WHAT IF ANALYSIS USED TO IDENTIFY HAZARDS HAZARDOUS EVENTS CAN INCLUDE PEOPLE AND/OR EQUIPMENT SUGGESTED METHOD UNDER OSHA’S PSM

WHAT IF MEMBERS ASSEMBLE A TEAM OF “EXPERTS” INCLUDE: PRODUCTION SAFETY ENGINEERING THE MORE DIVERSE, THE BETTER

WHAT IF PROCESS MAP OUT THE PROCESS IDENTIFY EQUIPMENT TASKS PROCESS CONTROL MEASURES

COMPLETING THE WHAT IF ANALYSIS EXAMINE EACH STEP DETERMINE PEOPLE, EQUIPMENT, INTERFACES ASK “WHAT IF?” DETERMINE ACCIDENT SCENARIOS IN WHICH THE EVENT COULD OCCUR AND CONTROL MEASURES

WHAT IF ANALYSIS FRAMEWORK CONSEQUENCES PROTECTION

CRITICAL INCIDENT TECHNIQUE USED BY FITTS AND JONES DURING WORLD WAR II AIR CORP PILOTS ERRORS READING DISPLAYS AND OPERATING AIRCRAFT

CRITICAL INCIDENT TECHNIQUE PREVENT FAILINGS TO BE CARRIED OVER ANALYZE PREVIOUS SYSTEM PROBLEMS EXAMINES SITUATIONS THAT COULD HAVE RESULTED IN A LOSS

CRITICAL INCIDENT TECHNIQUE USES QUALITATIVE INFORMATION INTERVIEW PERSONS INVOLVED OPERATIONALLY EXPERIENCED PERSONNEL

SITUATIONS TO EXAMINE HAZARDS NEAR MISSES UNSAFE CONDITIONS

INTERVIEW PROCESS SELECT SAMPLE OF SUBJECTS HAVE USED THE SYSTEM BEFORE INCLUDE THEIR OWN EXPERIENCES EXPERIENCES OF OTHERS THAT THEY HAVE OBSERVED DESCRIBE ALL MISHAPS AND OCCURRENCES

OUTCOMES SAME AS AN ACCIDENT INVESTIGATION IDENTIFICATION OF A HAZARD THROUGH PERSONAL INVOLVEMENT DEVELOP RECOMMENDATIONS FOR IMPROVEMENT

CONDUCTING A CRITICAL INCIDENT TECHNIQUE SELECT A GROUP WITH PRIOR EXPERIENCE WITH A SYSTEM INFORM SUBJECTS OF THE PURPOSE OF THE STUDY DESCRIBE ALL INCIDENTS THEY COULD RECALL

CONDUCTING A CRITICAL INCIDENT TECHNIQUE PROVIDE A LIST OF INCIDENTS THAT HAD OCCURRED ASK TO RECALL IF ANY HAD HAPPENED TO THEM

Fault Tree Analysis Fault tree analysis was developed in 1962 for the U.S. Air Force by Bell Telephone Laboratories for use with the Minuteman system Was later adopted and extensively applied by the Boeing Company Is one of many symbolic logic analytical techniques found in the operations research discipline.

Outcomes of FTA Graphic display of chains of events/conditions leading to the loss event. Identification of those potential contributors to failure that are “critical.” Improved understanding of system characteristics. Qualitative/quantitative insight into probability of the loss event selected for analysis. Identification of resources committed to preventing failure. Guidance for redeploying resources to optimize control of risk. Documentation of analytical results.

FTA Process A fault tree is a topdown, logic-driven technique for postulating all possible causes of an event. The team begins with the top level event and develops possible causes for that event. Each of those causes is, in turn, treated as an event for which causes are proposed. The tree development continues in this manner until a root cause or basic event is reached for which there is no further development within the scope of the investigation. Once the tree is constructed, the team analyzes the branches of the tree and rules out (marks as false) any branches that are contradictory to the available evidence.

Steps in FTA Identify undesirable TOP event Link contributors to TOP by logic gate Identify first-level contributors Link second-level contributors to TOP by logic gates Identify second-level contributors Repeat/continue

Fault Tree Development Constructing the logic Spotting/correcting some common errors Adding quantitative data

Symbols Basic Event–Initiating fault/failure, not developed further. The Basic Event marks the limit of resolution of the analysis. TOP Event–foreseeable, undesirable event, toward which all fault tree logic paths flow, or Intermediate event–describing a system state produced by antecedent events. “Or” Gate–produces output if any input exists. Any input, individual, must be(1) necessary and (2) sufficient to cause the output event. “And” Gate–produces output if all inputs co-exist. All inputs, individually must be (1) necessary and (2) sufficient to cause the output event Most Fault Tree Analyses can be carried out using only these four symbols.

Barrier Analysis Systems technique used to evaluate unwanted events Examines the events and the presence, absence, adequacy of barriers Barrier Analysis is part of the MORT process (Management Oversight Risk Tree)

Barriers Barriers can be physical or administrative Defined as material, functional, symbolic, and immaterial barrier systems They can also be defined as “Protecting” (After the event) or “Preventing” (Before the event)

Barriers Material barriers physically prevent an action from being carried out or the consequences from spreading. Functional (active or dynamic) barriers work by impeding the action to be carried out. A lock, for instance, is a functional barrier, whether it is a physical lock that requires the use of a key.

Barriers Symbolic barriers require an act of interpretation in order to achieve their purpose. All kinds of signs and signals are symbolic barriers Immaterial barriers are not physically present or represented in the situation, but depend on the knowledge of the user to achieve their purpose. Typical immaterial barriers are: rules, guidelines, restrictions, and laws.

Barriers and Hazard Sources Barriers can be matched with the potential hazard(s) Page 2-11 in the document link in the module provides a matrix of example hazard sources and typical barriers. The color coding indicates the degree of barrier effectiveness

Barrier Analysis Results A typical barrier analysis includes the following: Risk Assessment if done before the fact Identify Hazard Sources Identify Paths Identify Targets Identify barriers Assess current barriers in terms of adequacy If inadequate, develop recommendations for additional/different barriers Reassess risk levels with recommended changes to barriers