曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
accomplished in a manner that maintains an acceptable level of mishap risk. Changes to the
environment in which the system operates are analyzed to identify and mitigate any resulting
hazards or changes in mishap risks.
MIL-STD-882D
APPENDIX A
14
A.4.3.3.1 Some program managers include the following conditions in their solicitation,
system specification, or contract as requirements for the system design. These condition
statements are used optionally as supplemental requirements based on specific program needs.
A.4.3.3.1.1 Unacceptable conditions. The following safety critical conditions are
considered unacceptable for development efforts. Positive action and verified implementation is
required to reduce the mishap risk associated with these situations to a level acceptable to the
program manager.
a. Single component failure, common mode failure, human error, or a design feature that
could cause a mishap of Catastrophic or Critical mishap severity catagories.
b. Dual independent component failures, dual independent human errors, or a
combination of a component failure and a human error involving safety critical command and
control functions, which could cause a mishap of Catastrophic or Critical mishap severity
catagories.
c. Generation of hazardous radiation or energy, when no provisions have been made to
protect personnel or sensitive subsystems from damage or adverse effects.
d. Packaging or handling procedures and characteristics that could cause a mishap for
which no controls have been provided to protect personnel or sensitive equipment.
e. Hazard categories that are specified as unacceptable in the development agreement.
A.4.3.3.1.2 Acceptable conditions. The following approaches are considered acceptable
for correcting unacceptable conditions and will require no further analysis once mitigating
actions are implemented and verified.
a. For non-safety critical command and control functions: a system design that requires
two or more independent human errors, or that requires two or more independent failures, or a
combination of independent failure and human error.
b. For safety critical command and control functions: a system design that requires at
least three independent failures, or three independent human errors, or a combination of three
independent failures and human errors.
c. System designs that positively prevent errors in assembly, installation, or connections
that could result in a mishap.
d. System designs that positively prevent damage propagation from one component to
another or prevent sufficient energy propagation to cause a mishap.
e. System design limitations on operation, interaction, or sequencing that preclude
occurrence of a mishap.
MIL-STD-882D
APPENDIX A
15
f. System designs that provide an approved safety factor, or a fixed design allowance that
limits, to an acceptable level, possibilities of structural failure or release of energy sufficient to
cause a mishap.
g. System designs that control energy build-up that could potentially cause a mishap
(e.g., fuses, relief valves, or electrical explosion proofing).
h. System designs where component failure can be temporarily tolerated because of
residual strength or alternate operating paths, so that operations can continue with a reduced but
acceptable safety margin.
i. System designs that positively alert the controlling personnel to a hazardous situation
where the capability for operator reaction has been provided.
j. System designs that limit or control the use of hazardous materials.
A.4.3.4 Elements of an effective system safety effort. Elements of an effective system
safety effort include:
a. Management is always aware of the mishap risks associated with the system, and
formally documents this awareness. Hazards associated with the system are identified, assessed,
tracked, monitored, and the associated risks are either eliminated or controlled to an acceptable
level throughout the life cycle. Identify and archive those actions taken to eliminate or reduce
mishap risk for tracking and lessons learned purposes.
b. Historical hazard and mishap data, including lessons learned from other systems, are
considered and used.
c. Environmental protection, safety, and occupational health, consistent with mission
requirements, are designed into the system in a timely, cost-effective manner. Inclusion of the
appropriate safety features is accomplished during the applicable phases of the system life cycle.
d. Mishap risk resulting from harmful environmental conditions (e.g., temperature,
pressure, noise, toxicity, acceleration, and vibration) and human error in system operation and
support is minimized.
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(119)
