曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
those concerning safety critical systems can contribute to accident potential.
8.5.7 How Should Multiple Contractors be Handled?
If more than one contractor or organization will be performing analyses, or if one is subcontracted to
another, each contract should be structured to make sure all contractors use the same formats, techniques,
and definitions. Otherwise it will be difficult, if not impossible, to correlate the analyses and build
higher-level analyses (e.g., SHA from SSHA generated from several contractors). In addition, the
analyses should use compatible computer data formats so that interface analyses can be expedited by
direct data transfer.
8.6 Evaluating a Preliminary Hazard Analysis
The first analysis to be evaluated is usually the PHA, which is an initial assessment of the anticipated
safety problems within a system. The PHA is not a detailed analysis. It covers the broad areas of a
system, but leaves the details for future analyses. The results of the PHA provide guidance on which
analyses need to be performed as the system design develops, what safety tests need to be performed, and
helps define safety design requirements for inclusion in the system's specifications and interface control
documents.
The tabular, or matrix, format is the most widely used format for a PHA, primarily because it provides a
convenient assessment of the overall risks to a system. The basic tabular format may have entries for
hazard sources, such as energy sources (i.e., electrical, pneumatic, mechanical). This PHA would list all
known electrical energy sources with their initial hazard assessments, and then recommended corrective
action. Another type of tabular format PHA would list key hazards (such as fire and explosion) and
identify the known potential contributors for these events.
Some PHAs will be in the form of a logic diagram or Fault Tree Analysis (FTA). These are usually done
to identify the major causes of a top undesired event, and are generally not done to a detailed level.
FAA System Safety Handbook, Chapter 8: Safety Analysis/Hazard Analysis Tasks
December 30, 2000
8- 26
Instead, the details are added during subsequent analyses. A few PHAs will be done in a narrative format.
Typically, each paragraph will cover an individual risk, its impact, and proposed resolution. Narrative
analyses are preferred for covering a risk in detail, but have the drawback of not having a good tracking
system unless tracking numbers are assigned. Narrative PHAs can have provisions for tracking risks, by
limiting each single risk and by using the paragraph numbers for tracking.
The are two significant areas of evaluation for PHAs:
· Depth of analysis (i.e., level of detail)
· Proposed resolution of identified risks.
8.6.1 What is an Appropriate Depth of Analysis?
The determination of analysis depth is one of engineering judgment, dependent upon the safety criticality
of the system.
8.6.2 How Are Risks Resolved?
All hazards identified in a program must be appropriately closed. Low risk hazard closure can be
documented in the hazard analysis. Medium and high risk hazard tracking and closure must be
documented in hazard tracking and risk resolution database. All verification and validation activities
should be included in the closure documentation. When an analysis is completed, there will be hazards
that have not yet been resolved. A tracking system is necessary to assure these risks are not dropped until
resolved. The evaluator should ask these questions:
· Does the PHA cover all anticipated hazardous areas?
· Does it establish a baseline for defining future system safety tasks and analyses?
· Does it allow for adequate tracking of risks?
· Are the proposed hazard control actions realistic/implementable?
· Is the analysis limited to evaluation of failures or does it consider faults?
If the answer to any of the questions is "no," then revising or re-performing the PHA may be necessary.
One pitfall may be timing. By the time a PHA is completed and submitted, there may be insufficient time
to do much with it before the program continues on toward future milestones. In order to obtain the most
benefit from the PHA process, the evaluator must work closely with the analyst to ensure the analysis is
proceeding correctly. Periodic submittals of an analysis do not always provide enough time to correct
inappropriate approaches before program milestones push the program beyond the point where the
analysis is beneficial.
8.7 Evaluating a Subsystem Hazard Analysis
The SSHA are the central parts of any system safety program. These are the detailed analyses that
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(38)
