曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
· Human error hazards might not be identified.
· System risks will not have been identified.
FAA System Safety Handbook, Chapter 8: Safety Analysis/Hazard Analysis Tasks
December 30, 2000
8- 24
8.5.4 What Data Sources May be Helpful to the Analysis?
The analyst should be required to include the sources of design data used in the analysis. The obvious
sources are system layout and schematics diagrams, and physical inspections. Other sources include
Military Standards (e.g., Mil-STD-454, Requirement 1) and analyses performed for other similar systems
or programs. These generic sources often help the analyst to identify hazards that otherwise would go
uncovered.
8.5.5 What Form Should the Analysis Take?
Formats for hazard analyses are usually found in one of three basic formats:
· The matrix format is the most widely used. This method lists the component parts of a
subsystem on a reprinted form that includes several columns, the number of which can vary
according to the analysis being done. As a minimum, there should be columns for each of the
following:
Name of the item(s)
Function of the item(s)
Type of hazards, and risks
Category (severity) of the risks
Probability of the risks
Recommended corrective action
· Logic diagrams, particularly fault trees, are used to focus on certain risks. These are
deductive analyses that begin with a defined undesired event (usually a accident condition)
then branch out to organize all faults, sub-events, or conditions that can lead to the original
undesired event.
· The narrative format will suffice for a few cases, such as focusing on a few easily identified
risks associated with simple systems. This format is the easiest to apply (for the analyst), but
is the most difficult to evaluate. There is no way to determine if a narrative report covers all
risks so the evaluator is relying totally on the analyst's judgment.
8.5.6 What Methodology Should be Used?
Chapter 9 describes many hazard analysis approaches. The choice for a given program, however, is left
up to individual managers and engineers. Some large-scale programs may require several hazard
analyses, while smaller scale programs may require only one or two analyses. The selection of the types
of hazard analyses to be accomplished is the most important aspect when preparing the SOW (for work to
be performed by a contractor) and negotiating the system safety portion of a contract. If insufficient
hazard analyses are designated, the system will not be analyzed properly and many hazards not identified.
Conversely, if too many or the wrong types of analyses are selected, the system safety effort will be an
overkill and will expend valuable monetary and manpower resources needlessly.
A PHA should always be performed for each separate program or project. The PHA provides an initial
assessment of the overall program risk and it is used as a baseline for follow-on analyses, such as SSHAs,
SHAs, and O&SHAs. It also identifies the need for safety tests and is used to establish safety
requirements for inclusion in the system's specifications.
FAA System Safety Handbook, Chapter 8: Safety Analysis/Hazard Analysis Tasks
December 30, 2000
8- 25
Subsequent decisions relate to the desirability of SSHA, SHA, and/or O&SHA. This decision is based
upon several factors:
· The nature and use of the system being evaluated, especially safety criticality.
· The results of the PHA. If the system being analyzed has no unresolved safety concerns, then
further analyses may not be necessary. If the hazards appear to be based upon training or
procedural problems, then an O&SHA may be the next step. The results of the PHA will
dictate the need.
· The complexity of the system being analyzed. A major system, such as an aircraft or air
traffic control center would need separate analyses for different subsystems, then an overall
system analysis to integrate, or find the hazards resulting from the interfaces between the
different subsystems. On the other hand, an aircraft landing gear system should only need
one single hazard analysis.
· The available funding.
There are a number of considerations as to whether or not to perform an O&SHA. If there is a
man/machine interface (almost always the case), an O&SHA should be performed. The sources of
information for this decision should include the PHA and consultations with human factors personnel
knowledgeable of problems associated with operating the equipment. Note that the addition of test
equipment to a system can greatly change the system, adding severe hazards. Test procedures, especially
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(37)
