Environment, Safety, and Occupational Health (ESOH), and Exercise

Similar documents
16987 Software Safety Analysis A New Requirement?

DEPARTMENT OF DEFENSE STANDARD PRACTICE SYSTEM SAFETY

Acquisition Systems Engineering (SE) Environmental Risk Management Approach

ISO 14001, OHSAS 18001, and MIL-STD-882D and SE

Headquarters U.S. Air Force

Fluency in Risk Management: DoD Acquisition Risk Management, MIL-STD-882D, ANSI-GEIA-STD-0010, and ISO All the Same, Only Different?

OSD Expectations For Implementing DoDI

New Acquisition Policy and Its Impact on Systems Engineering

Acquisition Environment, Safety, and Occupational Health (ESOH) ODUSD(I&E) Role and Activities

Mathematical Techniques to Improve the Utility of a Hazard Risk Matrix

12467 Environmental Hazard Analysis Task 210 Part of Upcoming Change to MIL-STD-882D

International System Safety Training Symposium

Acquisition ESOH Risk Management - How to Make It Work

System Safety in Systems Engineering V-Charts

Software System Safety

Requirements Are Evolving In The Elevator Industry. November 28, 2012

Combining Risk Analysis and Slicing for Test Reduction in Open Architecture. Valdis Berzins Naval Postgraduate School

Engineering and Manufacturing Development YOU ARE HERE. As homework, you read the SPAW MS B TEMP and wrote down any mistakes you noticed.

Arafura Resouces Ltd. Nolans Environmental Impact Statement. volume one. Risk assessment. Chapter 5

TOPIC DESCRIPTION SUPPLEMENT for the SYSTEMS ENGINEERING SURVEY DESCRIPTION

Enabling System Safety Through Technical Excellence

Work Plan and IV&V Methodology

Using Proposed MIL-STD-882 Change 1 For Hazardous Materials Management

Combining Risk Analysis and Slicing for Test Reduction in Open Architecture

DoD Template for Application of TLCSM and PBL In the Weapon System Life Cycle

Software System Safety

Developing Requirements for Secure System Function

Systems Engineering Processes Applied To Ground Vehicle Integration at US Army Tank Automotive Research, Development, and Engineering Center (TARDEC)

HSI PRIORITIES AND PROCESSES FOR AGILE DEVELOPMENT

8209 Acquisition ESOH Risk Management and HAZMAT Management

Operational Requirements Document (ORD)

HAZARD IDENTIFICATION AND RISK ASSESSMENT Revision Date: 04/2017

DO-178B 김영승 이선아

Acquisition Environment, Safety, and Occupational Health Lessons Learned From DoD Acquisition Systems Engineering Program Support Reviews

Fatality Prevention/Risk Management

Integrated Systems Engineering and Test & Evaluation. Paul Waters AIR FORCE FLIGHT TEST CENTER EDWARDS AFB, CA. 16 August 2011

Laser Ablation. Susan L. Sprentall, President & CEO SurClean, Inc x100

LIFE CYCLE FACILITY ASSET MANAGEMENT. Presented by Pedro Dominguez Managing Principal, The Invenio Group

Unmanned System Safety Precepts

POSITION DESCRIPTION

RISK MANAGEMENT GUIDE FOR DOD ACQUISITION

Headquarters U.S. Air Force

Comparison of Hazard Analysis Requirements for Instrumentation and Control System of Nuclear Power Plants

Civil Aviation Directive

DRAFT Risk Management Process Plan Command Media

Methodology for Modeling, Simulation, and Analysis Support of DoD Space Acquisitions

711th Human Performance Wing

Demilitarization as a Systems Engineering Requirement

Sample Reliability Language for DoD Acquisition Contracts

20028 Joint Software Systems Safety Engineering Handbook Implementation Guide

Advisory Circular. Date: DRAFT Initiated by: AIR-110

Safety cannot rely on testing

SOP 01 EHSS Risk Management

OPTIMIZING THE SELECTION OF VV&A ACTIVITIES A RISK / BENEFIT APPROACH

Lockheed Martin Aeronautics Company. Approach to Solving Development Program Issues

ENVIRONMENT, HEALTH & SAFETY MANAGEMENT SYSTEM MANUAL

QUALITY ASSURANCE PLAN OKLAHOMA DEPARTMENT OF HUMAN SERVICES ENTERPRISE SYSTEM (MOSAIC PROJECT)

Department of Defense Independent Technical Risk Assessment Framework for Risk Categorization

System Reliability Theory: Models and Statistical Method> Marvin Rausand,Arnljot Hoylanc Cowriaht bv John Wilev & Sons. Inc.

QUALITY CLASSIFICATION

Job Hazard Analysis (JHA)

The Challenge Tom Williams

Software Safety Program at NREL (It is Not Just for Nuclear Sites)

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Risk & Opportunities

RISK MANAGEMENT STRATEGY

18887 Environment, Safety, and Occupational Health (ESOH) A Design Consideration with Benefits

Number: DI-HFAC-81743A Approval Date: Office of Primary Responsibility: AS/AIR 4.6 Applicable Forms: N/A

ISO 9001: 2000 (December 13, 2000) QUALITY MANAGEMENT SYSTEM DOCUMENTATION OVERVIEW MATRIX

Integrated Product Support Procedures

INTRODUCTION TO PARTS MANAGEMENT

ESCENARIO: Low to medium traffic, most flights are IFRs, mountainous topography, vvv ATS routes are very frequently used,

Report of the Reliability Improvement Working Group (RIWG) Volume II - Appendices

Effective Implementation of Systems Engineering at the Aeronautical Systems Center: A Systems Engineering Tool Set

Enhanced Systems Engineering - Starting Programs Right

Aeronautical Systems Center

Acquisition/Environmental Management Case Study for an Army Weapon System

5. ENVIRONMENTAL IMPACT ASSESSMENT

LIFE CYCLE ASSET MANAGEMENT. Project Reviews. Good Practice Guide GPG-FM-015. March 1996

Increasing the Likelihood of Success of a Software Assurance Program

Configuration Management

ISO : Rustam Rakhimov (DMS Lab)

Centerwide System Level Procedure

Distinguishing Medical Device Recalls from Product Enhancements and Associated Reporting Requirements

Space product assurance

Validation, Verification and MER Case Study

Functional Safety Machinery

NEW DESIGN SAFETY REQUIREMENTS OF MIL-STD-1316F

RISK MANAGEMENT AND DESIGN CONTROL. PRACTICAL SOLUTION F. Akelewicz 03/06

Safety Management Introduction

IVDR Breakout. Copyright 2017 BSI. All rights reserved.

Configuration Management

SMS Introduction. Industry View Josef Stoll, VP Business Improvement & Support Services EMEA & Asia

19702 MIL-STD-882E Software System Safety Tutorial An Approach for Focused and Effective Level of Rigor (LoR)

OPTUS SUPPLIER WORK HEALTH & SAFETY POLICY

DoD DMSMS Strategic Objectives Update. April 26, DoD DMSMS Lead

Table of contents 1. INTRODUCTION REQUIREMENTS DEFINITIONS ATTACHMENTS REVISIONS REFERENCES...

Response to Mr. Grimm (DUSA-TE) Tasker on Reliability Initiatives

STATEMENT OF WORK SMALL SPACECRAFT PROTOTYPING ENGINEERING DEVELOPMENT & INTEGRATION (SSPEDI) Space Solutions (SpS)

Prof. Rob Leachman IEOR 130 Fall, /13/16 FMEA Rob Leachman 1

Transcription:

Environment, Safety, and Occupational Health (ESOH), and Exercise The following continuous learning modules are relevant to this lesson: - CLE039 Environmental Issues in T&E - CLE009 ESOH in Systems Engineering - CLR030 ESOH in JCIDS ESOH Community of Practice: https://acc.dau.mil/esoh

ESOH Implications for T&E Planning ESOH risk mgmt. is part of the risk mgmt. process Potential risks include: Impacts & adverse effects from routine testing, test failures, and mishaps Scope of risks includes: HAZMAT use & hazardous waste generation Safety (including explosives safety, ionizing & nonionizing radiation) Human health (chemical, physical, biological, ergonomic, etc.) Environmental & occupational noise Impacts to the environment (air, water, soil, flora, fauna) The T&E community must comply with all ESOH statutory & regulatory requirements

ESOH Risk Management For Environmental, Safety, and Occupational Health (ESOH) risks, the PM shall: Integrate ESOH risk management into the Systems Engineering process Eliminate ESOH hazards where possible (manage risks that can t be eliminated) Use MIL-STD 882 methodology Must accept residual risk, prior to exposing people, equipment, or the environment Residual risk acceptance authorities: High risks CAE Serious risks PEO Medium and low risks PM DoDI 5000.02, Encl 3

ESOH System Safety Process Element 1: Document the System Safety Approach Element 5: Reduce Risk Element 2: Identity and Document Hazards Element 6: Verify, Validate, & Document Risk Reduction Element 3: Assess and Document Risk Element 4: Identity and Document Risk Mitigation Measures Element 7: Accept Risk and Document Element 8: Manage Life-Cycle Risk 4

Document the System Safety Approach The PM shall document the system safety approach for managing hazards as an integral part of the SE process. Minimum requirements for the approach include Describing the risk management effort ID & document the prescribed & derived requirements applicable to the system Define how hazards & associated risks are formally accepted by the appropriate risk acceptance authority Document hazards with a closed-loop Hazard Tracking System (HTS) Source: MIL-STD 882E, page 10. 5

Identify and Document Hazards Hazards are identified through a systematic analysis process that includes system hardware & software, system interfaces & the intended use/environment Consider Mishap data Relevant environmental & occupational health data User physical characteristics, knowledge skills & abilities Lessons learned from legacy/similar systems 6

Assess & Document Risk (Severity/Consequences) SEVERITY CATEGORIES MIL-STD-882E Description Severity Category Catastrophic 1 Critical 2 Marginal 3 Negligible 4 Mishap Result Criteria Could result in one or more of the following: Death, permanent total disability, irreversible significant environment impact, or monetary loss equal to or exceeding $10M. Could result in one or more of the following: permanent partial disability, injuries or occupational illness that may result in hospitalization of the at least three personnel, reversible significant environmental impact, or monetary loss equal to or exceeding $1m but less than $10M Could result in one or more of the following: injury or occupational illness resulting in one or more lost work day(s), reversible moderate environmental impact, or monetary loss equal to or exceeding $100K but less than $1M Could result in one or more of the following: Injury or occupational illness not resulting in a lost work day, minimal environmental impact, or monetary loss less than $100K.

Assess & Document Risk (Probability) PROBABILITY LEVELS Description Level Individual Item Fleet/Inventory* Frequent Probate Occasional Remote Improbable Eliminated A B C D E F Likely to occur often in the life of an item. Will occur several times in the life of an item. Likely to occur sometime in the life of an item. Unlikely, but possible to occur in the life of an item. So unlikely, it can be assumed occurrence may not be experienced in the life of an item. Continuously experienced. Will occur frequently. Will occur several times. Unlikely, but can reasonably be expected to occur Unlikely to occur, but possible. Incapable of occurrence. This level is used when the potential hazards are identified and later eliminated.

Table A-II Example of Probability Levels PROBABILITY LEVELS Description Level Individual Item Fleet/Inventory* Quantitative Frequent A Likely to occur often in the life of an item. Continuously experienced. Probate B Will occur several times in the life of an item. Will occur frequently. Occasional C Likely to occur sometime in the life of an item. Will occur several times. Remote Improbable Eliminated D E F Unlikely, but possible to occur in the life of an item. So unlikely, it can be assumed occurrence may not be experienced in the life of an item. Unlikely, but can reasonably be expected to occur Unlikely to occur, but possible. Incapable of occurrence. This level is used when the potential hazards are identified and later eliminated.

Assess & Document Risk (Risk Matrix) Probability Severity Catastrophic (1) RISK ASSESSMENT MATRIX Critical (2) Marginal (3) Negligible (4) Frequent (A) High High Serious Medium Probable (B) High High Serious Medium Occasional (C) High Serious Medium Low Remote (D) Serious Medium Medium Low Improbable (E) Medium Medium Medium Low Eliminated (F) Eliminated MIL-STD-882E

Identify & Document Risk Mitigation Measures The goal should always be to eliminate the hazard if possible. When the hazard cannot be eliminated Reduce the risk to the lowest acceptable level Within cost, schedule & performance constraints Applying system safety design order of precedence: Eliminate hazards Design changes Incorporate engineered features or devices Provide warning devices Signs, procedures, training, PPE 11

Reduce Risk Mitigation measures are selected and implemented to achieve an acceptable risk level Present the current hazards, their associated severity & probability assessments & status of risk reduction efforts at technical reviews and test readiness reviews. 12

Verify, Validate & Document Risk Reduction Verify the implementation & validate the effectiveness of all selected risk mitigation measures through Appropriate analysis Testing Demonstration Inspection Document the verification & validation in the Hazard Tracking System 13

Accept Residual Risk, and Document Before exposing people, equipment, or the environment to known system related hazards, the risks shall be accepted by the appropriate authority as defined in DoDI 5000.02, Encl. 12. The user representative shall be part of this process throughout the life-cycle of the system; and shall provide formal concurrence before all Serious & High risk acceptance decisions. Each risk acceptance decision shall be documented in the Hazard Tracking System (HTS) 14

Manage Lifecycle Risk After the system is fielded, the program office uses the system safety process to identify hazards & maintain the HTS throughout the system s lifecycle. Test related risks (such as those in the upcoming exercise) need to be managed throughout the T&E process. In addition, DoD requires program offices to support system-related Class A and B mishap investigations. 15

Software Contribution to System Risk The assessment of risk for software, and consequently software-controlled or software-intensive systems, cannot rely on the risk severity & probability. Another approach shall be used for the assessment of software s contributions to system risk that considers the potential risk severity & the degree of control that software exercises over the system. 16

Software Control Categories MIL-STD-882E, Table IV Level Name Description 1 Autonomous (AT) 2 Semi- Autonomous (SAT) 3 Redundant Fault Tolerant (RFT) Software functionality that exercises autonomous control authority over potentially safety significant hardware systems, subsystems, or components without the possibility of predetermined safe detection and intervention by a control entity to preclude the occurrence of a mishap or hazard. (This definition includes complex system/software functionality with multiple subsystems, Interacting parallel processors, multiple interfaces, and safety-critical functions that are time critical.) Software functionality that exercises control authority over potentially safety-significant hardware systems, subsystems, or components, allowing time for predetermined safe detection and intervention by independent safety mechanisms to mitigate or control the mishap or hazard. (This definition includes the control of moderately complex system/software functionality, no parallel processing, or few interfaces, but other safety systems/mechanisms can partially mitigate. System and software fault detection and annunciation notifies the control entity of the need for required safety actions.) Software item that displays safety-significant information requiring immediate operator entity to execute a predetermined action for mitigation or control over a mishap or hazard. Software exception, failure, fault, or delay will allow, or fail to prevent, mishap occurrence. (This definition assumes that the safety-critical display information may be time-critical, but the time available does not exceed the time required for adequate control entity response and hazard control.) Software functionality that issues commands over safety-significant hardware systems, subsystems, or components requiring a control entity to complete the command function. The system detection and functional reaction includes redundant, independent fault tolerant mechanisms for each defined hazardous condition. (This definition assumes that there is adequate fault detection, annunciation, tolerance, and system recovery to prevent the hazard occurrence if software fails, malfunctions, or degrades. There are redundant sources of safety-significant information, and mitigating functionality can respond within any time-critical period.) Software that generates information of a safety-critical nature used to make critical decisions. The system includes several redundant, independent fault tolerant mechanisms for each hazardous condition, detection and display. 4 Influential Software generates information of a safety-related nature used to make decisions by the operator, but does not require operator action to avoid a mishap. 5 No Safety Impact (NSI) Software functionality that does not possess command or control authority over safety significant hardware systems, subsystems, or components and does not provide safety significant information. Software does not provide safety-significant or time sensitive data or information that requires control entity interaction. Software does not transport or resolve communication 17 of safety-significant or time sensitive data.

Software Safety Criticality Matrix Severity Safety Criticality Matrix Software Control Category Catastrophic (1) Critical (2) Marginal (3) Negligible (4) 1 SwCI 1 SwCI 1 SwCI 3 SwCI 4 2 SwCI 1 SwCI 2 SwCI 3 SwCI 4 3 SwCI 2 SwCI 3 SwCI 4 SwCI 4 4 SwCI 3 SwCI 4 SwCI 4 SwCI 4 5 SwCI 5 SwCI 5 SwCI 5 SwCI 5 MIL-STD-882E, Table V 18

SwCl SwCl 1 SwCl 2 SwCl 3 SwCl 4 SwCl 5 Software Level of Rigor (LOR) Level of Rigor Tasks Tasks Program shall perform analysis of requirements, architecture, design, and code; and conduct in-depth safety specific testing. Program shall perform analysis of requirements, architecture, and design; and conduct in-depth safety-specific testing. Program shall perform analysis of requirements and architecture; and conduct in-depth safety-specific testing. Program shall conduct safety-specific testing. Once assessed by safety engineering as Not Safety, then no safety specific analysis or verification is required. Consult the Joint Software Systems Safety Engineering Handbook http://www.acq.osd.mil/se/docs/joint-sw-systems-safety-engineering-handbook.pdf and AOP 52 for guidance on required software analyses MIL-STD-882E, Table V 19

Relationship Between SwCI, Risk Level, LOR Tasks, and Risk Software Criticality Index (SwCl) SwCl 1 SwCl 2 SwCl 3 SwCl 4 Risk Level High Serious Medium Low Software LOR Tasks and Risk Assessment/Acceptance If SwCI 1 LOR tasks are unspecified or incomplete, the contributions to system risk will be documented as HIGH and provided to the PM for decision. The PM shall document the decision of whether to expend the resources required to implement SwCI 1 LOR tasks or prepare a formal risk assessment for acceptance of a HIGH risk. If SwCI 2 LOR tasks are unspecified or incomplete, the contributions to system risk will be documented as SERIOUS and provided to the PM for decision. The PM shall document the decision of whether to expend the resources required to implement SwCI 2 LOR tasks or prepare a formal risk assessment for acceptance of a SERIOUS risk. If SwCI 3 LOR tasks are unspecified or incomplete, the contributions to system risk will be documented as MEDIUM and provided to the PM for decision. The PM shall document the decision of whether to expend the resources required to implement SwCI 3 LOR tasks or prepare a formal risk assessment for acceptance of a MEDIUM risk. If SwCI 4 LOR tasks are unspecified or incomplete, the contributions to system risk will be documented as LOW and provided to the PM for decision. The PM shall document the decision of whether to expend the resources required to implement SwCI 4 LOR tasks or prepare a formal risk assessment for acceptance of a LOW risk. SwCl 5 Not Safety No safety-specific analyses or testing is required. 20 MIL-STD-882E, Table VI

Risk Management / Environment, Safety & Occupational Health (ESOH) Exercise MDD Materiel Solution Analysis CDD Validation Dev. RFP Release A B C Tech Maturation & Risk Reduction Engineering and Manufacturing Development FRP Production & Deployment IOC FOC Operations & Support YOU ARE HERE 21

Risk Management / ESOH Exercise Given: Acquisition documents COIs and CTPs Objective: Identify Safety and Environmental Issues and prepare mitigating strategies Overview (4 steps) 1. Review the system hazard assessment white paper 2. Select one safety and one environmental test hazard 3. Analyze and rate hazards 4. Develop mitigating strategies 22

Hazard Assessment (DoD Risk Management Guide) Likelihood 5 4 3 2 Red = High Yellow = Moderate Green = Low Destroy UAV 1 Example: 1 2 3 4 5 Consequence Test hazard: flutter test, structural failure, Destroy UAV Likelihood = 3; Consequence = 5 Assessment: High (see table) 23

Safety / Environmental Hazards (Sample Format) Hazard Rating Mitigating actions Hazard 1 For example: Destroying the UAV Hazard 2 Po = 3 C = 5 H, M, L Po = X C = X H, M, L Action 1-M&S to predict conditions where structural failure is likely to occur Action 2-Change the UAV design, to decrease likelihood Action 3-Change test methods, to decrease consequences (use scale model in wind tunnel instead of UAV) Action 1 Action 2 Action 3 Should they have used the MIL-STD 882 approach (vice DoD Risk Mgmt Guide)? 24

ESOH Exercise - Timeline Four Tasks (30 minutes): 1. Review system hazard assessment white paper 2. Select one safety and one environmental test hazard 3. Analyze and Rate Hazards (Make educated guesses, as necessary) 4. Develop at least 3 mitigating actions for each hazard 25

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback