Safety Risk Assessment/ Acceptance Air Force Materiel Command Chuck Dorney, P.E., C.S.P. Chief, HQ AFMC/SES DSN I n t e g r i t y - S e r v i c e - E x c e l l e n c e Developing, Fielding, and Sustaining America’s Aerospace Force
2 Overview Description of safety risk acceptance process Current policies Issues Recommendations
3 Description Identify hazards Assess their risks – two factors –Severity (worst that can happen) –Probability (how often) Apply corrective actions –Design change, safety devices –Warning devices, procedures, etc. Accept residual risks –Include ‘interim’ risks
5 Policies DODI –CAE accepts High risks –PEO accepts Serious risks –PM accepts Medium and Low risks –As defined by DOD std practice for system safety (does not specifically name ‘MIL-STD-882’) AFI (Capabilities-Based Acq) –Same as DODI , but calls out -882D AFI (Safety) and AFMC sup 1 –Use the specific matrix in 882 ASC/CC Policy memo, Jun 05 –Emphasize the above –Annual review of High and Serious risks
6 Policy Issues DODI and AFI do not: –Mention ‘residual’ nor ‘interim’ risk –Require any user coordination –Differentiate between Acquisition and Sustainment. ALCs frequently do Who accepts structural risk? PEO or ALC/CC? Users? AFI Sup does address, but not well –New sup will require CAE/PEO acceptance with User coord ALC/CV coord
7 Policy issues (Cont’d.) Some SPOs not sending High/Serious risks forward for the following reasons: –Unaware or misinterpretation of the rules –'Operational' hazards do not apply - incorrect, DODI and do not differentiate –'Sustainment' hazards do not apply - this is also incorrect –'Interim' hazards (i.e., those with a solution in work) do not apply. Yes, they do apply, because until the fix is in place, users are still operating at risk
8 Recommendations Revise DODI and AFI –Require user accept High and Serious risks They control the funding But, not always for developing programs –Define ‘interim’ and ‘residual’ risks
9 Questions?
11 DODI E Environment, Safety and Occupational Health (ESOH). As part of risk reduction, the PM shall prevent ESOH hazards where possible, and shall manage ESOH hazards where they cannot be avoided. The acquisition strategy shall incorporate a summary of the Programmatic ESOH Evaluation (PESHE), including ESOH risks, a strategy for integrating ESOH considerations into the systems engineering process, identification of ESOH responsibilities, a method for tracking progress, and a compliance schedule for NEPA (42 U.S.C d and Executive Order 12114, references (x) and (az)). During system design, the PM shall document hazardous materials used in the system and plan for the system's demilitarization and disposal. The CAE (or for joint programs, the CAE of the Lead Executive Component) or designee, is the approval authority for system-related NEPA and E.O documentation. For acceptance of ESOH mishap risks identified by the program, the CAE is the acceptance authority for high risks, PEO-level for serious risks, and the PM for medium and low risks as defined in the industry standard for system safety.
12 Mishap Severity Categories DescriptionCategoryEnvironmental, Safety, and Health Result Criteria CatastrophicICould result in death, permanent total disability, loss exceeding $1M, or irreversible severe environmental damage that violates law or regulation. CriticalIICould result in permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three personnel, loss exceeding $200K but less than $1M, or reversible environmental damage causing a violation of law or regulation. MarginalIIICould result in injury or occupational illness resulting in one or more lost work day(s), loss exceeding $10K but less than $200K, or mitigatible environmental damage without violation of law or regulation where restoration activities can be accomplished. NegligibleIVCould result in injury or illness not resulting in a lost work day, loss exceeding $2K but less than $10K, or minimal environmental damage not violating law or regulation.
13 Mishap Probability Levels DescriptionLevelSpecific Individual Item Fleet or Inventory Frequent ALikely to occur often in the life of an item, with a probability of occurrence greater than in that life. Continuously experienced. Probable BWill occur several times in the life of an item, with a probability of occurrence less than but greater than in that life. Will occur frequently. Occasional CLikely to occur some time in the life of an item, with a probability of occurrence less than but greater than in that life. Will occur several times. Remote DUnlikely but possible to occur in the life of an item, with a probability of occurrence less than but greater than in that life. Unlikely, but can reasonably be expected to occur. Improbable ESo unlikely, it can be assumed occurrence may not be experienced, with a probability of occurrence less than in that life. Unlikely to occur, but possible.
14 Draft AFI Supp (Added) Preparation of a written or electronic risk assessment/acceptance document will be accomplished with all using MAJCOM participation, and will be coordinated with the lead MAJCOM prior to routing the documentation to the AFAE, or PEO, or equivalent with info copy to AFSC/SEF/SEP. PEO documentation will have MAJCOM/DR/XR/SE coordination and AFAE documentation will have MAJCOM/CV coordination (Added) If the mishap risk acceptance package requires AFAE approval, HQ AFMC/SES will obtain HQ AFMC/CV coordination prior to forwarding the package to the PEO for coordination and submittal to the AFAE. If the package requires PEO approval, HQ AFMC/SES will obtain HQ AFMC/SE approval prior to submittal to the PEO (Added) Program offices will coordinate mishap risk acceptance packages within the program office to include Chief Engineer/Director of Engineering, appropriate division chiefs, the test community, the System Program Manager, and, if applicable, the ALC vice commander.