1 (13) SYSTEM SAFETY REQUIREMENTS Diving Equipment
2 (13) Contents 1 SYSTEM SAFETY REQUIREMENTS... 2 1.1 GENERAL INFORMATION... 2 1.2 ABBREVIATIONS... 2 1.3 NORMATIVE REFERENCES... 2 1.4 DOCUMENT REFERENCES... 2 1.5 GENERAL REQUIREMENTS... 2 2 METHODOLOGY... 2 2.1 SYSTEM SAFETY PROGRAM PLAN (SSPP)... 2 2.2 ACTIVITY... 2 2.3 RISK ASSESSMENT... 2 2.3.1 Personal injury... 2 2.3.2 Damage to property... 2 2.3.3 Damage to external environment... 2 2.4 SAFETY COMPLIANCE ASSESSMENT (SCA)... 2 2.5 SAFETY ASSESSMENT REPORT (SAR)... 2 2.6 TEMPLATES... 2
3 (13) 1 SYSTEM SAFETY REQUIREMENTS The purpose of the system safety work is to minimize the risks that can result in damages on personnel, property and environment. The purpose of system safety activities is to identify, analyze, evaluate and take measure for accidents, which may lead to technical, and handling risks, as well as risks for the surrounding environment. Foreseeable accidents shall be eliminated, or minimized to a tolerable level. If an accident occurs despite of these measures, consequences shall be minimized. The accidents, which can be predicted during use, and during preventative and corrective maintenance in peacetime, in international operations, and in crises/war, shall be analyzed. According to the Swedish Work Environment Act (SFS 1977:1160) the beginning of chapter 3 section 8, reads Any person manufacturing, importing, delivering, or providing a machine, implement, protective equipment or other technical device shall ensure that the device affords adequate security against ill- health and accidents when it is placed on the market, delivered to be used or displayed for sale. Even defects in e.g. environmental reliability and reliability in operations of the said object/materiel system may indirectly affect system safety, and be the cause of damage/accidents. 1.1 General Information The Contractor shall fulfill each requirement marked M in the margin. The following marks have been used: Mandatory: Requirements that must be complied with; indicated in the specification in the left most column (Type) with an M 1.2 Abbreviations Abbreviation Explanation EHA Risk Analysis for External Environment FHA Functional Hazard Assessment FMV Swedish Defencf Material Administration HHA Health Hazard Assessment HTRR Hazard Tracking and Risk Resolution O&SHA Operating and Support Hazard Analysis PHA Preliminary Hazard Analysis PHL Preliminary Hazard List
4 (13) RADS SAR SCA SFS SHA SI SSHA SSPP SSPR SSR SV SwAF Risk Assessment prior to Disposal of System Safety Assessment Report Safety Compliance Assessment Swedish Statue Book System Safety Analyses Safety Instructions Subsystem Safety Analyses System Safety Program Plan System Safety Progress Reviews System Safety Requirements Safety Verification Swedish Armed Forces 1.3 Normative References (H SystSäk E, Part 1 Common), M7739-352031, The Armed Forces Handbook on System Safety 2011 English edition Part 1 Common. (H SystSäk E, Part 2 Methods), M7739-352032, The Armed Forces Handbook on System Safety 2011 English edition Part 2 Methods. Documents is sec. 1.3 are available for download from: http://www.fmv.se/sv/verksamhet/systemsakerhet1/handbocker/h-systsak/ 1.4 Document References Ref 1: 12FMV2301-2:1. TECHNICAL SPECIFICATION. General Requirements on Diving Equipment for the Swedish Armed Forces. 1.5 General Requirements M SSR 1.2.1 The Contractor shall appoint a person who is responsible for the system safety work and who is contact person to FMV. M SSR 1.2.2 The Contractor shall be responsible for ensuring that the subsuppliers and/or the collaborating partners comply with the FMV system safety requirements by, in turn, enforcing the necessary system safety requirements.
5 (13) M SSR 1.2.3 The Contractor shall be responsible for the follow-up and results of the completed system safety work M SSR 1.2.4 The Contractor shall take full responsibility for the system safety work. The Contractor shall have the same liability for its subsuppliers' system safety activities as it does for its own. M SSR 1.2.5 The Contractor shall fulfill the requirements stipulated in Swedish laws concerning working environment and industrial safety. M SSR 1.2.6 Predictable hazards that can occur during operation, storage, training, handling, maintenance, decommissioning and disposal of equipment shall be analyzed. M SSR 1.2.7 System safety activity shall encompass all equipment in this specification and its handling throughout their lifetime with regard to: Personnel injury Damage to equipment Damage to environment M SSR 1.2.8 The system safety work shall be preceded in parallel with production of the system. 2 METHODOLOGY M SSR 2.1 The requirements in this section shall be met if the object is not CEapproved e.g. if the object does not fulfill European Directives (f. ex. 98/37/EG) and/or some other suitable EU- directive for the object. M SSR 2.2 If a CE-approved object has had new parts or details added, these new parts, as well as the interface between the object and the new parts, must be subjected to a system safety analysis according to the methodology/requirement outlined below. 2.1 System Safety Program Plan (SSPP) M SSR 2.1.1 The Tenderer/Contractor shall develop a draft of system safety program plan, SSPP, for the work with system safety, and shall submit this to FMV in a preliminary edition together with the tender/proposal. M SSR 2.1.2 This SSPP shall be updated to a final version and delivered to FMV within a given period of time (1 month) after the agreement has
6 (13) been reached. M SSR 2.1.3 The requirements in this document are mandatory and are to be fulfilled. However, since the complexity of different diving equpment varies, tailoring may be applied and shall be done in agreement with FMV. Guidelines for selection of activities/tailoring can be found in section 3.2 in H SystSäk E, Part 2. M SSR 2.1.4 The Tenderer/Contractor shall produce an SSPP in accordance with section 5.5 in H SystSäk E, Part 2 - Methods. M SSR 2.1.5 As a minimum requirement, the Tenderer/Contractor shall carry out the activities from the table below, SSR 2.2.1 SSR 2.2.16. This must be specified in the System Safety Program plan. The sections below refers to activities in H SystSäkE, Part 2 - Methods. 2.2 Activity Activity H SystSäkE, Part 2 - Methods M SSR 2.2.1 System Safety Program Plan SSPP 5.5 M SSR 2.2.2 System Safety Progress Reviews SSPR 5.7 M SSR 2.2.3 Hazard Tracking and Risk Resolution HTRR 5.9 M SSR 2.2.4 Preliminary Hazard List PHL 5.12 M SSR 2.2.5 Preliminary Hazard Analysis PHA 5.13 M SSR 2.2.6 Subsystem Safety Analysis SSHA 5.15 M SSR 2.2.7 System Safety Analysis SHA 5.16 M SSR 2.2.8 Operating and Support Hazard Analysis O&SHA 5.17 M SSR 2.2.9 Health Hazard Assessment HHA 5.18 M SSR 2.2.10 Risk Analysis for External Environment EHA 5.19 M SSR 2.2.11 Functional Hazard Assessment FHA 5.20 M SSR 2.2.12 Safety Instructions SI 5.25 M SSR 2.2.13 Safety Verification SV 5.24 M SSR 2.2.14 Safety Assessment Report SAR 5.21 M SSR 2.2.15 Safety Compliance Assessment SCA 5.26
7 (13) M SSR 2.2.16 Risk Assessment prior to Disposal of System RADS 5.34 2.3 Risk Assessment At the valuation of the risks the probability/frequency that an accident happened shall be estimated and not the probability that a dangerous event could result in an accident. Note that the frequency for a personal injury, damage to property and damage to the external environment can vary for the same base event. E.g. a fault/event involves damage to property in all occasions but the judgment is that a personal injury only comes up at every tenth occasion. It is important to observe that the frequency noted is the mean frequency. This does not mean that it with certainty will last that long before the event happen. M SSR 2.3.1 The risk assessment shall be based on the lifecycle of ten (10) years with a regular use of 500 hundred (500) operational hrs per year. Within operation the usage can, in particular cases, be up to twenty (20) hrs per day (as presented in Ref 1). M SSR 2.3.2 During the analysis work risks have been classified as shown below: IT = Intolerable risk LT =Limited tolerable risk, decision required by Armed Forces for each individual case T = Tolerable risk M SSR 2.3.3 Steps for reduction of a risk shall have the following order: 1. The source of the risk is eliminated 2. Design/construction changes 3. Safety device 4. Warning device 5. Training M SSR 2.3.4 All equipment for the Swedish Armed Forces is classified as risksystem in respect to the system safety. This means that all material shall be judged in its own coherence. M SSR 2.3.5 Predictable risk events shall be eliminated or minimized/reduced to a tolerable level. If a risk event still occurs then its consequences shall be minimized.
8 (13) M SSR 2.3.6 The frequency classification which shall be used in the risk matrix below are defined according to the following: A. Frequent, likely to occur more than once every year during the lifetime of the equipment. B. Probable, likely to occur several times during the lifetime of the equipment. Once every 1 to 5 years. C. Occasional, likely to occur some time during the lifetime of the equipment. Once every 5 to 75 years. D. Improbable but can possibly occur. Once every 75 to 1000 years. E. So unlikely that it can be assumed that the event will not occur. Occurrence less than once every 1000 years. 2.3.1 Personal injury The classification in degree of seriousness regarding the event of personal injury shall be carried out in accordance with the following: 1 Death 2 Severe injury i.e. loss of limb or fracture/damage that require qualified treatment or the damage consequence leaves permanent mark/injury after treatment. 3 Less serious injury that can be treated at a medical centre or similar. The injury involves no adverse effect or permanent mark/injury after treatment. 4 Negligible injury that can be treated by personnel with medical knowledge. The injury involves no adverse effect or permanent mark/injury after treatment. Consequence Frequent Probable Occasional Remote Improbable A B C D E Catastrophic 1 Critical 2 Marginal 3 Remote 4 IT IT IT IT T IT IT IT LT T IT LT LT T T LT T T T T
9 (13) 2.3.2 Damage to property The classification in degree of seriousness regarding the event of damage to property shall be carried out in accordance with the following: 1 Loss of property, property damaged beyond repair. Damage costs > 100 MSek or 3 rd party costs > 1 MSek. 2 Serious damage to property, property rendered inoperative but can be repaired. Damage costs 10 MSek -100 MSek or 3 rd party costs 100 ksek 1MSek. 3 Minor damage, property damaged but can still be operated with reduced capacity. The equipment can be repaired at a later opportunity. Damage costs 100 ksek - 10 MSek or 3 rd party costs 10 ksek 100 ksek. 4 Negligible damage, property damaged but can continue to operate unimpaired but with reduced redundancy pending later repair. Damage costs < 100 ksek or 3 rd party costs < 10 ksek. Consequence Frequent Probable Occasional Remote Improbable A B C D E System loss 1 Serious damage to property IT IT LT LT T IT LT LT T T 2 Less serious damage to property 3 Slightly serious damage to property 4 IT LT T T T LT T T T T 2.3.3 Damage to external environment The classification in degree of seriousness regarding the event of damage to external environment is carried out in accordance with the following: 1 Serious environmental damage, possibly permanent, which requires at least one year remedial action and/or clean-up to restore the environment. 2 Major environmental local or regional damage, which is restored naturally, and/or by means of a minor clean-up, in less than one year.
10 (13) 3 Minor environmental damage which is restorable naturally in less than one month with no further action requried. 4 Negligible environmental damage. Some adverse effect on the environment but below the acceptable level. Consequence Frequent Probable Occasional Remote Improbable A B C D E Serious damage to external environment 1 IT IT IT LT T Major damage to external environment 2 IT IT LT T T Less serious damage to external environment LT LT T T T 3 Damage to external environment of small extent 4 T T T T T
11 (13) 2.4 Safety Compliance Assessment (SCA) The safety compliance assessment forms the basis for FMV s safety approval of the Contract item in question before its delivery to the SwAF for trials/technical evaluation, operational use etc. M SSR 2.4.1 The objective is that the Contractor must supply a safe system/equipment and issue a final SCA (Safety Compliance Assessment) including SAR (Safety Assessment Report) with Enclosures not later than 4 working weeks before delivery of the system/equipment in its production version, and no later than 2 working weeks after the production delivery supply the remaining staffed documents (all of the Annexes to SCA; HTRR, PHL, PHA, SHA, SSHA, O&SHA, HHA, EHA, FHA, SI, SV, RADS). M SSR 2.4.2 As a minimum, the following points, SSR 2.4.4 SSR 2.4.14, shall be included in the SCA (Safety Compliance Assessment): M SSR 2.4.4 Reference to the order/contract in question M SSR 2.4.5 Definition of the materiel and its configuration M SSR 2.4.6 Reference to the assembly drawings M SSR 2.4.7 Definition of the handling instructions and including safety instructions M SSR 2.4.8 Description of the intended and permitted use, and the environment of use M SSR 2.4.9 Information regarding safety instructions for the remaining risks M SSR 2.4.10 Instructions on risk areas etc. M SSR 2.4.11 Instructions in emergency situations, e.g. fire etc. M SSR 2.4.12 Competence, training requirements etc. M SSR 2.4.13 Signature*) of the signatory or person delegated by him M SSR 2.4.14 *) In the safety compliance assessment, there shall be a unanimous statement from the Contractor which, with reference to the measures stated above, states that the object/materiel system is reliable under the given conditions.
12 (13) 2.5 Safety Assessment Report (SAR) M SSR 2.5.1 When the delivery contains CE-marked products the Contractor can deliver a report showing how the CE- marking is done instead of the SAR if FMV finds enough information in the report. M SSR 2.5.2 A Safety Assessment Report (SAR) and other system hazard analysis report(s) must be appended to the Safety Compliance Assessment (SCA). SSR 2.5.3 As a minimum, the following headings must be included in the Safety Assessment Report (SAR) and in other, where appropriate, system hazard analysis reports: M SSR 2.5.4 Summary M SSR 2.5.5 Conclusions M SSR 2.5.6 Objectives and scope. M SSR 2.5.7 Limitations, assumptions and basis for assumptions. M SSR 2.5.8 Description of relevant parts of the system. M SSR 2.5.9 Description of the different phases (modes) of use. M SSR 2.5.10 Methods of analysis. M SSR 2.5.11 Description of accidents and consequences. M SSR 2.5.12 Safety instructions. M SSR 2.5.13 References M SSR 2.5.14 Annexes
13 (13) 2.6 Templates M SSR 2.6.1 FMV will provide the following templates in digital form at the request of the Contractor: Hazard list (PHL) Hazard list (PHA) Hazard Log Hazardous substances Safety-critical equipment System Safety Program Plan (SSPP) Safety Compliance Assessment (SCA) A different format may be employed by agreement with FMV.