define & compare flowcharts of each method tom delong
TRANSCRIPT
Define & Compare Flowcharts of Each MethodTom Delong
3
» ANSI Process
» MIL-STD-882 Process
» Safety Cases
» SAE ARP 4761 Process
» Reports
Overview of Methods
4
ANSI Process
• Residual Risk Review & Acceptance
• Assess Mishap Risk
UnderstandingRisk Options
• Identify Mitigation Measures• Reduce Risk to Acceptable Level• Verify Risk Reduction
IterativeRisk Reduction
Changes
Understanding Risk Drivers
Risk Assessment
Risk Reduction
UnderstandingHazards
• Recognize & Document Hazards
• Tasks• Schedule• Team• Tools
• Document theSystem Safety Approach
Program Initiation
Hazard Identification
Risk Acceptance
• HazardTracking
Continuous
Continuous
T-05-00512
MaturingDesign
Life CycleMonitoring
5
ANSI Process
The matrix defines the “risk space” for a single-system and a declared exposure
duration (e.g., 1 year, 1 lifecycle).
H8
H4H5
H1H9
H3H6
H2H7
Probability
Sev
erit
y
• Expert Judgment• Historical Risk Experience• System Knowledge• Engineering Judgment• What is Known/not Known
• Numerical Analysis• Computer Models
1) Process:
• Checklists• System Energy Source Inventory• Prior Work with Similar Systems• Operating Scenario Walkthroughs• Operational Phase Review• Codes/Standards/Regulations
GENERIC SYSTEM SAFETY PROCESS
Hazard Identification and Tracking Risk Assessment1) Process:
PHL
The initial step produces a complete definition of the hazards associated with the system. This can be achieved by a variety of methods. Key elements of the risk assessment matrix are also defined.
Identify Hazards
For each identified hazard the severity and likelihood are established. The Risk Assessment Matrix is used to assess and display the risk.
Risk Assessment Matrix-Individual Hazards
Reduction Not
Needed
Reduction Needed
3) Products:HTS
Element 2 Element 3
Risk Reduction
1) Process:
2) Methods:
3) Products (typical):
Develop Candidate Countermeasures
Understand Risk Drivers
Select Countermeasures
Re-Assess and Accumulate Risks
Risk Reductions are achieved by understanding the risk, countermeasuring the risk according to an order of precedence, and reassessing risks.
othersSAR
CountermeasureSelection Criteria• Cost
(vs., accepting risk)
• Effectiveness(In reducing risk)
• Feasibility• Means• ScheduleCountermeasures shouldn’t:
1) Introduce new hazards2) Unacceptably Impair system performance
CountermeasureOrder of Precedence:1) Design Changes2) Engineered Safety Features3) Safety Devices4) Warning Devices5) Procedures/Training
Understanding risk causation can lead to prioritizing hazard reductions and/or direct countermeasure selection.
• Accumulate total system risk by proper mathematical protocol
• Validate Risk Reductions
Hazard Reports
Element 4
Understanding of Hazards
Understand Options to
Reduce
Element 1 Program Initiation
• Plans• Authorizations• Contract(s)• Team• Tools
SSHA SHAO&SHA OthersPHA
Risk Acceptance
Decision
Risk Acceptance
1) Compare to Consensus Standards fora) Protection of Personnelb) Societal Risk
2) Balance Risk with Needs
Residual Risk
3) Product:
1) Process:
2) Methods:
Properly designated decision-makers are provided sufficient information to make an informed decision concerning the acceptability of residual risk. All decisions are to be documented.
Documented Risk-Based Decision
Risk Need
Decision
Document
How Safe is Safe Enough?
Other Action(s)
• Further Reduce
• Deny Approval
• Forward to Higher Authority
Element 5
FMEA FTAEvent Trees
Others
Hazard Tracking
Iterative
2) Methods:
3) Products:
Includes:• Description• Assessed Risk• Potential and Selected Countermeasures• Accident Experience• Lessons Learned
2) Assessment Methods:
Assessrisks ofhazards
Assessment Approaches
ExampleConsensus
Standardfor Risk
Acceptability
Accept
LifecycleMonitoring Changes to
Reduce Risk
Understandingof Risk Drivers
6
MIL-STD-882 Process
Element 1:Document the System
Safety Approach
Element 2:Identify and
Document Hazards
Element 3:Assess and
Document Risk
Element 4:Identify and Document
Risk Mitigation Measures
Element 5:Reduce Risk
Element 6:Verify, Validate, and
Document Risk Reduction
Element 7:Accept Risk
and Document
Element 8:Manage Life-Cycle Risk
7
Safety Cases
8
A Simple Goal
Structure
G1
Press is acceptably safe to operate within Whatford Plant
C1
Press specification
C2
Press operation
C3
Whatford Plant
S1
Argument by addressing all identified operating hazards
S2Argument of compliance with all applicable safety standards and regulations
C4
All identified operating hazards
C5
All applicable safety standards and regulations
G2
Hazard of 'Operator Hands Trapped by Press Plunger' sufficiently mitigated
G3
Hazard of 'Operator Upper Body trapped by Press Plunger' sufficiently mitigated
G4
Hazard of 'Operator Hands Caught in Press Drive Machinery' sufficiently mitigated
G5
Press compliant with UK HSE Provision and Use of Work Equipment Regulations
G6
Press compliant with UK enactment of EU Machinery Directive
G7
PES element of press design compliant with IEC1508
Sn1
FTA analysis
Sn2
Formal verification
Sn3
SIL3 certificate
Sn4
Audit report
Sn5
Compliance sheet
9
SAE ARP 4761 Process
Determine Impact of S/W
Design
Define Initial System Safety
Design Requirements
SIL Testing Ground Testing Flight Testing
Determine severity of failure conditions on the A/C or aircrew
Determine S/W Levels
A/B/C/D/E
Allocate S/W functions to
appropriate CSCIsCSCs, CSUs
Software Requirements and Definition
System Safety Engineering IAW ARP 4761
Software Coding And
Unit Testing
PDR CDR
SOFTWARE DESIGN
Analyze System Hazards
Refine HazardMitigations and
Identify Derived Safety Reqmts
INTEGRATION TESING/ QUALIFICATION TESTING
Determine S/W Safety Involvement
Determine S/W Level
Define S/W Safety Critical Requirements
Determine S/W Safety
Hazard Mitigations
Define S/W Safety Verification
Requirements
Ensure Compliance with Safety-Critical Requirements
Conduct S/W Safety Analyses
Per 1228
DO-178B Software Design Assurance
SSPPper “882”
PSSA SSA
Software Safety IAW IEEE STD 1228
Perform Test Safety Analysis & Develop S-C Test
Requirements (FMETs/FTs/CWAs)
IntegrationSpecs &
SRSs
TDOCs
FHA
10
Safety Cases
Detail depends o
n the
regulatory
structu
re, e
tc.
11
» Following are key elements of most standards:Scope
System Description
System Hazards
Safety Requirements
Risk Assessment
Hazard Control / Risk Reduction Measures
Safety Analysis / Test
Safety Management System
Development Process Justification
Conclusions
Typical Safety Case Contents
12
Safety Assessment Report
Purpose» Historical record
» Comprehensive evaluation of risk 60 days prior to test
60 days prior to fielding
New phase of contract or completion
» Sent to DTIC & MANPRINT Database
» Provides manufacturer’s statement of risk control with justification
Contents» Introduction
» System description
» System operations
» System safety engineering
» Conclusions (signed statement)
» References