曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
· Determining areas that need particular attention due to their higher probabilities of a failure.
Overall risk can be expressed by looking at the combination of severity (i.e., what is the worst that can
happen?) and probability (i.e., how often will it happen?). This is a realistic and widely accepted
approach. A high level hazard can have a low risk of occurrence. For example, an aircraft wing
separation in flight is definitely a catastrophic risk, but under normal flight conditions, it is not likely to
occur, so the risk is relatively low. At the other end of the spectrum, many jet engines spill a small
amount of fuel on the ground during shutdown. This is a relatively low severity with a high probability of
occurrence, so the overall risk is low.
Judgment is needed for preparing an analysis and for evaluating it. An analyst might judge a "wheel
down" light failure as a Severity 2 or 3 risk because its failure still gives the aircraft "get home" capability
with reduced performance. On the other hand, if the wheels fail to lock in a down position and no
warning is given, significant damage and injury may result. This scenario is a Severity of 1. Judgment is
needed for establishing risk probabilities.
An accurate method for determining risk probabilities is to use component failure rates (e.g., valve xxx
will fail to close once in 6 x 105 operations). However, there are some pitfalls that need to be considered
during evaluation:
· Where did the failure rates come from? Industry data sources? Government data sources?
Others? What is their accuracy?
· If the component has a usage history on a prior system, its failure rate on the new system
might be the same. However, the newer system might subject the component to a different
use cycle or environment, and significantly affect the failure rate.
· For newly developed components, how was the failure rate determined?
· Does the failure rate reflect the hazard failure mode or does it represent all failure modes?
For example, if a hazard is caused by capacitor shorting, the failure rate might represent all
capacitor failure modes including open and value drift. The result is exaggeration of the
probability of occurrence.
FAA System Safety Handbook, Chapter 8: Safety Analysis/Hazard Analysis Tasks
December 30, 2000
8- 36
· System users are comprised of many contributors, human errors, software malfunctions, not
just hardware failures.
Any of the above techniques can be used successfully. If more than one contractor or organization will be
performing analyses, or if one is subcontracted to another contractually, all of them must be required to
use the same definitions of probability levels, or some mismatching will result.
FAA System Safety Handbook, Chapter 9: Analysis Techniques
December 30, 2000
Chapter 9:
Analysis Techniques
9.0 ANALYSIS TECHNIQUES.......................................................................................................... 2
9.1 INTRODUCTION ......................................................................................................................... 2
9.2 FAULT HAZARD ANALYSIS ..................................................................................................... 2
9.3 FAULT TREE ANALYSIS ........................................................................................................... 4
9.4 COMMON CAUSE FAILURE ANALYSIS................................................................................. 7
9.5 SNEAK CIRCUIT ANALYSIS..................................................................................................... 8
9.6 ENERGY TRACE ....................................................................................................................... 10
9.7 FAILURE MODES, EFFECTS, AND CRITICALITY ANALYSIS (FMECA) ....................... 13
9.8 OTHER METHODOLOGIES.................................................................................................... 14
FAA System Safety Handbook, Chapter 9: Analysis Techniques
December 30, 2000
9 - 2
9.0 Analysis Techniques
9.1 Introduction
Many analysis tools are available to perform hazard analyses for each program. These range from the
relatively simple to the complex. In general, however, they fall into two categories:
Event, e.g., What would cause an airplane
crash or what will cause air space
encroachment?
Consequence, e.g., What could happen if the
pilot has too many tasks to do during taxi, or
what could happen if a pump motor shaft
bearing froze?
This chapter describes characteristics of many popular analysis approaches and, in some cases, provides
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(44)