System safety concepts hazard probability

Use of a variety of system safety concepts and tools, such as the order of precedence for hazard reduction, the hazard severity and probability tables, and... 

Use of a variety of system safety concepts and tools, such as the order of precedence for hazard reduction, the hazard severity and probability tables, and the hazard risk matrix, will assist the analyst in determining the appropriate risk assessment code to assign to a particular hazard risk. The RAC will prioritize for management the specific level of risk associated with a specific, identified hazard concern. 

There is a reality in Browning s observations System safety literature at the time he wrote his book was loaded with governmental jargon, and it easily repelled the uninitiated. It made more of the highly complex hazard analysis and risk assessment techniques requiring extensive knowledge of mathematics and probability theory than it did of concepts and purposes. 

Mishaps involve a set of causal factors that lead up to the final mishap event, and these factors are the actuated hazard conditions. Mishap causal factors can be identified prior to an actual mishap through the application of HA. Mishaps are an inevitable consequence of antecedent causes and, given the same causal factors, the same mishap is repeatable, with the frequency based on the component probabilities. Mishaps can be predicted via hazard identification, and they can be prevented or controlled via hazard elimination or hazard control methods. This safety concept demonstrates that we do have control over the potential mishaps in the systems we develop and operate. We are not destined to face an unknown suite of undesired mishaps, unless we allow it to be so (by not performing adequate system safety). In the safety sense, mishaps are preplanned events in that they are actually created through poor design and/or inadequate design foresight. 

Risk is an intangible quality it does not have physical or material substance (a mishap does, but not risk). It is a future value concept with some quantifiable metrics, likelihood and severity, which characterize the future event. Risk can be thought of as the net present value of a future event. In system safety, risk is a measure of the future event, where the event is an expected mishap. Risk likelihood can be characterized in terms of probability, frequency, or qualitative criteria, while risk severity can be characterized in terms of death, injury, damage, dollar loss, and so on. Future safety events can only be identified as a hazard, which means that safety risk is the metric characterizing the amount of danger presented by a hazard. Recognizing that a hazard is the precursor (or blueprint) to a mishap, safety risk is the common denominator between the hazard and a mishap, and also the measure of the relative threat presented by a hazard. 

Our model has three main parts. The first part consists of the EC 61508 steps needed for developing the environment description and then the phases 1-4 (concept, overall scope definitions, hazard and risk analysis and overall safety requirements). These initial steps result in the initial requirements of the system that is to be developed. This is the key input to the second part of the model, which is the Scrum process. The requirements are documented as product backlog items. A product backlog is a list of all functional and safety related system requirements, prioritized by the customer. We have observed that the safety requirements are quite stable (e.g. the response time has to be less than the Process safety time for a fire alarm system), while the functional requirements may change considerably over time. Development with a high probability of changes to requirements will favour an agile approach. 

The contribution of each structure, system or component to the facihty hazard can be measured through the probabilistic concept of the performance goal. The performance goal for a structure, system or component in relation to a specific external event is defined as the probability of failure (Pp) of the structure, system or component to perform its required safety function in the case of that external event. The performance goal for an external event may be lower than the performance goal for internal accidents. 

---