|
|
|
|
|
|
|
|
|
|
|
|
|
HCRQ offers outstanding consulting expertise in the areas of:
We offer the following services:
Purchase System Safety DIDsWe have excellent Data Item Descriptions for SSPP (7 pages), PHL, PHA, FHA, PSA, SSA, O&SHA, HHA, and system safety elements of DIDs for ECP, RFD, RFW, MEL, etc.For those who are not familiar with the term, a DID defines the data required of a contractor, and specifically defines the data content, format, and preparation instructions. Here's a sample of one of our DIDs PHL DID. For more information contact Haley MacGregor. |
Expert Help By PhonePerhaps you have a technical questionor you need an explanation. Sure, you can spend your time surfing the web but sometimes you are not sure if the information you locate is accurate or just someone's opinion. A little bit of knowledge is a dangerous thing and everyone has an opinion about safety. Even people who call themselves "safety engineers" can be way off base. HCRQ is here ready to help with practical answers. We will schedule world-famous system safety/software safety expert David (Hunter) Levan to talk to you. For more information regarding this service contact Haley MacGregor. |
System Safety Guidelines - "How To"Do you have a set of guidelines that your system safety engineers follow to create various safety documents and safety analyses such asSSPP, PHL, PHA, Hazard Log, FTA, FMECA, O&SHA, Safety Case? If you don't, you should. These instructions help ensure both coverage and consistency. They also provides you with protection should your lead/only system safety engineer disappear. We can help you develop these. We start off with our template which is then refined by your specifics. For more information regarding this service contact Haley MacGregor. |
Have you ever heard of the overlooked hazards
: cost and schedule?There are many different types of safety documents and analyses. A number of them are described below.
How much analysis is enough? What is too much? We can tell you.
Money can be burned in a seemingly endless way without the right people at the helm.
The System Safety Program Plan is one of the most important system safety documents. The SSPP is the foundation for all system safety analyses and demonstrations. The SSPP describes in detail the tasks and activities of system safety management and system safety engineering required to identify, analyze, and mitigate hazards by reducing their associated risks to acceptable levels throughout the system life cycle.
The approved SSPP provides a formal basis of understanding between the contractor and the customer to ensure that adequate consideration is given to safety during all life cycle phases of the program and to establish a formal, disciplined program to achieve the system safety objectives.
It is often the case that too little emphasis is placed on this document. A poorly written SSPP can be and has been very detrimental to both customer and contractor.
If system safety effort is underway without a solid, defensible SSPP in place, you are in trouble and will pay dearly for this later in the program. This is true even if an SSPP is not required by contract.
One of the particularly sensitive areas of an SSPP is hazard risk assessment and the associated matrix. You would not believe the mess that people have got themselves into in this area!
Contact HCRQ to:
You won't regret it!
Back to TopThe SSPP orchestrates the SSP; therefore, a poor SSPP causes an abysmal SSP.
A proper approach to system safety and software system safety is through the implementation of a SSP. Here, the intent is to identify, track, evaluate, eliminate or control hazards commencing when the system requirements are defined. SSPs provide direct input into design, implementation and testing phases of product development. In so doing, the cost of iterating a design to address safety issues is avoided.
Some SSPs though have been short-circuited, due to development falling behind schedule and pressures to meet milestones, to the detriment of safety. Future accidents then become much more probable.
Back to TopThe Preliminary Hazard List provides a list of hazards that may require special safety design emphasis or hazardous areas where in-depth analyses need to be done. It is compiled very early in the system acquisition life cycle to identify potentially hazardous areas on which to put management emphasis.
To this day, some people are still confused about what constitutes a PHL.
If you would like to purchase a PHL DID from us click here.
Back to TopThe Preliminary Hazard Analysis is the first analysis performed within an overall SSP. The PHA identifies safety-critical areas, provides an initial assessment of hazards, and identifies requisite hazard controls and follow-on actions. The PHA is used to obtain an initial risk assessment of the system. It is based on best available data, including accident/incident data, from similar systems and other lessons learned. Hazards, associated with the proposed design or function, are evaluated for hazard severity, hazard probability, and operational constraints. Safety provisions and alternatives, needed to eliminate hazards or to reduce their associated risk to an acceptable level are included in the PHA.
There are very few useful published guidelines for producing a PHA, which is the precursor to all subsequent safety analyses. Perhaps, for this reason, many horrible PHAs have been produced.
If you would like to purchase a PHA DID from us click here.
HCRQ can teach you how to perform a PHA.
Back to TopThe purpose of a HAZOP study is to identify potentially hazardous variations from design intent in components and in interactions between system components.
HAZOP may be applied throughout the system life cycle and carried out at various levels of design representation.
It utilizes concepts of:
HAZOP studies are a team activity. Their effectiveness relies upon the management of the team, the knowledge of the team members, and the interaction of the individuals.
Back to TopHazard tracking commencing when hazards are identified and continues throughout the life of the system. Various attributes of hazards are recorded in what is known as a hazard tracking database or hazard log. Basic attributes consist of a sequence number, hazard description, hazard effect, hazard risk index, mitigation, status, etc.
Hazard tracking reports, generated from the hazard log, provide system safety progress visibility, and derived system safety requirement traceability for use in progress reports and system safety working group meetings.
The quality and content of hazard logs vary substantially. The hazard log is intended to be dynamic thus permitting snapshots to be produced at any point in time. Unfortunately; however, they are often not updated on a regular basis and, sometimes lag far behind system development.
HCRQ can teach you how to about hazard logs.
Back to TopThe Operating & Support Hazard Analysis is used to document, analyze, and mitigate:
The human is to be considered an element of the total system, receiving both inputs and initiating outputs during the conduct of this analysis thus creating an effective link between Human Factors Engineering analyses and system safety.
The O&SHA covers the procedural activities of:
The O&SHA is typically one of the poorest performed system safety analyses which is a travesty since the weakest element in complex systems is the human interaction.
HCRQ can teach you how to perform an O&SHA the right way.
If you would like to purchase an O&SHA DID from us click here.
Back to TopThe U.S. Occupational Safety and Health Administration requires Job Hazard Analyses to be performed.
Establishing proper job procedures is one of the benefits of conducting a Job Hazard Analysis.
Job Hazard Analysis carefully studies and records each step of a job, identifying existing or potential job hazards (both safety & health).
It is used to determine the best way to perform jobs or to reduce or eliminate the hazards.
Back to TopThe Subsystem Hazard Analysis commences when the system design identifies the subsystems.
It proceeds ahead when the specifics of the subsystem designs begin to unfold. Subsystem hazards are identified and analyzed.
Sometimes though, the concept of SSHA simply does not work.
The System Hazard Analysis shrink-wraps the SSHAs and, in doing so, analyzes the contributions of subsystems and interfaces to the system hazards.
Back to TopA number of techniques have been used to analyze software safety. Some of these are:
The Fault Tree Analysis technique was developed by H.R. Watson of Bell Telephone Laboratories in 1962. FTA was first applied to anti-ballistic systems. Boeing further developed and refined the process becoming the foremost proponents of the method.
It is an accepted technique used to analyze system safety. Hardware, software and human factors can be analyzed in an integrated fashion. FTA is particularly suited to the analysis of complex systems consisting of several functionally related or dependent subsystems with different performance objectives. This is especially true whenever the system design requires the collaboration of many specialized technical design groups.
A fault tree is a symbolic logic diagram, in the form of an inverted tree, showing the cause and effect relationship between an undesired event and contributing causes. Fault trees clearly show the parallel and sequential combinations of events that can constitute a hazard. FTA always begins assuming that an undesired event has taken place. It is a backward moving process which attempts to determine all possible causes for the undesired event to occur.
FTA can imply different things to different people as reflected by the wide range of depths of analysis that exist. Coverage in the areas of:
varies dramatically as does fault tree quality.
There truly are some scary FTA's out there!HCRQ has over 18 years experience in FTA and we can teach you how to perform one the right way.
HCRQ is equipped with CAFTA and Item Fault Tree software.
Back to TopThe first 20 years of FTA applications excluded their use with software. Since then, the technique of Software Fault Tree Analysis has proved to be particularly useful in analyzing the safety of software.
A good set of guidelines is required in order for analysts to reap the benefits that SFTA has to offer.
HCRQ has over 18 years experience in SFTA. We wrote the book!
Back to TopA Functional Fault Tree Analysis is a structured analysis method used to identify vital functions at the system functional level by comprehensively examining system functional faults that could precipitate hazards.
Back to TopA Failure Mode and Effects Analysis is a procedure by which each potential failure mode in a system is analyzed to determine the results or effects thereof on the system and to classify each potential failure mode according to its severity.
HCRQ is equipped with Item FMEA/FMECA software.
Back to TopThe Failure Mode and Effects Summary is defined in SAE ARP4761.
It is a summary of lower level failure modes with the same effects from the FMEAs.
FMES is used as an input to the FTA.
Back to TopThe application of FMEA to software was first proposed in 1979.
Since that time, the technique has been refined and applied successfully at functional, interface and detailed levels.
Some of the approaches taken to SFMEA; however, are flawed.
Software Failure Mode and Effects Analysis has also been useful in conjunction with requirements analysis.
HCRQ has over 7 years experience in SFMEA.
Back to TopA Failure Mode, Effects and Criticality Analysis is an FMEA augmented by CA (Criticality Analysis) where CA is defined as a procedure by which each potential failure mode is ranked according to the combined influence of severity and probability of occurrence.
A true CA is quantitatively-based. Occasionally a qualitatively-based technique is employed using Risk Priority Numbers.
HCRQ is equipped with Item FMEA/FMECA software.
Back to TopOccasionally, Software Failure Mode, Effects and Criticality Analysis {that's right, FMECA not FMEA} is stipulated.
If you are looking for first-hand insight into this technique, contact us!
Back to TopThe Functional Hazard Assessment is a safety assessment technique defined in SAE ARP4761. It is very different from Fault Hazard Analysis also known by the same abbreviation.
An FHA is a systematic, comprehensive examination of functions to identify and classify failure conditions of those functions according to their severity.
An FHA is performed at two levels - system-level and subsystem-level. The system-level FHA is a high-level, qualitative assessment of the basic functions of the system as defined at the beginning of system development. The system-level FHA identifies and classifies the failure conditions associated with the system-level functions. The classification of these failure conditions establishes the safety requirements that the system must meet. The subsystem-level FHA is also a qualitative assessment, which is iterative in nature and becomes more defined and fixed as the system evolves. It considers a failure or combination of system failures that affect a system function.
The output of the system-level and/or subsystem-level FHAs is the starting point for the generation and allocation of safety requirements.
If you would like to purchase an FHA DID from us click here.
Back to TopThe Preliminary System Safety Assessment is a safety assessment technique defined in SAE ARP4761.
An iterative process, the PSSA assures that requirements identified in the Functional Hazard Assessment (FHA) are met.
The PSSA is used to complete the failure conditions list and the corresponding safety requirements. It is also used to demonstrate how the system will meet the qualitative (system development assurance levels; item development assurance levels, hardware design assurance levels and software levels) and quantitative (safety-related reliability targets) safety requirements for the various hazards identified.
It identifies and captures all derived system safety requirements. The PSSA process identifies protective strategies, taking into account fail-safe concepts and architectural attributes which may be needed to meet the safety objectives.
PSSA outputs are used as inputs to the System Safety Assessment (SSA) and other documents, including, but not limited to, system requirements, hardware requirements and software requirements.
If you would like to purchase a PSSA DID from us click here.
Back to TopThe System Safety Assessment is a safety assessment technique defined in SAE ARP4761.
The SSA is a systematic, comprehensive evaluation of the implemented system to show that qualitative (system development assurance levels, item development assurance levels, hardware design assurance levels and software levels) and quantitative (safety-related reliability targets) safety requirements, defined in the Functional Hazard Assessment (FHA) and Preliminary System Safety Assessment (PSSA) have been met.
The SSA integrates the results of the various analyses to verify the overall safety of the system and to cover all the specific safety considerations identified in the PSSA. The SSA process documentation includes results of the relevant analyses and their substantiations as needed. The output of the SSA is used as an input for the Safety Case.
If you would like to purchase an SSA DID from us click here.
Back to TopIndependence between functions, subsystems or items may be required to satisfy the safety requirements. It is therefore necessary to ensure that such independence exists, or that the risk associated with dependence is deemed acceptable.
Common Cause Analysis (CCA) provides the means to verify this independence, or to identify specific dependencies.
CCA supports the selection of the system architecture through determination that appropriate independence can be achieved.
The system Fault Tree Analysis (FTA) should be supplemented by the CCA to generate the top failure effects of the subsystem FTA.
Similarly, the CCA at the subsystem level should supplement the output of the subsystem FTA to yield the top failure effects at the item level for use in the item FTA.
The item CCA should also supplement the item FTA to further establish the design requirements, development assurance levels, and hardware reliability requirements.
CCA consists of:
The Health Hazard Assessment is used to systematically identify and evaluate health hazards, evaluate proposed hazardous materials, and propose measures to eliminate or control these hazards through engineering design changes or protective measures to reduce the risk to a level acceptable to the customer.
The HHA evaluation phase determines the quantities of potentially hazardous materials or physical agents (e.g., noise, radiation, heat stress, cold stress) involved with the system, analyzes how these materials or physical agents are used in the system, estimates where and how personnel exposures may occur and if possible the degree or frequency of exposure involved.
Materials are evaluated if, because of their physical, chemical, or biological characteristics; quantity; or concentrations, they cause or contribute to adverse effects in organisms or off-spring, pose a substantial present or future danger to the environment, or result in damage to or loss of equipment or property during the system's life cycle.
If you would like to purchase an HHA DID from us click here.
Back to TopThis analysis ensures that the proposed design will protect occupants from serious injury in potentially survivable crashes while limiting weight increase, costs, and additional maintenance to acceptable levels.
If you would like to purchase a Crash Survivability Analysis DID from us click here.
Back to TopThe Safety Case provides a reasoned argument, supported by identified evidence, which justifies that the system is safe and fit for purpose.
The Safety Case demonstrates that overall safety requirements, both contractual and derived, have been achieved. It provides design safety, health hazard, and operational and maintenance safety assurance to the customer.
Back to TopHCRQ has the resources to perform safety audits on products or on processes.
Some of the product safety audits we have performed have been simple (e.g., "please critique this document for us").
We are frequently asked to review SSPPs which represents a very sound investment.
Other product safety audits are, of course, more extensive.
There is often an interest in determining if one's product or process conforms to pertinent standards or best practice.
Who better to perform process audits than HCRQ? After all, we teach process!
Problems Performing Safety Audits?The outcome of a safety audit is extremely dependent on the skills and experience of the auditor. Remember the phrase "garbage in - garbage out"? Independence of the auditor is also a key factor in the success of the audit. |
Invest in HCRQ to perform your safety audits!
Back to TopThese are a few of the testimonials we have received from our clients:
"We never cease to be amazed at how much you guys know about system safety."