STPA: A New Hazard Analysis Technique. Presented by Sanghyun Yoon
|
|
- Elfreda Dickerson
- 6 years ago
- Views:
Transcription
1 STPA: A New Hazard Analysis Technique Presented by Sanghyun Yoon
2 Introduction Hazard analysis can be described as investigating an accident before it occurs. Potential causes of accidents can be eliminated or controlled in design or operations before damage occurs. The most widely used existing hazard analysis techniques were developed fifty years ago and have serious limitations. This chapter describes a new approach to hazard analysis, bases on the STAMP causality model, called STPA (System-Theoretic Process Analysis). 2
3 Goals for a New Hazard Analysis Technique Old hazard analysis techniques Fault Tree Analysis Event Tree Analysis HAZOP FMEA 3
4 Goals for a New Hazard Analysis Technique (cont d) Including the new causal factors identified in STAMP that are not handled by the older techniques. Old techniques did not include design errors, software flaws, component interaction accidents, and so on. The goal is to identify accident scenarios that encompass the entire accident process, not just the electro-mechanical components. Old techniques have different assumptions which are different from new causal factors. To provide guidance to the users in getting good results. Fault and event tree: the tree itself is the result of analysis HAZOP: guidewords more than, less than and opposite It can be used before a design has been created. 4
5 The STPA Process (1) STPA can be used at any stage of the system lifecycle. STPA uses a control diagram, the functional requirements, system hazards, the safety constraints and safety requirements for components as defined in chapter 7. When STPA is applied to an existing design (chapter 8) This Information is available when analysis process begins. When STPA is used for safety-guided design, (chapter 9) Only system the system-level requirements and constraints may be available at the beginning of the process. These requirements and constraints are refined and traced to individual system components as the iterative design and analysis process proceeds. 5
6 The STPA Process (2) Main steps 1. Identify the potential for inadequate control of the system that could lead to a hazardous state. a. A required control action is not provided or not followed; b. An incorrect or unsafe control action is provided; c. A potentially safe control action is provided too early or too late, that is, at the wrong time or in the wrong sequence; d. A correct control action is stopped too soon; 6
7 The STPA Process (3) Main steps 2. Determine how each potentially hazardous control action identified in step 1 could occur. a. Augment the control structure with process models for each control component. b. For each unsafe control action, examine the parts of the control loop to see if they could cause it. Design controls and mitigation measures if they do not already exist or evaluate existing measures if the analysis is being performed on an existing design. For multiple controllers of the same component or safety constraint, identify conflicts and potential coordination problems. c. Consider how the designed controls could degrade over time and build in protection, including 1) Management of change procedures to ensure safety constraints are enforced in planned changes. 2) Performance audits where the assumptions underlying the hazard analysis are the preconditions for the operational audits and controls so that unplanned changes that violated the safety constraints can be detected. 3) Accident and incident analysis to trace anomalies to the system design. 7
8 The STPA Process (4) Control structure example 8
9 Hazard: Inadvertent launch 9
10 Identifying Potentially Hazardous Control Actions (Step 1) Assess the safety controls to determine the potential for leading to a hazard. Control actions can be hazardous in four ways a. A required control action is not provided or not followed. b. An incorrect or unsafe control action is provided that lead to hazard. c. A potentially safe control action is provided too early, too late, or out of sequence. d. A correct control action is stopped too soon (for a continuous or nondiscrete control action). 10
11 Identifying Potentially Hazardous Control Actions (Step 1) - Interlock example Safety constrains The power must always be off when the door is open; A power off command must be provided within x milliseconds after the door is opened A power on command must never be issued when the door is open The power on command must never be given until the door is fully closed 11
12 Identifying Potentially Hazardous Control Actions (Step 1) - FMIS example (1) 12
13 Identifying Potentially Hazardous Control Actions (Step 1) - FMIS example (2) 13
14 STPA: A New Hazard Analysis Technique DETERMINING HOW UNSAFE CONTROL ACTIONS COULD OCCUR (STEP 2) 14
15 Purpose of Step 2 Step 1 provides the component safety requirements(constraints). Step 2 used to identify the ways that the software safety constraint might still not be enforced by the software logic and system design. Step 2 identifies the scenarios or paths to hazard found in a classic analysis. 15
16 Step 2a: Augment the control structure with process models To create causal scenarios, the control structure diagram is first augmented with process models for each component. If the system exists, The content of these models should be easily determined by looking at the system functional design and its documentation. If the system does not yet exist, The analysis can start with a best guess then be refined and changed as the analysis process proceeds. 16
17 17
18 18
19 Step 2b: Determine how hazardous control actions could occur 1. Identify how hazardous control action could happen. 2. For each potential causes Design controls and mitigation measures if do not already exist Evaluate existing measure if the analysis is being performed on an existing design 19
20 Identify how hazardous control action could happen 20
21 Try to eliminate the hazard completely Interlock example Design: add a circuit which is broken as soon as the door opens Feedback: add a light that identifies whether the power supply is on or off Incorrect assumption More about the safety design? Chapters 16 and 17 of Safeware and Chapter 9 of this book Changes must be analyzed for new hazards or causal scenarios. 21
22 Step 2b: FMIS example (1) A missing case in the requirements A common occurrence in accidents where software is involved Described in next slide. 22
23 track Radar detected a missile -> Weapons Free -> Fire Enable 23
24 Step 2b: FMIS example (1) (cont d) When an operator make a track inactive? A given period passes with no radar input The total predicted impact time elapses for the track An intercept is confirmed One case was note considered by the designers If an operator deselects all of the options, no tracks will be marked as inactive -> FIRE ENABLE command would be send to the launch station immediately, even if there were no threats Solution Fix the software requirements and the software design to include the missing case. 24
25 Step 2b: FMIS example (2) confusion between the regular and the test software Launch Station has two operating modes Testing Live fire Causal sequence Small window of time before the launch station notifies the fire control component of the change 25
26 Step 2c: Consider the degradation of controls over time Build in protection against the degradation. Degradations, interlock example: warning light Operator(human who opens the door) might create workarounds to bypass the light They do not understand the purpose The light might be partially blocked from view because of workplace changes -> The assumptions and required audits should be identified during the system design process 26
27 Step 2c: Consider the degradation of controls over time (cont d) Management of change procedures need to be developed and the STPA analysis revisited. (chapter 10) After accidents and incidents, the design and the hazard analysis should be revisited to determine why the controls were not effective. (chapter 12) 27
28 Human controllers (1) Humans in the system can be treated in the same way as automated components in Step 1 of STPA. Difference: Humans need an additional process model All controllers need a model of the process they are controlling directly Human controllers also need a model of any process 28
29 29
30 Human controllers (2) Difference: algorithm Automated system: basically static control algorithms Humans: dynamic control algorithms that they change as a result of feedback and changes in goals Human error is best modeled and understood using feedback loops Example: Driving a car Driving algorithm is changed by car s performance, in goals and motivation, or driving experience. 30
31 Human controllers (3) Hazard analysis must identify the specific human behaviors that can lead to the hazard. We are not able to redesign humans. Training can be helpful, but not nearly enough Take the information obtained in the hazard analysis about worst case human behavior, Use it in the design of the other system components 31
32 STPA: A New Hazard Analysis Technique USING STPA ON ORGANIZATIONAL COMPONENTS OF THE SAFETY CONTROL STRUCTURE 32
33 Programmatic and organizational risk analysis NASA Independent Technical Authority (ITA) function risk analysis. 33
34 34
35 Gap Analysis Mapping the identified safety requirements and constraints to the assigned responsibilities in the safety control structure and identify any gaps. The responsibility for the system-level safety requirement: 1a. Sate-of-the art safety standards and requirements for NASA missions must be established, implemented, enforced, and maintained that protect the astronauts, the workforce, and the public 35
36 36
37 Gap Analysis (cont d) finding holes Omission: technical conscience No defined way to express concerns about the warrant holders. Omission: person(s) who see that engineers and managers are trained to use the results of hazard analyses in their decision-making. 37
38 Hazard analysis to identify organizational and programmatic risks Risks in STAMP terms can be divided into two types Basic inadequacies in the way individual components in the control structure fulfill their responsibilities Risks involved in the coordination of activities and decision-making that can lead to unintended interactions and consequences 38
39 Hazard analysis to identify organizational and programmatic risks basic risks (1) General types of risks: Unsafe decisions are made or approved by the Chief Engineer or warrant holders. Safe decisions are disallowed (e.g., overly conservative decision-making that undermines the goals of NASA and long-term support for ITA) Decision-making takes too long, minimizing impact and also reducing support for the ITA. Good decisions are made by the ITA, but do not have adequate impact on system design, construction, and operation. General responsibilities must be refined into more specific control actions to omit the control actions. 39
40 Hazard analysis to identify organizational and programmatic risks basic risks (2) The control actions the Chief Engineer has available to implement this responsibility are: To develop, monitor, and maintain technical standards and policy In coordination with programs and projects, to establish or approve the technical requirements and ensure they are enforced and implemented in the programs and projects (ensure the design is compliant with the requirements) To approve all changes to the initial technical requirements To approve all variance (waivers, deviations, exceptions to the requirements) Etc. 40
41 Hazard analysis to identify organizational and programmatic risks basic risks (3) To develop, monitor, and maintain technical standards and policy is identified using STPA Step 1 include: General technical and safety standards are not created. Inadequate standards and requirements are created. Standards degrade over time due to external pressure to weaken them. The process for approving changes is flawed. Standards are not changed over time as the environment changes. 41
42 Hazard analysis to identify organizational and programmatic risks coordination risks Coordination risks arise when multiple people or groups control the same process. The types of unsafe interactions that may result include Both controllers assume the other is performing the control responsibilities and as a result nobody does Controllers provide conflicting control actions that have unintended side effects. When similar responsibilities related to the same system requirement are identified, the potential for new coordination risks needs to be considered. 42
43 Use of the analysis and potential extensions The application of Step 2 of STPA to identify causes of the risks will help to provide better control measures. Used Fig
44 44
45 Use of the analysis and potential extensions The application of Step 2 of STPA to identify causes of the risks will help to provide better control measures. Used Fig. 8.6 The risks are categorized. Categories for ITA: Immediate concern: An immediate and substantial concern that should be part of a near term-assessment. Longer-term concern: A substantial longer-term concern that should potentially be part of future assessments, as the risk will increase over time or cannot be evaluated without future knowledge of the system or environment behavior. Standard Process: An important concern that should be addressed through standard processes, such as inspections, rather than an extensive special assessment procedure. 45
46 STPA: A New Hazard Analysis Technique RE-ENGINEERING A SOCIO-TECHNICAL SYSTEM: PHARMACEUTICAL SAFETY AND THE VIOXX TRAGEDY 46
47 This section provides an example using pharmaceutical safety. Couturier has performed a STAMP-based causal analysis of the incidents associated with the introduction and withdrawal of Vioxx. Vioxx events 47
48 48
49 49
50 50
51 51
52 52
A Systems Approach to Risk Management Through Leading Indicators
A Systems Approach to Risk Management Through Leading Indicators Nancy Leveson MIT Goal To identify potential for an accident before it occurs Underlying assumption: Major accidents not due to a unique
More informationAssuring Safety of NextGen Procedures
Assuring Safety of NextGen Procedures Prof. Nancy Leveson Cody H. Fleming M. Seth Placke 1 Outline Motivation Propose Accident Model Hazard Analysis Technique Current and Future Work 2 Motivation Air Traffic
More informationSoftware Safety Testing Based on STPA
Available online at www.sciencedirect.com ScienceDirect Procedia Engineering 80 (2014 ) 399 406 3 rd International Symposium on Aircraft Airworthiness, ISAA 2013 Software Safety Testing Based on STPA Changyong
More informationBoeing Engineering. Overview of
Boeing Engineering Overview of Systems Theoretical Analysis, Modeling and Processes (STAMP) and Systems Theoretical Process Analysis (STPA) for Product and Production Systems Engineering Marc Nance Director,
More informationA System s Approach to Safety. Prof. Nancy Leveson Aeronautics and Astronautics MIT
A System s Approach to Safety Prof. Nancy Leveson Aeronautics and Astronautics MIT The Problem Why do we need a new approach? New causes of accidents in complex, softwareintensive systems Software does
More informationSTAMP Applied to Workplace Safety
STAMP Applied to Workplace Safety Emily Howard, Ph.D., Senior Technical Fellow Lori Smith, EHS Deputy Chief Engineer March 21, 2016 The Team Dr. Emily Howard, Human Factors Engineering, Boeing Senior Technical
More informationDelivering Safety Through Design Using Early Analysis Methods. Mark A. Vernacchia, MSES, PE General Motors Company; Milford, Michigan, USA
Delivering Safety Through Design Using Early Analysis Methods Mark A. Vernacchia, MSES, PE General Motors Company; Milford, Michigan, USA Keywords: systems engineering, SEFA, STPA, interactions, safety,
More informationA Human Factors Approach to Root Cause Analysis:
A Human Factors Approach to Root Cause Analysis: The Human Factors Analysis and Classification System (HFACS) Douglas A. Wiegmann, PhD University of Wisconsin-Madison Human Error and Adverse Events Medical
More informationLecture 7. Safety Analysis: Failure Modes and Effect Analysis (FMEA) Functional Hazard Assessment (FHA)
Lecture 7 Safety Analysis: Failure Modes and Effect Analysis (FMEA) Functional Hazard Assessment (FHA) Failure Modes and Effect Analysis FMEA is a well-known inductive safety analysis technique For each
More informationIterative Application of STPA for an Automotive System
Iterative Application of STPA for an Automotive System GM Team Joe D Ambrosio Rami Debouk Dave Hartfelder Padma Sundaram Mark Vernacchia Sigrid Wagner MIT Team John Thomas Table of Contents Introduction/Background
More informationRequirement Error Taxonomy
Requirement Error Taxonomy Loan arranger system (LA): The LA application supports the business of a loan consolidation organization. This type of organization makes money by purchasing loans from banks
More informationSTAMP Experienced Users Tutorial. John Thomas Blandine Antoine Cody Fleming Melissa Spencer Qi Hommes Tak Ishimatsu John Helferich
STAMP Experienced Users Tutorial John Thomas Blandine Antoine Cody Fleming Melissa Spencer Qi Hommes Tak Ishimatsu John Helferich Systems approach to safety engineering (STAMP) STAMP Model (Leveson, 2003);
More informationEngineering a Safer and More Secure World
Seminar Series Engineering a Safer and More Secure World Nancy Leveson MIT You ve carefully thought out all the angles You ve done it a thousand times It comes naturally to you You know what you re doing,
More informationINTEGRATED modular avionics, or IMA, is a shared set of flexible, reusable, and interoperable hardware and software resources that, when
JOURNAL OF AEROSPACE INFORMATION SYSTEMS Vol. 11, No. 6, June 2014 Improving Hazard Analysis and Certification of Integrated Modular Avionics Cody Harrison Fleming and Nancy G. Leveson Massachusetts Institute
More informationSystems Theoretic Process Analysis Applied to Air Force Acquisition Technical Requirements Development
Systems Theoretic Process Analysis Applied to Air Force Acquisition Technical Requirements Development by Sarah E. Summers Major, United States Air Force B.S. Aerospace Engineering, Oklahoma State University,
More informationApplication of STPA to ESF-CCS. Dong-Ah Lee, Jang-Soo Lee, Se-Woo Cheon, and Junbeom Yoo
Application of STPA to ESF-CCS Dong-Ah Lee, Jang-Soo Lee, Se-Woo Cheon, and Junbeom Yoo Contents Background: KNICS experiences Introduction: New HA approach Application: Case study of STPA Conclusion Discussion
More informationIntelligent-Controller Extensions to STPA. Dan Mirf Montes
Intelligent-Controller Extensions to STPA Dan Mirf Montes Disclaimer The views expressed in this document are those of the author and do not reflect the official position or policies of the United States
More informationUsing STPA in Compliance with ISO26262 for developing a Safe Architecture for Fully Automated Vehicles
Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Using STPA in Compliance with ISO26262 for developing a Safe Architecture for Fully
More informationThe Path to More Cost-Effective System Safety
The Path to More Cost-Effective System Safety Nancy Leveson Aeronautics and Astronautics Dept. MIT Changes in the Last 50 Years New causes of accidents created by use of software Role of humans in systems
More informationCORE TOPICS Core topic 3: Identifying human failures. Introduction
CORE TOPICS Core topic 3: Identifying human failures Introduction Human failures are often recognised as being a contributor to incidents and accidents, and therefore this section has strong links to the
More informationCOAL - HAZOP SYSTEMS ANALYSIS GRINDING AND FIRING
COAL GRINDING AND FIRING SYSTEMS - HAZOP ANALYSIS JAGRUT UPADHYAY, PEC CONSULTING GROUP LLC, US, OUTLINES AND EXPLAINS THE USE OF THE HAZOP STUDY WITHIN COAL GRINDING AND FIRING SYSTEMS. A Process Hazard
More informationHazard Analysis Technique Selection
Hazard Analysis Technique Selection Kelsey L. F. Curran, CIH, CHMM Principal Hazard Analyst and ES&H Specialist Clover Leaf Solutions Alliance of Hazard Materials Professionals 2016 National Conference
More informationUsing System Theoretic Process Analysis (STPA) for a Safety Trade Study
Using System Theoretic Process Analysis (STPA) for a Safety Trade Study David Horney MIT/U.S. Air Force Distribution Statement A: Approved for public release; distribution unlimited Safety-Guided Design
More informationIncident Management Process
Incident Management Process TABLE OF CONTENTS Incident Management Process... 1 Chapter 1. Incident Process... 1 1.1. Primary goal... 1 1.2. Process Definition:... 1 1.3. Objectives - Provide a consistent
More informationIncident [Accident] Investigations
Incident [Accident] Investigations 1. Preserve/ Document Scene 2. Collect Information 3. Determine Root Causes 4. Implement Corrective Actions Objectives for Today Discuss the importance of why all incidents,
More informationProcess Safety Management (PSM)
Process Safety Management (PSM) General Awareness Training By Gary Whitmore 1 This book is intended to provide the reader with a basic general awareness of the Occupational Safety and Health Administration
More informationCOMPARISON OF PROCESS HAZARD ANALYSIS (PHA) METHODS
COMPARISON OF PROCESS HAZARD ANALYSIS (PHA) METHODS by Primatech Inc. The hazard and operability (HAZOP) study is the most commonly used process hazard analysis (PHA) method. However, there are many other
More informationIncident Management Process
OSF Service Support Incident Management Process [Version 1.1] [From https://www.ok.gov/cio/documents/incidentmanagementprocess.doc] Incident Management Process Table of Contents About this document...
More informationSix Keys to Managing Workplace Electrical Safety
Six Keys to Managing Workplace Electrical Safety WHITE PAPER Any facility can make its workplace safer by establishing a safety program, but it takes an astute safety manager and dedicated employees working
More informationAutomated System Validation By: Daniel P. Olivier & Curtis M. Egan
Automated System Validation By: Daniel P. Olivier & Curtis M. Egan In today s technical environment validation practices are both a requirement and an important tool in the medical and pharmaceutical industry.
More informationApplication of STAMP to Improve the Evaluation of Safety Management Systems
Application of STAMP to Improve the Evaluation of Safety Management Systems Robert J. de Boer, Raymon van der Maarel Aviation Academy Amsterdam University of Applied Science Weesperzijde 190, 1097DZ, Amsterdam
More informationResilience Engineering and FRAM Today. (June 7, 2012)
Resilience Engineering and FRAM Today (June 7, 2012) The FRAM book (finally) published. www.functionalresonance.com has been established (and partly populated) Resilience Engineering basics: Safety-I and
More informationTechniques and benefits of incorporating Safety and Security analysis into a Model Based System Engineering Environment
Techniques and benefits of incorporating Safety and Security analysis into a Model Based System Engineering Environment Gavin Arthurs P.E Solution Architect Systems Engineering IBM Software, Rational Common
More informationEnabling Improvement through the Product Lifecycle: Change Management within a PQS
Enabling Improvement through the Product Lifecycle: Change Management within a PQS Denise DiGiulio, Senior Advisor OPQ Office of Process and Facilities PDA Chapter Meeting Melbourne, Australia April 3,
More informationUSING STPA FOR EVALUATING AVIATION SAFETY MANAGEMENT SYSTEMS (SMS)
USING STPA FOR EVALUATING AVIATION SAFETY MANAGEMENT SYSTEMS (SMS) Dr. Nektarios Karanikas Mohamed Abrini Aviation Academy MIT STAMP Workshop, 21-24 March 2016, Cambridge, MA 1 BACKGROUND THE SMS ELEMENTS
More informationSTAMP A SIMPLE GUIDE TO HAZARD ANALYSIS. Michael Killaars Ruby Weener Thom van den Engel Oktober 2016
STAMP A SIMPLE GUIDE TO HAZARD ANALYSIS Michael Killaars Ruby Weener Thom van den Engel Oktober 2016 Introduction Systems-Theoretic Accident Model and Processes (STAMP) is an accident analysis model based
More informationCIS 890: High-Assurance Systems
CIS 890: High-Assurance Systems Introduction to Safety Concepts Lecture: Differences in Conventional Development and Safety-Critical Development Copyright 2013, John Hatcliff, Kim Fowler. The syllabus
More informationHuman Failure. Overview. People are never 100% reliable. Andy Brazier. Types of human failure Slips Mistakes Violations
Human Failure Andy Brazier Tel: (+44) 01492 879813 Mob: (+44) 07984 284642 andy@abrisk.co.uk www.abrisk.co.uk 1 Overview Types of human failure Slips Mistakes Violations Causes of human failure Things
More informationElements of an Effective Safety and Health Program
Elements of an Effective Safety and Health Program Voluntary Safety and Health Program Management Guidelines 10/11 1 Effective Safety and Health Programs It has been found that effective management of
More informationHuman Factor in Functional Safety
1. Introduction Human Factor in Functional Safety Pasquale Fanelli Invensys Systems Italia S.p.A. v. Carducci, 125 20099 Sesto S.G. (MI) pasquale. fanelli @invensys.com The European Norm EN 61508 "Functional
More informationRegulatory Compliance Inspections at MAH Offices: Implications for Manufacturers
Regulatory Compliance Inspections at MAH Offices: Implications for Manufacturers Kevin O Donnell, Ph.D. Market Compliance Manager GMP & Market Compliance Info Day September 2012 Slide 1 What are Regulatory
More informationBrief Summary of Last Lecture. Model checking of timed automata: general approach
Brief Summary of Last Lecture Formal verification Types: deductive (theorem proving) and algorithmic (model checking) ields proof that a (formal) specification is fulfilled Formalization of specs e.g.
More informationApplying System Engineering to Pharmaceutical Safety
Applying System Engineering to Pharmaceutical Safety The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher
More informationREGULATION REGARDING EQUIPMENT PROCUREMENT PROCESS AND APPROVAL OF MANUFACTURERS FOR NUCLEAR FACILITIES
REGULATION REGARDING EQUIPMENT PROCUREMENT PROCESS AND APPROVAL OF MANUFACTURERS FOR NUCLEAR FACILITIES SECTION ONE Purpose, Scope, Basis, Definitions and General Considerations Purpose and scope ARTICLE
More informationBuilding Behavioral Competency into STPA Process Models for Automated Driving Systems
Building Behavioral Competency into STPA Process Models for Automated Driving Systems Shawn A. Cook, Hsing-Hua Fan, Krzysztof Pennar, Padma Sundaram General Motors Introduction Behavioral Competency is
More informationGuideline content. Page 1
Guideline content Introduction Scope and objective 1. Incident investigation 2. The incident investigation process 3. The root cause analysis method for logistics operations 4. Corrective Actions 5. Examples
More informationUsing STPA in Compliance with ISO26262 for developing a Safe Architecture for Fully Automated Vehicles
Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Using STPA in Compliance with ISO26262 for developing a Safe Architecture for Fully
More informationTowards a STAMP-Based Safety Plans Approach for Construction Projects
Towards a STAMP-Based Safety Plans Approach for Construction Projects Ioannis M. Dokas Assistant Professor Democritus University of Thrace, Greece Email: idokas@civil.duth.gr Motivation Accidents in Construction
More informationStrategy Analysis. Chapter Study Group Learning Materials
Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this content to support chapter activities. All
More informationApplying STAMP/STPA to Analyze the Causes of the Unexpected Fire Happening at the Heat Treatment Process
Applying STAMP/STPA to Analyze the Causes of the Unexpected Fire Happening at the Heat Treatment Process UNIVANCE CORPORATION Product Engineering Dept. Purchase Dept. Product Development Dept. Program
More informationFRAM First Steps How to Use FRAM and the FMV
FRAM First Steps How to Use FRAM and the FMV Erik Hollnagel Professor, University of Southern Denmark Chief Consultant Center for Quality, RSD (DK) hollnagel.erik@gmail.com FRAM analysis steps 0 Describe
More informationCause and Effect Relationship with Trending
Cause and Effect Relationship with Trending Alex Torres Contractor Assurance Washington River Protection LLC. Contractor to the U.S. Department of Energy 1 Purpose Provide an overview of the relationship
More informationChapter 6. Software Quality Management & Estimation
Chapter 6 Software Quality Management & Estimation What is Quality Management Also called software quality assurance (SQA) s/w quality:- It is defined as the degree to which a system, components, or process
More informationProject vs Operation. Project Constraints. Pankaj Sharma, Pankaj Sharma,
Project vs Operation PROJECTS OPERATIONS Temporary Ongoing Unique Repetitive Closes after attaining the objectives Objective is to sustain business Prototyping the new car model Assembly line production
More informationWhat Extent is Risk Reduction Required?
Global Journal of Management and Business Studies. ISSN 2248-9878 Volume 3, Number 2 (2013), pp. 171-184 Research India Publications http://www.ripublication.com/gjmbs.htm What Extent is Risk Reduction
More informationImplementing Hazard & Operability (HAZOP) Studies Throughout the Project Life Cycle
Implementing Hazard & Operability (HAZOP) Studies Throughout the Project Life Cycle Vivian Papen Sound Transit Seattle, WA Ronald Harvey Sound Transit Seattle, WA Hamid Qaasim Sound Transit Seattle, WA
More informationSelf-Inspection and its potential benefits via ICH Q9 & Q10
Self-Inspection and its potential benefits via ICH Q9 & Q10 Kevin O Donnell, Ph.D. Senior Inspector & Market Compliance Manager Irish Medicines Board IMB Information Day October 23 rd, 2008 Slide 1 Topics
More informationProcess Hazard Analysis Fundamentals. Walt Frank, P.E. Frank Risk Solutions F R A N K R I S K S O L U T I O N S
Process Hazard Analysis Fundamentals Walt Frank, P.E. Frank Risk Solutions F R A N K R I S K S O L U T I O N S Walt Frank, PE B.S. CheE, Rose-Hulman Institute of Technology 24 years with DuPont 10+ years
More informationSystemic Accident Analysis Methods What are they? How feasible in healthcare?
Systemic Accident Analysis Methods What are they? How feasible in healthcare? Gyuchan Thomas Jun and Patrick Waterson email: g.jun@lboro.ac.uk Human Factors and Complex Systems Research Group Loughborough
More informationA systems-theoretic approach
A systems-theoretic approach to analyze humanautomation interactions Dr. John Thomas MIT Human Factors in Control April 2018 Halden, Norway Outline Safety Engineering Modern engineering challenges Modern
More informationContents of the Failure Mode Effects Analysis the Plant Wellness Way Distance Education Course FMEA Training Online
Contents of the Failure Mode Effects Analysis the Plant Wellness Way Distance Education Course FMEA Training Online Use the FMEA process in your plant and equipment design, and for root cause analysis
More informationITIL Intermediate Capability Stream:
ITIL Intermediate Capability Stream: OPERATIONAL SUPPORT AND ANALYSIS (OSA) CERTIFICATE Sample Paper 2, version 6.1 Gradient Style, Complex Multiple Choice QUESTION BOOKLET Gradient Style Multiple Choice
More informationNBAA SAFETY CULTURE SURVEY
DEDICATED TO HELPING BUSINESS ACHIEVE ITS HIGHEST GOALS. NBAA SAFETY CULTURE SURVEY For effective safety leadership in a business aviation environment, the entire organization must work together to fully
More informationRisk analysis of serious air traffic incident based on STAMP HFACS and fuzzy sets
Risk analysis of serious air traffic incident based on STAMP HFACS and fuzzy sets Michał LOWER, Jan MAGOTT Wroclaw University of Technology Jacek SKORUPSKI Warsaw University of Technology Plan 1. The goal
More informationEngineering systems to avoid disasters
Critical Systems Engineering Engineering systems to avoid disasters Adapted from Ian Sommerville CSE 466-1 Objectives To introduce the notion of critical systems To describe critical system attributes
More information9. Verification, Validation, Testing
9. Verification, Validation, Testing (a) Basic Notions (b) Dynamic testing. (c) Static analysis. (d) Modelling. (e) Environmental Simulation. (f) Test Strategies. (g) Tool support. (h) Independent Verification
More informationGetting Started with Risk in ISO 9001:2015
Getting Started with Risk in ISO 9001:2015 Executive Summary The ISO 9001:2015 standard places a great deal of emphasis on using risk to drive processes and make decisions. The old mindset of using corrective
More informationFMEA Failure Mode Effects Analysis. ASQ/APICS Joint Meeting May 10, 2017
FMEA Failure Mode Effects Analysis ASQ/APICS Joint Meeting May 10, 2017 FMEA (Failure Mode and Effects Analysis) Failure Mode and Effects Analysis Agenda What is it? Motivation FMEA Methods Examples What
More informationSOFTWARE FAILURE MODES EFFECTS ANALYSIS OVERVIEW
SOFTWARE FAILURE MODES EFFECTS ANALYSIS OVERVIEW Copyright, Ann Marie Neufelder, SoftRel, LLC, 2010 amneufelder@softrel.com www.softrel.com This presentation may not be copied in part or whole without
More informationUsing STAMP to investigate decisionmaking. a DSB Case Study Proposal
Using STAMP to investigate decisionmaking a DSB Case Study Proposal Introducing the Dutch Safety Board Investigation of (near-) incidents Blame-free, focus on learning Government-funded, independent All
More informationSTATE NUCLEAR POWER SAFETY INSPECTORATE Of THE REPUBLIC OF LITHUANIA (VATESI) REGULATIONS
1 Translation from Russian STATE NUCLEAR POWER SAFETY INSPECTORATE Of THE REPUBLIC OF LITHUANIA (VATESI) REGULATIONS GENERAL REQUIREMENTS FOR THE EVENT REPORTING SYSTEM AT A NUCLEAR POWER PLANT VD-E-04-98
More informationV1.2 A LEADER S GUIDE TO DR. MARK FLEMING CN PROFESSOR OF SAFETY CULTURE SAINT MARY S UNIVERSITY
A LEADER S GUIDE TO SAFETY CULTURE DR. MARK FLEMING CN PROFESSOR OF SAFETY CULTURE SAINT MARY S UNIVERSITY MARK.FLEMING@SMU.CA Outline Background Safety culture overview Analysis of major incidents Safety
More informationRisk Module: Risk Management, Fault Trees and Failure Mode Effects Analysis Exploration Systems Engineering, version 1.0
Risk Module: Risk Management, Fault Trees and Failure Mode Effects Analysis Exploration Systems Engineering, version 1.0 Exploration Systems Engineering: Risk Module Module Purpose: Risk To understand
More informationEngineering for Humans: A New Extension to STPA
Engineering for Humans: A New Extension to STPA by MEGAN ELIZABETH FRANCE B.S. Human Factors Engineering, Tufts University, 2015 Submitted to the Department of Aeronautics and Astronautics in partial fulfillment
More informationAccident. and Incident Investigations. Investigation Procedures. Self-study Review and Answer Sheet
Accident and Incident Investigations Investigation Procedures Self-study Review and Answer Sheet Accident On-Line Module (Paper Report for Guidance) Purpose Investigations are important tools for identifying
More informationCHAPTER 1. Business Process Management & Information Technology
CHAPTER 1 Business Process Management & Information Technology Q. Process From System Engineering Perspective From Business Perspective In system Engineering Arena Process is defined as - a sequence of
More informationChallenge H: For an even safer and more secure railway
The application of risk based safety analysis has been introduced to the Railway system with the publication of the dedicated standard EN 50 126 in 1999. In the railway sector the application of these
More informationBusiness Focused Maintenance
Business Focused Maintenance Business-focused maintenance - a framework for betterment E nterprises with vision know that asset care and maintenance is a complex, enormously valuable activity that assuredly
More informationChapter 3 Structuring Decisions
Making Hard Decisions Chapter 3 Structuring Decisions Slide 1 of 49 Introduction Suppose elements of Decision Problem (DP) are available, i.e.: Objectives that apply to the decision context Immediate decision
More informationSafety Committee Training December 6, 2017
Star Buick GMC, Inc. Safety Committee Training December 6, 2017 Agenda Safety Committee Operations Hazard Identification and Inspection Accident Investigation Activities Drugs/Alcohol and the Workplace
More informationRisk Management Using Spiral Model for Information Technology
Risk Management Using Spiral Model for Information Technology Rajendra Ganpatrao Sabale, Dr. A.R Dani Student of Ph.D., Singhania University, Pacheri Bari, Dist. Jhunjhunu( Rajasthan), India International
More informationA New Approach to Hazard Analysis for Rotorcraft
A New Approach to Hazard Analysis for Rotorcraft Blake Abrecht Massachusetts Institute of Technology Engineering Systems Division Master s Student 2 nd Lieutenant, United States Air Force Cambridge, MA,
More informationManaging Safely Online Course User Guide
Managing Safely Online Course User Guide 3.0 Contents Introduction 3 Module 1: Introducing Managing Safely 4 Module 2: Risk Assessment 5 Module Objectives 5 Module 3: Risk Control 6 Module Objectives 6
More informationFunctional Analysis Module
CC532 Collaborate System Design Fundamentals of Systems Engineering W6, Spring, 2012 KAIST Functional Analysis Module Space Systems Engineering, version 1.0 Space Systems Engineering: Functional Analysis
More informationAPM Reliability Classic from GE Digital Part of our On-Premise Asset Performance Management Classic Solution Suite
Provides operational visibility and analysis to help reduce asset failure, control costs and increase availability With escalating pressure on businesses to improve the bottom-line while being faced with
More informationIdentify Risks. 3. Emergent Identification: There should be provision to identify risks at any time during the project.
Purpose and Objectives of the Identify Risks Process The purpose of the Identify Risks process is to identify all the knowable risks to project objectives to the maximum extent possible. This is an iterative
More informationFRAM: Setting the scene. Erik Hollnagel
FRAM: Setting the scene Erik Hollnagel hollnagel.erik@gmail.com www.safetysynthesis.com Understanding simple systems We can explain how things work in terms of cause-effect relations Antikythera mechanism,
More informationCOMPARISON - SMS AND QMS
COMPARISON - SMS AND QMS SMS is not an island! It was originally designed to work in harmony with other programmes and systems such as a Quality Management System (QMS). Therefore, many of the required
More informationThe investigation of safety management systems, and safety culture
The investigation of safety management systems, and safety culture Simon French, Chief Inspector of Rail Accidents Tabitha Steel, Human Factors Specialist 1 Why investigate safety management systems? Research
More informationHAZOPS AND HUMAN FACTORS
HAZOPS AND HUMAN FACTORS P. Aspinall Vectera Group Ltd, UK. philaspinall@vectragroup.co.uk INTRODUCTION In this paper, I propose to consider the need for a focus on Human Factors in Hazard and Operability
More informationImplement Effective Computer System Validation. Noelia Ortiz, MME, CSSGB, CQA
Implement Effective Computer System Validation Noelia Ortiz, MME, CSSGB, CQA Session Outline 1 2 3 4 5 Understanding Regulations and Guidelines Pertaining to Computer Systems Integrate SDLC and GAMP 5
More informationResilience engineering Building a Culture of Resilience
Resilience engineering Building a Culture of Resilience Erik Hollnagel Professor, University of Southern Denmark Chief Consultant Center for Quality, RSD (DK) hollnagel.erik@gmail.com An insatiable need
More informationLesson 31- Non-Execution Based Testing. October 24, Software Engineering CSCI 4490
Lesson 31- Non-Execution Based Testing October 24, 2014 1 Software Engineering CSCI 4490 Non-Execution Based Testing (Schach Chap6) Goals of Testing: Does Program Conform to Specification? Does It Meet
More informationRisk Assessment: Chapter 12
Risk Assessment: Chapter 12 Barriers and barrier management Status and challenges in the Norwegian offshore industry Inger Lise Johansen inger.l.johansen@ntnu.no RAMS Group Department of Production and
More informationData Collection Systems
Data Collection Systems David Embrey PhD Managing Director Human Reliability Associates Ltd 1. An Overview of Data Collection Systems The function of this document is to provide an overall framework within
More informationHUMAN ERROR ANALYSIS AT A REFINERY
HUMAN ERROR ANALYSIS AT A REFINERY John Gould 1 and Sandra Lovell 2 1 Environmental Resources Management (ERM) 5 Exchange Quay, Manchester, M5 3EF, UK 2 ERM Llandarcy House 11A, The Courtyard, Swansea
More informationA New Approach to System Safety Engineering
A New Approach to System Safety Engineering Nancy G. Leveson, MIT System Safety Engineering: Back to the Future http://sunnyday.mit.edu/book2.html Outline of Day 1 Why a new approach is needed STAMP A
More informationNANCY G. LEVESON JOHN P. THOMAS
NANCY G. LEVESON JOHN P. THOMAS MARCH 2018 This handbook is intended for those interested in using STPA on real systems. It is not meant to introduce the theoretical foundation, which is described elsewhere.
More informationelectrical engineering division Arc Flash Study Planning Kit Everything You Need To Ensure The Success of Your Arc Flash Project
Arc Flash Study Planning Kit Everything You Need To Ensure The Success of Your Arc Flash Project training institute WHAT IS AN ARC FLASH? An arc flash occurs when electric current passes through the air
More informationPractical Strategies for Improving Quality Risk Management activities in GMP environments
Practical Strategies for Improving Quality Risk Management activities in GMP environments Kevin O Donnell, Ph.D. Market Compliance Manager & Senior GMP Inspector, Irish Medicines Board, Ireland CMC Strategy
More information