SYSTEM SAFETY ENGINEERING AND MANAGEMENT

Similar documents
A Presentation to the International System Safety Society August 11, 2016 by Gary D. Braman Senior System Safety Engineer Sikorsky Aircraft

Safety-Critical Systems

Safety Management in Multidisciplinary Systems. SSRM symposium TA University, 26 October 2011 By Boris Zaets AGENDA

North Coast Outfitters, LTD. Model SR901RT Multi-Purpose Utility Table SAFETY ASSESSMENT REPORT (SAR)

Managing for Liability Avoidance. (c) Lewis Bass

Safety Risk Assessment Worksheet Title of Risk Assessment Risk Assessment Performed By: Date: Department:

The Best Use of Lockout/Tagout and Control Reliable Circuits

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

1309 Hazard Assessment Fundamentals

Vector to ZERO: HAZARD HUNT. 2. Mission/Task: 3. Begin Date: 4. End Date: 5. Date Prepared: 10. Develop Controls 11. Residual Risk Level

1.0 PURPOSE 2.0 REFERENCES

Aeronautical studies and Safety Assessment

Gamma-ray Large Area Space Telescope

Three Approaches to Safety Engineering. Civil Aviation Nuclear Power Defense

Safety Standards Acknowledgement and Consent (SSAC) CAP 1395

DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report

Probability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture

Federal Aviation Administration Safety & Human Factors Analysis of a Wake Vortex Mitigation Display System

XVII Congreso de Confiabilidad

Activity Hazard Analysis (AHA) EM A.13 FIGURE 1-2 CONTRACTOR REQUIRED AHA TRAINING

-JHA- Job. For Science and Engineering. Hazard Assessment

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016

Risk Management. Definitions. Principles of Risk Management. Types of Risk

SYSTEM SAFETY REQUIREMENTS

C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS

Employ The Risk Management Process During Mission Planning

FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD

A study on the relation between safety analysis process and system engineering process of train control system

LECTURE 3 MAINTENANCE DECISION MAKING STRATEGIES (RELIABILITY CENTERED MAINTENANCE)

Environmental-Related Risk Assessment

Risk Management Qualitatively on Railway Signal System

New Airfield Risk Assessment / Categorisation

Marine Risk Assessment

Identification and Screening of Scenarios for LOPA. Ken First Dow Chemical Company Midland, MI

Workshop to Generate Guidelines For the Implementation of: 1 - Step 1 of State Safety Program (SSP) and 2 - Phases 1 & 2 of ICAO SMS

DEPARTMENT OF THE NAVY NAVAL AIR SYSTEMS COMMAND RADM WILLIAM A. MOFFEIT BUILDING BUSE ROAD, BLDG 2272 PATUXENT RIVER, MARYLAND,

Job Hazard Analysis (JHA) What is Job Hazard Analysis (JHA)?

1 General. 1.1 Introduction

Purpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT

General Information. NTA607HD Lift Assist Adjustments. Tools Required. Work Location. Notations and Conventions U B F D R B F L

PROCESS HAZARD ANALYSIS FOR THE SEPTIC TANKS AND SYSTEMS REMOVALS AT BUILDING 4005, 4009 AND 4100.

THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS

CT433 - Machine Safety

Unit 5: Prioritize and Manage Hazards and Risks STUDENT GUIDE

Implementing IEC Standards for Safety Instrumented Systems

Helicopter Safety Recommendation Summary for Small Operators

Conducting An Effective. Welcome!

The Safety Case. Structure of Safety Cases Safety Argument Notation

AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF. SEMS HAZARD ANALYSIS TRAINING September 29, 2011

Integration of safety studies into a detailed design phase for a navy ship

SITE SPECIFIC SAFETY PLAN (SSSP)

ALIGNING MOD POSMS SAFETY AND POEMS ENVIRONMENTAL RISK APPROACHES EXPERIENCE AND GUIDANCE

GMA SLEEP PROCEDURE AT VAFB

Safety in Precast Erection

Advisory Circular (AC)

Policy for Evaluation of Certification Maintenance Requirements

HAZARD IDENTIFICATION & RISK ASSESSMENT

Ultima. X Series Gas Monitor

RISK ASSESSMENT. White Paper.

RISK MANAGEMENT B020083XQ STUDENT HANDOUT

Civil Air Patrol. Summary of Aircrew Professionalism Content. Kevin Conyers Chief, Stan/Eval Aug 2018 Anaheim, CA

Accident Investigation and Hazard Analysis

Calspan Task N Page 1. Precursor Systems Analyses of Automated Highway Systems. AHS Safety Issues

Module 3 Developing Timing Plans for Efficient Intersection Operations During Moderate Traffic Volume Conditions

M S I C R A N E S C A L E

Operator Exposed to Chlorine Gas

User Instructions 1789 Parapet Wall Anchor

Hazard Identification

Chapter 5. Response Tactics and Strategies Delmar, Cengage Learning

Using what we have. Sherman Eagles SoftwareCPR.

IIUM EVENT SAFETY RISK ASSESSMENT

Work Health and Safety Risk Management Procedures

Transformational Safety Leadership. By Stanley Jules

Hazard analysis. István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems

Phase B: Parameter Level Design

ESSENTIAL SAFETY RESOURCES

PERFORMANCE SPECIFICATION VALVE; AIRCRAFT, PNEUMATIC, HIGH-PRESSURE CHARGING

Safety of railway control systems: A new Preliminary Risk Analysis approach

Grantek Systems Integration

Hazard Assessment & Control. Faculty of Veterinary Medicine

HS329 Risk Management Procedure

Drain Splash Back Burns Operator

INSTRUCTIONS FOR USE

OOI Safety Plan. Version 1-00 Document Number

Understanding safety life cycles

Codex Seven HACCP Principles. (Hazard Identification, Risk Assessment & Management)

The following gives a brief overview of the characteristics of the most commonly used devices.

HAZARD MANAGEMENT PROCEDURE

Integrating Wildlife Hazard Management into a Safety Management System (SMS)

Road Safety. Inspections

EUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

INSTALLATION INSTRUCTIONS A-Arm Guards, Rear Part Number: Application: Kawasaki Brute Force 750 4x4i

FLYING OBJECTS MANUAL HANDLING EXCESSIVE NOISE

Pressure Relief Device Investigation Testing Lessons Learned

PSM TRAINING COURSES. Courses can be conducted in multi-languages

Workshop Information IAEA Workshop

NASA AEROSPACE PRESSURE VESSEL SAFETY STANDARD

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Introduction to Machine Safety Standards

Transcription:

SYSTEM SAFETY ENGINEERING AND MANAGEMENT An Overview

SYSTEM SAFETY Video

SYSTEM SAFETY McDonnell-Douglas DC-10

SYSTEM SAFETY McDonnell Douglas DC-10 Hydraulic System

SYSTEM SAFETY DeHavilland Comet

SYSTEM SAFETY DeHavilland Comet

SYSTEM SAFETY History 1940s 2000s (Facility System Safety) Trial and Error Fly-Fix-Fly 1950s 1990s (Risk-Based Process System Safety) Software System Safety Nuclear Weapons Trial and Error Fly-Fix-Fly 1960s (NASA, DOD, 882) 1980s (Facility System Safety) OSHA Process Safety Human Factors Jet Aircraft Aircraft Accidents Jet Aircraft (HA Flight) Nuclear Power Aircraft Accidents MIL-S-38130 MIL-S-380130 MIL-STD-882 (DOD) Space Systems 1970s (MORT) NASA NHB 1700.1 AEC Pub/Tn MORT NAVFAC SS Training USACE SS Workshop MIL-STD-882B (DOD) QA interface MIL-STD-882C (DOD) Aircraft Accidents MIL-STD-882D / 882E (DOD) Air/Spacecraft Accidents Aircraft Accidents MIL-STD-882A (DOD) Air/Spacecraft Accidents Aircraft Accidents

SYSTEM SAFETY What is System Safety? System Safety is defined as the application of engineering and management principles, criteria, and techniques to achieve acceptable mishap risks within the constraints of operational effectiveness, time, and cost throughout all phases of the system life cycle.

SYSTEM SAFETY What do we do? Influence design selection through a structured hazard identification and risk mitigation process Promote safety lessons learned How do we do it? Engaged in development programs reporting to Chief System Engineer - Co-located with design team - Closely aligned with Reliability Engineering Generic requirements defined in Standard Work Program specific deliverables defined in System Safety Program Plan Oversight and progress monitored thru: - Peer review of deliverable CDRL safety analyses - Customer / Regulatory Authority approval - Periodic System Safety Working Group meetings

SYSTEM SAFETY When do we do it? Throughout the entire program starting at the beginning!

SYSTEM SAFETY CIVIL PROGRAMS Interaction Between Safety and Development Processes Aircraft Requirements Identification Systems Requirements Identification Item Requirements Specification Item Design Item Verification Systems Verification Aircraft Verification Aircraft FHA Aircraft Verification ASA PSAS Aircraft CCA Aircraft CCA Validation of requirements at the next highest level System FHA PSSA System CCA Systems Verification Item Verification System SSA System CCA System FMEA/FMES Top Down Requirements Development and Validation Validation of requirements at the next highest level System FTA System FTA System CMA Bottom Up Safety Requirements Verification System CMA Validation of requirements at the next highest level Software Design System FMEA/FMES Hardware Design ARP-4754A Process

SYSTEM SAFETY USG PROGRAMS Integrated with System Engineering (SE) Process SRR PDR CDR FRR PRR Requirements Definition Detailed Design Component Build System Integration Test Proposal / Specification Input Risk Resolution / Hazard Tracking / System Safety Working Group Activities Concept of Operation Requirements Definition MIL-STD-882E Process Aircraft Flight Test Customer Validation Requirements Decomposition and Allocation System System Integration Hardware and Software Requirements Segment Integration Preliminary Design Sub- System Subsystem Testing Detailed Analysis / Design Module / Component Test Development

Understand Risk Drivers DOD SYSTEM SAFETY PROCESS MIL-STD-882E System Safety Process Document the System Safety Approach Tasks Schedule Element 1 Team Tools System Safety Tasks: Provide guidance for safe designs Identify potential safety hazards Conduct risk assessments Track safety hazards Verify risk elimination and/or mitigation Identify and Document Hazards Life-Cycle Monitoring Element 2 Element 3 Element 4 Element 8 Manage Life-Cycle Risks Element 7 Maturing Design Accept Risk and Document Understand Life-Cycle Risks Understand Hazards Understand Risk Acceptance Assess and Document Risk Continuous System Safety Process Iterative Element 6 Verify, Validate, and Document Risk Reduction Understand Mitigations Understand Risk Reduction Identify and Document Risk Mitigation Measures Element 5 Reduce Risk

RISK MANAGEMENT PROCESS Identify Hazards Monitor Assess Hazards Implement Controls Develop Controls

IDENTIFY HAZARDS Accident and incident reporting databases Deficiency reporting databases Safety alerts and safety messages Hazard tracking databases for legacy and similar systems System/subsystem functions and analysis (hardware and software) System design documents (hardware and software)

IDENTIFY HAZARDS Those who do not remember the past are George Santayana US (Spanish-born) Philosopher 1863-1952 condemned to repeat it.

HAZARD ASSESSMENT Risk Assessment Matrix RISK ASSESSMENT MATRIX PROBABILITY SEVERITY Catastrophic (1) Critical (2) Marginal (3) Negligible (4) Frequent High High Serious Medium Probable High High Serious Medium Occasional High Serious Medium Low Remote Serious Medium Medium Low Improbable Medium Medium Medium Low Eliminated Eliminated

HAZARD ASSESSMENT Risk Assessment Matrix - Hazard Severities SEVERITY CATEGORIES Description Severity Category Mishap Result Criteria Catastrophic 1 Could result in one or more of the following: death, permanent total disability, irreversible significant environmental impact, or monetary loss equal to or exceeding $10M. Critical 2 Could result in one or more of the following: permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three personnel, reversible significant environmental impact, or monetary loss equal to or exceeding $1 M but less than $10M. Marginal 3 Could result in one or more of the following: injury or occupational illness resulting in one or more lost work day(s), reversible moderate environmental impact, or monetary loss equal to or exceeding $1 00K but less than $1 M. Negligible 4 Could result in one or more of the following: injury or occupational illness not resulting in a lost work day, minimal environmental impact, or monetary loss less than $1 00K.

HAZARD ASSESSMENT Risk Assessment Matrix - Hazard Probabilities PROBABILITY LEVELS Description Level Specific Individual Item Fleet or Inventory Frequent A Likely to occur often in the life of an item. Continuously experienced. Probable B Will occur several times in the life of an item. Will occur frequently. Occasional C Likely to occur sometime in the life of an item. Will occur several times. Remote D Unlikely, but possible to occur in the life of an item. Unlikely, but can reasonably be expected to occur. Improbable E So unlikely, it can be assumed occurrence may not be experienced in the life of an item. Unlikely to occur, but possible. Eliminated F Incapable of occurrence. This level is used when potential hazards are identified and later eliminated. Incapable of occurrence. (This level is used when potential hazards are identified and later eliminated.)

HAZARD ASSESSMENT Risk Assessment Matrix Frequent (A) Probable (B) Occasional (C) Remote (D) Improbable (E) Catastrophic (I) Critical (II) Marginal (III) Negligible (IV) 1 2 4 8 12 3 5 6 10 15 7 9 11 14 17 13 16 18 19 20

HAZARD ASSESSMENT Risk Assessment Matrix - Hazard Severities Level Description 1 2 3 4 Catastrophic: Could result in death, permanent total disability, loss exceeding $10M, or irreversible severe environmental damage that violates the law Critical: Could result in permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three personnel, loss exceeding $1M but less than $10M, or reversible environmental damage causing a violation of law or regulation Marginal: Could result in injury or occupational illness resulting in one or more lost work days, loss exceeding $500K but less than $1M, or mitigatible environmental damage without violation of law or regulation where restoration activities can be accomplished Negligible: Could result in injury or illness not resulting in a lost work day, loss exceeding $2K but less than $500K, or minimal environmental damage not violating law or regulation

HAZARD ASSESSMENT Risk Assessment Matrix - Hazard Probabilities Level Description Probability (Occurrences per 100K Flight Hours) A Frequent p > 100 B Probable 100 p > 10 C Occasional 10 p > 1 D Remote 1 p > 0.1 E Improbable 0.1 p 0.01

DEVELOP CONTROLS System Safety Hazard Order of Precedence Eliminate hazard through design selection select design or material that removes hazard Reduce risk through design alteration consider a design change that reduces mishap severity or probability Incorporate engineered features or devices reduce severity or probability using engineered features or devices Provide warning devices install devices that alert personnel to hazard Incorporate signage, procedures training, PPE use this control when all others are not feasible

DEVELOP CONTROLS System Safety Hazard Order of Precedence 1. Eliminate hazards through design selection 2. Reduce risk through design alteration 3. Incorporate engineered features or devices Design or material alternative that removes the hazard altogether. Design alterations reduce the severity and/or the probability of the mishap potential caused by the hazard(s). Engineered features actively interrupt the mishap sequence and devices reduce the risk of a mishap. 4.. Provide warning devices Detection and warning systems alert personnel to the presence of a hazardous condition or occurrence of a hazardous event. 5. Incorporate signage, procedures, training, and PPE Special procedures and training. Procedures may include the use of personal protective equipment. Note: For catastrophic or critical hazards, avoid using warning, caution or other written advisory as the only risk reduction method. Low Reliance on Humans High Preferred Approach

IMPLEMENT CONTROLS System Safety Hazard Order of Precedence Eliminate hazard through design selection Crash worthy fuel tank Reduce risk through design alteration Energy absorbing landing gear Incorporate engineered features or devices Engine overspeed protection; torque limiting Provide warning devices Warning and caution lights Incorporate signage, procedures training, PPE Placards; Operator and maintainer training; aircraft maintenance procedures

IMPLEMENT CONTROLS System Safety Hazard Order of Precedence Design Selection / Design Alternatives/ Engineered Features and Devices 1) Balistically tolerant rotor and drive system 2) High mass components retained in 20/20/18g crash conditions 3) Anti-plow keel beams 4) Reduced rollover potential with CEFS installed 5) Energy absorbing landing gear (30 fps limits) 6) Crashworthy fuel cells (65 feet drop) 7) Jettisonable cockpit doors and pop-out windows 8) Wire strike protection

IMPLEMENT CONTROLS System Safety Hazard Order of Precedence Warning Devices

IMPLEMENT CONTROLS System Safety Hazard Order of Precedence Special Procedures and Training

MONITOR Identify Hazards Reporting systems, processes, and procedures are established for reporting failures (RFA, JDRS)

SYSTEM SAFETY System Safety Design Influence (Rescue Hoist D-Ring Reversal) 1. Design Selection Spring-loaded guard Positive locking feature Superseded MS 18107 hook New design with cable D-Lok PROBABILITY Safety Hazard Assessment: Rescue Hoist D-Ring Risk Mitigation Measure: 1 A Frequent B Probable C Occasional D Remote E Improbable Hazard Harness D-ring disengages from rescue hoist hook Hazardous Effects Causal Factors Injury or death Twisting or of hoist passenger(s); destruction of hoist cargo; potential for injury/damage to ground personnel and equipment oscillation of the hook/d-ring connection when cable is unloaded can result in the D- ring riding up, over the top of the spring loaded guard. IS = Initial Risk Severity Classification IP = Initial Risk Probability Classification IRC = Initial Risk Category IS IP IRC Risk Mitigation FS FP FRC I E Low Rescue hoist hook guard redesigned to provide positive locking feature. None None FS = Final Risk Severity Classification FP = Final Risk Probability Classification FRC = Final Risk Category Status None Closed. Hazard eliminated thru redesign of hook guard to preclude potential for D-ring reversal. S E V E R I T Y I I Catastrophic II Critical (Hazardous) III Marginal (Major) IV Negligible (Minor) 30

SYSTEM SAFETY System Safety Design Influence (Landing Gear Wheel Servicing) 2. Safety Devices CCS-92-AOL-07-00006 26 Mar 07 Overpressure relief valve PROBABILITY A Frequent B Probable C Occasional D Remote E Improbable Safety Hazard Assessment: Landing Gear Wheel Servicing Risk Mitigation Measure: 2 Hazard Landing gear wheel burst Hazardous Effects Severe injury and/or death of aircraft maintainer Causal Factors Failure to properly set nitrogen bottle regulator pressure prior to servicing landing gear wheels. IS IP IRC Risk Mitigation FS FP FRC I D Med. Incorporated an integral pressure relief valve into the landing gear wheel nitrogen servicing valve. I Status E Low Closed. The S-92A program implemented the mitigation measure and verified its effectiveness thru testing. Sikorsky Management and the civil certifying agencies accepted the FRC. S E V E R I T Y I I Catastrophic II Critical (Hazardous) III Marginal (Major) IV Negligible (Minor) IS = Initial Risk Severity Classification FS = Final Risk Severity Classification IP = Initial Risk Probability Classification FP = Final Risk Probability Classification IRC = Initial Risk Category THIS DOCUMENT FRC CONTAINS = Final Risk Category NO INFORMATION SUBJECT TO ITAR OR EAR. 31

SYSTEM SAFETY Keys to Successful System Safety Engineering Ensure System Safety Engineer in engaged early in the program or project Ensure System Safety Engineer is adequately resourced Benefits of System Safety Engineering Reduced Project Cost On Time Project Schedule Delivery of Safe System

SYSTEM SAFETY Summary The system safety processes executed throughout the life cycle of a project will save the project cost and time. But more importantly conducting system safety processes prevent accidents saving lives and money associated with the insured and uninsured costs of an accident.

SYSTEM SAFETY Video

SYSTEM SAFETY What are your questions? 35

SYSTEM SAFETY Thank You For Your Time And Attention! We pioneer flight solutions that bring people home from everywhere every time! 36

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback