STPA (Systems Theoretic Process Analysis) has been presented at previous ELISA workshops as a way to analyse complex software-intensive systems for safety. During this talk Shaun Mooney will show how Codethink have used STPA to achieve ISO-26262 certification of an open-source toolchain. The talk will show how we conducted the analysis and derived tests from the outputs, and discuss the YAML schema and custom validation tools that Codethink developed as a practical way to conduct STPA. Shaun will also share lessons learned while introducing this relatively new technique to an engineering team.