Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mission-Critical Systems and HAZOP Requirements Engineering Lecture 13 Copyright,

Published byStella Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "Mission-Critical Systems and HAZOP Requirements Engineering Lecture 13 Copyright,"— Presentation transcript:

1 Mission-Critical Systems and HAZOP Jerzy.Nawrocki@put.poznan.pl www.cs.put.poznan.pl/jnawrocki/require/ Requirements Engineering Lecture 13 Copyright, 2004  Jerzy R. Nawrocki

2 Overview of RE guidelines The requirements document Requirements elicitation Reqs analysis & negotiation Describing requirements System modelling Requirements validation Requirements management RE for critical systems BasicIntermAdv 8 6 5 4 3 4 4 2 36 - 6 2 1 3 3 3 3 21 - 1 1 - - 1 2 4 9

3 RE for Critical Systems Basic guidelines Create safety requirements checklists Involve external reviewers in the validation process

4 RE for Critical Systems Intermediate guidelines Identify and analyse hazards Derive safety requirements from hazard analysis Cross-check operational and functional requirements against safety requirements

5 RE for Critical Systems Advanced guidelines Specify systems using formal specification Collect incident experience Learn from incident experience Establish an organisational safety culture

6 Introduction to HAZOP HAZOP : HAZ ard and OP erability study; ICI Chemicals, UK, ‘70 Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03].

7 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Heating installation Radiation therapy machine Electron accelerator

8 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Railway crossing Aircraft control system

9 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. ExistingNew

10 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Heating installation Radiation therapy machine Electron accelerator ~ 200 rad up to 50 o C

11 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Therac-25 accident [Leveson93] Electron accelerator 15 000 rad Heating installation 90 o C Auch!

12 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Heating installation 90 o C Electron accelerator 15 000 rad Radiation therapy machine H.= A set of conditions that can lead to an accident [Leveson91]

13 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Oh God!

14 Introduction to HAZOP HAZOP : HAZ ard and OP erability study Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. The computer doesn’t work!

15 Introduction to HAZOP HAZOP : HAZ ard and OP erability study; ICI Chemicals, UK, ‘70 Aim: ‘identifying potential hazards and operability problems caused by deviations from the design intent of both new and existing process plants’ [Lihou03]. Performed by a team of multidisciplinary experts. Structured brainstorming process.

16 Introduction to HAZOP Process description How deviations from the design intent can arise? Can they impact safety and operability? What actions are necessary?

17 Introduction to HAZOP.. the great advantage of the technique is that it encourages the team to consider less obvious ways in which a deviation may occur (..) In this way the study becomes much more than a mechanistic check-list type of review. [Lihou03]

18 Keywords Primary keywords : a particular aspect of a design intent (a process condition or parameter). Safety:Operability: FlowIsolate TemperatureStart-up PressureShutdown LevelMaintain Corrode Inspect AbsorbDrain ErodePurge... Can corrosion be a design intent?

19 Keywords Secondary keywords : possible deviations (problems) No Less More Reverse Also Other Fluctuation Early Late They tend to be a standard set. No No : The design intent is almost eliminated (blocked) or unachievable. Examples : Flow/No Isolate/No

20 Keywords Secondary keywords : possible deviations (problems) NoLess More Reverse Also Other Fluctuation Early Late Less Less : Value of a parameter described by a primary keyword is less than expected. Examples : Flow/Less Temperature/Less

21 Keywords Secondary keywords : possible deviations (problems) No LessMore Reverse Also Other Fluctuation Early Late More More : The parameter value is greater than expected. Examples : Temperature/More Pressure/No

22 Keywords Secondary keywords : possible deviations (problems) No Less MoreReverse Also Other Fluctuation Early Late Reverse Reverse : The opposite direction of the design intent. Examples : Flow/Reverse Isolate/No

23 Keywords Secondary keywords : possible deviations (problems) No Less More ReverseAlso Other Fluctuation Early Late Also Also : The design intent (primary keyword) is OK, but there is something extra. Examples : Flow/Also = contamination Level/Also = unexpected material in a tank

24 Keywords Secondary keywords : possible deviations (problems) No Less More Reverse AlsoOther Fluctuation Early Late Other Other : The design intent occurs but in a different way. Examples : Composition/Other = Unexpected proportions Flow/Other = Product flows where it is unexpected

25 Keywords Secondary keywords : possible deviations (problems) No Less More Reverse Also OtherFluctuation Early Late Fluctuation Fluctuation : The design intent achieved only part of the time. Examples : Flow/Fluctuation = Sometimes flows, sometimes not. Temperature/Fluctuation = Sometimes hot, sometimes cold.

26 Keywords Secondary keywords : possible deviations (problems) No Less More Reverse Also Other FluctuationEarly Late Early Early : The design intent appears too early. Examples : Flow/Early = The product flows too early. Temperature/Early = The intended temperature (high or low) is achieved too early.

27 Keywords Secondary keywords : possible deviations (problems) No Less More Reverse Also Other Fluctuation EarlyLate Late Late : Opposite to early. Examples : Level/Late = The inteded level in a tank is achieved too late.

28 Keywords Secondary keywords : possible deviations (problems) No Less More Reverse Also Other Fluctuation Early Late Are all combinations of keywords meaningful? Temperature/No??? Corrode/Reverse???

29 Methodology – Report format DeviationCauseConsequenceSafeguardsAction E.g. Flow/No Potential cause of the deviation Consequences of the cause and the deviation itself Any existing devices that prevent the cause or make its consequeces less painful Actions to remove the cause or mitigate the conse- quences

30 Methodology – The process Select a section of the plant For each primary keyword relevant for the plant: For each relevant secondary keyword: Think of significant consequences and record them; Record any safeguards identified; Think of any necessary actions and record them; Think of significant consequences and record them; Record any safeguards identified; Think of any necessary actions and record them; For each discovered cause for the deviation DeviationCauseConsequenceSafeguardsAction Flow/No Problem...

31 The HAZOP team Optimal : 6 people Maximum : 9 people Equal representation of customer and supplier Experts from a range of disciplines Team composition : questions raised during the meeting should be answered immediately. Chairman and secretary

32 Preparatory work 1.Assemble the data 2.Understand the subject 3.Subdivide the plant and plan the sequence 4.Mark-up the drawings 5.Devise a list of appropriate keywords 6.Prepare table headings and an agenda 7.Prepare a timetable 8.Select the team

33 The report Scope of the study Brief description of the process under study Keyword combinations and their meanings Description of the Action File (contains Action Response Sheets reporting on the actions performed to reduce the risks; initially empty) General comments (what was unavailable or not reviewed, what the team was assured of) Results (the number of recommended actions)

34 Summary HAZOP is a structured brainstorming method for risk analysis. HAZOP is a structured brainstorming method for risk analysis. It can be applied in different contexts (eg. UML-HAZOP) It can be applied in different contexts (eg. UML-HAZOP) It goes well with other analysis methods, eg. fault tree analysis (AND/OR trees of faults) It goes well with other analysis methods, eg. fault tree analysis (AND/OR trees of faults) Used by: UK Ministry of Defence, Motorola, chemical companies, etc. Used by: UK Ministry of Defence, Motorola, chemical companies, etc.

35 Bibliography [Lihou03] Mike Lihou, Hazard & Operability Studies, Lihou Technical & Software Services, www.lihoutech.com/hzp1frm.htm, 3.06.2003. [Lihou03] Mike Lihou, Hazard & Operability Studies, Lihou Technical & Software Services, www.lihoutech.com/hzp1frm.htm, 3.06.2003. www.lihoutech.com/hzp1frm.htm A very good introduction to HAZOP. A very good introduction to HAZOP. [Leveson91] N. Leveson, S.Cha, T.Shimeall, Safety verification of Ada programs using software fault trees, IEEE Software, July 1991, 48-59. [Leveson91] N. Leveson, S.Cha, T.Shimeall, Safety verification of Ada programs using software fault trees, IEEE Software, July 1991, 48-59. FTA templates for Ada programs. FTA templates for Ada programs. [Leveson93] N. Leveson, C. Turner, An investigation of the Therac-25 Accidents, Computer, July 1993, 18-41. [Leveson93] N. Leveson, C. Turner, An investigation of the Therac-25 Accidents, Computer, July 1993, 18-41. 

36 Bibliography F. Redmill, M. Chudleigh, J.Catmur, System Safety: HAZOP and Software HAZOP, John Wiley & Sons, 1999, (Amazon.com: $135!) F. Redmill, M. Chudleigh, J.Catmur, System Safety: HAZOP and Software HAZOP, John Wiley & Sons, 1999, (Amazon.com: $135!) J.Górski, A.Jarzębowicz, Wykrywanie anomalii w modelach obiektowych za pomocą metody UML- HAZOP, IV KKIO, Best Paper Award 

Download ppt "Mission-Critical Systems and HAZOP Requirements Engineering Lecture 13 Copyright,"

Similar presentations

Final Competence Assessment Assessment Documents Assessment strategy (SummitSkills) Assessment methodology (SQA) Assessment guidelines (SQA)

Final Competence Assessment Assessment Documents Assessment strategy (SummitSkills) Assessment methodology (SQA) Assessment guidelines (SQA)
Procedures for CMM Level 2 Copyright, 2000 © Jerzy R. Nawrocki Quality Management.

Procedures for CMM Level 2 Copyright, 2000 © Jerzy R. Nawrocki Quality Management.
HAZOP Hazard & Operability studies What is HAZOP? (Hazard & Operability) A systematic review of the design & operation of a system to identify the potential.

HAZOP Hazard & Operability studies What is HAZOP? (Hazard & Operability) A systematic review of the design & operation of a system to identify the potential.
1 Chapter 2: Product Development Process and Organization Introduction Importance of human resources: Most companies have similar technology resources.

1 Chapter 2: Product Development Process and Organization Introduction Importance of human resources: Most companies have similar technology resources.
1 MANUFACTURING AND PRODUCTION OF BIOLOGICAL PRODUCTS (ERT 455) HAZARD ANALYSIS AND CRITICAL CONTROL POINT (HACCP) SYSTEM Munira Mohamed Nazari School.

1 MANUFACTURING AND PRODUCTION OF BIOLOGICAL PRODUCTS (ERT 455) HAZARD ANALYSIS AND CRITICAL CONTROL POINT (HACCP) SYSTEM Munira Mohamed Nazari School.
Mr. R. R. Diwanji Techniques for Safety Improvements.

Mr. R. R. Diwanji Techniques for Safety Improvements.
 Every stage from phase DESIGN in Software Development Process will have “design document” especially in analysis and design phases.  “Design document”

 Every stage from phase DESIGN in Software Development Process will have “design document” especially in analysis and design phases.  “Design document”
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO HAZID 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO HAZID 2.
Hazard and Operability Studies - HAZOP ChE 258 Chemical Process Safety University of Missouri - Rolla Fike Corporation.

Hazard and Operability Studies - HAZOP ChE 258 Chemical Process Safety University of Missouri - Rolla Fike Corporation.
Requirements Engineering Process – 1

Requirements Engineering Process – 1
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.

Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
1 Commissioned by PAMSA and German Technical Co-Operation National Certificate in Paper & Pulp Manufacturing NQF Level 4 Coat paper or board using a coating.

1 Commissioned by PAMSA and German Technical Co-Operation National Certificate in Paper & Pulp Manufacturing NQF Level 4 Coat paper or board using a coating.
Codex Guidelines for the Application of HACCP

Codex Guidelines for the Application of HACCP
HAZOP System Safety: HAZOP and Software HAZOP, by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999.

HAZOP System Safety: HAZOP and Software HAZOP, by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999.
Software Project Management

Software Project Management
HAZOP: Hazard and Operability Study Models and Analysis of Software Lecture 11 Copyright,

HAZOP: Hazard and Operability Study Models and Analysis of Software Lecture 11 Copyright,

Similar presentations

Ads by Google