Improving risk governance through independent safety assessment

Size: px

Start display at page:

Download "Improving risk governance through independent safety assessment"

Dorothy Thornton
5 years ago
Views:

1 Improving risk governance through independent safety assessment Håkon Dahl-Olsen Principal Consultant Reliability Engineering Working together for a safer world

2 Tracks for this talk RAMS process The ISA role in RAMS Risk governance improvements from ISA activities Freight to take home

3 What we need to be afraid of

4 Reliability Availability Maintenance Safety (RAMS) RAMS is a process and framework for managing reliability, availability, maintenance and safety of an asset throughout its lifecycle Objectives may be conflicting the RAMS process allows such conflicts to be managed proactively thereby securing better trade-offs RAMS process: a systematic approach to setting requirements, controlling implementation and demonstrating compliance Safety integrity levels (SIL) are an important part of this

5 The generic standard IEC IEC NOROG GL. 070 IEC IEC Funtional safety of electrical / electronic / programmable electronic safetyrelated systems EN EN EN 50129

Risk based methodology Initial Risk Unwanted incident Residual risk Acceptable risk Required risk reduction Actual risk reduction Risk reduction from Safety

6 Risk based methodology Initial Risk Unwanted incident Residual risk Acceptable risk Required risk reduction Actual risk reduction Risk reduction from Safety Instrumented Systems Risk reduction from external risk reduction facilities Risk reduction from other technology safety related systems Total risk reduction

7 Safety Integrity Level Probability of failure on demand SIL 4 1 out of times SIL 3 1 out of 1000 times SIL 2 1 out of 100 times SIL 1 1 out of 10 times

8 Safety Instrumented System, SIS Input Input Logic unit Action Protecting unit SIL 2

9 Requirements to SIL Probability of Failure on Demand (PFD) Architectural Constraints Safe Failure Fraction (SFF) Hardware Fault Tolerance (HWFT) Software Safety Functions V-model Certified SW blocks Avoidance and Control of Systematic failures Design & integration process Plans & procedures Competency & traning QA, follow-up, change control etc. Quantitative Requirement Semi-Quantitativ Requirements Software Requirements Qualitative Requirements Safety Integrity Level

10 RAMS and EN50126 (Quoted from the standard) This European Standard: does not define RAMS targets, quantities, requirements or solutions for specific railway applications; does not specify requirements for ensuring system security; does not define rules or processes pertaining to the certification of railway products against the requirements of this standard; does not define an approval process by the safety regulatory authority.

11 RAMS is not a success by itself, but...a guide to organize and use knowledge, experience, understanding, common interest, effort by everyone to achieve the business objectives. Meaning - to find best practice and to be the best in business.

12 Simplified RAMS phase picture Concept phase Design phase Operational phase 1. Concept 2. System definition and application conditions 3. Risk analysis 4. System requirements 5. Apportionment of system requirements 6. Design and implementation 7. Manufacturing 8. Installation 9. System validation 10. System acceptance 11. Operation and maintenance 12. Performance monitoring 13. Modification and retrofit 14. Decommissioning and disposal

13 The Independent Safety Assessor s Role Shall be independent of all stakeholders Required by RAMS standards (EN 50128/9) Purpose: to determine if product is fit for purpose based on insight into design, mangement and manufacturing of safety critical products used in railway systems

14 What is the assessor supposed to do? From EN 50129: From EN 50128:

15 What is the assessor supposed to do? Answer: review the work processes, the documentation and obtain all information necessary to judge whether a product is fit for purpose or not.

16 Development projects and the ISA Independent safety assessment should be on board early Expect a lot of gaps in early assessment report however, assessor cannot give direct advice on closing these gaps! Version control of documentation is imperative

17 Independence a backbone in our business in LR Assessor s do s and don t s Do maintain independence Do keep communicating Don t be a consultant Don t lose track of the bird s eye view Consulting and ISA activities must be separate! We Care We do the right thing We share our knowledge

Challenges along the way Development practice and requirements in standards Different people have different opinions Maturity of developer s

18 Challenges along the way Development practice and requirements in standards Different people have different opinions Maturity of developer s organization Trust in the entire supply chain Organization size separation of roles Man muß das Unmögliche versuchen, um das Mögliche zu erreichen. - Herrmann Hess

19 Risk is the combination of severity and probability of a harmful event. Risk governance is management of compliance to requirements, processes and devices put in place to reach acceptable safety of operation.

This you get for free Quality Management (ISO 9001) Assessment report RAMS Lifecycle Phases This you have paid for 1. Concept 2. System definition and application conditions 3. Risk analysis 4.

20 This you get for free Quality Management (ISO 9001) Assessment report RAMS Lifecycle Phases This you have paid for 1. Concept 2. System definition and application conditions 3. Risk analysis 4. System requirements 5. Apportionment of system requirements 6. Design and implementation 7. Manufacturing 8. Installation 9. System validation 10. System acceptance 11. Operation and maintenance 12. Performance monitoring 13. Modification and retrofit 14. Decommissioning and disposal

21 What does a non-conformance GAP mean? Why is that RAMS requirement there in the first place? Is the GAP an isolated issue with my product? Is the requirement relevant to my quality management and strategy? Should I implement measures on the product level or the management system level? By asking questions like these you may discover efficiency or risk reduction opportunities within your organzation Directly from your RAMS process By considering company wide practice changes you contribute to your companies safety culture, and lay the foundation for leaner development of later products that need to conform to the railway RAMS process

22 Freight to take home 1. Ensure the Independent Safety Assessor is involved from the start 2. Ensure the organization has a unified and correct picture of what SIL is and what it applies to as well as what it does not apply to 3. Ensure your project organization fits the requirements for your SIL 4. Ensure you have the right competence within your team 5. Allow the Independent Safety Assessor to maintain his/her independence 6. Consider all identified GAPs against RAMS and if company level improvements can be made

Håkon Dahl-Olsen Principal Consultant II Trondheim, Norway T +47 942 79 049 E hakon.dahl-olsen@lr.

org/consulting Working together for a safer world Lloyd s Register and variants of it are trading

23 Håkon Dahl-Olsen Principal Consultant II Trondheim, Norway T E hakon.dahl-olsen@lr.org Lloyd s Register Consulting Working together for a safer world Lloyd s Register and variants of it are trading names of Lloyd s Register Group Limited, its subsidiaries and affiliates. Copyright Lloyd s Register Consulting A member of the Lloyd s Register group.