Subsystem/system hazard analysis

R0 HOUR SYSTEM SAFETY (CHAPTERS in PRUSRNARV HAZMTOMIALYSO (CHAPTERS) SUBSYSTEMS SYSTEM HAZARD ANALYSIS (CHPTt) OSMQE ANALYSE (CHAPTERS S.17) (CHAPTERS)... 

Figure 7.1 Sample subsystem/system hazard analysis (SSHA) worksheet.

Figure 7.4 Elevator plunger subsystem/system hazard analysis worksheet...

Figure 8-4 Subsystem/System Hazard Analysis Worksheet.

As a project is developed and more detailed design data are available, a system hazard analysis (SHA) and subsystem hazard analyses (SSHAs) may be conducted to provide more detailed, in-depth risk assessment information. Two of the more widely used techniques for performing SHAs and SSHAs are the failure modes and effects analysis (FMEA) and fault tree analysis (FTA). 

Again the process involves a preliminary hazard analysis to be done very early in the concept stage, followed by subsystem hazard analysis as subsystems are developed, systems hazard analysis that looks at interfaces between subsystems, and, finally, the operating hazard analysis, which tends to add the human element and evaluate procedures. 

Laundry lists of analyses frequently mix types of analyses (preliminary hazard analysis, system hazard analysis, and operating hazard analysis) with the methods or techniques for performing analyses (fault tree analysis, energy trace and barrier analysis, failure modes and effects analysis, common cause analysis, change analysis, and so on). Whether fault hazard analysis is a type or a method depends upon the reference in use. For all practical purposes, fault hazard analysis and system (or subsystem) hazard analysis seem to be the same thing, which is apparently called gross hazard analysis occasionally. 

Hazard identification is continued throughout the design stage and documented in the preliminary hazard analysis (PHA), subsystem hazard analysis (SSHA), and the system hazard analysis (SHA). Even though the primary purpose of these products is to analyze previously identified hazards and to determine the adequacy of controls, every effort should be made to continue to identify new hazards, especially those associated with interfaces and changes. 

After the PHA is complete, first subsystem hazard analysis (SSHA) and, if required, system hazard analysis (SHA) are performed. Depending on the nature and complexity of the end product and the results of the PHA, SSHAs may be performed on all subsystems or just on selected critical subsystems. Unlike MIL-STD-882B, software analyses are not generally identified separately. If applicable, preliminary software hazard analysis is part of the PHA. Software should be treated as a subsystem and, if further software analysis is required, an SSHA can be performed on the software. 

The purpose of the project evaluation tree is to provide a relatively simple, straightforward, and efficient method of performing an in-depth evaluation or analysis of a project or operation. It is best suited for performing operating hazard analysis and accident analysis. It can also be a valuable review and inspection tool. If adequate information is available, PET analysis may be helpful in performing preliminary hazard analysis, subsystem hazard analysis, and system hazard analysis. 

Fault hazard analysis is mentioned very frequently in system safety literature, sometimes as a type of analysis and occasionally as a technique. One NASA system safety document (NHB 1700.1-V3, System Safety) describes it as the analysis to be performed after the preliminary hazard analysis for further analysis of systems and subsystems and suggests that it can be either a separate analysis or an extension of the failure modes and effects analysis (NASA 1970). Most programs today (including NASA) refer to this analysis as the subsystem hazard analysis (SSHA) and the system hazard analysis (SHA). 

The PHA (Figure 6.2) is perhaps the most critical analysis that will be performed because it is usually the first in-depth attempt to isolate the hazards of a new or, in some cases, modified system. The PHA will also provide rationale for hazard control and indicate the need for further, more detailed analyses, such as the subsystem hazard analysis (SSHA) and the system hazard analysis (SHA). The PHA is usually developed using the system safety techniques known as failure mode and effect analysis (FMEA) (Chapter 9) and/or the ETBA. Data required to complete... 

A subsystem hazard analysis (SSHA) or a system hazard analysis (SHA) may be required depending on the complexity of a given program or project. The SSHA and the SHA are often referred to as one in the same by many system safety professionals (Stephenson 1991). However, as explained here, the two methods are slightly different and, if used properly, provide for a more complete evaluation of a given system. 

The ETBA is an analytical technique which can be of great assistance in the preparation of the preliminary hazard list (PHL). It can also be quite useful in the development of a Preliminary Hazard Analysis (PHA), Subsystem Hazard Analysis (SSHA), or the more general System Hazard Analysis (SHA). The ETBA can also be used, depending on the specific system under consideration, in the development of the Operating and Support Hazard Analysis (O SHA), and, of course, during the MORT process from which the ETBA evolved. 

A system hazard analysis (SHA) does the same thing as an SSHA except that it identifies hazards across subsystem boundaries and interfaces. It looks at system-level hazards. An SHA also should list hazard controls and verifications. 

Systems Hazard Analysis (SHA) is a qualitative method combining aspects of preliminary hazard analysis and failure-mode and effect analysis (Firenze 1973). Its emphasis is on work-tasks performed in various operational procedures. SHA adds two important pieces of information to those methods previously discussed the standards or regulations violated and the relevant subsystem. It chooses a task activity or a dynamic event as the focal point of the analysis rather than a more static component. As with the other methods, an analyst with detailed knowledge of the system is required. 

Subsystem Hazard Analysis/System Hazard Analysis... 

As we shall see in Chapter 5, the PHA is used in support of the Preliminary Design Review (PDR) milestone to develop the requirements for new procurements while developing the statement of work or procurement specification for new hardware for the program. Completion of the PHA is required in support of the PDR to verify that the technical safety requirements have been incorporated into the preliminary design of the item for procurement. Hazards identified in the PHA will be updated in the System Hazard Analysis (SHA) and the Subsystem Hazard Analysis (SSHA) as the life cycle progresses. 

Hierarchical Approach is a simple but powerful methodology for the synthesis of process flowsheets. It consists of a top-down analysis organised as a clearly defined sequence of tasks grouped in levels. Each level solves a fundamental problem as, number of plants, input/output structure, reactor design and recycle structure, separation system, energy integration, environmental analysis, safety and hazard analysis, and plantwide control. At each level, systematic methods can be applied for the synthesis of subsystems, as chemical reaction, separations, or heat exchangers network. 

---