Air Force System Safety Handbook - System Safety Society
Air Force System Safety Handbook - System Safety Society
Air Force System Safety Handbook - System Safety Society
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.5 Mishap Risk Assessment.<br />
By combining the probability of occurrence with mishap<br />
severity, a matrix is created where intersecting rows and<br />
columns are defined by a Mishap Risk Assessment Value.<br />
The value forms the basis for judging both the acceptability of<br />
a risk and the management level at which the decision of<br />
acceptability will be made. The value may also be used to<br />
prioritize resources to resolve risks due to hazards or to<br />
standardize hazard notification or response actions.<br />
Prioritization may be accomplished either subjectively by<br />
qualitative analyses resulting in a comparative mishap risk<br />
assessment or through quantification of the probability of<br />
occurrence resulting in a numeric priority factor for that<br />
hazardous condition. Figures 3-5 and 3-6 show two sample<br />
matrices for mishap risk assessment which can be applied to<br />
provide qualitative priority factors for assigning corrective<br />
action. In the first matrix, an identified hazard assigned a<br />
mishap risk assessment value of 1A, 1B, 1C, 2A, 2B, or 3A<br />
might require immediate corrective action. A value of 1D, 2C,<br />
2D, 3B, or 3C would be tracked for possible corrective action.<br />
A value of 1E, 2E, 3D, or 3E might have a lower priority for<br />
corrective action and may not warrant any tracking actions. In<br />
the second matrix, risk values of 1 through 20 (1 being highest<br />
risk are assigned somewhat arbitrarily. This matrix design<br />
assigns a different value to each frequency-category pair, thus<br />
avoiding the situation caused by creating values as products<br />
of numbers assigned to frequency and category which causes<br />
common results such as 2 X 6 = 3 X 4 = 4 X 3. This situation<br />
hides information pertinent to prioritization. These are only<br />
examples of a risk assessment methods and do not fit all<br />
programs. (30:9)<br />
The mishap risk assessment value will be more useful if the<br />
severity and probability scales are carefully defined. Some<br />
suggestions for each are as follows. (18:14-17)<br />
“Severity ranges should be sized so that events within each<br />
category are of comparable severity....Equating the severity of<br />
event and conditions which can cause one fatality with those<br />
which can cause 100 or 1,000 does not make sense. The<br />
potential problems associated with sizing of the severity<br />
ranges grow as the size of the system grows. Program<br />
23<br />
managers need to be provided with risk information that has<br />
the fidelity to distinguish the hazardous events that meet<br />
general criteria.<br />
Severity range thresholds for each severity category should be<br />
comparable when considering personal, system, or facility<br />
losses....For example, events or conditions which could cause<br />
the loss of an E-4 <strong>Air</strong>borne Command Post would be<br />
categorized by MIL-STD-882 as catastrophic. Loss of a single<br />
crewman, mechanic, or passenger would also fall in the<br />
catastrophic category....Severe injuries, such as total loss of<br />
sight of a mechanic, and system damage of several million<br />
dollars are not normally considered to have equal value, even<br />
though both are considered as values for the critical category.<br />
If the ranking criteria use risk as a function of severity and<br />
probability, quantitative scales or qualitative scales based on<br />
quantitative logic should be used. If the concept that the<br />
expected losses (or risk) associated with a hazardous event or<br />
condition may be estimated by multiplying the expected<br />
severity of the accident by the probability of the accident, then<br />
some sort of quantitative basis is necessary....Failure to<br />
provide a quantitative basis for the scales can cause<br />
significant confusion and dissipation of safety resources when<br />
an arbitrary risk ranking scale is used.<br />
Develop the severity values using order of magnitude ranges.<br />
This gets severity values far enough apart to avoid hair-splitting<br />
arguments and simplifies severity assessment during<br />
PHAs.<br />
Quantify the threshold values for the probability ranges.<br />
Quantification reduces confusion associated with strictly qualitative<br />
definitions. Although it is impossible to quantify the<br />
ranges in MIL-STD-882 due to its extremely broad application,<br />
developing quantified probability ranges for specific systems is<br />
a relatively easy task to accomplish.<br />
The probability of occurrence should refer to the probability of<br />
an accident/consequence as opposed to the probability of an<br />
individual hazard/basic event occurring. The typical accident<br />
sequence is much more complicated than a single line of erect<br />
dominos where tipping the first domino (hazard) triggers a<br />
clearly predictable reaction.<br />
Develop the probability values using order of magnitude<br />
ranges. Do this for the same reason you did it when<br />
developing the severity ranges.”