Safety assessment tools and techniques

The following sections will consider some of the causes which can lead to a hazardous situation. Thereafter we will briefly consider some of the safety assessment tools and techniques available to identify and assess these hazards and their causes. 

Unfortunately, safety assessment tools and techniques are not agreed upon before contract closure and are used after the fact to satisfy safety questions, and not as a useful tool to influence and optimise the design. Tools and techniques used should add value to the process by improving imderstanding of systems and hazards. 

Applying the most conunonly used (refer, inter alia, SAE ARP4761) safety assessment tools and techniques. Fig. 8.8 takes this product life cycle and shows the safety assessment activities which may typicaUy follow for each phase. 

There is no doubt that a well-executed (i.e. complete, consistent and correct) safety assessment can provide a reasonable basis upon which system certification can be based. It must be remembered, however, that the analysis can only be as good as the failure cases it identifies and the rates of failure predicted/assumed. The system should therefore be amenable to the safety assessment tools and techniques employed, so apply them appropriately. 

This second edition of a Basic Guide to System Safety has been designed to provide the reader with a fundamental understanding of the system safety discipline, the assessment of risk, the hazard analysis process, and some of the common tools and techniques that can be used to determine levels of hazard risk. Numerous examples have been developed throughout the text in an attempt to demonstrate the applicability of system safety engineering and analysis in the practice of the industrial safety and health professional. 

The remainder of this book will go deeply into the two concepts of system safety and risk assessment. Proven tools and techniques are discussed, and actual engineering examples are shown. It will address safety from the operator and manufacturer s point of view, as well as from government regulations and oversight. But most importantly, it will help you understand how to manage the safety of your systems. 

Expert judgement plays a vital role in this process. However, the developer or the assessor can never be 100% certain that all hazards were mitigated. Furthermore, uncertainties might exist from secondary issues, such as who created the safety case, who was responsible for generating the evidence, what types of tools and techniques were used, etc. These confidence factors often tend to be implicit considerations in the development and assessment of safety cases. 

There are a variety of tools and techniques available for assessing safety, which can broadly be classified into two categories. Top-down analysis starts by identifying the accidents or failure conditions to be investigated, and then proceeds to derive the combination of failures and/or events which can produce them. Bottom-up analysis starts with hardware failure modes which can occur and analyses the effects of these on the system and aircraft in order to determine the hazardous conditions which can occur. The objectives of these techniques fall into three broad categories ... 

Occupational health and safety management tools (including hazard identification and risk assessment, selection and implementation of appropriate hazard controls, developing proactive and reactive performance measures, understanding techniques to encourage employee participation and evaluation of work-related accidents and incidents)... 

The status and development in Performance Assessment tools, techniques and procedures and their application in a number of national waste disposal programmes during the past 15 years has been presented in various overview papers at international synoqposia on safety assessment of radioactive waste repositories [19, 20]. 

Methods and techniques for measurement, sampling, and analysis Types, sources, and characteristics of hazards, threats, and vulnerabilities Hazard analysis, job safety analysis and task analysis methods Qualitative, quantitative, deductive, and inductive risk assessment methods Risk-based decision-making Risk-based decision-making tools... 

You don t need to be reminded of the most recent nuclear accidents, principally Fukushima Daiichi in Japan in 2011. After the Three Mile Island accident in the late 1970s, the U.S. Atomic Energy Commission developed WASH 1400, The Reactor Safety Study. The WASH 1400 report laid the foundation for the use of probabilistic risk assessments (called probabilistic safety assessments in Europe). According to Henley and Kumamoto (1991), probabilistic risk assessment involves studying accident scenarios and numerically rank[ing] them in order of their probability of occurrence, and then assess[ing] their potential consequence to the public. Event trees, fault trees, and other risk-consequence tools are applied in developing and studying these scenarios. These techniques are extremely useful for the engineer but very expensive. The nuclear industry has been the leader in probabilistic safety analyses. 

The Safety Assessment section summarizes what safety activities are performed and when. Also, the types of safety analysis techniques used are listed. Chapters 5 through 9 detail numerous system safety analysis tools. The reader may wish to pick a few of the techniques addressed in Chapters 5 through 9 and briefly describe them in this section. 

Abstract. We aim at developing common models and tools to assess both safety and security of avionics platforms so we studied the adaptation of models devised for Safety assessment in order to analyse security. In this paper, we describe a security modeUing ana analysis approach based on the AltaRica language and associated tools, we illustrate the approach with an avionics case-study. We report lessons learnt about the convergence and divergence points between security and safety with respect to modelling and analysis techniques. 

Abstract. In this work, we outline a cross-domain assurance process for safety-relevant software in embedded systems. This process aims to be applied in various different application domains and in conjunction with any development methodology. With this approach we plan to reduce the growing effort for safety assessment in embedded systems by reusing safety analysis techniques and tools for the product development in different domains. 

The goal of safety assessment is to identify all failures that cause hazardous situations and to demonstrate that their probabilities are sufficiently low. In the application domains of safety-relevant software the safety assurance process is defined by the means of safety standards. The requirements of these standards must be met in order to enable argumentation that the system is safe. To reduce development costs and the time-to-market, one possible approach is to develop a safety assurance process which is applicable to multiple applications domains of embedded systems (e.g. like the lEC 61508 standard [3]). In this paper, we present an approach towards a safety assurance process for software which is applicable across different application domains of embedded systems. This process aims to be applicable with various development methodologies used in different domains and tries to use common safety analysis techniques as far as possible. Hence, it builds the foundation for the future development of methods and tools for safety assurance which can be applied across domains of safetyrelevant software systems. Thus, safety analysis techniques and tools as well as artifacts produced during the safety assurance process may be reused for the safety assessment of different kinds of products. Especially, in areas where embedded systems are highly related to software product-lines or heterogeneous... 

The use of formal techniques for such activities is relatively new. The COMPASS methodology relies on the seminal work carried out within the ESACS (Enhanced Safety Assessment for Complex Systems) and ISAAC (Improvement of Safety Activities on Aeronautical Complex systems) projects, two European-Union-sponsored projects involving various research centers and industries from the avionics sector, and that resulted in the FSAP tool[19]. As advocated in [8], an essential step of the methodology is the decoupling between the nominal behavior and the faulty behavior of the system, that is realized by means of the model-extension step (cf. Section 2.4). 

The talk starts with a compact view on the different fault injection approaches and presents in detail the software implemented fault injection techniques that are widely used today, providing examples of the fault injection tools available, including the few commercial tools available in the market. The fundamental issue of the definition of fault models, and the representativeness and coverage of the injected faults, is discussed in detail, as this is an essential element to allow the use of fault injection for the quantitative assessment of the efficiency of fault-handling mechanisms and, consequently, for safety assessment. 

FHA is a powerful, efficient, and comprehensive system safety analysis technique for the discovery of hazards. It is especially powerful for the safety assessment of software. Since software does not have discrete failure modes as hardware does, the best way to identify software-related hazards is by evaluating the effect of potential software functions failing. Software is built upon performing functions therefore, FHA is a very natural and vital tool. After a functional hazard is identified, further analysis of that hazard may be required to determine if the causal factors of the functional failure are possible. Since the FHA focuses on functions, it might overlook other types of hazards, such as those dealing with hazardous energy sources, sneak circuit paths, and hazardous material (HAZMAT). For this reason, the FHA should not be the sole HA performed, but should be done in support of other types of HA, such as PHA and SSHA. 

A safety assessment is an iterative process within the overall development of the system. The techniques and approaches touched on in this section can be used to different depths at different stages in the development process. Different projects use a variety of safety tools/techniques in numerous combinations. There is much guidance material and many standards available on this subject (e.g. SAE ARP4761, DEE STAN 00-56, MIL-STD-882, etc.). 

---