曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
performance or cost.
· Maintain a reasonable balance between the analyses and deliverables specified. When the
program manager determines that limiting the deliverables is economically necessary, the
contractor must maintain a detailed controlled and legible project log that is available for MA
review and audit. A compromise approach would be to permit deliverables in contractor
format eliminating formatting costs. Requiring FAA approval of alternating deliverables may
also be considered. In this situation, program control is maintained at the program major
milestones. The MA has the option of reviewing the status of all safety tasks and analyses at
these points in the program. The MA has approval authority at each formal design review.
This control is more significant than that of a single deliverable.
5.7.1 Small Programs
Tailoring of safety program requirements is important for small programs, because the cost of an SSP can
easily match or exceed the cost of the program itself. The program manager must carefully consider both
the cost of an item and its criticality in establishing the SSP requirements for such items. The actual
benefit may not justify the actual cost of safety. However, sometimes the perceived risk is so high that
increased cost is justified. In most situations, such as for the development of a router bridge, a modem, or
a fiber optic communications local area network (LAN), SSP costs can be limited without measurably
increasing the risk of accident.
The tasks below are recommended as a minimum effort for a small SSP.
· Prepare a preliminary hazards list (PHL)
· Conduct a preliminary hazard analysis (PHA)
· Assign a Risk Assessment code (see Chapter 3 ).
· Assign a priority for taking the recommended action to eliminate or control the hazard,
according to the risk assessment codes.
· Evaluate the possibility of negative effects from the interfaces between the recommended
actions and other portions of the system.
· Take the recommended actions to modify the system.
· Prepare a SER or Design Analysis Report (DAR) 8as completion to the SSP.
8 FAA System Engineering Manual
FAA System Safety Handbook, Chapter 5: Post-Investment Decision Safety Activities
December 30, 2000
5 - 29
There are hazard review checklists available for hazard risk identification. These checklists can be found
in System Safety literature and within safety standards and requirements. (See bibliography)
The PHA is developed as an output of the preliminary hazard list. It is the expansion of this list to
include risks, hazards, along with potential effects and controls.
An in-depth hazard analysis generally follows the PHA with a subsystem hazard analysis (SSHA), a
system hazard analysis (SHA), and an operating and support hazard analysis (O&SHA) as appropriate.
For most small programs, a PHA will suffice when appropriate. The PHA then should include all
identified risks, hazards, and controls that are associated with the lifecycle of the system.
A comprehensive evaluation is needed of the risks being assumed prior to test or evaluation of the system
or at contract completion. The evaluation identifies the following:
· All safety features of the hardware, software, human and system design
· Procedural risks that may be present
· Specific procedural controls and precautions that should be followed
The risks encountered in a small program can be as severe and likely to occur as those in a major
program. Caution needs to be exerted to ensure that in tailoring the system safety effort to fit a small
program, one does not over-reduce the scope, but instead uses the tailoring process to optimize the SSP
for the specific system being acquired, or evaluated.
5.7.2 Government-Furnished Equipment
As part of a system acquisition effort, the FAA may provide equipment necessary for the system
development. The interface between the GFE and the new system must be examined if not previously
examined. This type of analysis, once considered a separate MIL-STD-882 task, is now considered as
part of the overall system analyses. The contractor is responsible for the overall system's safety but not
for the inherent risk of the GFE itself. For such situations, the following contractual requirements are
suggested:
· If hazard data are available, identify the system safety analyses needed and date they are
required.
· Identify and perform any additional system safety analyses needed for interfaces between
GFE and the other systems.
· Ideally, the GFE has sufficient history available to the FAA that unsatisfactory operating
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(112)
