曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
the MA. The MA resolves conflicts between safety requirements and other design requirements, and
resolves conflicts between associate contractors when applicable. See Chapter 5 for a discussion on
Integrated System Safety Program Plans.
3.2.2 Defining System Safety Requirements
System safety requirements must be consistent with other program requirements. A balanced program
attempts to optimize safety, performance and cost. System safety program balance is the product of the
interplay between system safety and the other three familiar program elements of cost, schedule, and
performance as shown in Figure 3-1. Programs cannot afford accidents that will prevent the achievement
of the primary mission goals. However, neither can we afford systems that cannot perform due to
unreasonable and unnecessary safety requirements. Safety must be placed in its proper perspective. A
correct safety balance cannot be achieved unless acceptable and unacceptable conditions are established
early enough in the program to allow for the selection of the optimum design solution and/or operational
alternatives. Defining acceptable and unacceptable risk is as important for cost-effective accident
prevention as is defining cost and performance parameters.
FAA System Safety Handbook, Chapter 3: Principles of System Safety
December 30, 2000
3- 3
Safety effort
Cost - $
Cost of
Accidents
Cost of
safety
program
Total cost
SEEK
Figure 3-1: Cost vs. Safety Effort (Seeking Balance)
3.3 Hazard Analysis
Both elements of risk (hazard severity and likelihood of occurrence) must be characterized. The inability
to quantify and/or lack of historical data on a particular hazard does not exclude the hazard from this
requirement1. The term "hazard" is used generically in the early chapters of this handbook. Beginning
with Chapter 7, hazards are subdivided into sub-categories related to environment such as system states,
environmental conditions or "initiating" and "contributing" hazards.
Realistically, a certain degree of safety risk must be accepted. Determining the acceptable level of risk is
generally the responsibility of management. Any management decisions, including those related to safety,
must consider other essential program elements. The marginal costs of implementing hazard control
requirements in a system must be weighed against the expected costs of not implementing such controls.
The cost of not implementing hazard controls is often difficult to quantify before the fact. In order to
quantify expected accident costs before the fact, two factors must be considered. These are related to risk
and are the potential consequences of an accident and the probability of its occurrence. The more severe
the consequences of an accident (in terms of dollars, injury, or national prestige, etc.) the lower the
probability of its occurrence must be for the risk to be acceptable. In this case, it will be worthwhile to
spend money to reduce the probability by implementing hazard controls. Conversely, accidents whose
consequences are less severe may be acceptable risks at higher probabilities of occurrence and will
consequently justify a lesser expenditure to further reduce the frequency of occurrence. Using this
concept as a baseline, design limits must be defined.
1 FAA Order 8040.4 Paragraph 5.c.
FAA System Safety Handbook, Chapter 3: Principles of System Safety
December 30, 2000
3- 4
3.3.1 Accident Scenario Relationships
In conducting hazard analysis, an accident scenario as shown in Figure 3-2 is a useful model for analyzing
risk of harm due to hazards. Throughout this System Safety Handbook, the term hazard will be used to
describe scenarios that may cause harm. It is defined in FAA Order 8040.4 as a "Condition, event, or
circumstance that could lead to or contribute to an unplanned or undesired event." Seldom does a single
hazard cause an accident. More often, an accident occurs as the result of a sequence of causes termed
initiating and contributory hazards. As shown in Figure 3-2, contributory hazards involve consideration
of the system state (e.g., operating environment) as well as failures or malfunctions. In chapter 7 there is
an in-depth discussion of this methodology.
Causes
Causes
Causes
Hazard
Causes System State
Contributory Hazards
HARM
Figure 3-2: Hazard Scenario Model
FAA System Safety Handbook, Chapter 3: Principles of System Safety
December 30, 2000
3- 5
3.3.2 Definitions for Use in the FAA Acquisition Process
The FAA System Engineering Council (SEC) has approved specific definitions for Severity and
Likelihood to be used during all phases of the acquisition life cycle. These are shown in Table 3-2 and
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(84)
