DEFENSE SYSTEM SAFETY
DEFENSE OR DEFENCE ?
HCRQ has experience with DOD (U.S.), MOD (U.K.) and DND (Canada) contracts.
JUST A FEW OF OUR DEFENSE CONTRACTS
SOFTWARE SAFETY FOR ASTUTE CLASS SUBMARINE
HCRQ advised on the software safety case for the Control and Instrumentation System of the Royal Navy's Nuclear Powered Astute Class Submarines.
The Astute Class will undertake a range of tasks including: support to Vanguard Class submarines, anti-submarine warfare, anti-surface ship warfare, surveillance and intelligence gathering, and land attack using Tomahawk Land Attack Missiles (TLAM).
The CAE (now L-3) Platform Management System (PMS) software attracted a Safety Integrity Level (SIL) of 2. Software development was guided by DEF STAN 00-55.
We acted as the chairperson of CAE's software safety committee, and were the software safety liaison between CAE and their immediate client, BAE Systems.
The Astute Class will undertake a range of tasks including: support to Vanguard Class submarines, anti-submarine warfare, anti-surface ship warfare, surveillance and intelligence gathering, and land attack using Tomahawk Land Attack Missiles (TLAM).
The CAE (now L-3) Platform Management System (PMS) software attracted a Safety Integrity Level (SIL) of 2. Software development was guided by DEF STAN 00-55.
We acted as the chairperson of CAE's software safety committee, and were the software safety liaison between CAE and their immediate client, BAE Systems.
ARMORED FIGHTING VEHICLE (AFV) SAFETY ASSESSMENTS
Are you interested in safety assessments of AFV's (e.g., MRAP {Mine Resistant Ambush Protected}, HMMWV {High Mobility Multipurpose Wheeled Vehicle}, MECV {Modernized Expanded Capacity Vehicle}, JLTV* {Joint Light Tactical Vehicle})? Perhaps your client is TACOM.
*Oshkosh is one of our clients!
Safety documents may take the form of a Preliminary Hazard Analysis (PHA), Hazard Log (HL)/Hazard Tracking Log (HTL), Fault Tree Analysis (FTA), Safety Assessment Report (SAR), or Health Hazard Assessment Report (HHAR). How many AFV hazards are there? In excess of 30. Piqued your interest? Want to know what is wrong with the system safety CDRLs you are bidding on?
*Oshkosh is one of our clients!
Safety documents may take the form of a Preliminary Hazard Analysis (PHA), Hazard Log (HL)/Hazard Tracking Log (HTL), Fault Tree Analysis (FTA), Safety Assessment Report (SAR), or Health Hazard Assessment Report (HHAR). How many AFV hazards are there? In excess of 30. Piqued your interest? Want to know what is wrong with the system safety CDRLs you are bidding on?
DEFENSE SAFETY STANDARDS
Two of the more popular defense safety standards are:
Did we leave one out? What about SAE ARP4761? Is it a system safety standard?
Are you looking for training on MIL-STD-882E or SAE ARP4761? You came to the right place!
If you are interested in MIL-STD-882E, you should check out our:
Click here for a list of our widely acclaimed training courses and webinars.
- MIL-STD-882E, and
- DEF STAN 00-56.
Did we leave one out? What about SAE ARP4761? Is it a system safety standard?
Are you looking for training on MIL-STD-882E or SAE ARP4761? You came to the right place!
If you are interested in MIL-STD-882E, you should check out our:
Click here for a list of our widely acclaimed training courses and webinars.
MIL-STD-882
OVERVIEW
This Military Standard has been a guiding light in system safety within not only the defense sector but also in the areas of:
MIL-STD-882 is a mature system safety standard.
Despite its widespread and extensive use, much confusion remains. There are many people who are confused about:
Very poor safety products are still being produced such as:
Occasionally, one person has become the definitive source of information on system safety within an organization but their approach has been flawed. Occasionally, clients neglect to specify the desired "tasks" within 882, leaving the door wide open. All of this has been made evident to us during our consulting and training efforts.
Contact us if you would like to purchase MIL-STD-882 Data Item Descriptions (DIDs). You won't find DIDs of this caliber elsewhere.
- ground-based aviation,
- rail transportation, and
- medical devices.
MIL-STD-882 is a mature system safety standard.
Despite its widespread and extensive use, much confusion remains. There are many people who are confused about:
Very poor safety products are still being produced such as:
Occasionally, one person has become the definitive source of information on system safety within an organization but their approach has been flawed. Occasionally, clients neglect to specify the desired "tasks" within 882, leaving the door wide open. All of this has been made evident to us during our consulting and training efforts.
Contact us if you would like to purchase MIL-STD-882 Data Item Descriptions (DIDs). You won't find DIDs of this caliber elsewhere.
EVOLUTION
MIL-STD-882 evolved as follows:
- AF BSD Exhibit 62-41 {1962}
- MIL-S-38130 {1963}
- MIL-S-381308A {June 1966, March 1967}
- MIL-STD-882 {July 1969}
- MIL-STD-882A {June 1977}
- MIL-STD-882B {March 1984}
- MIL-STD-882B Notice 1 {July 1987} - HCRQ used this standard
- MIL-STD-882C {January 1993} - HCRQ used this standard
- MIL-STD-882C Notice 1 {January 1996} - HCRQ used this standard
- MIL-STD-882D (Acquisition Reform) {February 2000}
- MIL-STD-882D Change 1 {Draft 2010}
- MIL-STD-882E {May 2012} - HCRQ uses this standard
MIL-STD-882C
OVERVIEW
"C" was a very "c"omplete system safety standard.
At the time, a particularly useful combination was MIL-STD-882C sandwiched to the 300 series software tasks from MIL-STD-882B with CCA added from ED-135/SAE ARP4761.
At the time, a particularly useful combination was MIL-STD-882C sandwiched to the 300 series software tasks from MIL-STD-882B with CCA added from ED-135/SAE ARP4761.
SOFTWARE ASPECTS
MIL-STD-882C defined Software Control Categories as follows:
These Software Control Categories were similar in concept, but NOT equivalent to:
- I - Software exercises autonomous control over potentially hazardous hardware systems, subsystems or components without the possibility of intervention to preclude the occurrence of the hazard. Failure of the software or a failure to prevent an event leads directly to a hazard's occurrence.
- IIa - Software exercises control over potentially hazardous hardware systems, subsystems or components allowing time for intervention by independent safety systems to mitigate the hazard. However, these systems by themselves are not considered adequate.
- IIb - Software item displays information requiring immediate operator action to mitigate a hazard. Software failures will allow or fail to prevent the hazard's occurrence.
- IIIa - Software item issues commands over potentially hazardous hardware systems, subsystems or components requiring human action to complete the control function. There are several, redundant, independent safety measures for each hazardous event.
- IIIb - Software generates information of a safety-critical nature used to make safety-critical decisions. There are several, redundant, independent safety measures for each hazardous event.
- IV - Software does not control safety-critical hardware systems, subsystems or components and does not provide safety-critical information.
These Software Control Categories were similar in concept, but NOT equivalent to:
- Software Development Assurance Levels (defined in ED-79A/SAE ARP4754A and utilized by ED-12C/RTCA DO-178C),
- Software Integrity Levels (defined in and utilized by IEC 15026), and
- SoftWare Assurance Levels (defined in and utilized by ED-153).
MIL-STD-882D
OVERVIEW
What can one say? This was a big mistake.
We went from 116 pages in "C" to 31 pages in "D".
We went from 116 pages in "C" to 31 pages in "D".
MIL-STD-882E
OVERVIEW
MIL-STD-882E was released May 11, 2012.
MIL-STD-882E introduced new terminology, new requirements pertaining to old tasks, new tasks.
New terminology? Try:
New requirements pertaining to old tasks? Try:
New tasks? Try:
There are dilemmas (e.g., some things that are flat-out wrong), surprises, and confusion waiting.
HCRQ offers both a course MIL-STD-882E System Safety and a webinar MIL-STD-882E In-depth. In terms of the webinar alone, it is a very insightful presentation which has been attended by DOD and many defense contractors. As always, you can count on HCRQ to provide you unique and practical insight.
MIL-STD-882E introduced new terminology, new requirements pertaining to old tasks, new tasks.
New terminology? Try:
- Safety-Significant
- Event Risk
New requirements pertaining to old tasks? Try:
- SSPP
- Hazard Tracking System
New tasks? Try:
- Hazard Management Plan (HMP)
- Hazardous Materials Management Plan (HMMP)
- System Requirements Hazard Analysis (SRHA)
- Functional Hazard Analysis (FHA)
- System-of-Systems (SoS) Hazard Analysis
- Environmental Hazard Analysis (EHA)
There are dilemmas (e.g., some things that are flat-out wrong), surprises, and confusion waiting.
HCRQ offers both a course MIL-STD-882E System Safety and a webinar MIL-STD-882E In-depth. In terms of the webinar alone, it is a very insightful presentation which has been attended by DOD and many defense contractors. As always, you can count on HCRQ to provide you unique and practical insight.