HCRQ
System Safety, Software Safety Experts
Since 1986

"The Key To A Safer World"
salus populi suprema lex




Our expertise
dates back a long time

Consulting


NEW - Free Monthly System/Software Safety Newsletter

Please click here to subscribe.



HCRQ offers outstanding consulting expertise in the areas of:

  • system safety,
  • software safety ,
  • reliability,
  • availability,
  • maintainability, and
  • system security.

We offer the following services:

  • Safety Manager
    • We can provide the system safety or software safety manager role, or assist your manager.
    • We can administer System Safety Programs from end-to-end.
  • Safety and Security Manager
    • We can provide the consortium system safety and security role.
      • (i.e., the project coordinator and liaison between consortium and client for light rail systems)
  • Safety Working Group/Safety Committee Chairperson
    • We can lead your SSWG/SwSWG or safety committee.
    • We can represent the safety aspect of your project in front of your client.
      • Typically, our safety knowledge and experience will exceed that of your client and their consultants.
        • Think about the implications of this!
  • Safety Auditor
    • We can audit products or processes - either your own or your suppliers'.
    • For more information click here.
  • Safety Analysts
    • We can perform specific safety analyses for you.
    • We can perform safety analyses concurrent with your system design.
      • We can implement entire System Safety Programs.
    • We can review your or your suppliers' safety analyses and other safety documents.
    • We can analyze the safety of an existing design.
      • Some safety-critical systems do not have existing safety analyses.
  • RAM Analysts
    • We are experienced in RAM Plans.
    • We are experienced in reliability analysis (allocation, modeling, prediction).
    • We are experienced in availability analysis and demonstrations.
    • We are experienced in maintainability analysis.
    • We are experienced in testability analysis.
    • We are experienced in FMECA.
  • Safety Consultation
    • We can advise you.
    • Help is available by phone.
    • Help is also available in person.
      • We can arrange to visit you.
      • You can arrange to visit us.
  • Safety Guideline Preparation
    • We can write system safety guidelines for your staff to follow (e.g., how to prepare an SSPP, PHL, PHA, FTA, FMECA, O&SHA, etc.).
    • For more information click here.
  • Safety SOW, CDRL & DID Preparation
    • We can write system safety SOW sections and associated DIDs.
    • We once wrote SOW text, CDRLs, and DIDs for a client of ours.
      • This client later told us that the successful bidder wanted to know who the author was.
      • Why?
      • They were so impressed that they wanted to hire us!
    • We can sell you system safety DIDs.
    • We can help you scrub down SOWs and DIDs.
      • We are very good at this.
      • Why?
        • System safety touches many areas of the SOW.
        • We understand system engineering.
        • We understand project management.
        • We understand configuration management.
        • We understand software.
        • We understand reliability.
  • Forensic Safety Assessment
    • HCRQ provides around the clock, around the world response to accidents and incidents - professionally, quickly, efficiently and, of course, confidentially.
    • For more information regarding this unique service, starting with our experience with the THERAC-25, click here.

Purchase System Safety DIDs

We have excellent Data Item Descriptions for SSPP (7 pages), PHL, PHA, FHA, PSA, SSA, O&SHA, HHA, and system safety elements of DIDs for ECP, RFD, RFW, MEL, etc.

For those who are not familiar with the term,
a DID defines the data required of a contractor,
and specifically defines the data content, format, and preparation instructions.

Here's a sample of one of our DIDs PHL DID.

For more information contact Haley MacGregor.


Expert Help By Phone

Perhaps you have a technical question
or you need an explanation.

Sure, you can spend your time surfing the web
but sometimes you are not sure if the information you locate is accurate
or just someone's opinion.
A little bit of knowledge is a dangerous thing
and everyone has an opinion about safety.
Even people who call themselves "safety engineers" can be way off base.

HCRQ is here ready to help with practical answers.

We will schedule world-famous system safety/software safety expert
David (Hunter) Levan to talk to you.

For more information regarding this service contact Haley MacGregor.


System Safety Guidelines - "How To"

Do you have a set of guidelines that your system safety engineers follow to create various safety documents and safety analyses such as
SSPP, PHL, PHA, Hazard Log, FTA, FMECA, O&SHA, Safety Case?

If you don't, you should.

These instructions help ensure both coverage and consistency.

They also provides you with protection
should your lead/only system safety engineer disappear.

We can help you develop these.

We start off with our template which is then refined by your specifics.

For more information regarding this service contact Haley MacGregor.


Have you ever heard of the overlooked hazards: cost and schedule?
Hazards such as overconfidence, under-estimation and inefficiency are also lurking.

There are many different types of safety documents and analyses. A number of them are described below.

How much analysis is enough? What is too much? We can tell you.

Money can be burned in a seemingly endless way without the right people at the helm.


System Safety Program Plan (SSPP)
System Safety Program (SSP)
Preliminary Hazard List (PHL)
Preliminary Hazard Analysis (PHA)
HAZOP Studies
Hazard Log
Operating & Support Hazard Analysis (O&SHA)
OSHA Job Hazard Analysis
Subsystem Hazard Analysis (SSHA)
System Hazard Analysis (SHA)
Fault Tree Analysis (FTA)
Software Fault Tree Analysis (SFTA)
Functional Fault Tree (FFT) Analysis
Failure Mode and Effects Analysis (FMEA)
Failure Mode and Effects Summary (FMES)
Software Failure Mode and Effects Analysis (SFMEA)
Failure Mode, Effects and Criticality Analysis (FMECA)
Software Failure Mode, Effects and Criticality Analysis (SFMECA)
Software Safety Analysis
Functional Hazard Assessment (FHA)
Preliminary System Safety Assessment (PSSA)
System Safety Assessment (SSA)
Common Cause Analysis (CCA)
Health Hazard Assessment (HHA)
Crash Survivability Analysis (CSA)
Safety Case



System Safety Program Plan (SSPP)

The System Safety Program Plan is one of the most important system safety documents. The SSPP is the foundation for all system safety analyses and demonstrations. The SSPP describes in detail the tasks and activities of system safety management and system safety engineering required to identify, analyze, and mitigate hazards by reducing their associated risks to acceptable levels throughout the system life cycle.

The approved SSPP provides a formal basis of understanding between the contractor and the customer to ensure that adequate consideration is given to safety during all life cycle phases of the program and to establish a formal, disciplined program to achieve the system safety objectives.

It is often the case that too little emphasis is placed on this document. A poorly written SSPP can be and has been very detrimental to both customer and contractor.

If system safety effort is underway without a solid, defensible SSPP in place, you are in trouble and will pay dearly for this later in the program. This is true even if an SSPP is not required by contract.

One of the particularly sensitive areas of an SSPP is hazard risk assessment and the associated matrix. You would not believe the mess that people have got themselves into in this area!

Contact HCRQ to:

You won't regret it!

Back to Top


System Safety Program (SSP)

The SSPP orchestrates the SSP; therefore, a poor SSPP causes an abysmal SSP.

A proper approach to system safety and software system safety is through the implementation of a SSP. Here, the intent is to identify, track, evaluate, eliminate or control hazards commencing when the system requirements are defined. SSPs provide direct input into design, implementation and testing phases of product development. In so doing, the cost of iterating a design to address safety issues is avoided.

Some SSPs though have been short-circuited, due to development falling behind schedule and pressures to meet milestones, to the detriment of safety. Future accidents then become much more probable.

Back to Top


Preliminary Hazard List (PHL)

The Preliminary Hazard List provides a list of hazards that may require special safety design emphasis or hazardous areas where in-depth analyses need to be done. It is compiled very early in the system acquisition life cycle to identify potentially hazardous areas on which to put management emphasis.

To this day, some people are still confused about what constitutes a PHL.

If you would like to purchase a PHL DID from us click here.

Back to Top


Preliminary Hazard Analysis (PHA)

The Preliminary Hazard Analysis is the first analysis performed within an overall SSP. The PHA identifies safety-critical areas, provides an initial assessment of hazards, and identifies requisite hazard controls and follow-on actions. The PHA is used to obtain an initial risk assessment of the system. It is based on best available data, including accident/incident data, from similar systems and other lessons learned. Hazards, associated with the proposed design or function, are evaluated for hazard severity, hazard probability, and operational constraints. Safety provisions and alternatives, needed to eliminate hazards or to reduce their associated risk to an acceptable level are included in the PHA.

There are very few useful published guidelines for producing a PHA, which is the precursor to all subsequent safety analyses. Perhaps, for this reason, many horrible PHAs have been produced.

If you would like to purchase a PHA DID from us click here.

HCRQ can teach you how to perform a PHA.

Back to Top


HAZOP Studies

The purpose of a HAZOP study is to identify potentially hazardous variations from design intent in components and in interactions between system components.

HAZOP may be applied throughout the system life cycle and carried out at various levels of design representation.

It utilizes concepts of:

  • Entity,
  • Attribute, and
  • Guide Word.

HAZOP studies are a team activity. Their effectiveness relies upon the management of the team, the knowledge of the team members, and the interaction of the individuals.

Back to Top


Hazard Log

Hazard tracking commencing when hazards are identified and continues throughout the life of the system. Various attributes of hazards are recorded in what is known as a hazard tracking database or hazard log. Basic attributes consist of a sequence number, hazard description, hazard effect, hazard risk index, mitigation, status, etc.

Hazard tracking reports, generated from the hazard log, provide system safety progress visibility, and derived system safety requirement traceability for use in progress reports and system safety working group meetings.

The quality and content of hazard logs vary substantially. The hazard log is intended to be dynamic thus permitting snapshots to be produced at any point in time. Unfortunately; however, they are often not updated on a regular basis and, sometimes lag far behind system development.

HCRQ can teach you how to about hazard logs.

Back to Top


Operating & Support Hazard Analysis (O&SHA)

The Operating & Support Hazard Analysis is used to document, analyze, and mitigate:

  • hazards that can be caused by operating and support (e.g., maintenance) personnel or, conversely,
  • hazards to which operating and support personnel can be exposed.

The human is to be considered an element of the total system, receiving both inputs and initiating outputs during the conduct of this analysis thus creating an effective link between Human Factors Engineering analyses and system safety.

The O&SHA covers the procedural activities of:

  • operations,
  • maintenance,
  • testing,
  • installation,
  • transportation,
  • emergency escape,
  • egress,
  • storage,
  • training,
  • rescue, and
  • disposal.

The O&SHA is typically one of the poorest performed system safety analyses which is a travesty since the weakest element in complex systems is the human interaction.

HCRQ can teach you how to perform an O&SHA the right way.

If you would like to purchase an O&SHA DID from us click here.

Back to Top


OSHA Job Hazard Analysis

The U.S. Occupational Safety and Health Administration requires Job Hazard Analyses to be performed.

Establishing proper job procedures is one of the benefits of conducting a Job Hazard Analysis.

Job Hazard Analysis carefully studies and records each step of a job, identifying existing or potential job hazards (both safety & health).

It is used to determine the best way to perform jobs or to reduce or eliminate the hazards.

Back to Top


Subsystem Hazard Analysis (SSHA)

The Subsystem Hazard Analysis commences when the system design identifies the subsystems.

It proceeds ahead when the specifics of the subsystem designs begin to unfold. Subsystem hazards are identified and analyzed.

Sometimes though, the concept of SSHA simply does not work.

  • It can be like a round peg and a square hole.
  • Those who are seasoned system safety engineers will understand why.
Back to Top


System Hazard Analysis (SHA)

The System Hazard Analysis shrink-wraps the SSHAs and, in doing so, analyzes the contributions of subsystems and interfaces to the system hazards.

Back to Top


Software Safety Analysis

A number of techniques have been used to analyze software safety. Some of these are:

  • SFTA
  • SFMEA
  • Software Requirements Hazard Analysis (SRHA)
  • Software Design Hazard Analysis (SDHA)
  • Software Code Hazard Analysis
  • Software Change Hazard Analysis
Back to Top


Fault Tree Analysis (FTA)

The Fault Tree Analysis technique was developed by H.R. Watson of Bell Telephone Laboratories in 1962. FTA was first applied to anti-ballistic systems. Boeing further developed and refined the process becoming the foremost proponents of the method.

It is an accepted technique used to analyze system safety. Hardware, software and human factors can be analyzed in an integrated fashion. FTA is particularly suited to the analysis of complex systems consisting of several functionally related or dependent subsystems with different performance objectives. This is especially true whenever the system design requires the collaboration of many specialized technical design groups.

A fault tree is a symbolic logic diagram, in the form of an inverted tree, showing the cause and effect relationship between an undesired event and contributing causes. Fault trees clearly show the parallel and sequential combinations of events that can constitute a hazard. FTA always begins assuming that an undesired event has taken place. It is a backward moving process which attempts to determine all possible causes for the undesired event to occur.

FTA can imply different things to different people as reflected by the wide range of depths of analysis that exist. Coverage in the areas of:

  • fault tree verification,
  • minimal cut set analysis,
  • common cause analysis,
  • importance analysis, and
  • supporting material

varies dramatically as does fault tree quality.

There truly are some scary FTA's out there!
A military client of ours showed us a SAR produced by a well-known defense company. We noticed a problem at the first gate in the tree!

HCRQ has over 18 years experience in FTA and we can teach you how to perform one the right way.

HCRQ is equipped with CAFTA and Item Fault Tree software.

Back to Top


Software Fault Tree Analysis (SFTA)

The first 20 years of FTA applications excluded their use with software. Since then, the technique of Software Fault Tree Analysis has proved to be particularly useful in analyzing the safety of software.

A good set of guidelines is required in order for analysts to reap the benefits that SFTA has to offer.

HCRQ has over 18 years experience in SFTA. We wrote the book!

Back to Top


Functional Fault Tree (FFT) Analysis

A Functional Fault Tree Analysis is a structured analysis method used to identify vital functions at the system functional level by comprehensively examining system functional faults that could precipitate hazards.

Back to Top


Failure Mode and Effects Analysis (FMEA)

A Failure Mode and Effects Analysis is a procedure by which each potential failure mode in a system is analyzed to determine the results or effects thereof on the system and to classify each potential failure mode according to its severity.

HCRQ is equipped with Item FMEA/FMECA software.

Back to Top


Failure Mode and Effects Summary (FMES)

The Failure Mode and Effects Summary is defined in SAE ARP4761.

It is a summary of lower level failure modes with the same effects from the FMEAs.

FMES is used as an input to the FTA.

Back to Top


Software Failure Mode and Effects Analysis (SFMEA)

The application of FMEA to software was first proposed in 1979.

Since that time, the technique has been refined and applied successfully at functional, interface and detailed levels.

Some of the approaches taken to SFMEA; however, are flawed.

Software Failure Mode and Effects Analysis has also been useful in conjunction with requirements analysis.

HCRQ has over 7 years experience in SFMEA.

Back to Top


Failure Mode, Effects and Criticality Analysis (FMECA)

A Failure Mode, Effects and Criticality Analysis is an FMEA augmented by CA (Criticality Analysis) where CA is defined as a procedure by which each potential failure mode is ranked according to the combined influence of severity and probability of occurrence.

A true CA is quantitatively-based. Occasionally a qualitatively-based technique is employed using Risk Priority Numbers.

HCRQ is equipped with Item FMEA/FMECA software.

Back to Top


Software Failure Mode, Effects and Criticality Analysis (SFMECA)

Occasionally, Software Failure Mode, Effects and Criticality Analysis {that's right, FMECA not FMEA} is stipulated.

If you are looking for first-hand insight into this technique, contact us!

Back to Top


Functional Hazard Assessment (FHA)

The Functional Hazard Assessment is a safety assessment technique defined in SAE ARP4761. It is very different from Fault Hazard Analysis also known by the same abbreviation.

An FHA is a systematic, comprehensive examination of functions to identify and classify failure conditions of those functions according to their severity.

An FHA is performed at two levels - system-level and subsystem-level. The system-level FHA is a high-level, qualitative assessment of the basic functions of the system as defined at the beginning of system development. The system-level FHA identifies and classifies the failure conditions associated with the system-level functions. The classification of these failure conditions establishes the safety requirements that the system must meet. The subsystem-level FHA is also a qualitative assessment, which is iterative in nature and becomes more defined and fixed as the system evolves. It considers a failure or combination of system failures that affect a system function.

The output of the system-level and/or subsystem-level FHAs is the starting point for the generation and allocation of safety requirements.

If you would like to purchase an FHA DID from us click here.

Back to Top


Preliminary System Safety Assessment (PSSA)

The Preliminary System Safety Assessment is a safety assessment technique defined in SAE ARP4761.

An iterative process, the PSSA assures that requirements identified in the Functional Hazard Assessment (FHA) are met.

The PSSA is used to complete the failure conditions list and the corresponding safety requirements. It is also used to demonstrate how the system will meet the qualitative (system development assurance levels; item development assurance levels, hardware design assurance levels and software levels) and quantitative (safety-related reliability targets) safety requirements for the various hazards identified.

It identifies and captures all derived system safety requirements. The PSSA process identifies protective strategies, taking into account fail-safe concepts and architectural attributes which may be needed to meet the safety objectives.

PSSA outputs are used as inputs to the System Safety Assessment (SSA) and other documents, including, but not limited to, system requirements, hardware requirements and software requirements.

If you would like to purchase a PSSA DID from us click here.

Back to Top


System Safety Assessment (SSA)

The System Safety Assessment is a safety assessment technique defined in SAE ARP4761.

The SSA is a systematic, comprehensive evaluation of the implemented system to show that qualitative (system development assurance levels, item development assurance levels, hardware design assurance levels and software levels) and quantitative (safety-related reliability targets) safety requirements, defined in the Functional Hazard Assessment (FHA) and Preliminary System Safety Assessment (PSSA) have been met.

The SSA integrates the results of the various analyses to verify the overall safety of the system and to cover all the specific safety considerations identified in the PSSA. The SSA process documentation includes results of the relevant analyses and their substantiations as needed. The output of the SSA is used as an input for the Safety Case.

If you would like to purchase an SSA DID from us click here.

Back to Top


Common Cause Analysis (CCA)

Independence between functions, subsystems or items may be required to satisfy the safety requirements. It is therefore necessary to ensure that such independence exists, or that the risk associated with dependence is deemed acceptable.

Common Cause Analysis (CCA) provides the means to verify this independence, or to identify specific dependencies.

CCA supports the selection of the system architecture through determination that appropriate independence can be achieved.

The system Fault Tree Analysis (FTA) should be supplemented by the CCA to generate the top failure effects of the subsystem FTA.

Similarly, the CCA at the subsystem level should supplement the output of the subsystem FTA to yield the top failure effects at the item level for use in the item FTA.

The item CCA should also supplement the item FTA to further establish the design requirements, development assurance levels, and hardware reliability requirements.

CCA consists of:

  • Zonal Safety Analysis (ZSA),
  • Particular Risks Analysis (PRA), and
  • Common Mode Analysis (CMA).
Back to Top


Health Hazard Assessment (HHA)

The Health Hazard Assessment is used to systematically identify and evaluate health hazards, evaluate proposed hazardous materials, and propose measures to eliminate or control these hazards through engineering design changes or protective measures to reduce the risk to a level acceptable to the customer.

The HHA evaluation phase determines the quantities of potentially hazardous materials or physical agents (e.g., noise, radiation, heat stress, cold stress) involved with the system, analyzes how these materials or physical agents are used in the system, estimates where and how personnel exposures may occur and if possible the degree or frequency of exposure involved.

Materials are evaluated if, because of their physical, chemical, or biological characteristics; quantity; or concentrations, they cause or contribute to adverse effects in organisms or off-spring, pose a substantial present or future danger to the environment, or result in damage to or loss of equipment or property during the system's life cycle.

If you would like to purchase an HHA DID from us click here.

Back to Top


Crash Survivability Analysis (CSA)

This analysis ensures that the proposed design will protect occupants from serious injury in potentially survivable crashes while limiting weight increase, costs, and additional maintenance to acceptable levels.

If you would like to purchase a Crash Survivability Analysis DID from us click here.

Back to Top


Safety Case

The Safety Case provides a reasoned argument, supported by identified evidence, which justifies that the system is safe and fit for purpose.

The Safety Case demonstrates that overall safety requirements, both contractual and derived, have been achieved. It provides design safety, health hazard, and operational and maintenance safety assurance to the customer.

Back to Top


Safety Audits (Product & Process)

HCRQ has the resources to perform safety audits on products or on processes.

Some of the product safety audits we have performed have been simple (e.g., "please critique this document for us").

We are frequently asked to review SSPPs which represents a very sound investment.

Other product safety audits are, of course, more extensive.

There is often an interest in determining if one's product or process conforms to pertinent standards or best practice.

Who better to perform process audits than HCRQ? After all, we teach process!


Problems Performing Safety Audits?

The problem with safety audits is defining what they imply and what level of assurance is truly provided by them.

The outcome of a safety audit is extremely dependent on the skills and experience of the auditor.

Remember the phrase "garbage in - garbage out"?

Independence of the auditor is also a key factor in the success of the audit.

Invest in HCRQ to perform your safety audits!

Back to Top


Testimonials

These are a few of the testimonials we have received from our clients:

"We never cease to be amazed at how much you guys know about system safety."

"Excellent service, responsiveness and extreme attention to detail.
We were quite impressed and had HCRQ take over the project completely.
The project was completed on time and, above all, our customer was very pleased."


"HCRQ should be applauded. They generated a first-class procedure."

"The sacrifices made by HCRQ in order that the project could be completed in a timely manner are a reflection of their dedication and commitment.
The extraordinary hours which they contributed are a tribute to their professionalism and to the fact that they recognized the importance and urgency of this project.
We offer our heartiest congratulations and thanks for a job well done."


"Because of their work, new standards have been established for the analysis of safety within our organization"

"HCRQ is one of a very organizations in the world qualified to undertake such a task.
We found HCRQ to possess an unusual combination of expertise that enables them to delve into the lowest levels of software and hardware,
while at the same time being able to address safety issues at a system level.
This combination results in very effective, comprehensive, and efficient analysis.
HCRQ's work is always of the highest quality, and they are always responsive to customer needs.
We recommend HCRQ without hesitation to anyone needing expertise in the area of system safety."


"Quality and quantity of work, professionalism, and personal manners which are impeccable ....
a combination which more than justifies HCRQ's contracts with us."


"Everyone should be made aware of just how much you guys know!"

Back to Top