Transcript Document
Define & Compare Flowcharts of Each Method Tom Delong Overview of Methods » ANSI Process » MIL-STD-882 Process » Safety Cases » SAE ARP 4761 Process » Reports 3 ANSI Process Program Initiation • Document the System Safety Approach • Tasks • Schedule • Team • Tools Hazard Identification • Recognize & Document Hazards Maturing Design Life Cycle Monitoring Risk Acceptance • Residual Risk Review & Acceptance Understanding Hazards Continuous • Hazard Tracking Continuous Understanding Risk Options Risk Assessment • Assess Mishap Risk Understanding Risk Drivers Iterative Risk Reduction Changes Risk Reduction • Identify Mitigation Measures • Reduce Risk to Acceptable Level • Verify Risk Reduction T-05-00512 4 ANSI Process Element 1 Program Initiation • Plans • Authorizations • Contract(s) • Team • Tools Element 3 Hazard Identification and Tracking 1) Process: The initial step produces a complete definition of the hazards associated with the system. This can be achieved by a variety of methods. Key elements of the risk assessment matrix are also defined. Identify Hazards 2) Methods: Risk Assessment • • • • • • Hazard Tracking Checklists System Energy Source Inventory Prior Work with Similar Systems Operating Scenario Walkthroughs Operational Phase Review Codes/Standards/Regulations 3) Products: 1) Process: For each identified hazard the severity and likelihood are established. The Risk Assessment Matrix is used to assess and display the risk. Understanding of Hazards Includes: • Description • Assessed Risk • Potential and Selected Countermeasures • Accident Experience • Lessons Learned Risk Assessment Matrix-Individual Hazards H7 H2 H6 2) Assessment Methods: • Expert Judgment • • • • H1 H5 H4 H8 Assessment Approaches • Numerical Analysis • Computer Models FMEA Event Trees FTA Element 5 1) Process: Properly designated decisionmakers are provided sufficient information to make an informed decision concerning the acceptability of residual risk. All decisions are to be documented. O&SHA SSHA SHA Others Element 4 Accept Risk Acceptance Decision 1) Process: 2) Methods: a) Protection of Personnel b) Societal Risk Example Consensus Standard for Risk Acceptability Risk Reductions are achieved by understanding the risk, countermeasuring the risk according to an order of precedence, and reassessing risks. Understand Risk Drivers • Deny Approval • Forward to Higher Authority 2) Methods: 1) Compare to Consensus Standards for Need Understand Options to Reduce Understanding risk causation can lead to prioritizing hazard reductions and/or direct countermeasure selection. 2) Balance Risk with Needs 3) Product: Documented Risk-Based Decision Develop Candidate Countermeasures Select Countermeasures Countermeasure Order of Precedence: 1) Design Changes 2) Engineered Safety Features 3) Safety Devices 4) Warning Devices 5) Procedures/Training Countermeasures shouldn’t: 1) 2) Decision Document Understanding of Risk Drivers Iterative Changes to Reduce Risk Risk Reduction Other Action(s) • Further Reduce How Safe is Safe Enough? Risk Reduction Needed Others Lifecycle Monitoring Residual Risk Assess risks of hazards H3 H9 Probability Historical Risk Experience System Knowledge Engineering Judgment What is Known/not Known PHA Risk Acceptance Reduction Not Needed 3) Products: HTS PHL The matrix defines the “risk space” for a single-system and a declared exposure duration (e.g., 1 year, 1 lifecycle). Severity Element 2 GENERIC SYSTEM SAFETY PROCESS 3) Products (typical): Hazard Reports SAR Re-Assess and Accumulate Risks • Accumulate total system risk by proper (vs., accepting risk) mathematical protocol • Effectiveness • Validate Risk (In reducing risk) Reductions • Feasibility Countermeasure Selection Criteria • Cost • Means • Schedule Introduce new hazards Unacceptably Impair system performance others 5 MIL-STD-882 Process Element 1: Document the System Safety Approach Element 5: Reduce Risk Element 2: Identify and Document Hazards Element 6: Verify, Validate, and Document Risk Reduction Element 3: Assess and Document Risk Element 7: Accept Risk and Document Element 4: Identify and Document Risk Mitigation Measures Element 8: Manage Life-Cycle Risk 6 Safety Cases 7 C1 G1 Press specification C3 Press is acceptably safe to operate within Whatford Plant Whatford Plant C2 Press operation S2 Argument of compliance with all applicable safety standards and regulations S1 C4 Argument by addressing all identified operating hazards All identified operating hazards A Simple Goal Structure C5 All applicable safety standards and regulations G4 G3 G5 G6 Hazard of 'Operator Hands Caught in Press Drive Machinery' sufficiently mitigated Hazard of 'Operator Upper Body trapped by Press Plunger' sufficiently mitigated Press compliant with UK HSE Provision and Use of Work Equipment Regulations Press compliant with UK enactment of EU Machinery Directive G2 G7 Hazard of 'Operator Hands Trapped by Press Plunger' sufficiently mitigated PES element of press design compliant with IEC1508 Sn1 FTA analysis Sn2 Sn4 Formal verification Audit report Sn3 SIL3 certificate Sn5 Compliance sheet 8 SAE ARP 4761 Process DO-178B Software Design Assurance Determine Impact of S/W Design Determine severity of failure conditions on the A/C or aircrew Software Requirements and Definition Allocate S/W functions to appropriate CSCIs CSCs, CSUs Determine S/W Levels A/B/C/D/E PDR Software Coding And Unit Testing CDR SOFTWARE DESIGN INTEGRATION TESING/ QUALIFICATION TESTING SIL Testing Ground Testing Flight Testing Software Safety IAW IEEE STD 1228 Determine S/W Safety Involvement SSPP per “882” Determine S/W Level FHA Define S/W Safety Critical Requirements Define Initial System Safety Design Requirements PSSA Conduct S/W Safety Analyses Per 1228 Determine S/W Safety Hazard Mitigations Analyze System Hazards System Safety Engineering IAW ARP 4761 Refine Hazard Mitigations and Identify Derived Safety Reqmts Integration Specs & SRSs Define S/W Safety Verification Requirements Perform Test Safety Analysis & Develop S-C Test Requirements (FMETs/FTs/CWAs) Ensure Compliance with Safety-Critical Requirements SSA TDOCs 9 Safety Cases 10 Typical Safety Case Contents » Following are key elements of most standards: Scope System Description System Hazards Safety Requirements Risk Assessment Hazard Control / Risk Reduction Measures Safety Analysis / Test Safety Management System Development Process Justification Conclusions 11 Safety Assessment Report Purpose Contents » Historical record » Introduction » Comprehensive evaluation of risk » System description 60 days prior to test 60 days prior to fielding New phase of contract or completion » Sent to DTIC & MANPRINT Database » System operations » System safety engineering » Conclusions (signed statement) » References » Provides manufacturer’s statement of risk control with justification 12