| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
| |
System Safety | |
| |
| |
| |
Introduction | |
| |
| |
| |
System Safety Background | |
| |
| |
| |
System Safety Characterization | |
| |
| |
| |
System Safety Process | |
| |
| |
| |
System Concept | |
| |
| |
| |
General System Model | |
| |
| |
| |
System Attributes | |
| |
| |
| |
System Types | |
| |
| |
| |
System Life Cycle | |
| |
| |
| |
System Development | |
| |
| |
| |
Summary | |
| |
| |
| |
Hazards, Mishap, and Risk | |
| |
| |
| |
Introduction | |
| |
| |
| |
Hazard-Related Definitions | |
| |
| |
| |
Hazard Theory | |
| |
| |
| |
Hazard Actuation | |
| |
| |
| |
Hazard Causal Factors | |
| |
| |
| |
Hazard-Mishap Probability | |
| |
| |
| |
Recognizing Hazards | |
| |
| |
| |
Hazard Description | |
| |
| |
| |
Summary | |
| |
| |
| |
Hazard Analysis Types and Techniques | |
| |
| |
| |
Types and Techniques | |
| |
| |
| |
Description of Hazard Analysis Types | |
| |
| |
| |
Conceptual Design Hazard Analysis Type (CD-HAT) | |
| |
| |
| |
Preliminary Design Hazard Analysis Type (PD-HAT) | |
| |
| |
| |
Detailed Design Hazard Analysis Type (DD-HAT) | |
| |
| |
| |
System Design Hazard Analysis Type (SD-HAT) | |
| |
| |
| |
Operations Design Hazard Analysis Type (OD-HAT) | |
| |
| |
| |
Human Design Hazard Analysis Type (HD-HAT) | |
| |
| |
| |
Requirements Design Hazard Analysis Type (RD-HAT) | |
| |
| |
| |
Timing of Hazard Analysis Types | |
| |
| |
| |
Interrelationship of Hazard Analysis Types | |
| |
| |
| |
Hazard Analysis Techniques | |
| |
| |
| |
Technique Attributes | |
| |
| |
| |
Primary Hazard Analysis Techniques | |
| |
| |
| |
Inductive and Deductive Techniques | |
| |
| |
| |
Qualitative and Quantitative Techniques | |
| |
| |
| |
Summary | |
| |
| |
| |
Preliminary Hazard List | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Hazard Checklists | |
| |
| |
| |
Guidelines | |
| |
| |
| |
Example: Ace Missile System | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Preliminary Hazard Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Guidelines | |
| |
| |
| |
Example: Ace Missile System | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Subsystem Hazard Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Guidelines | |
| |
| |
| |
Example: Ace Missile System | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
System Hazard Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Guidelines | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Operating and Support Hazard Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Hazard Checklists | |
| |
| |
| |
Support Tools | |
| |
| |
| |
Guidelines | |
| |
| |
| |
Examples | |
| |
| |
| |
Example 1 | |
| |
| |
| |
Example 2 | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Health Hazard Assessment | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Checklist | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Safety Requirements/Criteria Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheets | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Fault Tree Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Building Blocks | |
| |
| |
| |
Definitions | |
| |
| |
| |
Construction-Basics | |
| |
| |
| |
Construction-Advanced | |
| |
| |
| |
Construction Rules | |
| |
| |
| |
Functional Block Diagrams | |
| |
| |
| |
Cut Sets | |
| |
| |
| |
MOCUS Algorithm | |
| |
| |
| |
Bottom-Up Algorithm | |
| |
| |
| |
Mathematics | |
| |
| |
| |
Probability | |
| |
| |
| |
Importance Measures | |
| |
| |
| |
Example 1 | |
| |
| |
| |
Example 2 | |
| |
| |
| |
Example 3 | |
| |
| |
| |
Phase- and Time-Dependent FTA | |
| |
| |
| |
Dynamic FTA | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Event Tree Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example 1 | |
| |
| |
| |
Example 2 | |
| |
| |
| |
Example 3 | |
| |
| |
| |
Example 4 | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Failure Mode and Effects Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Structural and Functional Models | |
| |
| |
| |
Product and Process FMEA | |
| |
| |
| |
Functional Failure Modes | |
| |
| |
| |
Hardware Failure Modes | |
| |
| |
| |
Software Failure Modes | |
| |
| |
| |
Quantitative Data Sources | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example 1: Hardware Product FMEA | |
| |
| |
| |
Example 2: Functional FMEA | |
| |
| |
| |
Level of Detail | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Fault Hazard Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Functional Hazard Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheets | |
| |
| |
| |
Example 1: Aircraft Flight Functions | |
| |
| |
| |
Example 2: Aircraft Landing Gear Software | |
| |
| |
| |
Example 3: Ace Missile System | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Sneak Circuit Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Step 1: Acquire Data | |
| |
| |
| |
Step 2: Code Data | |
| |
| |
| |
Step 3: Process Data | |
| |
| |
| |
Step 4: Produce Network Trees | |
| |
| |
| |
Step 5: Identify Topographs | |
| |
| |
| |
Step 6: Perform Analysis | |
| |
| |
| |
Step 7: Generate Report | |
| |
| |
| |
Example 1: Sneak Path | |
| |
| |
| |
Example 2: Sneak Label | |
| |
| |
| |
Example 3: Sneak Indicator | |
| |
| |
| |
Example Sneak Clues | |
| |
| |
| |
Software Sneak Circuit Analysis | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Petri Net Analysis (PNA) | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Examples | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Markov Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
State Transition Diagram Construction | |
| |
| |
| |
State Equation Construction | |
| |
| |
| |
Examples | |
| |
| |
| |
Markov Chain | |
| |
| |
| |
Markov Model of Two-Component Series System with No Repair | |
| |
| |
| |
Markov Model of Two-Component Parallel System with No Repair | |
| |
| |
| |
Markov Model of Two-Component Parallel System with Component Repair | |
| |
| |
| |
Markov Model of Two-Component Parallel System with Component/System Repair | |
| |
| |
| |
Markov Model of Two-Component Parallel System with Sequencing | |
| |
| |
| |
Markov Analysis and FTA Comparisons | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Barrier Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Example Checklist of Energy Sources | |
| |
| |
| |
Considerations | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Bent Pin Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Hazard and Operability Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Design Representations | |
| |
| |
| |
System Parameters | |
| |
| |
| |
Guide Words | |
| |
| |
| |
Deviation from Design Intent | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example 1 | |
| |
| |
| |
Example 2 | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Cause-Consequence Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Symbols | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Example 1: Three-Component Parallel System | |
| |
| |
| |
Example 2: Gas Pipeline System | |
| |
| |
| |
Reducing Repeated Events | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Common Cause Failure Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Definitions | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Defense Mechanisms | |
| |
| |
| |
Example | |
| |
| |
| |
Models | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Management Oversight Risk Tree Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Software Safety Assessment | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
History | |
| |
| |
| |
Theory | |
| |
| |
| |
Methodology | |
| |
| |
| |
Worksheet | |
| |
| |
| |
Software Risk Level | |
| |
| |
| |
Example | |
| |
| |
| |
Advantages and Disadvantages | |
| |
| |
| |
Common Mistakes to Avoid | |
| |
| |
| |
Summary | |
| |
| |
| |
Summary | |
| |
| |
| |
Principle 1: Hazards, Mishaps, and Risk are Not Chance Events | |
| |
| |
| |
Principle 2: Hazards are Created During Design | |
| |
| |
| |
Principle 3: Hazards are Comprised of Three Components | |
| |
| |
| |
Principle 4: Hazard and Mishap Risk Management Is the Core Safety Process | |
| |
| |
| |
Principle 5: Hazard Analysis Is a Key Element of Hazard and Mishap Risk Management | |
| |
| |
| |
Principle 6: Hazard Management Involves Seven Key Hazard Analysis Types | |
| |
| |
| |
Principle 7: Hazard Analysis Primarily Encompasses Seven Hazard Analysis Techniques | |
| |
| |
| |
Finis | |
| |
| |
| |
List of Acronyms | |
| |
| |
| |
Glossary | |
| |
| |
| |
Hazard Checklists | |