Goal Structuring Notation (GSN)
12 chapters Turn a pile of ISO 26262 work products into an explicit, reviewable safety argument across 12 chapters: every element shape, both relationship types, the six-step construction method, modular arguments at scale, and the review practices that survive a confirmation review.
How You Learn
Video and text stay in sync. As you scroll through the chapter, the video jumps to the matching explanation automatically.
Learning Objectives
Write claims that can be false
Phrase goals as propositions a reviewer can judge true or false, instead of activities or document names.
Build arguments with the six-step method
Decompose a top claim down to evidence, fixing context at each level and stopping at the right granularity.
Apply both relationship types correctly
Use SupportedBy for inference and InContextOf for scope, and keep structures well formed and legal.
Scale arguments across organizations
Split large cases into modules with away elements and contracts mapped onto OEM, supplier and SEooC boundaries.
Chapters
Why Safety Arguments Need Structure
ISO 26262-2 (6.4.8) requires a safety case that connects evidence to the claim of acceptable safety, and prose collapses once an ASIL D item accumulates thousands of work products.
The Safety Case in ISO 26262
How the safety case is compiled progressively across the lifecycle, fed by HARA safety goals and the confirmation review with independence that grows as ASIL rises.
The Core GSN Elements
Six element types form the whole vocabulary: Goal, Strategy and Solution build the argument chain while Context, Assumption and Justification attach sideways and control how it reads.
Relationships and Well-Formed Structures
SupportedBy carries the inference and InContextOf scopes it, with a permitted-connections matrix and structure rules that determine whether a diagram is even legal GSN.
The Six-Step Construction Method
Kelly's loop for building an argument from a blank canvas: state the claim, fix its basis with context, choose a strategy, repeat, and stop the decomposition at evidence.
Worked Example: The EPS Safety Argument
SG-01 of an electric power steering item built node by node from top claim to evidence, showing which step produced which node and where SG-02 and SG-03 stay honestly undeveloped.
Modular GSN: Arguments at Scale
Modules, away elements and contracts let one argument span OEM, supplier and SEooC boundaries, mapping argument structure onto the DIA and distributed development.
Patterns and Argument Reuse
Reusable argument fragments captured with the pattern notation, the classic catalogue of patterns, and the instantiation discipline that keeps reuse from becoming copy-paste.
Confidence Arguments and Defeaters
A tidy diagram is not yet a trustworthy one: assurance claim points expose confidence separately from the safety argument, and defeater thinking forces engagement with counter-evidence.
Reviewing GSN Arguments and Spotting Fallacies
Three review layers check syntax, semantics and sufficiency, with a field guide to the recurring fallacy classes and review formats that actually catch them.
Tooling, Interchange and Alternative Notations
Where GSN sits among argument notations, how the SACM metamodel enables interchange between tools, and what keeps an argument alive and maintained between releases.
Pitfalls, Checklist and Assessment Readiness
The ten failure patterns reviewers see most often, what the assessor reads first, and a self-audit to run before the confirmation review.
Diagrams & Visuals
Safety Case Anatomy
The three layers of claims, argument and evidence, fed by HARA safety goals and grounded in lifecycle work products.
Element Gallery
The six core shapes (Goal, Strategy, Solution, Context, Assumption, Justification) with phrasing rules and the classic mistake for each.
EPS Argument Structure
SG-01 decomposed from top claim to evidence, with SupportedBy and InContextOf links built phase by phase.
Permitted-Connections Matrix
Which elements may legally connect to which, separating load-bearing support from contextual scoping.
Modular Contracts
Modules, away goals and away contexts spanning OEM, supplier and SEooC boundaries across the DIA.
Safe State and Item Context
The EPS item, its safety goal and the safe state that scopes the worked argument.
An EPS Safety Argument from Goal to Evidence
Build the safety argument for SG-01 (unintended self-steering is prevented) of an electric power steering item, node by node, using the six-step method.
- State the top goal: unintended self-steering of the EPS item is prevented
- Scope it with context: the item boundary, the safe state, and the confirmed HARA
- Choose a strategy: argue over each fault class that could cause self-steering
- Decompose into sub-goals for detection, reaction and the assist limitation
- Ground the leaves in evidence: FMEDA results, fault injection reports, verification reports
- Leave SG-02 and SG-03 visibly undeveloped rather than faking closure
SG-01 Argument Skeleton
Master Goal Structuring Notation
From the six core elements to a modular, assessment-ready safety argument built the way reviewers read it.
Start Learning Now