曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
number of operational cycles. There are situations where reliability and system safety risks are in concert
and in some other cases tradeoffs must be made.
FAA System Safety Handbook, Chapter 7: Integrated System Hazard Analysis
December 30, 2000
7 - 9
A common consideration between reliability and system safety equates to the potential unreliability of the
system and associated adverse events. Adverse events can be analogous to potential system accidents.
Reliability is the probability that a system will perform its intended function satisfactorily for a prescribed
time under stipulated environmental conditions. The system safety objective equates to “the optimum
degree of safety…” and since nothing is perfectly safe the objective is to eliminate or control known system
risk to an acceptable level.
When evaluating risk, contributory hazards are important. Contributory hazards are unsafe acts and
unsafe conditions with the potential for harm. Unsafe acts are human errors that can occur at any time
throughout the system life cycle. Human reliability addresses human error or human failure. Unsafe
conditions can be failures, malfunctions, faults, and anomalies that are contributory hazards. An unreliable
system is not automatically hazardous; systems can be designed to fail-safe. Procedures and administrative
controls can be developed to accommodate human error or unreliable humans, to assure that harm will not
result.
The model below (Figure 7-5) shows the relationship between contributory hazards and adverse events,
which are potential accidents under study.
• Risk is associated with the adverse event, the potential accident.
• RISK = (worst case severity of the even. t )(likelihood of the event)
• Accidents are the result of multi-contributors, unsafe acts and/or conditions;
failures, errors, malfunctions, inappropriate functions, normal
functions that are out of sequence, faults, anomalies.
Initiators can occur at any time
TOP
EVENT
Contributory Hazards
Unsafe Acts
and/or
Unsafe Conditions
Less than Adequate (LTA) Controls
LTA Verification of Controls
Worst Case Harm
• Catastrophic event
• Fatality
• Loss of system
• Major environmental impact
ADVERSE EVENTS
Contributory Hazards
• Human Errors and/or
• Human acts and/or
• Conditions -
failures, faults, anomalies,
malfunctions
LTA Controls
• Inappropriate control
• Missing control
• Control malfunction
LTA Verification
• Verification error
• Loss of verification
• Inadequate verification
Figure 7-5: Relationship Between Contributory Hazards & Adverse Events
FAA System Safety Handbook, Chapter 7: Integrated System Hazard Analysis
December 30, 2000
7 - 10
7.1.4 System Risks
Consider a system as a composite, at any level of complexity. The elements of this composite entity are
used together in an intended environment to perform a specific objective. There can be risks associated
with any system and complex technical systems are everywhere within today’s modern industrial society.
They are part of every day life, in transportation, medical science, utilities, general industry, military, and
aerospace. These systems may have extensive human interaction, complicated machines, and
environmental exposures. Humans have to monitor systems, pilot aircraft, operate complex devices, and
conduct design, maintenance, assembly and installation efforts. The automation can be comprised of
extensive hardware, software and firmware. There are monitors, instruments, and controls. Environmental
considerations can be extreme, from harsh climates, outer space, and ambient radiation. If automation is
not appropriately designed considering potential risks, system accidents can result.
7.1.5 System Accidentsi
System accidents may not be the result of a simple single failure, or a deviation, or a single error. Although
simple adverse events still do occur, system accidents are usually the result of many contributors,
combinations of errors, failures, and malfunctions. It is not easy to see the system picture or to “connect the
dots” while evaluating multi-contributors within adverse events, identifying initial events, and subsequent
events to the final outcome. System risks can be unique, undetectable, not perceived, not apparent, and
very unusual.
Determining potential event propagation through a complex system can involve extensive analysis.
Specific reliability and system safety methods such as software hazard analysis, failure modes and effects
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(16)
