System Safety Assessment process implementation

Apart from implementing existing guidance as part of the system safety management process framework, the author identified that further research was not required at this time to support the other areas assessed in this book. 

The DAL is an index number ranking the safety-criticality of the system functions. This ranking implies that in order to make the system safe, greater development rigor must be applied to each successively critical level. Table 2.3 correlates the hardware DALs to the five classes of failure conditions and provides definitions of hardware failure conditions and their respective DALs. Initially, the hardware DAL for each hardware function is determined by the SSA process using a functional hazard analysis (FHA) to identify potential hazards and then the preliminary system safety assessment (PSSA) process allocates the safety requirements and associated failure conditions to the function implemented in the hardware. 

In 1985, Uie Cimadian Chemical Producers Association (CCPA) released a pampWet entitled, "Essential Components of Safety Assessment Systems . Modifications to process or plant was one of the topics discussed in Uiis pamplilet. CCPA recommended a 12 element program (listed below) to formally e.xamine and approve process conditions whellier permanent or temporary prior to implementation. 

When systems are upgraded, the process of implementing the change is also a safety-related activity and might justify its own safety assessment. 

At this point in development, the safety requirements and constraints are documented and traced to the design features used to implement them. A hazard log contains the hazard information (or links to it) generated during the development process and the results of the hazard analysis performed. The log will contain embedded links to the resolution of each hazard, such as functional requirements, design constraints, system design features, operational procedures, and system limitations. The information documented should be easy to collect into a form that can be used for the final safety assessment and certification of the system. 

Risk assessment is part of the planning and implementation stage of the health and safety management system recommended by the HSE in its publication HSG65. All aspects of the organization, including health and safety management, need to be covered by the risk assessment process. This will involve the assessment of risk in areas such as maintenance procedures. 

ABSTRACT In most cases, Model Based Safety Analysis (MBSA) of critical systems focuses only on the process and not on the control system of this process. For instance, to assess the dependability attributes of power plants, only a model (Fault Tree, Markov chain. ..) of the physical components of the plant (pumps, steam generator, turbine, alternator. ..) is used. In this paper, we claim that for repairable and/or phased-mission systems, not only the process but the whole closed-loop system Proc-ess/Control must be considered to perform a relevant MBSA. Indeed, a part of the control functions aims to handle the dynamical mechanisms that change the mission phase as well as manage repairs and redundancies in the process. Therefore, the achievement of these mechanisms depends on the functional/dysfunctional status of the control components, on which these functions are implemented. A qualitative or quantitative analysis method which considers both the process and the control provides consequently more realistic results by integrating the failures of the control components that may lead to the non-achievement of these mechanisms. This claim is exemplified on an industrial study case issued from a power plant. The system is modeled by a BDMP (Boolean logic Driven Markov Process), assuming first that the control components are faultless, i.e. only the faults in the process are considered, and afterwards that they may fail. The minimal cut sequences of the system are computed in both cases. The comparison of these two sets of minimal cut sequences shows the benefit of the second approach. 

The cote system safety process can therefore be reduced to Hazard Identification -> Hazard Risk Assessment -> Hazard Risk Control -> Hazard Risk Verifica-tion-> Hazard Identification... (Ericson 2005). This is a closed-loop process where Hazards ate identified and tracked until acceptable closure action is implemented and verified. 

Process Hazards Analysis. Analysis of processes for unrecogni2ed or inadequately controUed ha2ards (see Hazard analysis and risk assessment) is required by OSHA (36). The principal methods of analysis, in an approximate ascending order of intensity, are what-if checklist failure modes and effects ha2ard and operabiHty (HAZOP) and fault-tree analysis. Other complementary methods include human error prediction and cost/benefit analysis. The HAZOP method is the most popular as of 1995 because it can be used to identify ha2ards, pinpoint their causes and consequences, and disclose the need for protective systems. Fault-tree analysis is the method to be used if a quantitative evaluation of operational safety is needed to justify the implementation of process improvements. 

---