Risk-based approach system safety assessment

Blom, H.A.P., Stroeve, S.H., De Jong, H.H. 2006. Safety risk assessment by Monte Carlo simulation of complex safety critical operations. In F. RedmiQ T. Anderson (Eds.), Developments in Risk-based Approaches to Safety Proceedings of the Fourteenth Safety-critical Systems Symposium, Bristol, U.K., 7 9 Febniary 2006 Springer. 

The computerized systems, both hardware and software, that form part of the GLP study should comply with the requirements of the principles of GLP. This relates to the development, validation, operation and maintenance of the system. Validation means that tests have been carried out to demonstrate that the system is fit for its intended purpose. Like any other validation, this will be the use of objective evidence to confirm that the pre-set requirements for the system have been met. There will be a number of different types of computer system, ranging from personal computers and programmable analytical instruments to a laboratory information management system (LIMS). The extent of validation depends on the impact the system has on product quality, safety and record integrity. A risk-based approach can be used to assess the extent of validation required, focusing effort on critical areas. A computerized analytical system in a QC laboratory requires full validation (equipment qualification) with clear boundaries set on its range of operation because this has a high... 

There is no one correct way of conducting a safety assessment. It all depends on the system complexity and on the safety assessment approach utilised (see Chapter 2). That does not mean to say that the assessment has to be analysed from a single approach only for, more often than not, a combined approach is far more feasible to identify and analyse the range of possible hazards (see Chapter 6). The following section will broadly contrast/compare the maimer in which the goal-based approach (Chapter 5) and the risk-based approach (Chapter 4) are applied during a system safety assessment. 

In Chapter 1, we consider the legal issues associated with system safety. The purpose of this chapter is to reinforce the liabilities assumed in the generation of safety related documentation. In Chapter 2 we attempt to put the term safety into perspective, and the basic approaches used to achieve it. The next three chapters will then explore three of these approaches the use of Regulatory Standards is explored in Chapter 3 Chapter 4 considers the risk-based approach, which is widely adopted in the military industry as well as by Health Safety specialists Chapter 5 introduces the civil aeronautical approach to safety assessments, which (for the want of a better term) we shall call the goal-based approach (in contrast to the risk-based approach in Chapter 4) as it provides clear goals (i.e. failure probability targets) for system designers to achieve. 

The next two chapters consider the generic approach to two frequently asked for deliverables. Chapter 8 considers the system safety assessment (SS A), which is usually required for the certification of a new/modified system. In the civil arena, the SS A is often based on the goal-based approach. In contrast, the safety case in considered in Chapter 9. The safety case is the document that manages (via the risk-based approach) the major hazards that an operator/maintainer of a system/facility faces, as well as the means employed to control those hazards. 

In many respects, the foundations and framework of the proposed risk-based hazardous waste classification system and the recommended approaches to implementation are intended to be neutral in regard to the degree of conservatism in protecting public health. With respect to calculations of risk or dose in the numerator of the risk index, important examples include (1) the recommendation that best estimates (MLEs) of probability coefficients for stochastic responses should be used for all substances that cause stochastic responses in classifying waste, rather than upper bounds (UCLs) as normally used in risk assessments for chemicals that induce stochastic effects, and (2) the recommended approach to estimating threshold doses of substances that induce deterministic effects in humans based on lower confidence limits of benchmark doses obtained from studies in humans or animals. Similarly, NCRP believes that the allowable (negligible or acceptable) risks or doses in the denominator of the risk index should be consistent with values used in health protection of the public in other routine exposure situations. NCRP does not believe that the allowable risks or doses assumed for purposes of waste classification should include margins of safety that are not applied in other situations. 

Unlike the prescriptive approach, the goal-based methodology enables an assessment and re-assessment of risk as operational experience is gained. The intelligence gathered after system go-live provides powerful lessons from which the safety position can be re-evaluated and further evidenced. A simple prescriptive checklist fails to take these important messages into account. 

In the performance-based design and operation of modem engineered systems, the accurate assessment of reliability is of paramount importance, particularly for civd, nuclear, aerospace and chemical systems and plants which are safety-critical and must be designed and operated within a risk-informed approach (Pata-lano et ah, 2008). 

Risk Assessment 2 2B (see Tables 2.1-2.3). Liquid contact with parts is assessed as a critical occurrence, since the potential damage to the parts would most likely render them unusable. The likelihood of such a mishap is considered highly probable, based on the proposed system design. The risk assessment matrix (Table 2.3) indicates that a risk classification of 2B is unacceptable. Therefore, the system safety precedence tells us that such risk should be approached with the intention of elimination, or possible reduction to an acceptable level. 

However, the methodology described in standards is general and does not clear up the picture of the process from risk assessment and determination of the SIL requirements till reliability analysis and reliability improvement. The next sections will show an application of safety standards for different stages of reliability prognosis of braking system of moving walks, using a SIL-based approach. 

The same approach to the development of a risk assessment based Case for Safety was subseqnently applied to a number of other circumstances in which new equipment, systems or operations were envisaged. These included, for example ... 

So, although the goal-based approach provides a designer with acceptable levels of safety which need to be accomplished in the design (as in Chapter 8), the user of the system will need to conduct further assessments (as in Chapter 9) to consider how the system is put into operational use and what risks said use will hold. 

DOE commissioned an independent safety, assessment (ISA) of the electric power systems for the Savannah River production reactors. This report (Reference 1) recommended that a graduated-risk- acteptance approach be used to determine the acceptability of the electric. power sy stem for restart. A. key point in this approach is that at one end of the risk spectrum there needs to be a very strong confidence that the systems can accommodate the postulated transients and accidents that could.occur in. the near. future. At the other end of the risk spectrum, posftulated accidents that are rare (that is extremely low probabilities) do not necessarily have to be resolved completely prior to restart. This approach is consi tent with that used by the NRC when considering the readiness of a licensed nuclear power plant to restart. The general restart criteria below are based upoh this graduated-risk-acceptance approach. 

The safety principle and safety system design are described in Sects. 6.2 and 6.3, respectively. Then, the deterministic approach to the Super LWR safety is described in Sects. 6.4-6.7 these describe safety analysis methods, selection and classification of abnormal events, the criteria for safety analyses, and the results of safety analyses. In addition, development of a transient subcharmel analysis code and its application to the flow decreasing events are described in Sect. 6.8. Based on the safety system design and the deterministic safety analyses, level-1 probabilistic safety assessment (PSA), which is also called level-1 probabilistic risk assessment (PRA), is presented. 

Validation With respect to validation, the agency intends to exercise enforcement discretion regarding specific Part 11 requirements. However, compliance with all applicable predicate rules for validation is still expected. The FDA suggests an approach to validation be based on a justified and documented risk assessment and a determination of the potential of the system to affect product quality, safety, and record integrity. 

Identifying the potential hazards (PHA, process hazard analysis, or HAZOP, hazard and operability analysis) during operation must be done from a wide-angle approach dangerous situations can occur due to many root-cause situations other than those specified by, for instance, ASME or PED. Based on the results of the risk assessment, the pressure equipment can be correctly designed and the most effective safety system selected. 

---