torsdag den 18. december 2008

Hazard log, risk analysis and safety requirements


The hazard log, risk analysis and the safety requirements are all key documents. They are all rooted in the hazard log.


Interpretation

The hazard log can be written in many different ways. Typically the hazard log contains a number of hazard sheets, where each sheet can have many forms and looks e.g. like the hazard sheet shown above of the size of an A4 page.

The hazard sheet above concerns a hazard, where the passengers can not communicate with the train driver in case of an emergency situation. This might lead to an accident.

According to the risk analysis theory, the frequency (column 'F') and the consequence (column 'C') of this type of accidents should be stated, before and after the mitigation actions.
The associated risk value can then be found with a look-up in the risk table.

Please note that the "before" column is left empty. It is difficult to enter a trustworthy value in the before column, because what is actually "before"; is it an old train without passenger emergency brakes?

The mitigation actions are per definition the safety requirements to the system. They state the safety functions, which must be implemented in the train in order to control the risk level.
In the above example the safety functions should be categorized as "safety related", which can be compared to SIL1/2, because a failing function can not alone cause an accident; if e.g. the 'passenger emergency brake'-function fails then the passenger can use the 'Emergency speech unit'-function instead and ask the driver to stop the train.

Another important spin-out from this is that it is not possible to have a safety requirement, if it can not be associated with a hazard. Any accident is caused by a hazard and only mitigation actions are safety functions, because they reduce the risk of the hazards.
In old Railway organizations you might find some requirements to inherited safety functions, but no one remembers the associating hazard.

Next chapter >> 3.6 The Safety Case

Focus on the sources (EN 50126:1999 and TR 50126-2:Feb. 2007)

Chapter 4.6 in EN 50126 talks about "risk" and "risk analysis"

The risk concept is explained in details and with examples in "guide to EN 50126", TR50126-2:Feb 2007. As an example, Figure 4 in the guide shows the relation between the hazards and the safety functions:



Ingen kommentarer: