1 Safety - definitions Accident - an unanticipated loss of life, injury, or other cost beyond a pre-determined threshhold.  If you expect it, it’s not.

Slides:



Advertisements
Similar presentations
Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
Advertisements

Risk Management Introduction Risk Management Fundamentals
OPERATIONAL RISK MANAGEMENT
RISK ANALYSIS.  Almost all of the things that we do involve risk of some kind, but it can sometimes be challenging to identify risk, let alone to prepare.
Action 1: Mission/task analysis Action 2: List Hazards Action 3: List Causes STEP 1 IDENTIFY THE HAZARD STEP 2 ASSESS THE RISK Action 1: Assess hazard.
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
DESIGN FOR SAFETY HAZARD & OPERABILITY STUDIES -HAZOPs.
Mr. R. R. Diwanji Techniques for Safety Improvements.
Unit 6 – Risk Management and safety management system
Root Cause Analysis Presented By: Team: Incredibles
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Hazard and Operability Studies - HAZOP ChE 258 Chemical Process Safety University of Missouri - Rolla Fike Corporation.
Lucas Phillips Anurag Nanajipuram FAILURE MODE AND EFFECT ANALYSIS.
Quality Risk Management ICH Q9 Annex I: Methods & Tools
Testing safety-critical software systems
TIWANA WALTON MENTOR: SHARON MONICA JONES High Level Aviation Safety Risk Assessment.
EMPLOY THE RISK MANAGEMENT PROCESS DURING JOB PLANNING and EXECUTION
What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.
Unit 3a Industrial Control Systems
Quality in Product and Process Design Pertemuan 13-14
EE551 Real-Time Operating Systems
As of: 07 Apr 051 Using MIL-STD-882D: Approach for Identification and Elimination of Environmental Hazards or Reduction of Risks Associated with Environmental.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 2.
WHAT IS SYSTEM SAFETY? The field of safety analysis in which systems are evaluated using a number of different techniques to improve safety. There are.
Software Safety CS3300 Fall Failures are costly ● Bhopal 1984 – 3000 dead and injured ● Therac – 6 dead ● Chernobyl / Three Mile.
DESIGNING FOR SAFETY CHAPTER 9. IMPORTANCE OF DESIGNING FOR SAFETY  In the near future, the level of safety that companies and industries achieve will.
Managing Risks in Projects. Risk Concepts The Likelihood that some Problematical Event will Occur The Likelihood that some Problematical Event will Occur.
Essentials of Machine Safety Standards in Perspective.
FAULT TREE ANALYSIS (FTA). QUANTITATIVE RISK ANALYSIS Some of the commonly used quantitative risk assessment methods are; 1.Fault tree analysis (FTA)
Software Testing and Quality Assurance Software Quality Assurance 1.
Jacques Vanier ICAO EUR/NAT Regional Officer Almaty, 5 to 9 September 2005 SAFETY MANAGEMENT SYSTEMS RISK VERSUS SAFETY.
Quality Assurance.
Rules for Supporting Part 803 and Part 806 Decision Making Page 1 Establishing Rules for: Medical Device Reports (803) & Correction and Removal Reports.
SAFETY MANAGEMENT SYSTEM IN TURKISH STATE RAILWAYS (TCDD)
Software Quality Assurance SOFTWARE DEFECT. Defect Repair Defect Repair is a process of repairing the defective part or replacing it, as needed. For example,
1 5/18/2007ã 2007, Spencer Rugaber Architectural Styles and Non- Functional Requirements Jan Bosch. Design and Use of Software Architectures. Addison-Wesley,
University of Sunderland CIFM02 Unit 5 COMM02 Project Hazard Management and Contingency Planning Unit 5.
SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Safety methods within Agile and RUP methods TORGRIM LAURITSEN BUCS project.
Failure Modes and Effects Analysis (FMEA)
OHSAS Occupational health and safety management system.
Stan O’Neill Managing Director, The Compliance Group.
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
Failure Modes, Effects and Criticality Analysis
Safety Management Systems Session Two Safety Risk Management APTA Webinar April 28, 2016.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Process Safety Management Soft Skills Programme Nexus Alliance Ltd.
October 22, 2005 Parvaiz Ahmed Khand An Overview of Software Safety.
March 16, 2016 CanadianClinicalDiagnostics.com ©Canadian Clinical Diagnostics.
Detailed Analyses Chapter 14.
Guide for the application of CSM design targets (CSM DT)
Ranjan kumar Assistant Manager CCL,Ranchi
ESSA Grading Criteria Can the finding lead to a mishap?* No
SYSTEM SAFETY AND THE TECHNICAL AUTHOR
Civil Air Patrol BASIC LEVEL OPERATIONAL RISK MANAGEMENT
Dept. of Nuclear and Quantum Engineering
FMEA.
Air Carrier Continuing Analysis and Surveillance System (CASS)
Disaster Site Worker Safety
GE 6757 TOTAL QUALITY MANAGEMENT
Hazard identification
Criticality – Mil-Std-1629 Approach
Unit I Module 3 - RCM Terminology and Concepts
Failure Mode and Effect Analysis
Disaster Site Worker Safety
Presentation transcript:

1 Safety - definitions Accident - an unanticipated loss of life, injury, or other cost beyond a pre-determined threshhold.  If you expect it, it’s not an accident.  Cost is high - generally higher than the value of the service provided by the system. Safety - absence of accidents.

2 What is a system? Black box view  environment Glass box view (structure)  Collection of components (which are themselves subsystems)  Software components  Computers  Sensors, actuators  Humans  Communications  System structure can be dynamic

3 Role of software in system safety Software can be a source of failures Software can deal with error diagnosis and recovery. Interaction between software and rest of system can affect safety (e.g., GUI issues).

4 System safety Principle: software safety is meaningless without consideration of system-wide effects.  GUI confuses operator.  Wrong sensor reading causes inappropriate response from software.  Bad error recovery code aggravates error.  Loading the wrong software.

5 Hazards Hazard - a condition that inevitably leads to an accident under some combination of environmental conditions (Leveson).  Hazard may or may not lead to accident ... but it is a matter of luck - assumes system cannot control environment.  Example: Two aircraft are separated by less than minimum required distance.  If exact position and velocity is “right”, they will collide.

6 Hazard identification Cannot make a system safe unless we know how it can be unsafe. Hazard identification attempts to make explicit the safety risks of the system  This requires thinking about the system globally as well as locally  Should begin in early phases of design, when problems are relatively easy to fix.

7 Hazard identification, cont After identification  System can be redesigned to remove hazard ... or reduce probability ...and/or reduce effects of hazard. Hazards should be tracked  Hazard analysis should be updated  To reflect design and implementation changes  Increased understanding and experience (e.g. from observed accidents or malfunctions).  Also, remedies for hazards should be logged.

8 Hazard identification methods There is no magic bullet Draw on past experience  Study problems from previous systems.  There may be checklists of common hazards. “Structured brainstorming”  Form a committee of experienced people with a variety of expertise and viewpoints  Present the system in various ways  Try to think of possible problems

9 Preliminary Hazard Analysis (PHA) Goal: Early identification of hazards so they can be taken into account in system specification and design.  However, analysis should be updated to reflect increased understanding and design changes. Inputs  System design objectives  equipment specs  environmental conditions  regulations

10 >

11 Hazard Level: severity and likelihood Example DoD MIL-STD-882B Category I: Catastrophic: may cause death or loss of system. Category II: Critical: May cause severe injury, severe occupational illnusess, or major system damage. Category III: Marginal: may cause minor injury, minor occupational illness, or minor system damage. Category IV: Negligable: will not result in injury, occupational illness, or system damage.

12 Hazard likelihood British Std Frequent: Likely to be continually experienced. Probable: Likely to occur often. Occasional: Likely to occur several times. Remote: Likely to occur some time. Improbable: Unlikely, but may exceptionally occur. Incredible: Extremely unlikely that the event will ever occur.

13 Hazard Aversion/Containment Hazard elimination: e.g., robot arm is too slow to break a hole in the wall. Hazard reduction: e.g., add interlocks Hazard control: e.g., pressure valve Damage reduction: e.g., evacuation procedures.

14 PHA evaluation Advantages Focuses on hazards Disadvantages Determining hazard categories may be hard. May make unrealistic assumptions about engineering, testing, operational procedures, etc.

15 HAZOP Goal: To establish, by systematic examination of system components and operations, failure modes which can lead to hazards When: during design Inputs: results of previous safety analysis Outputs: identification and elimination of events and failure modes leading to hazards.

16 HAZOP guide words (00-58) No: Complete negation of design intention. No part of the intention is achieved, nothing else happens More: a quantitative increase Less: a quantitative decrease As well as: Design intent achieved, with additions Part of: Only some of design intention is achieved. Reverse: The logical opposite of the intention is achieved.

17 HAZOP evaluation Advantages Simplicity and ease of application Combines members from different teams Disadvantages Labor intensive Results vary depending on quality of team.

18 FMECA (FMEA) “Failure Modes, Effects (and Criticality) Analysis” Goal: Systematically analyze the components of the target system with respect to attributes relevant to safety. When: Early design, after components identified. Input: Schematics, functional diagrams, component relationships Output: List of failure modes and effects.

19 FMECA example/more info

20 FMECA evaluation Advantages Effective for analyzing single units Completeness Used to identify redundancy. Disadvantages Multiple failures/common mode failures overlooked. Time consuming and costly Failure modes must be known in advance.  Hard for complex components