Hazard analysis affects, and in turn, is affected by all aspects of
the development process.
Hazard analysis is the heart of any system safety program. It is used
and serves as:
|A framework for ensuing steps
|A checklist to ensure management and technical responsibilities
for safety are accomplished.|
The following terminology is used in discussing hazard analyses.
- An undesired and unplanned (but not necessarily unexpected) event
that results in (at least) a specified level of loss.
- An event that involves no loss (or only minor loss) but with the
potential for loss under different circumstances.
A state or set of conditions that,
together with other conditions in the environment, will lead to an
accident (loss event).
Note that a hazard is not equal to a failure. A
hazard is a system state that, combined with certain environmental
conditions, will result in an accident. A failure is the
nonperformance of function by a component.
"Distinguishing hazards from failures is implicit in
understanding the difference between safety and reliability
C. O Miller
- Hazard Level:
- A combination of severity (worst potential damage in case of an
accident) and likelihood of occurrence of the hazard.
The hazard level combined with the
likelihood of the hazard leading to an accident plus exposure (or
duration) of the hazard.
- Freedom from accidents or losses. In this sense, safety is
somewhat like security. It is not practical to achieve a goal of
complete and total security, nor is it necessarily possible to
achieve complete and total safety. We try to come as close to the
ideal as possible.
Hazard analysis begins with Preliminary Hazard Analysis (PHA). PHA
identifies, assesses, and prioritizes hazards. Using this hazard list,
high-level safety design constraints can be identified. With these
constraints in mind, System Hazard Analysis (SHA) is carried out. SHA
examines subsystem interfaces to evaluate the safety of the system
working as a whole. The design constraints generated following PHA are
refined and trained to individual components (including the operator of
Subsystem hazard analysis (SSHA) determines how subsystem design and
behavior can contribute to system hazards. SSHA also provides an
opportunity to evaluate the design for compliance with safety
constraints introduced earlier in the process.
Change and Operational analysis evaluates all changes to the system
for their contribution to potential hazards and analyzes operational
experience with the system.
Copyright © 2003 Safeware Engineering
Corporation. All rights reserved