Transcript ICPHSO HBSE_FTA

HAZARD ANALYSIS:
Hazard Based Safety Engineering
&
Fault Tree Analysis
Tom Lanzisero, UL
Copyright © 2011 Underwriters Laboratories Inc. ® All rights reserved
Hazard Analysis




What do we mean by Safety,
Risk, Harm and Hazard?
What is Hazard Based Safety
Engineering (HBSE)?
What is Fault Tree Analysis?
How do these Hazard Analysis
tools help us meet our Safety
Objectives?
Slide 2
Keep it Simple, but…
“Everything should be made as simple as possible,
but not one bit simpler.”
Albert Einstein
Slide 3
Safety Terms




SAFETY - freedom from unacceptable risk
RISK - combination of the probability of
occurrence of harm and the severity of that harm
HARM - physical injury or damage to the health of
people, or damage to property or the environment
HAZARD - potential source of harm
Example Definitions (International Safety Community):
ISO/IEC Guide 51, Safety aspects – Guidelines for their inclusion in standards
ISO – International Organization for Standardization; IEC – International Electrotechnical Commission
Slide 4
k
rR
is
he
ig
H
is
k
R
er
w
Lo
Probability of Harm (P)
Expressing Relative Risk
P x S = constant
Severity of Harm (S)
Slide 5
Hazard Analysis

Hazard Analysis - Determine what harm can occur and how
– What: Harm types, degrees, potential sources (hazards)
– How: Harm mechanisms, conditions and causes

Hazard Based Safety Engineering (HBSE)
– Systematic process - design / evaluate
– Addresses conditions and mechanisms: harm  protection
– Analysis tools include 3-Block Model and FTA Model

Fault Tree Analysis (FTA)
– Graphical representation of causes of a fault (undesirable event)
– Covers conditions, events, root causes and logical relationships
– Analyzes harm and protective measures, strategies and priorities
Slide 6
General Model for Harm
HARM: due to improper transfer between a susceptible entity
and its surroundings
Surroundings
Energy /
Material
Transfer
Too much / too fast
(Hazardous)
Too little / too slow
(Needed)
Susceptible
Entity
Harm to:
Persons
Property
Environment
Slide 7
Model for Harm from a Hazard
HAZARD
HARM
(Potential source of Harm)
(Injury / damage)
Hazardous
Energy,
Material
Source
Transfer
Susceptible
Person
Property
Environment
Slide 8
HBSE 3-Block Model for Injury
Hazardous
Energy
Source
Transfer
Mechanism
Susceptible
Body / Part
E.g.,
Mechanical (kinetic) energy
(e.g., moving part)
Contact
Laceration to hand
(minor to severe)
Electrical energy
(e.g., live part)
Contact
(current thru
body impedance)
Ventricular fibrillation
(lethal)
Thermal energy (heat)
(e.g., hot surface)
Contact
(conductive heat flow)
Skin burn
(1st, 2nd, 3rd degree)
Slide 9
Protection Strategies
Hazardous
Source
Transfer
Susceptible
Entity
Eliminate
(inherently safe),
limit, or control
the hazard
Eliminate, limit
or control the
transfer
(exposure)
Decrease the
susceptibility of
the entity to harm
(as applicable)
Slide 10
Fault Tree Analysis (FTA)
HBSE Fault Tree for Injury
Top Level Model
INJURY
AND
ENERGY TRANSFER
HAZARDOUS
ENERGY
BODILY
EXPOSURE
Slide 11
Fault Tree with 3-Block Model
INJURY
AND
ENERGY TRANSFER
HAZARDOUS
ENERGY
Hazardous
Energy
Source
BODILY
EXPOSURE
Transfer
Mechanism
Body
Susceptibility
Slide 12
Expanding the Fault Tree Model
Top Event
(System Fault)
INJURY
AND
Minimum,
concurrent,
necessary &
sufficient
conditions
ENERGY TRANSFER
HAZARDOUS
ENERGY
BODILY
EXPOSURE
~
~
OR
From general
to incrementally
more specific
categories
Hazard
in Normal
Condition
Hazard Due
To Fault
~
~
Intermediate
Conditions /
Situations /
Events
AND
Primary Events
(Root Cause)
….
Root cause failures of Protective Measures
intended to eliminate, limit or control
Hazards
AND
….
Root cause failures of Protective Measures
intended to eliminate, limit or control
Energy / Material Transfer
Individual
or In
combination
Slide 13
HBSE Fault Tree Model for Injury
INJURY
AND
ENERGY TRANSFER
HAZARDOUS
ENERGY
BODILY
EXPOSURE
AND
AND
(EVENT)
(EVENT)
INADEQUATE
EQUIPMENT
SAFEGUARD
INADEQUATE
EQUIPMENT
SAFEGUARD
INADEQUATE
PERSONAL
SAFEGUARD
INADEQUATE
PERSONAL
AVOIDANCE
OR
OR
OR
OR
OR
OR
EQUIPMENT
SAFEGUARD
FAILURE
NO
EQUIPMENT
SAFEGUARD
EQUIPMENT
SAFEGUARD
FAILURE
NO
EQUIPMENT
SAFEGUARD
PERSONAL
SAFEGUARD
FAILURE
NO
PERSONAL
SAFEGUARD
AVOIDANCE
NOT
POSSIBLE
Slide 14
AVOIDANCE
NOT
ATTEMPTED
Fault Tree Protection Strategies
INJURY
AND
ENERGY TRANSFER
1
ELIMINATE
AND
THE
HAZARD
HAZARDOUS
ENERGY
(EVENT)
(EVENT)
OR
OR
BODILY
EXPOSURE
2
GUARD
AGAINST THE HAZARD
(Energy
/ Exposure)
OR
OR
INADEQUATE
EQUIPMENT
SAFEGUARD
EQUIPMENT
SAFEGUARD
FAILURE
NO
EQUIPMENT
SAFEGUARD
INADEQUATE
EQUIPMENT
SAFEGUARD
EQUIPMENT
SAFEGUARD
FAILURE
NO
EQUIPMENT
SAFEGUARD
AND
INADEQUATE
PERSONAL
SAFEGUARD
PERSONAL
SAFEGUARD
FAILURE
OR
NO
PERSONAL
SAFEGUARD
INADEQUATE
PERSONAL
AVOIDANCE
3
WARN
OR
OF
HAZARD
AVOIDANCE
NOT
POSSIBLE
Slide 15
AVOIDANCE
NOT
ATTEMPTED
Thanks! Questions?
Thomas Lanzisero, P.E.
Sr. Research Engineer
[email protected]
+631-546-2464
Underwriters Laboratories (UL)
1285 Walt Whitman Rd
Melville, NY 11747-3081 USA
www.ul.com
For more, please see Applied Safety Science and Engineering Techniques (ASSETTM)
Paper published and presented at 2010 IEEE Symposium on Product Compliance
Engineering, sponsored by IEEE Product Safety Engineering Society:
http://www.uluniversity.us/common/ncsresponse.aspx?rendertext
=thoughtleadership#research_development
Slide 16