System safety process

Define objectives As with any problem, the first step is to define the boundary conditions or analysis objectives. That is the scope or level of protection desired. You need to understand what level of safety is desired at what cost. You need to answer the question How safe is safe enough Other questions to ask are as follows  

Most industries approach this step in the same way. However, how they differentiate among catastrophic, critical, minor, and negligible hazards may vary. You will need to modify the definitions to fit the particular problem. What is important is that these definitions are determined before work begins. A rule-of-thumb definition for each is the following  

Catastrophic—any event that may cause death or serious personnel injury or loss of system (e.g., anhydrons ammonia tanker truck overturns, resulting in a major spill) 

Critical—any event that may cause severe injury or loss of mission-critical hardware or high-dollar-value equipment (e.g., regulator fails open and overpressurizes a remote hydraulic line, damaging equipment and Wnging the systan down for some days) 

Minor—any event that may cause minor injury or minor system damage, but does not significantly impact the mission (e.g., pressure control valve fails open, causing pressure drops and increased caustic levels) 

---

There is no agreed upon best system engineering process and probably cannot be one—the process needs to match the specific problem and environment in which it is being used. What is described in part III of this book is how to integrate system safety into any reasonable system engineering process. Figure 6.1 shows the three major components of a cost-effective system safety process management, development, and operations. 

Safety Constraint Effective software development processes must be established and monitored. System safety processes must be created to identify and manage system hazards. 

The aim of this chapter is to explore the use of the Zonal Safety Analysis (ZSA) as one of the tools in the System Safety process. The ZSA considers the proximity aspects of individual system/item installations and the potential for mutual influence between... 

Figure 5-1 System safety process that includes software. (U.S. Army Communications-Electronic Command, 2003).

All of the other steps in the system safety process are proactive. This step is reactive. It is important that whenever there is a major accident involving the end product an accident analysis be performed and that the lessons learned be fed back into the system safety effort. 

It is the intention of this Basic Guide to System Safety to demonstrate the effectiveness of the system safety process in identifying and eliminating hazards and in recommending risk reduction techniques and methods for controlling residual hazard risk. 

Part I introduces the reader to the system safety process, how it evolved, how it can be managed, and how it relates to the current practice of the industrial safety and health profession. In fact, on completion of Part I, the reader shall have developed a clear understanding of this relationship and, quite possibly, have developed an interest in the further pursuit of the system safety profession. As noted in the Preface, the information provided here is introductory in scope, intended to merely acquaint the reader with the system safety approach to hazard analysis and hazard risk reduction. 

Today, the system safety process is still used extensively by the various military organizations within the Department of Defense, as well as by many other federal agencies such as NASA, the Federal Aviation Administration, and the Department of Energy. In most cases, it is a required element of primary concern in the federal agency contract acquisition process. 

Figure 2.1 Elements of the system safety process Isource. Stephenson (1991)].

The system safety discipline will require the timely identification and subsequent evaluation of the hazards associated with this operation, before losses occur. The hazards must then be either eliminated or controlled to an acceptable level of risk in order to accomplish the goal of relocating the hazardous chemicals. In short, the system safety process will identify any corrective actions that must be implemented before the task is permitted to proceed. The fly-fix-fiy approach discussed earlier has also been described as an after the fact attempt to improve operational safety performance. In contrast, the system safety concept requires before the fact control of system hazards. 

Without these assurances in place, as a minimum commitment from organizational management, the system safety effort will not succeed. It can be said that the very reason system safety is utilized is to facilitate the decisionmaking process regarding risk or potential risk of failure. Therefore, management must not only provide the necessary resources and companywide commitment needed to accomplish the system safety objectives but also stand ready to accept the results of the system safety process and ensure that appropriate, responsible decisions are made on the basis of all available information. 

LIFE CYCLE PHASES AND THE SYSTEM SAFETY PROCESS... 

Any proposed or existing project or product has what is called a life cycle. Within the project life cycle are subelements known as phases. Each distinct phase will, in turn, indicate certain tasks that are typically performed in the life of that project. These tasks are required to establish, implement, and maintain a successful system safety process. Generally, the tasks fall within three broad categories ... 

Figure 3.4 Project life cycle phases and the system safety process.

The job safety analysis (JSA) [also referred to as the job hazard analysis (JHA)], which is a more simplified form of task analysis, has been a longstanding tool for task and function analysis. JSA has been available and utilized in general industry for many years by the industrial safety community. However, many practitioners do not understand or are simply unfamiliar with the connection between the JSA and the system safety tasks of hazard identification and analysis. It has even been suggested by some in the profession that the JSA itself is a type of oversimplified system safety analysis and, if performed earlier in the job development phase, could be used as the basis of a preliminary hazard analysis for a specific task or set of tasks. However, because JSA is often (if improperly) used to analyze a function only after it has been implemented, much of the data is not factored into the system safety process. The primary purpose of the JSA is to uncover inherent or potential hazards that may be encountered in the work environment. This basic definition is not unlike that previously discussed regarding the various system safety analyses. The primary difference between the two is subtle but important and is found in the end-use purpose of the JSA. Once the job or task is completed, the JSA is usually used as an effective tool for training and orienting the new employee into the work environment. The JSA presents a verbal picture of a specific job. 

To further illustrate the important difference between the JSA and the system safety process, consider the primary elements of the basic job safety analysis, which typically include the following five steps (as a minimum) ... 

The JSA, then, is a specialized approach of task analysis that takes an existing job and analyzes its tasks to specifically identify hazards encountered in the work environment. At the very least, the JSA does have a place within the system safety process as a tool to evaluate the hazards or risks of an existing task or function during the operation phase of the project life cycle. Here we see another connection between the principal elements of the industrial safety process and one of the basic objectives of the system safety effort, namely, that the JSA tries to eliminate or control the risk of hazard exposure in a given task during the life of the project. 

The role of the occupational or industrial safety and health organization in the system safety process has been estabUshed as an essential element since both can be interpreted as self-serving to a great extent that is to say, the industrial safety program could be drastically improved by incorporating the process of system safety whenever possible and, conversely, a well-rounded system safety efifort would not be complete without adequate consideration of the industrial safety program. 

Reliability, Maintainability, and Quality Control. Inclusion of these organizations in the system safety process, from concept through disposal, will aid in the identification of safety-critical components for reliability analysis. A failure mode(s) and effect(s) analysis (FMEA), as well as other common reliability models, can be used to identify critical and noncritical failure points. The quality assurance element can be extremely usefid in the overall system safety process. Quality engineers should participate in the inspection of safety-critical components, serve on certification boards, audit any corrective-action requirements, and identify any safety impacts associated with implementation of such requirements. 

It cannot be overemphasized that the principal elements of a sound industrial safety program, with its primary purpose of OSHA compliance, work hazard reduction, assurance of employee/job safety and health, and the evaluation of jobs or tasks (through the ISA or another comparable method), can, in most cases, be achieved through application of the system safety process. The connection between the two programs, while not entirely obvious, is quite understandable, as described above. Perhaps the most important thing to remember here is that the industrial or occupational safety and health professional can utilize the time-proven techniques of hazard reduction and system safety analysis to accomplish the desired goal of both programs ... 

Part II of this Basic Guide to System Safety presents and briefly discusses some of the more common system safety analytical tools used in the performance of the system safety function. Through example analyses of hypothetical mechanical and/or electrical systems, the reader should become familiar with each type of system safety analysis method or technique discussed. However, it must be understood that it is not within the limited scope of this volume to provide a detailed explanation of each of these methods and/or techniques. The intention is to merely introduce the reader to the various tools associated with the system safety process. The value of each concept in the analysis of hazard risk will vary according to the individual requirements of a given organization or company. 

Figure E.l represents the simple flow of the system safety process and provides a graphic summary of the materials presented in this text. This flowchart shows the typical functions of the system safety life cycle.

Accident or mishap deviation models as used in system safety processes can permit analysis of events in terms of deviations. The value assigned to a system variable becomes a deviation whenever it falls outside an established norm. When measuring system variables, these deviations can assume different values depending on the situation. Hazard control policies and procedures should detail any specified requirements. A deviation from a specified requirement could result in a human error for failure to follow procedures. Therefore, we must consider incidental factors as deviations from an accepted practice. An unsafe act relates to a personal action that violates or deviates from a commonly accepted safe procedure. Time functions as the basic dimension in a system deviation... 

The standard outlines the eight elements of the system safety process. The elements are ... 

Stephenson, Z.R., de Souza, S., McDermid, J.A. Product Line Analysis and the System Safety Process. In 22nd International System Safety Conference (2004)... 

Stephenson Z, de Souza S, McDermid J (2004) Product line analysis and the system safety process. Proceedings of the International System Safety Conference... 

---