Subsystem Hazard Analysis SSHA

Hazard identification is continued throughout the design stage and documented in the preliminary hazard analysis (PHA), subsystem hazard analysis (SSHA), and the system hazard analysis (SHA). Even though the primary purpose of these products is to analyze previously identified hazards and to determine the adequacy of controls, every effort should be made to continue to identify new hazards, especially those associated with interfaces and changes. 

After the PHA is complete, first subsystem hazard analysis (SSHA) and, if required, system hazard analysis (SHA) are performed. Depending on the nature and complexity of the end product and the results of the PHA, SSHAs may be performed on all subsystems or just on selected critical subsystems. Unlike MIL-STD-882B, software analyses are not generally identified separately. If applicable, preliminary software hazard analysis is part of the PHA. Software should be treated as a subsystem and, if further software analysis is required, an SSHA can be performed on the software. 

The subsystem hazard analysis (SSHA) provides detailed analysis of hazards associated with specific systems. Depending upon the complexity and nature... 

Fault hazard analysis is mentioned very frequently in system safety literature, sometimes as a type of analysis and occasionally as a technique. One NASA system safety document (NHB 1700.1-V3, System Safety) describes it as the analysis to be performed after the preliminary hazard analysis for further analysis of systems and subsystems and suggests that it can be either a separate analysis or an extension of the failure modes and effects analysis (NASA 1970). Most programs today (including NASA) refer to this analysis as the subsystem hazard analysis (SSHA) and the system hazard analysis (SHA). 

Subsystem hazard analysis (SSHA) As described in NHB 1700.1 (Vl-A) and this document. The SSHA is to identify hazards to personnel, vehicle and other systems caused by loss of function, energy source, hardware failures, personnel action or inaction, software deficiencies, interactions of components within the subsystem, inherent design characteristics such as sharp edges, and incompatible materials, and environmental conditions such as radiation and sand (NSTS 22254). 

The PHA (Figure 6.2) is perhaps the most critical analysis that will be performed because it is usually the first in-depth attempt to isolate the hazards of a new or, in some cases, modified system. The PHA will also provide rationale for hazard control and indicate the need for further, more detailed analyses, such as the subsystem hazard analysis (SSHA) and the system hazard analysis (SHA). The PHA is usually developed using the system safety techniques known as failure mode and effect analysis (FMEA) (Chapter 9) and/or the ETBA. Data required to complete... 

A subsystem hazard analysis (SSHA) or a system hazard analysis (SHA) may be required depending on the complexity of a given program or project. The SSHA and the SHA are often referred to as one in the same by many system safety professionals (Stephenson 1991). However, as explained here, the two methods are slightly different and, if used properly, provide for a more complete evaluation of a given system. 

The ETBA is an analytical technique which can be of great assistance in the preparation of the preliminary hazard list (PHL). It can also be quite useful in the development of a Preliminary Hazard Analysis (PHA), Subsystem Hazard Analysis (SSHA), or the more general System Hazard Analysis (SHA). The ETBA can also be used, depending on the specific system under consideration, in the development of the Operating and Support Hazard Analysis (O SHA), and, of course, during the MORT process from which the ETBA evolved. 

Also, a subsystem hazard analysis (SSHA) examines each major subsystem (such as shown on the functional organizational tree in Figure 5.3) and identifies specific hazards and safety concerns including failures, faults, processes, or procedures and human errors. An SSHA also should address hazard controls and how those controls are verified. 

System safety should be involved in the PDR, typically making a presentation summarizing the safety effort to date, the DSFs in the system design, and the current level of mishap risk which the design presents. System safety provides, as a minimum, a subsystem hazard analysis (SSHA), SHA, safety assessment report (SAR), and final safety requirements for this review. 

Production stage The Production stage is where the first article of a hardware item or the beta-version of software is produced. The Subsystem Hazard Analysis (SSHA) is generated. Scale-up is done in order to resolve production problems and costs, and to refine system capabilities. Any changes to initial system requirements or revalidation efforts must be accomplished in the Production stage. 

As we shall see in Chapter 5, the PHA is used in support of the Preliminary Design Review (PDR) milestone to develop the requirements for new procurements while developing the statement of work or procurement specification for new hardware for the program. Completion of the PHA is required in support of the PDR to verify that the technical safety requirements have been incorporated into the preliminary design of the item for procurement. Hazards identified in the PHA will be updated in the System Hazard Analysis (SHA) and the Subsystem Hazard Analysis (SSHA) as the life cycle progresses. 

A sample SHA is shown in columnar matrix format in Figure 3.9. Specifically, the SHA is developed in the Development stage in conjunction with the Subsystem Hazard Analysis (SSHA) in order to examine all subsystem interfaces and interfaces with other systems for... 

FIGURE 3.10 Sample Subsystem Hazard Analysis (SSHA). 

---