Air Force System Safety Handbook - System Safety Society

More documents

Recommendations

Info

evaluated so that an acceptable method for risk reduction can be pursued. The order of precedence for satisfying system safety requirements and resolving identified hazards is: a. Design for Minimum Risk. From the first, design to eliminate hazards. If an identified hazard cannot be eliminated, reduce the associated risk to an acceptable level, as defined by the MA, through design selection. Defining minimum risk is not a simple matter. It is not a cookbook process that can be numerically developed without considerable thought. Minimum risk will vary from program to program. See paragraph 3.6 for more information. b. Incorporate Safety Devices. If identified hazards cannot be eliminated or their associated risk adequately reduced through design selection, that risk shall be reduced to a level acceptable to the MA through the use of fixed, automatic, or other protective safety design features or devices. Provisions shall be made for periodic functional checks of safety devices when applicable. c. Provide Warning Devices. When neither design nor safety devices can effectively eliminate identified Yes Provided Risk Assessment Package for Management Conclude Hazard Analysis Design to Eliminate Hazard Provided? No Yes Design to Reduce Hazard Provided? Yes Figure 3-2 HAZARD REDUCTION PRECEDENCE No Yes Provide Safety Devices Provided? Yes 21 hazards or adequately reduce associated risk, device shall be used to detect the condition and to produce an adequate warning signal to alert personnel of the hazard. Warning signals and their application shall be designed to minimize the probability of incorrect personnel reaction to the signals and shall be standardized within like types of systems. d. Develop Procedures and Training. Where it is impractical to eliminate hazards through design selection or adequately reduce the associated risk with safety and warning devices, procedures and training shall be used. However, without a specific waiver, no warning, caution, or other form of written advisory shall be used as the only risk reduction method for Category I or II hazards. Procedures may include the use of personal protective equipment. The process for reducing risk due to a hazard is illustrated in Figure 3-2. (40:40) It is an obvious interaction of both engineering and management considerations to bring about an optimal resolution of risk. Final resolution rests in the decision made by the managing activity. No Provide Warning Devices Provided? No Provide Special Procedures Provided? No Terminate System Out
3.4 Mishap Severity Categories and Probabilities. (30:8) Hazards do not necessarily result in mishaps. But if it does occur, the hazard creates mishaps of certain severity. Mishap severity categories (Figure 3-3) are defined to provide a qualitative measure of the worst credible mishap resulting from personnel error, environmental conditions; design inadequacies; procedural deficiencies; or system, subsystem, or component failure or malfunction. These mishap severity categories provide guidance to a wide variety of programs. However, adaptation to a particular program is generally required to provide a mutual understanding between the MA and the contractors as to the meaning of the terms used in the category definitions. The adaptation must define what constitutes system loss, major or minor system damage, and severe and minor injury and occupational illness. The probability that a hazard will be created during the planned life expectancy of the system can be described in potential occurrences per unit of time, events, population, items, or activity (Figure 3-4). Figure 3-3 22 Assigning a quantitative hazard probability to a potential design or procedural hazard is generally not possible early in the design process. A qualitative hazard probability may be derived from research, analysis, and evaluation of historical safety data from similar systems. Supporting rationale for assigning a hazard probability shall be documented in hazard analysis reports. Fig 3-3 and 3-4 definitions of descriptive words may be modified based on quantity involved. Also. The size of the fleet or inventory should be defined. An example of a modified hazard probability definition is presented below. LEVEL APPROXIMATE FREQUENCY Frequent 1 failure in 100 (10 -2 ) cycles Probable 10-2 to 10-4 cycles Occasional 10 -4 to 10 -5 cycles Remote 10 -5 to 10 -6 cycles Improbable Less than 10 -6 cycles EXAMPLE MISHAP SEVERITY CATEGORIES Description Category Mishap definition CATASTROPHIC I Death or CRITICAL II Severe injury, occupational illness or major system damage MARGINAL III Minor injury, minor occupational illness, or minor system damage NEGLIGIBLE IV Less than minor injury, occupational illness, or minor system damage Figure 3-4 EXAMPLE HAZARD PROBABILITY LEVELS Description Level Specific Individual Item Fleet or Inventory FREQUENT A Likely to occur frequently Continuously experienced PERIODIC B Will occur several times in life of an item Will occur frequently OCCASIONAL C Likely to occur sometime in life of an item Will occur several times REMOTE D Unlikely, but possible to occur in life of an Unlikely, but can be reasonably be item expected to occur IMPROBABLE E So unlikely it can be assumed occurrences may not be experienced Unlikely to occur, but possible
Page 1 and 2: “designing the safest possible sy
Page 3 and 4: Chapter Page Forward ..............
Page 5 and 6: Fig # Title Page 1-1 System Safety
Page 7 and 8: Acceptable Risk. That part of ident
Page 9 and 10: Articles/Papers REFERENCES 1. Cleme
Page 11 and 12: 1.3 Need for System Safety. Why is
Page 13 and 14: integrated with other factors that
Page 15 and 16: Figure 1-4 SYSTEM SAFETY OBJECTIVES
Page 17 and 18: 9. Nature and severity of hazards u
Page 19 and 20: CONCEPT EXPLORATION • Evaluate sy
Page 21 and 22: CONSTRUCTION (facilities) • Ensur
Page 23 and 24: existing levels of system safety an
Page 25 and 26: (a) Provides risk assessments to SA
Page 27 and 28: Block 5--Increased Safety Awareness
Page 29: 3.1 Definitions. System safety is a
Page 33 and 34: FREQUENCY OF OCCURRENCE Figure 3-5
Page 35 and 36: j. To point out to a designer how h
Page 37 and 38: g. Ensure that the appropriate syst
Page 39 and 40: Figure 4-1 FUNCTIONS OF SAFETY ORGA
Page 41 and 42: An explosive safety program encompa
Page 43 and 44: Quality assurance establishes polic
Page 45 and 46: safety requirements have been impos
Page 47 and 48: instead uses the tailoring process
Page 49 and 50: 5.1 SSPP--Task 102. (Note: Task num
Page 51 and 52: This section of the plan contains t
Page 53 and 54: program tasking should be sufficien
Page 55 and 56: h. Develop a method of exchanging s
Page 57 and 58: 7.1 Analyses. (28:39-40) Role of An
Page 59 and 60: d. Any other events, that considera
Page 61 and 62: CONCEPT STUDIES (PHL) SYSTEM SAFETY
Page 63 and 64: design specifications. In addition,
Page 65 and 66: a. Of the modes of failure, includi
Page 67 and 68: . Potential material substitutions
Page 69 and 70: are identified, monitored, and comp
Page 71 and 72: 9.1 Fault Hazard Analysis. (33:47-4
Page 73 and 74: The SCA of military systems has inc
Page 75 and 76: doors, sunglasses, machine guards,
Page 77 and 78: Checklists)? There are others, such
Page 79 and 80: not directly provide useful informa
Page 81 and 82:
c. Procedures, manuals, etc. These
Page 83 and 84:
shutdown. This is a relatively smal
Page 85 and 86:
c. Perform or update the PHA done d
Page 87 and 88:
(2) Adequate safety provisions are
Page 89 and 90:
11.1 Program Office Description. A
Page 91 and 92:
management officer (DMO) is usually
Page 93 and 94:
Once the details of these tasks are
Page 95 and 96:
arrangements, an assessment of the
Page 97 and 98:
f. Assist the contractors in making
Page 99 and 100:
12.1 Contracting Principles. (34:6-
Page 101 and 102:
A SOO is attached to an RFP to spec
Page 103 and 104:
Type E - Material Specifications Ty
Page 105 and 106:
Type A--System/Segment Specificatio
Page 107 and 108:
13.1 Process. CHAPTER 13 EVALUATING
Page 109 and 110:
ascertain if the safety requirement
Page 111 and 112:
Develop and prepare program plans a
Page 113 and 114:
The contractor SSPP will be updated
Page 115 and 116:
Facility safety design criteria is
Page 117 and 118:
10. Skill in written and oral commu
Page 119 and 120:
eflect the local concern for operat
Page 121 and 122:
c. Review equipment installation, o
Page 123 and 124:
15.1 Acceptable/Unacceptable Risk.
Page 125 and 126:
FACILITIES SYSTEM SAFETY INDUSTRIAL
Page 127 and 128:
15.3 Biomedical Safety. (37:Chapter
Page 129 and 130:
• Mishap Class/system identificat
Page 131 and 132:
c. A Nuclear Safety Cross-check Ana
Page 133 and 134:
17.1 General. There are many variat
Page 135 and 136:
characteristics are under configura
Page 137 and 138:
The AFMC supplement to AFI-91-202 p
Page 139 and 140:
TRB DEFICIENCY REPORTS MISHAP REPOR
Page 141 and 142:
these elements should be investigat
Page 143 and 144:
The modification risk-assessment su
Page 145 and 146:
20.1 General. Test and Evaluation (
Page 147 and 148:
Development of these scenarios crea
Page 149 and 150:
isk, or to stop the test until the
Page 151 and 152:
Figure A-1. Mission Requirements/El
Page 153 and 154:
• Capability (task loading) • O
Page 155 and 156:
preliminary hazard list. The major
Page 157 and 158:
• System Hazard Analysis • Oper
Page 159 and 160:
sensitivity analysis. Here, an asse
Page 161:
(5) Revising Maintenance Requiremen
show all

Air Force System Safety Handbook - System Safety Society

Create successful ePaper yourself

Delete template?

Save as template?