Air Force System Safety Handbook - System Safety Society

More documents

Recommendations

Info

4.1 System Safety Program Objectives and Requirements. Employing good management and engineering principles is the heart of the system safety function. It is the system safety program that integrates all these efforts and ensures a minimum risk weapon system consistent with other program constraints. A system safety program consists of a system safety plan, various specific management tasks, several time-phased analyses, and periodic reviews and evaluations. Chapter 5 will discuss the system safety plan in detail. Chapter 6 outlines other management tasks. Chapter 7 reviews various analyses. Chapter 8 discusses the several assessment and verification tasks. In this chapter, the system safety program will be discussed in general. Chapter 1 explained the need for system safety, and Chapter 2, DOD and Air Force policy and participants in system safety efforts. These efforts are the systematic, well-defined process called a system safety program. It is fundamentally a management process employing certain engineering tasks. The principal objective of a system safety program within the DOD is to make sure safety, consistent with mission requirements, is designed into systems, subsystems, equipment, facilities, and their interfaces and operation. The degree of safety achieved in a system depends directly on management emphasis. Government agencies and contractors must apply management emphasis to safety during the system acquisition process and throughout the life cycle of each system, making sure mishap risk is understood and risk reduction is always considered in the management review process. A formal safety program that stresses early hazard identification and elimination or reduction of associated risk to a level acceptable to the managing activity is the principal contribution of effective system safety. The success of the system safety effort depends on definitive statements of safety objectives and requirements. Specific system safety program objectives are outlined in paragraph 1.2. Specific time-phased requirements will be discussed in Chapter 10. General system safety program requirements are: (30:3) a. Eliminate identified hazards or reduce associated risk through design, including material selection or substitution. b. Isolate hazardous substances, components, and operations from other activities, areas, personnel, and incompatible materials. c. Locate equipment so that access during operations, servicing, maintenance, repair, or adjustment minimizes personnel exposure to hazards. d. Minimize risk resulting from excessive environmental conditions (e.g., temperature, pressure, noise, toxicity, acceleration, and vibration). CHAPTER 4 SYSTEM SAFETY PROGRAM 27 e. Design to minimize risk created by human error in the operation and support of the system. f. Consider alternate approaches to minimize risk from hazards that cannot be eliminated. Such approaches include interlocks, redundancy, fail-safe design, fire suppression, and protective clothing, equipment, devices, and procedures. g. Protect power sources, controls, and critical components of redundant subsystems by separation or shielding. h. When alternate design approaches cannot eliminate the hazard, provide warning and caution notes in assembly, operations, maintenance, and repair instructions, and distinctive markings on hazardous components and materials, equipment, and facilities to ensure personnel and equipment protection. These shall be standardized in accordance with MA requirements. i. Minimize the severity of personnel injury or damage to equipment in the event of a mishap. j. Design software-controlled or monitored functions to minimize initiation of hazardous events or mishaps. k. Review design criteria for inadequate or overly restrictive requirements regarding safety. Recommend new design criteria supported by study, analyses, or test data. Management Responsibilities. System safety management (especially in the program office), in order to meet the objectives and requirements of system safety, must: (29:A1-A2) a. Plan, organize, and implement an effective system safety program that is integrated into all life cycle phases. b. Establish definitive system safety program requirements for the procurement or development of a system. The requirements must be set forth clearly in the appropriate system specifications and contractual documents. c. Ensure that a system safety program plan (SSPP) is prepared that reflects in detail how the total program is to be conducted. d. Review and approve for implementation the SSPPs prepared by the contractor. e. Supply historical safety data as available. f. Monitor contractors’ system safety activities and review and approve deliverable data, if applicable, to ensure adequate performance and compliance with system safety requirements.
g. Ensure that the appropriate system specifications are updated to reflect results of analyses, tests, and evaluations. h. Evaluate new design criteria for inclusion into military specifications and standards and submit recommendations to the respective responsible organization. i. Establish system safety groups as appropriate to assist the program manager in developing and implementing a system safety program. j. Establish work breakdown structure elements at appropriate levels for system safety management and engineering. Management’s Risk Review. The system safety program examines the interrelationships of all components of a program and its systems with the objective of bringing mishap risk or risk reduction into the management review process for automatic consideration in total program perspective. It involves the preparation and implementation of system safety plans; also, the performance of system safety analyses on both system design and operations, and risk assessments in support of both management and system engineering activities. The system safety activity provides the program manager with a means of identifying what the mishap risk is, where a mishap can be expected to occur, and what alternate routes the design may take. Most important, it verifies implementation and effectiveness of hazard control. What is generally not recognized in the system safety community is that there are no safety problems in system design. There are only engineering and management problems, which if left unresolved, can result in a mishap. When a mishap occurs, then it is a safety problem. Identification and control of mishap risk is an engineering and management function. Determining what went wrong is a function of the safety activity. (37:1-2) System safety activity provides the program manager with an effective means of identifying what risk elements exist and evaluating their interrelationship to all elements of the program. These risk elements are most significant in the preventative mode and are detected by design analysis (i.e., determine where a mishap can be expected to occur and provide an alternate design approach) and corrected by design action to control, eliminate, or soften the effects of the resultant mishap. Most importantly, system safety activity verifies implementation and effectiveness of hazard control by the design hazard analysis process. An equally significant and beneficial element in the program life cycle is acquisition of empirical data and performance verification feedback. The operational hazard analysis provides an effective method, during the integrated operations life cycle, for initial and continuous monitoring and tracking as the program comes into its maturity. Also, the subsequent feedback can be used to validate design and development predictions; moreover, it creates an iterative process in failure prediction and the corrective action process toward prevention of an incident or mishap event. Through effective feedback, it is possible to learn from such an event and generate the capability to translate this knowledge to a similar program endeavor. (37:1-3) An excellent summary of management function required for a system safety program is presented in Figure 4-1. Although written for contractor system safety efforts, it is a good review of the many government-required functions as well. 4.2 Program Balance. 28 The system safety effort is an optimizing process that varies in scope and scale over the lifetime of the system. System safety program balance is the result of the interplay between system safety and the three very familiar basic program elements: cost, performance, and schedule. Without an acute awareness of the system safety balance on the part of both program management and the system safety manager, they cannot discuss when, where, and how much they can afford to spend on system safety. We cannot afford mishaps which will prevent the achievement of primary mission goals; nor can we afford systems which cannot perform because of overstated safety goals. From the beginning of the program, the desired result is to have the safety pendulum balance, with safety placed in the proper perspective. Proper system safety balance cannot be achieved without clearly defining acceptable and unacceptable risks. This is the first task that needs to be completed. These acceptability parameters must be established early enough in the program to allow for selection of the optimum design or operational alternatives. For cost-effective mishap prevention, defining acceptable and unacceptable risk is as important as defining cost and performance parameters. (37:1-5) Figure 4-2 graphically displays how the scale of effort varies with life cycle phase. (40:38) System safety is applied early in the life cycle, but some system safety efforts are required until and during system operations termination. LEVEL OF SAFETY EFFORT MILESTONES Figure 4-2 SYSTEM SAFETY LIFE CYCLE EFFORTS PHASE 0 CONCEPT DEFINITION MS 1 PHASE I DEVELOPMENT & VALIDATION MS II PHASE II ENGINEERING & MANUFACTURING SYSTEM LIFE CYCLE PHASE III PRODUCTION & DEPLOYMENT MODIFICATION PHASE IV System safety management applies the safety technology of all applicable safety disciplines to the development and utilization of a military system. During acquisition of a system, the system safety effort is focused on design engineering and system engineering. While planning for system safety is of major concern in the conceptual phase, the full application of system engineering principles in design is an integral part of the validation and full-scale development phases. For test operations and evaluation activities, the system safety function includes responsibilities for system, personnel, and environmental protection. Production and operational phases are approached with the concept that human error can void all standards incorporated by design. Effective planning to MS III MS IV TERM
Page 1 and 2: “designing the safest possible sy
Page 3 and 4: Chapter Page Forward ..............
Page 5 and 6: Fig # Title Page 1-1 System Safety
Page 7 and 8: Acceptable Risk. That part of ident
Page 9 and 10: Articles/Papers REFERENCES 1. Cleme
Page 11 and 12: 1.3 Need for System Safety. Why is
Page 13 and 14: integrated with other factors that
Page 15 and 16: Figure 1-4 SYSTEM SAFETY OBJECTIVES
Page 17 and 18: 9. Nature and severity of hazards u
Page 19 and 20: CONCEPT EXPLORATION • Evaluate sy
Page 21 and 22: CONSTRUCTION (facilities) • Ensur
Page 23 and 24: existing levels of system safety an
Page 25 and 26: (a) Provides risk assessments to SA
Page 27 and 28: Block 5--Increased Safety Awareness
Page 29 and 30: 3.1 Definitions. System safety is a
Page 31 and 32: 3.4 Mishap Severity Categories and
Page 33 and 34: FREQUENCY OF OCCURRENCE Figure 3-5
Page 35: j. To point out to a designer how h
Page 39 and 40: Figure 4-1 FUNCTIONS OF SAFETY ORGA
Page 41 and 42: An explosive safety program encompa
Page 43 and 44: Quality assurance establishes polic
Page 45 and 46: safety requirements have been impos
Page 47 and 48: instead uses the tailoring process
Page 49 and 50: 5.1 SSPP--Task 102. (Note: Task num
Page 51 and 52: This section of the plan contains t
Page 53 and 54: program tasking should be sufficien
Page 55 and 56: h. Develop a method of exchanging s
Page 57 and 58: 7.1 Analyses. (28:39-40) Role of An
Page 59 and 60: d. Any other events, that considera
Page 61 and 62: CONCEPT STUDIES (PHL) SYSTEM SAFETY
Page 63 and 64: design specifications. In addition,
Page 65 and 66: a. Of the modes of failure, includi
Page 67 and 68: . Potential material substitutions
Page 69 and 70: are identified, monitored, and comp
Page 71 and 72: 9.1 Fault Hazard Analysis. (33:47-4
Page 73 and 74: The SCA of military systems has inc
Page 75 and 76: doors, sunglasses, machine guards,
Page 77 and 78: Checklists)? There are others, such
Page 79 and 80: not directly provide useful informa
Page 81 and 82: c. Procedures, manuals, etc. These
Page 83 and 84: shutdown. This is a relatively smal
Page 85 and 86: c. Perform or update the PHA done d
Page 87 and 88:
(2) Adequate safety provisions are
Page 89 and 90:
11.1 Program Office Description. A
Page 91 and 92:
management officer (DMO) is usually
Page 93 and 94:
Once the details of these tasks are
Page 95 and 96:
arrangements, an assessment of the
Page 97 and 98:
f. Assist the contractors in making
Page 99 and 100:
12.1 Contracting Principles. (34:6-
Page 101 and 102:
A SOO is attached to an RFP to spec
Page 103 and 104:
Type E - Material Specifications Ty
Page 105 and 106:
Type A--System/Segment Specificatio
Page 107 and 108:
13.1 Process. CHAPTER 13 EVALUATING
Page 109 and 110:
ascertain if the safety requirement
Page 111 and 112:
Develop and prepare program plans a
Page 113 and 114:
The contractor SSPP will be updated
Page 115 and 116:
Facility safety design criteria is
Page 117 and 118:
10. Skill in written and oral commu
Page 119 and 120:
eflect the local concern for operat
Page 121 and 122:
c. Review equipment installation, o
Page 123 and 124:
15.1 Acceptable/Unacceptable Risk.
Page 125 and 126:
FACILITIES SYSTEM SAFETY INDUSTRIAL
Page 127 and 128:
15.3 Biomedical Safety. (37:Chapter
Page 129 and 130:
• Mishap Class/system identificat
Page 131 and 132:
c. A Nuclear Safety Cross-check Ana
Page 133 and 134:
17.1 General. There are many variat
Page 135 and 136:
characteristics are under configura
Page 137 and 138:
The AFMC supplement to AFI-91-202 p
Page 139 and 140:
TRB DEFICIENCY REPORTS MISHAP REPOR
Page 141 and 142:
these elements should be investigat
Page 143 and 144:
The modification risk-assessment su
Page 145 and 146:
20.1 General. Test and Evaluation (
Page 147 and 148:
Development of these scenarios crea
Page 149 and 150:
isk, or to stop the test until the
Page 151 and 152:
Figure A-1. Mission Requirements/El
Page 153 and 154:
• Capability (task loading) • O
Page 155 and 156:
preliminary hazard list. The major
Page 157 and 158:
• System Hazard Analysis • Oper
Page 159 and 160:
sensitivity analysis. Here, an asse
Page 161:
(5) Revising Maintenance Requiremen
show all

Air Force System Safety Handbook - System Safety Society

Create successful ePaper yourself

Delete template?

Save as template?