System safety concept assessment

Facility System Safety (FSS), which is the application of system safety concepts to the facility acquisition process, has recently gained acceptance throughout the Department of Defense and most recently within the Department of Army with the conception of SAFEARMY 1990. The Army s goal is to fully integrate the total system safety, human factors, and health hazard assessments into continuous comprehensive evaluation of selected systems and facilities. The Chemical Research Development and Engineering Center (CRDEC) has mandated appropriate levels of system safety throughout the lifecycle of facility development for many reasons. These include ... 

A collection of philosophical statements and general advice relative to the application of the MORT system safety concepts and listed criteria for an assessment of the effectiveness of their application... 

Use of a variety of system safety concepts and tools, such as the order of precedence for hazard reduction, the hazard severity and probability tables, and the hazard risk matrix, will assist the analyst in determining the appropriate risk assessment code to assign to a particular hazard risk. The RAC will prioritize for management the specific level of risk associated with a specific, identified hazard concern. 

System safety commences with hazard identification and analysis and risk assessment. So are all the subsets of the practice of safety, whatever they are called. This author is confident that application of system safety concepts in the business and industrial setting will result in significant reductions in injuries and illnesses, damage to property, and environmental incidents. 

LOPA is a semi-quantitative tool for analyzing and assessing risk. This method includes simplified methods to characterize the consequences and estimate the frequencies. Various layers of protection are added to a process, for example, to lower the frequency of the undesired consequences. The protection layers may include inherently safer concepts the basic process control system safety instrumented functions passive devices, such as dikes or blast walls active devices, such as relief valves and human intervention. This concept of layers of protection is illustrated in Figure 11-16. The combined effects of the protection layers and the consequences are then compared against some risk tolerance criteria. 

One of the most critical steps in establishing the appropriate role and settings of the individual safety systems will be the risk assessment analysis, the process in which engineers consider and analyse all possible conditions in order to select the most appropriate safety concept, which ensures safe operation under all possible circumstances and scenarios (see Section 13.4). 

Fishbein L. Critical elements in priority selections and ranking systems for risk assessment of chemicals. In Mehlman MA, editor, Advances in modem environmental toxicology Safety evaluation Toxicology, methods, concepts and risk assessment, Vol. X. Princeton, NJ Princeton Scientific Publications, 1987. p. 1-50. 

Toward the end of the Second World War, systems techniques such as fault tree analysis were introduced in order to predict the reliability and performance of military airplanes and missiles. The use of such techniques led to the formalization of the concept of probabilistic risk assessment (PRA). The publication of the Reactor Safety Study (NRC, 1975)—often referred to as the Rasmussen Report after the name of principal author, or by its subtitle WASH 1400—demonstrated the use of such techniques in the fledgling nuclear power business. Although WASH 1400 has since been supplanted by more advanced analysis techniques, the report was groundbreaking in its approach to system safety. 

According to [16] risk must be assessed in order to develop a safety concept for the system to be protected. In the informative part of [16] an assessment is carried out for an in-line detonation arrester, which is based on a qualitative estimate of risk. In doing this the following factors must be accounted for ... 

ABSTRACT The draft document of the NATO allied ordnance publication (AOP) 52 gives guidance on software safety design and assessment of ammunition-related computing systems. The content of the draft is reviewed and compared with the lEC 61508 standard for functional safety of electrical/electronic/programmable electronic (E/E/PE) systems. We discuss the overall development model, the safety-lifecycle model and proposed techniques and measures. We also investigate whether the functional safety concept of lEC 61508 is incorporated in the document. 

Very little real analysis is completed during the concept phase because analysis detail and data are generally not available. A preliminary risk assessment code (RAC) is determined, however, as part of the preliminary hazard list. This initial RAC is used to aid in determining the initial scope of the system safety effort and in the early evaluation of alternative designs and approaches. 

Facility Risk Assessment The facility risk assessment effort begins with an initial risk categorization effort made very early in the concept phase of the project. The purpose of risk categorization is to serve as an indicator for the level of effort and scope of the system safety effort. 

Preliminary hazard analysis is one of the early steps in a system safety project. This step also creates assessments of risks associated with each hazard. This step defines possible corrections for the risks. The product of this step is a tabular inventory of hazards for the system under consideration. The PHA fits best during early system stages, such as concept definition, design, and development. 

The Department of Defense s Standard Practice for System Safety, MIL-STD-882, was originally issued in 1969. It was a seminal document at that time, and three revisions of it have been issued over the span of 31 years. This standard has had considerable influence on the development of risk assessment, risk elimination, and risk control concepts and methods. Much of the wording on risk assessments and hierarchies of control in safety standards and guidelines issued throughout the world is comparable to that in the various versions of MIL-STD-882. 

Creating a richer model of causation. (Leveson and Dulac 2005) propose the STAMP accident model and the STPA hazard assessment approach. STAMP is based on systems-theoretic concepts of hierarchical control, internal models of the environment and a classification of control errors. STPA takes that classification as the basis for iterative integrated control system safety assessment. At each design iteration the design is assessed and constraints are derived (equivalent to derived safety requirements) and imposed on further design iterations. 

There is a reality in Browning s observations System safety literature at the time he wrote his book was loaded with governmental jargon, and it easily repelled the uninitiated. It made more of the highly complex hazard analysis and risk assessment techniques requiring extensive knowledge of mathematics and probability theory than it did of concepts and purposes. 

In this book, two concepts of system safety engineering and risk assessment are combined. System safety engineering is considered a working part of the risk assessment process. Engineers must use system safety engineering analyses to truly understand what causes hazards and how they should be controlled. Risk assessment takes that information and helps the engineer weigh the options and decide which is the most cost-effective. 

---