Aircraft System Safety
   Search
Aircraft System Safety
You are here: Information » Tools and Techniques Register | Login
 An Introduction to Tools and Techniques Minimize

This table summarises some of the Safety Assessment Tools and Techniques available to the safety assessor. Each of these tools has its own advantages and disadvantages and the extent to which these can be used during various phases of the product lifecycle, and the degree to which they can be applied to safety assessments, vary. For a list of Advantages and Limitations of each, see Appendix A to Aircraft System Safety: Military and Civil Aeronautical Applications.

It is extremely important to note that as the complexity of the tool increases so does the degree of training required for the user and/or the need for an experienced evaluation team to conduct the evaluation. On the plus side, the data derived from the more complex methodologies may be more supportable. Unfortunately, the primary disadvantage of such tools is that "trained subject matter experts" may have limited experience in the actual operational environment and, therefore, their evaluations may not be entirely applicable to the certification process.

To hide this text and give you more room to view the table of tools and techniques, click the "minus" sign symbol at the top right of the container surrounding this introduction.
 Print   
 Tools and Techniques Minimize
 NameSorted By Name In Ascending OrderDescription
Gold Book (The IEEE Gold Book)IEEE STD 493-1997, IEEE Recommended Practice for the Design of Reliable Industrial and Commercial Power Systems, provides data on commercial power distribution systems. Provides data concerning equipment reliability used in industrial and commercial power distribution systems. Reliability data for different types of equipment are provided along with other aspects of reliability analysis for power distribution systems, such as basic concepts of reliability analysis, probability methods, fundamentals of power system reliability evaluation, economic evaluation of reliability, and cost of power outage data. The handbook was updated in 1997; however, the most recent reliability data reflected in the document is only through 1989.

See Quanterion Solutions Inc..
GSN (Goal Structured Notation)GSN is a graphical representation of an argument showing how it is to be accomplished.

A convincing argument Safety Assessment/Safety Case requires three elements:
  • Safety Objective
  • Supporting Evidence
  • A clearly discernable "thread" or argument that flows through the document.
GSN shows show how goals Goals are broken into sub-goals, and eventually supported by evidence (solutions) Solutions whilst making clear the strategies Strategies adopted, the rationale for the approach (assumptions, justifications) Approach and the context Context in which goals are stated.

The Goal Structuring Notation (GSN) - a graphical argumentation notation - explicitly represents the individual elements of any safety argument (requirements, claims, evidence and context) and (perhaps more significantly) the relationships that exist between these elements (i.e. how individual requirements are supported by specific claims, how claims are supported by evidence and the assumed context that is defined for the argument).

When the elements of the GSN are linked together in a network they are described as a 'goal structure'. The principal purpose of any goal structure is to show how goals (claims about the system) are successively broken down into sub-goals until a point is reached where claims can be supported by direct reference to available evidence (solutions). As part of this decomposition, using the GSN it is also possible to make clear the argument strategies adopted (e.g. adopting a quantitative or qualitative approach), the rationale for the approach and the context in which goals are stated (e.g. the system scope or the assumed operational role).

Developed for use in Safety Cases by Tim Kelly, John McDermid (Department of Computer Science, University of York, "A Systematic Approach to Safety Case Maintenance")
Hardware/Software Safety AnalysisThe analysis evaluates the interface between hardware and software to identify hazards within the interface [Tarrents, 1980].
Hazard AnalysisA generic term describing a whole collection of techniques whose combined strengths have a good chance of revealing most of the hazards. Generally, and formal or informal study, evaluation, or analysis to identify hazards. Multi-use technique to identify hazards within any system, subsystem, operation, task or procedure. [Tarrents, 1980] Also referred to as a System Safety Analysis [JAR 25.1309].

Includes both top-down techniques oriented to tracing back from potential real-world hazards to the sources of failures which could lead to accidents; and bottom-up techniques which follow through hypothetical component failures to determine their hazardous consequences. (Strictly these are 'middle-out' because one also looks at how the component could come to fail).
HAZard and OPerability Studies (HAZOPs)A team based structured brainstorming technique for identification of hazards before they arise. HAZOP starts with a deviation from normal system operation and examines how that deviation might occur and the consequences should such a deviation occur.

For each hardware item, system function or operating stage a systematic and structured evaluation of each attribute of the systems takes place based on predetermined "guidewords" in order to suggest possible deviations and Hazards.
  • The attributes are chosen according to the technology of the system. For example:
    • a chemical facility might use attributes such as "Temperature", "Pressure" and "Flow Rate"
    • a communications system might be examined with attributes such as "Bandwidth", "Data Rate" and "Protocol".
    The attribute of "temperature" taken with the guide word "More of" would suggest that the temperature at that point in the system is higher than intended and the team would discuss possible causes and consequences of this deviation.
  • Each guideword is applied to each attribute, so a thorough search for all possible deviations is carried out in a structured manner. An example of a guideword is 'more' (which in some cases may be interpreted as 'greater' or 'higher').
On applying this to the attribute 'data value', the team enquire into whether there is a conceivable cause of the value of the data being higher than the design intent likely causes are then briefly investigated.

A connection between two entities (usually on a graphical representation), denoting the logical or physical interconnection of one component of the system to another, is selected and the flow between the components which the line represents identified.

For example:
  • In a chemical plant, the flow may be of a fluid, with attributes such as pressure, temperature, and rate of flow
  • In software, the flow may be of data, with attributes such as value, sequence, and bit rate.
The purpose is to identify what variations from the intended design values (the 'design intent') could occur in the relevant attributes, and then to determine their possible causes and consequences. From their possible consequences, it is seen whether the deviations could cause hazards.

The technique was developed by ICI in the 1960's and is well established in the petrochemical sector.

HAZOP
HAZOP
Hazard Identification Study (HAZID)A structured brainstorming technique developed for the marine industry. Considers systems or equipments. Used by the International Maritime Organisation [IMO Paper MSC 69/INF 14 dd 98/2/12 ] for its Safety Assessments.
Hazard Log (HL)A management tool used to track the identification, mitigation and acceptance of risk and also the control of residual risks associated with the operation. Note that hazards are properties of an entire system and may be defined at any system level (see Ch 6 para 2). However, it is essential to select the right level soas to ensure consistence in the Hazard Log:
  • A common mistake is to select it too low, which results in too many hazards, no system properties, expensive (impossible) to track and over-engineering.
  • If you select it too high, then it is hard to ensure the identification and management of all hazards.
Hazardous Materials (HAZMAT) ListNot an assessment technique, but a list of hazardous materials contained in a product.
Health Hazard Analysis (HHA)Identifies health hazards and recommend measures (e.g. such as ventilation and barriers) to reduce exposure to health hazards.

See Mil Std 882C Task 207.
Health hazard AssessmentThe method is used to identify health hazards and risks associated within any system, sub-system, operation, task or procedure. The method evaluates routine, planned, or unplanned use and releases of hazardous materials or physical agents. The technique is applicable to all systems which transport, handle, transfer, use, or dispose of hazardous materials of physical agents. [Tarrents, 1980]
Page 8 of 18First   Previous   3  4  5  6  7  [8]  9  10  11  12  Next   Last   
 Print   

Copyright 2007 by Duane Kritzinger   Terms Of Use  Privacy Statement