actions, and misinterpretation of system state. These hazards are translated into refined and additional safety requirements that constrain system behaviour and reduce reliance on correct human timing or interpretation alone. The work demonstrates a structured and traceable approach to safety-driven design with potential applicability to assistive robotic systems in clinical environments.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The paper presents a hazard management methodology for MammoBot, an assistive robotic system for X-ray mammography support. It combines stakeholder-guided process modelling (defined collaboratively with clinicians, roboticists, and patient representatives) with SHARD for technical/procedural deviations and STPA for unsafe control actions in user interactions. The central claim is that many hazards arise from timing mismatches, premature actions, and misinterpretation of system state rather than component failures, and that these are translated into refined and additional safety requirements that constrain system behaviour and reduce reliance on correct human timing or interpretation.

Significance. If the results hold, the work contributes a structured, traceable early-stage safety analysis framework for embodied-AI systems in clinical environments. It explicitly credits the step-by-step linkage from collaborative process modelling to hazard identification via SHARD/STPA and to requirement refinement, highlighting non-failure-mode hazards in close-proximity human-robot interactions. This has potential applicability to other assistive robotics in healthcare, provided the modelling assumptions are addressed.

major comments (1)
  1. [Abstract] The central claim—that derived safety requirements reduce reliance on correct human timing/interpretation—rests on the stakeholder-guided process model comprehensively capturing all relevant interactions and deviations (abstract). The manuscript states the workflow was 'defined collaboratively' but provides no evidence of exhaustive coverage, cross-validation against observed clinical procedures, or sensitivity analysis for missed edge cases (e.g., anxiety-driven patient movements during compression or unscripted timing variations). This is load-bearing: incomplete modelling would render the STPA-identified unsafe control actions and resulting requirements incomplete.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their constructive and detailed review. The feedback highlights an important point regarding the scope of our modeling, and we address it directly below with a commitment to appropriate revisions.

read point-by-point responses

  1. Referee: The central claim—that derived safety requirements reduce reliance on correct human timing/interpretation—rests on the stakeholder-guided process model comprehensively capturing all relevant interactions and deviations (abstract). The manuscript states the workflow was 'defined collaboratively' but provides no evidence of exhaustive coverage, cross-validation against observed clinical procedures, or sensitivity analysis for missed edge cases (e.g., anxiety-driven patient movements during compression or unscripted timing variations). This is load-bearing: incomplete modelling would render the STPA-identified unsafe control actions and resulting requirements incomplete.

    Authors: We agree that the central claim is load-bearing on the process model and that the manuscript does not provide evidence of exhaustive coverage, cross-validation with observed procedures, or sensitivity analysis. The abstract and text describe collaborative definition with stakeholders to capture key interactions but stop short of claiming completeness. To address this, we will revise the abstract to qualify the claim as applying to hazards identified within the collaboratively modeled workflow rather than asserting a general reduction in reliance on human timing. We will also add a new limitations subsection in the discussion that transparently describes the stakeholder engagement process, notes the absence of full clinical cross-validation or sensitivity analysis for edge cases such as anxiety-driven movements, and explains that the analysis is intended as an early-stage demonstration of the SHARD/STPA methodology. These changes will bound the claims without altering the core contribution of traceable hazard-to-requirement linkage. revision: partial

Circularity Check

0 steps flagged

No circularity: standard safety methods applied to external stakeholder model

full rationale

The derivation applies established techniques (SHARD and STPA) to a workflow model constructed via collaborative stakeholder workshops. Hazards and safety requirements are outputs of these standard analyses rather than self-referential definitions, fitted parameters renamed as predictions, or load-bearing self-citations. No equations, uniqueness theorems, or ansatzes are smuggled in; the chain depends on external inputs and off-the-shelf methods whose validity does not presuppose the paper's conclusions. This is the normal non-circular case for applied safety engineering work.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on domain assumptions about workflow completeness rather than free parameters, new entities, or fitted values.

axioms (1)
  • domain assumption Stakeholder inputs from clinicians, roboticists, and patient representatives accurately represent the full set of relevant human-robot interactions and deviations in mammography procedures.
    The process modelling step depends on this collaborative definition to identify hazards.

pith-pipeline@v0.9.0 · 5513 in / 1177 out tokens · 55468 ms · 2026-05-10T19:03:54.371755+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

59 extracted references · 59 canonical work pages

  1. [1]

    Burkman, G

    J. Burkman, G. Grindle, H. Wang, A. Kelleher, R. A. Cooper, Further development of a robotic-assisted transfer device, Topics in spinal cord injury rehabilitation 23 (2) (2017) 140–146

    work page 2017

  2. [2]

    E. F. Hodkin, Y . Lei, J. Humby, I. S. Glover, S. Choud- hury, H. Kumar, M. A. Perez, H. Rodgers, A. Jackson, Au- tomated fes for upper limb rehabilitation following stroke and spinal cord injury, IEEE Transactions on Neural Sys- tems and Rehabilitation Engineering 26 (5) (2018) 1067– 1074

    work page 2018

  3. [3]

    J. Zhu, M. Gienger, G. Franzese, J. Kober, Do you need a hand?–a bimanual robotic dressing assistance scheme, IEEE Transactions on Robotics 40 (2024) 1906–1919

    work page 2024

  4. [4]

    Stefanakos, J

    I. Stefanakos, J. Hamilton, R. Calinescu, J. Cámara, T. Peyrucain, N. M. Banos, Adaptive planning for assistive-care robotic missions, The International Journal of Robotics Research (2026) 02783649261420234. URLhttps://doi.org/10.1177/02783649261420 234

    work page doi:10.1177/02783649261420 2026

  5. [5]

    US National Center for Chronic Disease Prevention and Health Promotion, Health and economic benefits of breast cancer interventions,https://www.cdc.gov/nccdph p/priorities/breast-cancer.html(2025)

    work page 2025

  6. [6]

    M. G. Marmot, D. G. Altman, D. A. Cameron, J. A. De- war, S. G. Thompson, M. Wilcox, The benefits and harms of breast cancer screening: an independent review, British Journal of Cancer 108 (11) (2013) 2205–2240

    work page 2013

  7. [7]

    URLhttps://www.gov.uk/government/publicat ions/breast-screening-quality-assurance-for -mammography-and-radiography/guidance-for-b reast-screening-mammographers

    Public Health England, Guidance for breast screening mammographers (2023). URLhttps://www.gov.uk/government/publicat ions/breast-screening-quality-assurance-for -mammography-and-radiography/guidance-for-b reast-screening-mammographers

    work page 2023

  8. [8]

    Cancer Research UK, A helping hand – a tale of robots, AI and accessible breast screening for all,https://news .cancerresearchuk.org/2024/06/14/a-helping -hand-a-tale-of-robots-ai-and-accessible-b reast-screening-for-all/(2024)

    work page 2024

  9. [9]

    Breast Cancer Now, Creating a robotic assistant to help everyone access breast screening,https://breastcanc ernow.org/our-research/research-centres-and -projects/individual-research-projects/crea ting-a-robotic-assistant-to-help-everyone-a ccess-breast-screening(2025)

    work page 2025

  10. [10]

    McDermid, M

    J. McDermid, M. Nicholson, D. Pumfrey, P. Fenelon, Experience with the application of hazop to computer- based systems, in: Proceedings of the 10th Annual Con- ference on Computer Assurance Systems Integrity, Soft- ware Safety and Process Security’, 1995, pp. 37–48. doi:10.1109/CMPASS.1995.521885

    work page doi:10.1109/cmpass.1995.521885 1995

  11. [11]

    N. G. Leveson, Engineering a Safer World: Systems Thinking Applied to Safety, The MIT Press, 2012. doi:10.7551/mitpress/8179.001.0001

    work page doi:10.7551/mitpress/8179.001.0001 2012

  12. [12]

    H. Sung, J. Ferlay, R. L. Siegel, M. Laversanne, I. Soerjo- mataram, A. Jemal, F. Bray, Global cancer statistics 2020: GLOBOCAN estimates of incidence and mortality world- wide for 36 cancers in 185 countries, CA: a cancer journal for clinicians 71 (3) (2021) 209–249

    work page 2020

  13. [13]

    URLhttps://www.nhs.uk/tests-and-treatment s/breast-screening-mammogram/when-youll-b e-invited-and-who-should-go/

    National Health Service, When you’ll be invited for breast screening and who should go, page last reviewed: 10 September 2021 (2021). URLhttps://www.nhs.uk/tests-and-treatment s/breast-screening-mammogram/when-youll-b e-invited-and-who-should-go/

    work page 2021

  14. [14]

    North Yorkshire Breast Screening Service, Nbss report: 3- year cycle of clients, report covers the period from 2020 May 1 to 2023 May 31 (2023)

    work page 2020

  15. [15]

    URLhttps://www.gov.uk/government/publicat ions/breast-screening-identifying-and-red ucing-inequalities/breast-screening-reducin g-inequalities

    Public Health England, Breast screening: reducing in- equalities (2018). URLhttps://www.gov.uk/government/publicat ions/breast-screening-identifying-and-red ucing-inequalities/breast-screening-reducin g-inequalities

    work page 2018

  16. [16]

    Mahesh, The essential physics of medical imaging, third edition., Medical Physics 40 (7) (2013) 077301

    M. Mahesh, The essential physics of medical imaging, third edition., Medical Physics 40 (7) (2013) 077301. doi:https://doi.org/10.1118/1.4811156

    work page doi:10.1118/1.4811156 2013

  17. [17]

    Zhu, Robot demonstration video for MammoBot project,https://doi.org/10.5281/zenodo.193 48891(2026)

    J. Zhu, Robot demonstration video for MammoBot project,https://doi.org/10.5281/zenodo.193 48891(2026)

    work page doi:10.5281/zenodo.193 2026

  18. [18]

    ISO, ISO 10218-1:2025 – Robotics: Safety requirements., Part 1: Industrial robots,https://www.iso.org/stan dard/73933.html(2025)

    work page 2025

  19. [19]

    ISO, ISO/TS 15066:2016 – Robots and robotic devices: Collaborative robots,https://www.iso.org/standa rd/62996.html(2016)

    work page 2016

  20. [20]

    A. L. Dakwat, E. Villani, System safety assessment based on stpa and model checking, Safety Science 109 (2018) 130–143. doi:https://doi.org/10.1016/j.ssci.2018.05.009

    work page doi:10.1016/j.ssci.2018.05.009 2018

  21. [21]

    Dixon, System Safety Hazard Analysis, John Wi- ley & Sons, Ltd, 2018, Ch

    J. Dixon, System Safety Hazard Analysis, John Wi- ley & Sons, Ltd, 2018, Ch. 7, pp. 125–152. doi:https://doi.org/10.1002/9781118974339.ch7

    work page doi:10.1002/9781118974339.ch7 2018

  22. [22]

    J. J. Rooney, L. V . Heuvel, Root cause analysis for begin- ners, Quality progress 37 (7) (2004) 45–56. 16

    work page 2004

  23. [23]

    W. S. Lee, D. L. Grosh, F. A. Tillman, C. H. Lie, Fault tree analysis, methods, and applications: A review, IEEE Transactions on Reliability R-34 (3) (1985) 194–203. doi:10.1109/TR.1985.5222114

    work page doi:10.1109/tr.1985.5222114 1985

  24. [24]

    D. H. Stamatis, Failure mode and effect analysis, Quality Press, 2003

    work page 2003

  25. [25]

    Crawley, B

    F. Crawley, B. Tyler, HAZOP: Guide to best practice, El- sevier, 2015

    work page 2015

  26. [26]

    T. A. Kletz, Hazop & Hazan: identifying and assessing process industry hazards, CRC Press, 2018

    work page 2018

  27. [27]

    Fenelon, J

    P. Fenelon, J. A. McDermid, M. Nicolson, D. J. Pum- frey, Towards integrated safety analysis and design, SIGAPP Applied Computing Review 2 (1) (1994) 21–32. doi:10.1145/381766.381770

    work page doi:10.1145/381766.381770 1994

  28. [28]

    D. J. Pumfrey, The principled design of computer system safety analyses., Ph.D. thesis, University of York (1999)

    work page 1999

  29. [29]

    Leveson, A new accident model for engineering safer systems, Safety Science 42 (4) (2004) 237–270

    N. Leveson, A new accident model for engineering safer systems, Safety Science 42 (4) (2004) 237–270. doi:https://doi.org/10.1016/S0925-7535(03)00047-X

    work page doi:10.1016/s0925-7535(03)00047-x 2004

  30. [30]

    N. G. Leveson, J. P. Thomas, STPA Handbook, MIT Part- nership for Systems Approaches to Safety and Security (PSASS), accessed: 2025-11-25 (2018). URLhttp://psas.scripts.mit.edu/home/materi als/

    work page 2025

  31. [31]

    A. M. Zanchettin, N. M. Ceriani, P. Rocco, H. Ding, B. Matthias, Safety in human-robot collaborative manu- facturing environments: Metrics and control, IEEE Trans- actions on Automation Science and Engineering 13 (2) (2016) 882–893. doi:10.1109/TASE.2015.2412256

    work page doi:10.1109/tase.2015.2412256 2016

  32. [32]

    Villani, F

    V . Villani, F. Pini, F. Leali, C. Secchi, Sur- vey on human–robot collaboration in industrial settings: Safety, intuitive interfaces and ap- plications, Mechatronics 55 (2018) 248–266. doi:https://doi.org/10.1016/j.mechatronics.2018.02.009

    work page doi:10.1016/j.mechatronics.2018.02.009 2018

  33. [33]

    In: Furnell, S., Clarke, N

    I. Stefanakos, R. Calinescu, J. A. Douthwaite, J. M. Aitken, J. Law, Safety controller synthesis for a mo- bile manufacturing cobot, in: Software Engineering and Formal Methods - 20th International Conference, SEFM 2022, Berlin, Germany, September 26-30, 2022, Proceed- ings, V ol. 13550 of Lecture Notes in Computer Science, Springer, 2022, pp. 271–287. do...

    work page doi:10.1007/978-3-031- 2022

  34. [34]

    Gleirscher, R

    M. Gleirscher, R. Calinescu, J. A. Douthwaite, B. Lesage, C. Paterson, J. M. Aitken, R. Alexander, J. Law, Verified synthesis of optimal safety controllers for human-robot collaboration, Sci. Comput. Program. 218 (2022) 102809. doi:10.1016/J.SCICO.2022.102809

    work page doi:10.1016/j.scico.2022.102809 2022

  35. [35]

    ISO, ISO 12100:2010 – Safety of machinery: General principles for design – Risk assessment and risk reduc- tion,https://www.iso.org/standard/51528.html (2010)

    work page 2010

  36. [36]

    ISO, ISO 13849-1:2023 – Safety of machinery: Safety- related parts of control systems, Part 1: General principles for design,https://www.iso.org/standard/73481 .html(2023)

    work page 2023

  37. [37]

    Autonomous Robots42(5), 957–975 (2018)

    A. Ajoudani, A. M. Zanchettin, S. Ivaldi, A. Albu- Schäffer, K. Kosuge, O. Khatib, Progress and prospects of the human-robot collaboration, Auton. Robots 42 (5) (2018) 957–975. doi:10.1007/S10514-017-9677-2

    work page doi:10.1007/s10514-017-9677-2 2018

  38. [38]

    Matheson, R

    E. Matheson, R. Minto, E. G. G. Zampieri, M. Fac- cio, G. Rosati, Human-robot collaboration in manufactur- ing applications: A review, Robotics 8 (4) (2019) 100. doi:10.3390/ROBOTICS8040100

    work page doi:10.3390/robotics8040100 2019

  39. [39]

    W. Li, Y . Hu, Y . Zhou, D. T. Pham, Safe human-robot collaboration for industrial settings: a survey, J. Intell. Manuf. 35 (5) (2024) 2235–2261. doi:10.1007/S10845- 023-02159-4

    work page doi:10.1007/s10845- 2024

  40. [40]

    Luckcuck, M

    M. Luckcuck, M. Farrell, L. A. Dennis, C. Dixon, M. Fisher, Formal specification and verification of au- tonomous robotic systems: A survey, ACM Comput. Surv. 52 (5) (2019) 100:1–100:41. doi:10.1145/3342355

    work page doi:10.1145/3342355 2019

  41. [41]

    Webster, D

    M. Webster, D. G. Western, D. Araiza-Illan, C. Dixon, K. Eder, M. Fisher, A. G. Pipe, A corroborative approach to verification and validation of human- robot teams, Int. J. Robotics Res. 39 (1) (2020). doi:10.1177/0278364919883338

    work page doi:10.1177/0278364919883338 2020

  42. [42]

    Feil-Seifer, M

    D. Feil-Seifer, M. Mataric, Defining socially assistive robotics, in: 9th International Conference on Rehabilita- tion Robotics, 2005. ICORR 2005., 2005, pp. 465–468. doi:10.1109/ICORR.2005.1501143

    work page doi:10.1109/icorr.2005.1501143 2005

  43. [43]

    ISO, IEC 80601-2-78:2019 – Medical electrical equip- ment: Part 2-78: Particular requirements for basic safety and essential performance of medical robots for rehabili- tation, assessment, compensation or alleviation,https: //www.iso.org/standard/68474.html(2019)

    work page 2019

  44. [44]

    Hamilton, I

    J. Hamilton, I. Stefanakos, R. Calinescu, J. Cámara, To- wards adaptive planning of assistive-care robot tasks, in: Proceedings Fourth International Workshop on Formal Methods for Autonomous Systems (FMAS) and Fourth International Workshop on Automated and verifiable Software sYstem DEvelopment (ASYDE), FMAS/ASYDE@SEFM 2022, and Fourth International Works...

    work page doi:10.4204/eptcs.371.12 2022

  45. [45]

    Broadbent, Interactions with robots: The truths we reveal about ourselves, Annual Review of Psy- chology 68 (V olume 68, 2017) (2017) 627–652

    E. Broadbent, Interactions with robots: The truths we reveal about ourselves, Annual Review of Psy- chology 68 (V olume 68, 2017) (2017) 627–652. 17 doi:https://doi.org/10.1146/annurev-psych-010416- 043958

    work page doi:10.1146/annurev-psych-010416- 2017

  46. [46]

    P. A. Hancock, D. R. Billings, K. E. Schaefer, J. Y . C. Chen, E. J. de Visser, R. Parasuraman, A meta-analysis of factors affecting trust in human-robot interaction, Human Factors 53 (5) (2011) 517–527. doi:10.1177/0018720811417254

    work page doi:10.1177/0018720811417254 2011

  47. [47]

    Valori, A

    M. Valori, A. Scibilia, I. Fassi, J. Saenz, R. Behrens, S. Herbster, C. Bidard, E. Lucet, A. Magisson, L. Schaake, J. Bessler, G. B. Prange-Lasonder, M. Kühnrich, A. B. Lassen, K. Nielsen, Validat- ing safety in human–robot collaboration: Stan- dards and new perspectives, Robotics 10 (2) (2021). doi:10.3390/robotics10020065

    work page doi:10.3390/robotics10020065 2021

  48. [48]

    Delgado Bellamy, G

    D. Delgado Bellamy, G. Chance, P. Caleb-Solly, S. Do- gramadzi, Safety assessment review of a dressing as- sistance robot, Frontiers in Robotics and AI 8 (2021). doi:10.3389/frobt.2021.667316

    work page doi:10.3389/frobt.2021.667316 2021

  49. [49]

    Guiochet, Hazard analysis of human–robot interac- tions with hazop–uml, Safety Science 84 (2016) 225–237

    J. Guiochet, Hazard analysis of human–robot interac- tions with hazop–uml, Safety Science 84 (2016) 225–237. doi:https://doi.org/10.1016/j.ssci.2015.12.017

    work page doi:10.1016/j.ssci.2015.12.017 2016

  50. [50]

    Menon, A

    C. Menon, A. Rainer, P. Holthaus, S. Moros, G. Lakatos, X-hazop: A family of techniques for ethical haz- ard analysis of assistive robots, IEEE Robotics & Automation Magazine 32 (4) (2025) 34–41. doi:10.1109/MRA.2025.3590612

    work page doi:10.1109/mra.2025.3590612 2025

  51. [51]

    Oginni, F

    D. Oginni, F. Camelia, M. Chatzimichailidou, T. L. Ferris, Applying system-theoretic process analysis (stpa)-based methodology supported by systems engineering models to a uk rail project, Safety Science 167 (2023) 106275. doi:https://doi.org/10.1016/j.ssci.2023.106275

    work page doi:10.1016/j.ssci.2023.106275 2023

  52. [52]

    Carwehl, T

    S. Diemert, J. H. Weber, Hazard analysis for self-adaptive systems using system-theoretic process analysis, in: 2023 IEEE/ACM 18th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), 2023, pp. 145–156. doi:10.1109/SEAMS59076.2023.00028

    work page doi:10.1109/seams59076.2023.00028 2023

  53. [53]

    Masci, Y

    P. Masci, Y . Zhang, P. Jones, J. C. Campos, A hazard anal- ysis method for systematic identification of safety require- ments for user interface software in medical devices, in: Software Engineering and Formal Methods, Springer In- ternational Publishing, 2017, pp. 284–299

    work page 2017

  54. [54]

    Chemweno, L

    P. Chemweno, L. Pintelon, W. Decre, Orienting safety assurance with outcomes of hazard analysis and risk as- sessment: A review of the iso 15066 standard for collab- orative robot systems, Safety Science 129 (2020) 104832. doi:https://doi.org/10.1016/j.ssci.2020.104832

    work page doi:10.1016/j.ssci.2020.104832 2020

  55. [55]

    org/spec/UML/(2017)

    Object Management Group, Unified modeling language (uml) specification, version 2.5.1,https://www.omg. org/spec/UML/(2017)

    work page 2017

  56. [56]

    Rumpe, Modeling with UML, V ol

    B. Rumpe, Modeling with UML, V ol. 98, Springer, 2016

    work page 2016

  57. [57]

    K. L. Loftis, J. Price, P. J. Gillich, Evolution of the abbreviated injury scale: 1990–2015, Traf- fic Injury Prevention 19 (sup2) (2018) S109–S113. doi:10.1080/15389588.2018.1512747

    work page doi:10.1080/15389588.2018.1512747 1990

  58. [58]

    Bolbot, G

    V . Bolbot, G. Theotokatos, L. M. Bujorianu, E. Boulougouris, D. Vassalos, Vulnerabilities and safety assurance methods in cyber-physical sys- tems: A comprehensive review, Reliability En- gineering & System Safety 182 (2019) 179–193. doi:https://doi.org/10.1016/j.ress.2018.09.004

    work page doi:10.1016/j.ress.2018.09.004 2019

  59. [59]

    Estimating

    R. Shelby, S. Rismani, K. Henne, A. Moon, N. Ros- tamzadeh, P. Nicholas, N. Yilla-Akbari, J. Gallegos, A. Smart, E. Garcia, et al., Sociotechnical harms of algo- rithmic systems: Scoping a taxonomy for harm reduction, in: Proceedings of the 2023 AAAI/ACM Conference on AI, Ethics, and Society, 2023, pp. 723–741. 18 Appendix A. SHARD Analysis Supplementary ...

    work page 2023