曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
Table 4-2: Safety Analysis Tools
OPERATIONS
ANALYSIS
Purpose: To understand the flow of events.
Method: List events in sequence. May use time checks.
PRELIMINARY
HAZARD ANALYSIS
(PHA)
Purpose: To get a quick hazard survey of all phases of an operation. In
low hazard situations the PHA may be the final Hazard ID tool.
Method: Tie it to the operations analysis. Quickly assess hazards using
scenario thinking, brainstorming, experts, accident data, and regulations.
Considers all phases of operations and provides early identification of
highest risk areas. Helps prioritize area for further analysis.
“WHAT IF” TOOL
Purpose: To capture the input of operational personnel in a
brainstorming-like environment.
Method: Choose an area (not the entire operation), get a group and
generate as many “what ifs” as possible.
SCENARIO PROCESS
TOOL
Purpose: To use imagination and visualizations to capture unusual
hazards.
Method: Using the operations analysis as a guide, visualize the flow of
events.
LOGIC DIAGRAM Purpose: To add detail and rigor to the process through the use of graphic
trees.
Method: Three types of diagrams- positive, negative, and risk event.
FAA System Safety Handbook, Chapter 4: Pre-Investment Decision Safety Assessments
December 30, 2000
4 -
6
CHANGE ANALYSIS Purpose: To detect the hazard implications of both planned and
unplanned change.
Method: Compare the current situation to a previous situation.
CAUSE & EFFECT
TOOL -- CHANGE
ANALYSIS
Purpose: To add depth and increased structure to the Hazard ID process
through the use of graphic trees.
Method: Draw the basic cause and effect diagram on a worksheet. Use a
team knowledgeable of the operation to develop causal factors for each
branch. Can be used as a positive or negative diagram.
Purpose: To detect the hazard implications of both planned and
unplanned change.
Method: Compare the current situation to a previous situation.
CAUSE & EFFECT
TOOL
Purpose: To add depth and increased structure to the Hazard ID process
through the use of graphic trees.
Method: Draw the basic cause and effect diagram on a worksheet. Use a
team knowledgeable of the operation to develop causal factors for each
branch. Can be used as a positive or negative diagram.
OHA Tasks
The tasks to be accomplished in this phase are:
· From the function list (or tools listed in Table 4-2) develop the list of hazards potentially existing
in the system under study
· Determine the potential severity of each hazard in the hazard list by referring to the risk
determination section of Chapter 3.
4.1.4 Allocation of Safety Objectives and Requirements (ASOR)
The Allocation of Safety Objectives and Requirements (ASOR) is the process of using hazard severity to
determine the objectives and requirements of the system. There are two levels of requirements in this
process: (1) objectives (or goals) and (2) requirements (or minimum levels of acceptable performance).
The purpose of the ASOR is to establish requirements that ensure that the probability of a hazard leading
to an accident has an inverse relationship to the severity of occurrence. This inverse relationship is called
the Target Level of Safety (TLS). For example, a “hazardous” or severity 2 hazard would have a
requirement (shown by arrows in Figure 4-1) to show by analysis or test to have a probability of
occurrence of Extremely Remote or less than one in one-million operating hours for the fleet or system.
The objective or (desired probability) in this case would be Extremely Improbable or one occurrence in
one billion per operating hour for the fleet or system. See Figure 4-2 for the steps in this process.
Once the TLS is determined for each hazard, requirements can be written to ensure that the appropriate
hazard controls are established as system requirements.
FAA System Safety Handbook, Chapter 4: Pre-Investment Decision Safety Assessments
December 30, 2000
4 -
7
Figure 4-2: Target Level of Safety Determination
4.1.5 Identification of High Level Hazard controls
The next step is to determine the hazard controls. Controls are measures, design features, warnings, and
procedures that mitigate or eliminate risk. They either reduce the severity or probability of a risk.
System Safety uses an order of precedence when selecting controls to reduce risk (MIL-STD-882,
1984). This order of precedence as discussed in Section 3.6, and Table 3.6-1
Clearly risk reduction by design is the preferred method of mitigation. But even if the risk is reduced, the
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(93)
