曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
(OSED) and (2) the Operational Hazard Assessment (OHA). The OSA is based on an RTCA/SC-189
framework.
4.1.1 Operational Environment Definition (OED)
The OED is basically a system description that may include all the elements of the 5M model. See
chapter 3 for instructions on developing a system description.
4.1.2 OSA Tasks
The steps within this task are:
· Define the boundaries of the system under consideration. Determine, separate, and document
what elements of the system you will describe/analyze from those that you will not
FAA System Safety Handbook, Chapter 4: Pre-Investment Decision Safety Assessments
December 30, 2000
4 -
4
describe/analyze. The result of this process is a model of the system under analysis that will
be used to analyze hazards.
· Using models such as those described in chapter 3, describe the system physical and
functional characteristics, the environment physical and functional characteristics, air traffic
services, human elements (e.g. pilots and controllers, etc.) and operational procedures.
· From this description, determine and list the system functions. For example, the primary
function of a precision navigation system is to provide CSA and flight crews with vertical and
horizontal guidance to the desired landing area. These functions could be split if desired into
vertical and horizontal guidance. Supporting functions would be those functions that provide
the system the capability to perform the primary function. For instance a supporting function
of the precision navigation system would be transmission of the RF energy for horizontal
guidance. It is up to the system engineering team to determine how to group these functions
and to what level to take the analysis. Detailed analyses would go into the lower level
functions. Typically the OSA functional analysis is limited to the top-level functions. See
FAA System Engineering Manual for more detailed guidance on functional analysis.
4.1.3 Operational Hazard Assessment
The Operational Hazard Assessment (OHA) is the second part of the OSA. The OHA is a qualitative
assessment of the hazards associated with the system described in the OSED.
Determining functions and hazards
Once the system has been bounded, described, and the functions determined in the OSED, the analyst is
ready to determine the hazards associated with the system. For these types of assessments the best method
is to assess scenarios containing a set of hazardous conditions. Therefore, the following definition can be
used to define the hazards in a Preliminary Hazard List (PHL):
Hazard The potential for harm. Unsafe acts or unsafe conditions that could result
in an accident. (A hazard is not an accident).
Hazard or hazardous condition. Anything, real or potential, that could
make possible, or contribute to making possible, an accident.
Hazard. A condition that is prerequisite to an accident
Since the work has already been done in defining the system operational environment, it is often best to
relate the functions of the system to hazards. For example, in analyzing the NAS, one would find the
following functions of the NAS (listed in Table 4.1-1). These functions are then translated into hazards
that would be included in the preliminary hazard list. For many of the listed hazards other conditions must
be present before an accident could occur. These are detailed in the detailed description of the risk
assessment. The purpose here is to develop a concise, clear, and understandable PHL.
FAA System Safety Handbook, Chapter 4: Pre-Investment Decision Safety Assessments
December 30, 2000
4 -
5
Table 4-1: Examples of NAS System Functions and Their Associated Hazards
NAS System function
NAS System hazard
Provide air – ground voice
communications.
Loss of air – ground voice communication.
Provide CSA precision approach
instrument guidance to runways.
Loss of precision instrument guidance to
the runway.
Provide En Route Flight Advisories of
severe weather.
Lack EFAS warning of severe weather in
flight path to CSA flight crew.
In addition to the functional analysis, the following tools can be used to identify the foreseeable hazards
to the system operation. These tools are listed in Table 4-2.
Determining Severity of Consequence
The severity of each hazard is determined by the worst credible outcome, or effect of the hazard on the
CSA or system. This is done in accordance with MIL-STD-882 and FAR/AMJ 25.1309. Both documents
state that the severity should consider all relevant stages of operation/flight and worst case conditions. See
the risk determination Table 3-2 to define the severity levels of a hazard.
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(92)
