Documente Academic
Documente Profesional
Documente Cultură
Investigation
1/210
Objectives of this Section
●
To define the reasons for investigating
accident and incidents.
●
To outline the process for effectively
investigating accidents and incidents.
●
To facilitate an effective investigation.
2/210
Accident Investigation
●
Important part of any safety management system.
Highlights the reasons why accidents occur and how
to prevent them.
●
The primary purpose of accident investigations is to
improve health and safety performance by:
Exploring the reasons for the event and identifying both the
immediate and underlying causes;
Identifying remedies to improve the health and safety
management system by improving risk control, preventing a
recurrence and reducing financial losses.
3/210
What to Investigate?
●
All accidents whether major or minor are caused.
●
Serious accidents have the same root causes as
minor accidents as do incidents with a potential for
serious loss. It is these root causes that bring about
the accident, the severity is often a matter of chance.
●
Accident studies have shown that there is a
consistently greater number of less serious
accidents than serious accidents and in the same
way a greater number of incidents then accidents.
4/210
Many accident ratio studies have been undertaken and
the one shown below is based on studies carried out by
the Health & Safety Executive.
1
Major injury
Or illness
7
Minor injuries or illnesses
189
Non Injury Accidents/Illnesses
5/210
Accident Studies
●
In all cases the ‘non injury’ incidents had the
potential to become events with more serious
consequences.
●
Such ratios clearly demonstrate that safety effort
should be aimed at all accidents including unsafe
practices at the bottom of the pyramid, with a
resulting improvement in upper tiers.
●
Peterson (1978) in defining the principles of safety
management says that “an unsafe act, an unsafe
condition, an accident are symptoms of something
wrong within the management’s system.”
6/210
Accident Studies
●
All events represent a degree of failure in control and
are potential learning experiences. It therefore
follows that all accidents should be investigated to
some extent.
●
This extent should be determined by the loss
potential, rather then just the immediate effect.
7/210
Stages in an Accident/Incident
Investigation
The stages in an accident/incident investigation are
shown in the following diagram.
8/210
Dealing with Immediate
Risks
Deal with immediate
●
When accidents and incidents
risks.
occur immediate action may be
necessary to:
Select the level of
investigation. Make the situation safe and
prevent further injury.
Investigate the event. Help, treat and if necessary
rescue injured persons.
Record and analyse the
results.
●
An effective response can only be
Review the process.
made if it has been planned for in
advance.
9/210
Day 2 start
10/210
Selecting the level of
investigation
The greatest effort should be put into:
Deal with immediate Those involving severe injuries, ill-
risks. health or loss.
Those which could have caused
Select the level of much greater harm or damage.
investigation.
These types of accidents and incidents
Investigate the event.
demand more careful investigation and
management time. This can usually be
achieved by:
Record and analyse the
results. Looking more closely at the
underlying causes of significant
Review the process.
events.
Assigning the responsibility for the
investigation of more significant
events to more senior managers.
11/210
Investigating the Event
12/210
A few sources should give the investigator all that is
needed to know.
Documents
Information from:
• Written instructions;
Procedures, risk
assessments, policies
• Records of earlier
inspections, tests,
Observation examinations and
Information from physical surveys.
sources including:
• Premises and place of
work • Checking reliability, accuracy
• Access & egress • Identifying conflicts and resolving differences
• Plant & substances in use • Identifying gaps in evidence
• Location & relationship of
physical particles
• Any post event checks,
sampling or Interviews
reconstruction Information from:
• Those involved and
their line
management;
• Witnesses;
• Those observed or
involved prior to the
event e.g. inspection
& maintenance staff.
13/210
Interviews
●
Interviewing the person(s) involved and
witnesses to the accident is of prime
importance, ideally in familiar surroundings
so as not to make the person uncomfortable.
●
The interview style is important with
emphasis on prevention rather than blame.
●
The person(s) should give an account of
what happened in their terms rather than the
investigators.
14/210
Interviews
●
Interviews should be separate to stop people
from influencing each other.
●
Questions when asked should not be
intimidating as the investigator will be seen
as aggressive and reflecting a blame culture.
15/210
Observation
The accident site should be inspected as
soon as possible after the accident. Particular
attention should/must be given to:
• Positions of people.
• Personnel protective equipment (PPE).
• Tools and equipment, plant or substances in
use.
• Orderliness/Tidiness.
16/210
Documents
Documentation to be looked at includes:
●
Written instructions, procedures and risk
assessments which should have been in operation
and followed. The validity of these documents may
need to be checked by interview. The main points to
look for are:
Are they adequate/satisfactory?
Were they followed on this occasion?
Were people trained/competent to follow it?
●
Records of inspections, tests, examination and
surveys undertaken before the event. These provide
information on how and why the circumstances
leading to the event arose.
17/210
Determining Causes
●
Collect all information and facts which surround the
accident.
●
Immediate causes are obvious and easy to find.
They are brought about by unsafe acts and
conditions and are the ACTIVE FAILURES. Unsafe
acts show poor safety attitudes and indicate a lack of
proper training.
●
These unsafe acts and conditions are brought about
by the so called ‘root causes’. These are the
LATENT FAILURES and are brought about by
failures in organisation and the management’s safety
system.
18/210
Determine what changes are needed
19/210
Generally, remedial actions should follow the
hierarchy of risk control:
●
Eliminate Risks by substituting the dangerous by the
inherently less dangerous.
●
Combat risks at source by engineering controls and
giving collective protective measures priority.
●
Minimise risk by designing suitable systems of
working.
●
Use PPE as a last resort.
20/210
Day 3 start
21/210
Recording & Analysing the
Results
●
Recorded in a similar and systematic
manner.
Deal with immediate
risks.
●
Provides a historical record of the accident.
●
Analysis of the causes and recommended
Select the level of
preventative protective measures should
investigation. be listed.
●
Completed as soon after the accident as
Investigate the event. possible.
●
Information on the accident and remedial
actions should be passed to all
Record and analyse the
results.
supervisors.
●
Appropriate preventative measures may
Review the process.
also have to be implemented by such
supervisors.
●
Investigation reports and accident statistics
should be analysed from time to time to identify
common causes, features and trends not be
apparent from looking at events in isolation. 22/210
Reviewing the Process
Reviewing the accident/incident
Deal with immediate
risks.
investigation process should
consider:
Select the level of
– The results of investigations and analysis.
investigation. – The operation of the investigation system
(in terms of quality and effectiveness).
Investigate the event.
Line managers should follow
through and action the findings of
Record and analyse the
results. investigations and analysis. Follow
up systems should be established
Review the process. where necessary to keep progress
under control.
23/210
The investigation system should be examined
from time to time to check that it consistently
delivers information in accordance with the
stated objectives and standards. This usually
requires:
●
Checking samples of investigation forms to verify the
standard of investigation and the judgements made
about causation and prioritisation of remedial
actions.
●
Checking the numbers of incidents, near misses,
injury and ill-health events;
●
Checking that all events are being reported.
24/210
What is your definition
of an “Accident”?
25/210
What is an Accident
- an unplanned event
- an unplanned incident involving
injury or fatality
- a series of events culminating in
an unplanned and unforeseen
event
26/210
How do Accidents occur?
- Accidents (with or without injuries) occur
when a series of unrelated events coincide at
a certain time and space.
27/210
Unsafe Acts
28/210
What is an Accident Investigation?
●
A systematic approach to the identification of
causal factors and implementation of
corrective actions without placing blame on
or finding personal fault. The information
collected during an investigation is essential
to determine trends and taking appropriate
steps to prevent future accidents.
29/210
Which Accidents should be
Recorded or Reported?
ALL accidents
(including illnesses) shall
be recorded and reported
through the established
procedures and guidance
30/210
Why Investigate Accidents?
●
Determine the cause
●
Develop and implement corrective actions
●
Document the events
●
Meet legal requirements
Primary Focus:
PREVENT REOCCURENCE!!!
PREVENT REOCCURENCE!!!
PREVENT REOCCURENCE!!!
31/210
Accident vs. Near-Miss
Accident :
Any undesired, unplanned
event arising out of a given
work-related task which
results in physical injury/
illness or damage to property.
Near-Miss :
Events which did not result in injury/illness
or damage but had the potential to do so.
32/210
Accident Ratio Study
Serious or Disabling
1
10 Minor Injuries
30 Property Damage
●
Unsafe Act
- an act by the injured person or another
person (or both) which caused the accident,
and/or
●
Unsafe Condition
- some environmental or hazardous
situation which caused the accident
independent of the employee
34/210
Accident Causation Model
●
Physical Harm
- catastrophic (multiple deaths)
- single death
- disabling
- serious
- minor
●
Property Damage
- catastrophic
- major
- serious
- minor
36/210
Incident Occurrence
●
Type
- struck by - struck against
- slip, trip - fell from
- caught on - fell on same level
- caught in - overexertion
●
Contact with
- electricity - equipment
- noise - vibration
- hazmat - heat/cold
- radiation - animals/insects
37/210
Immediate Causes
●
Practices
- operating without
authority
- use equipment
improperly
- not using PPE when
required
- correct lifting
procedures not
established
- drinking or drug use
- horseplay
- equipment not
properly secured
38/210
Immediate Causes (cont’d)
●
Conditions
- ineffective guards
- unserviceable tools and
equipment
- inadequate warning
systems
- bad housekeeping
practices
- poor work space
illumination
- unhealthy work
environment
39/210
Basic Causes
●
Personal Factors
- lack of knowledge or skill
- improper motivation
- physical or mental condition
- literacy or ability
●
Job Factors
- Physical environment
- sub-standard equipment
- abnormal usage
- wear and tear
- inadequate standards
- design and maintenance
40/210
Basic Causes (cont’d)
●
Supervisory Performance
- inadequate instructions
- failure of SOPs
- rules not enforced
- hazards not corrected
- devices not provided
●
Management Policy and
Decisions
- set measurable standards
- measure work in progress
- evaluate work vs. standards
- correct performance
●
Major
- Employee fatality,
- Hospitalization of 3 or more employees,
- Permanent employee disability,
- Five or more lost workdays,
- Conditions that could pose an imminent and
threat of serious injury/illness to other employees
- Property losses in excess of $1 Million
●
Minor
- All other (less serious) incidents and unsafe
conditions reported by employees
42/210
Who Investigates?
●
Major Accidents
- NOAA “GO TEAM” Investigation Team
- LO Representative
- Other agencies such as NTSB, USCG, OSHA
●
Minor Accidents
- First-Line Supervisor
- Site Director or Manager
- Site Safety Representative
- NOAA SECO (if needed)
43/210
Investigator’s Qualifications
●
Technical knowledge
●
Objectivity
●
Analytical approach
●
Familiarity with the job, process or operation
●
Tact in communicating
●
Intellectual honesty
●
Inquisitiveness and curiosity
44/210
When to Investigate?
●
Immediately after incident
Witness memories fade
Equipment and clues
are moved
●
Finish investigation quickly
45/210
What to Investigate?
●
All accidents and near-misses
- Conduct investigation upon first
notification
- Keeping the scene in-tact and
recording witnesses statements
early is key to a successful
investigation
46/210
Accident Investigation Kit
May Include:
●
Digital Camera
●
Report forms, clipboard, pens
●
Barricade tape
●
Flashlight
●
Tape measure
●
Tape recorder
●
Personal Protective Equipment (as appropriate)
47/210
The Accident Occurs
●
Employee or co-worker immediately reports
the accident to a supervisor
●
Supervisor secures/assesses the scene to
prevent additional injuries to other
employees, before assisting the injured
employee
●
Supervisor treats the injury or seeks
medical treatment for the injured
●
The accident scene is left intact
●
Site safety rep is contacted to assist the
supervisor in the investigation of the
accident.
48/210
Beginning the Investigation
●
Gather investigation
members and kit
●
Report to the scene
●
Look at the big
picture
●
Record initial
observations
●
Take pictures
49/210
What’s Involved?
●
Who was injured?
●
Medication, drugs,
or alcohol?
●
Was employee ill or
fatigued?
●
Environmental conditions?
50/210
Witnesses
●
Who witnessed the
accident?
●
Was a supervisor or
Team Lead nearby?
●
Where were other
employees?
●
Why didn’t anyone
witness the accident
(working alone, remote areas)?
51/210
Interviewing Tips
●
Discuss what happened leading
up to and after the accident
●
Encourage witnesses to describe
the accident in their own words
●
Don’t be defensive or judgmental
●
Use open-ended questions
●
Do not interrupt the witness
52/210
What was Involved?
●
Machine, tool, or
equipment
●
Chemicals
●
Environmental
conditions
●
Field season prep
operations
53/210
Time of Accident
●
Date and time?
●
Normal shift or
working hours?
●
Employee coming
off a vacation?
54/210
Accident Location
●
Work area
●
On, under, in, near
●
Off-site address
●
Doing normal job
duties
●
Performing non-
routine or routine
tasks (i.e., properly
trained)
55/210
Employee’s Activity
●
Motion conducted
at time of accident
●
Repetitive motion?
●
Type of material
being handled
56/210
Accident Narrative
●
Describe the details so the reader
can clearly picture the accident
●
Specific body parts affected
●
Specific motions
of injured employee
just before,
during, and
after accident
57/210
Causal Factors
●
Try not to accept single cause theory
●
Identify underlying causes (root)
●
Primary cause
●
Secondary causes
Contributing causes
Effects
58/210
Corrective Actions Taken
●
Include immediate interim controls
implemented at the time of accident
●
Recommended corrective actions
Employee training
Preventive maintenance activities
Better operating procedures
Hazard recognition (ORM)
Management awareness of risks involved
59/210
Immediate Notification
●
Supervisor shall complete the NOAA Web Based
Accident/ Illness Report Form and submit within
24 hours of incident occurrence (8 hours for major
incidents).
60/210
Accident Analysis Summary
●
Investigate accident immediately
●
Determine who was involved and
who witnessed it
●
Ascertain what items or equipment
were involved
●
Record detailed description
●
Determine causal factors
●
Implement corrective actions
61/210
62/210
63/210
1. What is an Accident Investigation?
a. A systematic approach to the identification of causal
factors and implementation of corrective actions.
b. Finding personal fault and placing blame.
c. The appropriate steps to prevent future actions.
d. The essential step to determine trends and taking
action against person or persons at fault.
64/210
2. Which Accidents should be Recorded or
Reported?
a. Only on the job accidents.
b. ALL accidents (including illnesses) shall be
recorded and reported.
c. Only on the job accidents on illnesses that occur on
the job and reported within 8 hours.
d. All accidents shall be recorded and reported.
65/210
3. Why Investigate Accidents?
66/210
4. Accident vs. Near-Miss?
a. Any unplanned event arising out of work that
resulted in injury vs. Any event which did not result
in injury but had potential to do so.
b. Any unsafe work habit vs. Any Hazardous working
conditions.
c. Any event which warns us of a problem vs. Any
circumstances that result in injury or property
damage.
67/210
5. Which of the following are the basic areas
that are looked at in an Accident
Investigation.
a. Policies.
b. Equipment.
c. Training.
d. All of the above.
68/210
Accident Investigation
69/210
Accident Investigation
70/210
Sequence
71/210
Sequence
Fact Analysis:
72/210
Sequence
Conclusion Drawing:
73/210
Sequence
Counter-measures:
74/210
Methods
75/210
Methods
Causal Analysis
76/210
Methods
Expert Analysis
77/210
Methods
Organizational Analysis
78/210
Methods
Organizational Analysis
79/210
Using Digital Photographs to Extract
Evidence
80/210
Camera matching:
81/210
Camera matching:
82/210
Photogrammetry
83/210
Photogrammetry
84/210
Photogrammetry
85/210
Rectification
86/210
Failure mode and effects analysis
87/210
Failure mode and effects analysis
88/210
Failure mode and effects analysis
89/210
Failure mode and effects analysis
90/210
Failure mode and effects analysis
Functional,
Design, and
Process FMEA.
91/210
Failure mode and effects analysis
92/210
Failure mode and effects analysis
93/210
Failure mode and effects analysis
94/210
Failure mode and effects analysis
95/210
Failure mode and effects analysis
96/210
Failure mode and effects analysis
97/210
Failure mode and effects analysis
98/210
Failure mode and effects analysis
99/210
Failure mode and effects analysis
101/210
Failure mode and effects analysis
103/210
Failure mode and effects analysis
104/210
Failure mode and effects analysis
105/210
Failure mode and effects analysis
109/210
Ground rules
111/210
Ground rules
112/210
Benefits
113/210
Benefits
114/210
Benefits
115/210
Benefits
116/210
Benefits
117/210
Benefits
118/210
Benefits
119/210
Basic terms
Failure
The loss under stated conditions.
120/210
Basic terms
Failure mode
122/210
Basic terms
Failure cause and/or mechanism
124/210
Indenture levels (bill of material or
functional breakdown)
125/210
Local effect
126/210
Next higher level effect
127/210
End effect
128/210
Detection
129/210
Risk Priority Number (RPN)
130/210
Severity
131/210
Remarks / mitigation / actions
132/210
Example FMEA Worksheet
133/210
Probability (P)
135/210
Probability (P)
136/210
Severity (S)
138/210
Severity (S)
139/210
Detection (D)
140/210
Detection (D)
141/210
Detection (D)
142/210
Detection (D)
143/210
Detection (D)
144/210
Detection (D)
INDICATION
146/210
Detection (D)
148/210
Detection (D)
After these three basic steps the Risk level may be provided.
151/210
Risk level (P*S) and (D)
153/210
Risk level (P*S) and (D)
154/210
Risk level (P*S) and (D)
155/210
Timing
156/210
Uses
157/210
Advantages
158/210
Advantages
159/210
Limitations
160/210
Limitations
162/210
Types
163/210
Types
164/210
Types
165/210
166/210
HOW TO CONDUCT AN
EFFECTIVE SAFETY
ASSESSMENT
OFFICE SPACES
Why should you be conducting
assessments?
●
To spot unsafe conditions and equipment
●
To focus on unsafe work practices or
behavior trends before they lead to injuries
●
Reveal the need for new safeguards
●
To provide a safe working environment for
all workers
What should I look for during an office
assessment?
●
Emergency Egress
●
Work Environment
●
Ergonomics
●
Emergency Information
●
Fire Prevention
●
Electrical Systems
●
Employee Behavior
Emergency Egress
●
Blocked or locked doorways
●
Locking devices that can impede
emergency egress
●
Properly marked exits
●
Properly illuminated exits
●
Clear aisles and pathways
Work Environment
●
Clean, sanitary and orderly work spaces
●
Tripping hazards such as loose tiles,
carpeting, flooring
●
Are drawers kept open when not in use
●
Are items stored above shoulder level and
unsecured
Ergonomics
●
Are workstations configured to prevent
employee discomfort and injury
●
Are employees aware of ergonomic risk
factors
●
Have employees received ergonomic
training
Emergency Information
●
Are emergency phone numbers posted
where they can be readily found
●
Are employees trained in emergency
procedures
●
Are evacuation procedures and diagrams
posted
Fire Prevention
●
Are portable fire extinguishers readily
available and unobstructed
●
Are fire pull stations clearly marked and
unobstructed
●
Are all fire sprinkler heads kept clear and
unobstructed (at least 18 inches)
●
Are space heaters used and authorized
Electrical Systems
●
Are extension cords/power strips kept
uncoupled (piggy-backed)
●
Are all extension cords/power strips
provided by the agency
●
Are electrical outlets clear of combustible
materials
●
Do electrical cords create trip hazards
●
Are extension cords used as permanent
wiring
Employee Behavior
●
Are employees observing established
safety rules
●
Do employees minimize hazards by
applying Operational Risk Management
principles
●
Are employee allowed to report unsafe
conditions or acts without restraint
Operational Risk Management
Identify
Supervise Assess
ORM
Control Decide
How to assess safety
SUMMARY
●
Promoting Safety
●
Monthly Assessment Program
●
Positive Findings (above & beyond
minimum requirements)
●
Assessments – emergency info, egress,
environment, ergonomics, fire prevention,
electrical, unsafe behavior
Risk Assessment and Management
Getting the Measure of Risk
●
Having understood the potential accident
sequences associated with a hazard (e.g.
using ETA) …
●
Next step is to determine the severity of the
credible accidents identified
●
Remember risk is the product of severity and
probability of an accident
●
Two different approaches:
– Estimate probability of accident, and hence get a
measure of accident risk… then decide whether
estimated risk is acceptable
●
Used in many domains, including rail, military
aerospace
●
Will discuss this approach first, using rail standards as
Accident Severity
●
Accident Severity Categories are qualitative
descriptions of consequences of failure
conditions (hazards)
– considering likely impact
Severity Consequence to Persons or Consequence to
Level Environment Service
Catastrophic Fatalities and/or multiple severe
injuries and/or major damage to the
environment
Critical Single fatality and/or severe injury Loss of a major system
and/or significant damage to the
environment
Marginal Minor injury and/or significant threat Severe system(s)
to the environment damage
Insignificant Possible minor injury Minor system damage
EN 50126
Accident Probability
Next, estimate (predict) accident probability
●
Use historical results, analysis, and engineering judgment to
determine appropriate qualitative probability category
●
Note we may have to consider both
– how likely hazard is to arise
– how likely hazard is to develop into accident
Category Description
Frequent Likely to occur frequently. The hazard will be continually experienced.
Probable Will occur several times. The hazard can be expected to occur often.
Occasional Likely to occur several times. The hazard can be expected to occur several
times
Remote Likely to occur sometime in the system lifecycle. The hazard can
reasonably be expected to occur
Improbable Unlikely to occur, but possible. It can be assumed that the hazard will
exceptionally occur.
Incredible Extremely unlikely to occur. It can be assumed that the hazard may not EN 50126
occur.
Classifying Risk
●
Having assigned severity and probability
associated with hazard consequences …
●
Next step is to use a Hazard Risk Matrix to
classify the the risk
Frequency of
occurrence of a Risk Levels
hazardous event
Frequent Undesirable Intolerable Intolerable Intolerable
Probable Tolerable Undesirable Intolerable Intolerable
Occasional Negligible Undesirable Undesirable Intolerable
Remote Negligible Tolerable Undesirable Undesirable
Improbable Negligible Negligible Tolerable Tolerable
Incredible Negligible Negligible Negligible Negligible
Insignificant Marginal Critical Catastrophic
Severity Level of Hazard Consequence
EN 50126
Accepting Risk
Reasoning about risk
●
Using HRI now possible to say, e.g.
Risk(Hazard H1) > Risk(Hazard H2)
●
In order to say what is acceptable /
unacceptable, must provide an interpretation,
e.g.
Risk Category Actions to be applied against each category
Intolerable Shall be eliminated
Undesirable Shall only be accepted when risk reduction is impracticable and with
the agreement of the Railway Authority or the Safety Regulatory
Authority, as appropriate
Tolerable Acceptable with adequate control and with the agreement of the
Railway Authority
Negligible Acceptable with the agreement of the Railway Authority
EN 50126
Managing Risk
Risk Resolution
●
Can associate objectives or actions with risk
class, e.g.
– technologies used
– development processes
– assessment criteria
●
Example, for “undesirable” risk, might decide
– no single point of failure shall lead to system
accident
– probability of fatality must be < 1x10-8 per hour
– failure behaviour over time (lifetime of system)
Determining Risk - Civil Aerospace Style 1
Start with determination of severity
●
very similar to rail categories
ARP 4761
Determining Risk - Civil Aerospace Style 2
●
When severity has been determined, can set
objectives (requirements) for risk control
– primarily boundaries on acceptable probability of
failure condition (hazard)
S e v e r ity P r o b a b ility O b je c tiv e
C la s s ific a tio n D e s c r ip tiv e Q u a n tita tiv e
(p e r flig h t h o u r )
C a ta s tro p h ic E x tr e m e ly Im p r o b a b le < 1 0 -9
H a z a rd o u s E x tr e m e ly R e m o te 1 0 -7 t o 1 0 -9
M a jo r R e m o te 1 0 -5 t o 1 0 -7
R e a s o n a b ly P r o b a b le 1 0 -3 t o 1 0 -5
M in o r Adapted from
F re q u e n t > 10 -3 ARP 4761
Determining Risk - Civil Aerospace Style 3
For civil aerospace, severity-related objectives are
set in
standards
●
easy to work with
●
unambiguous
– provided you can agree on standardised and
objective measures of severity!
BUT
●
Need to understand that direct mapping from
severity to probability objectives is based on
important assumption:
Determining Risk - Civil Aerospace Style 4
Where does acceptable risk come from?
●
in principle, requirements reflect “what risk the
public is willing to accept”
– risk (A) = probability (A) * severity (A)
– level of acceptable risk hard to determine, and
subjective
●
in practice, certification bodies (airworthiness
authorities) act as surrogates for the public
– “bottom line” is hull loss rate
– civil aviation hull loss rate target is currently 10 -7
per flying hour
●
for comparison, military aviation (UK) hull loss rate
Determining Risk - Civil Aerospace Style 5
●
Has further implications:
– implicit assumption about number of catastrophic
failure conditions on an aircraft
– also implicit assumption about how probable
failure condition is to actually develop into an
accident
●
Example:
– probability objective (target) for catastrophic failure
condition is < 10-9 per flight hour
– target hull loss rate is < 10-7 per flight hour
– implies either a maximum of 100 catastrophic
failure conditions on an aircraft, assuming all
occurrences of catastrophic failure conditions will
Determining Risk - Civil Aerospace Style 6
●
Note that objective of probability per flying hour has its problems…
●
Consider:
TO LE R A B LE
T H E A LA R P o n ly if r is k r e d u c tio n s a r e
( A s L o w A s R e a s o n a b ly im p r a c t ic a b le o r c o s t
P r a c t ic a b le ) g r o s s ly d is p r o p o r tio n a te to
R E G IO N th e im p r o v e m e n t g a in e d
R is k is u n d e r t a k e n o n ly if TO LE R A B LE
b e n e f it is d e s ir e d if c o s t o f r e d u c t io n w o u ld
e x c e e d im p r o v e m e n t
g a in e d
B R O A D LY A C C E P T A B LE N E G L IG IB L E R IS K
R E G IO N
The ALARP Principle 2
●
Provides an interpretation of identified risks
●
Pragmatic – although you can always spend
more money to improve safety, it is not always
cost-effective
●
However, “cost-effectiveness” introduces
ambiguity
●
Regions of tolerability defined by regulatory
domain and customer
●
Approach is often implicit in the management
of safety-critical projects anyway
Risk Reduction Flowchart 1
Identify and determine risk associated with
identified hazards
ID E N T IF Y H A Z A R D a n d R IS K
H a z a r d R is k
H a za rd
(S e v e r ity /P r o b a b ility )
Id e n tific a tio n
E s ta b lis h e d
S y s te m
D e s ig n
Risk Reduction Flowchart 2
Id e n tify H a z a r d a n d R is k A S S E S S R IS K
H a z a r d R is k R is k M e a s u r e d
H a za rd
(S e v e r ity /P r o b a b ility ) A g a in s t H R I
Id e n tific a tio n
E s ta b lis h e d M a tr ix C r ite r ia
S y s te m
D e s ig n
No R is k Yes
A c c e p ta b le ?
Risk Reduction Flowchart 3
Id e n tify H a z a r d a n d R is k A s s e s s R is k
H a z a r d R is k R is k M e a s u r e d
H a za rd
(S e v e r ity /P r o b a b ility ) A g a in s t H R I
Id e n tific a tio n
E s ta b lis h e d M a tr ix C r ite r ia
S y s te m
D e s ig n T A K E A C T IO N
A p p ly R e -d e s ig n No R is k Yes C o n tin u e d e s ig n .
P re c e d e n c e A c c e p ta b le ? D o c u m e n t a n a ly s is
C r ite r ia a n d ju s tific a tio n
●
Redesign to reduce hazard likelihood
– Select architecture or components
●
Duplex or triplex or …
●
Higher integrity components, with lower failure rates
●
Incorporate mitigation to reduce impact of
failures
– Automated protection, e.g. pressure relief valves
– Where incorporated, need to check periodically
Precedence in Risk Reduction 2
●
Provide warning devices
– Detect the hazardous condition and warn
operators
●
e.g. indicate that landing gear has not fully deployed
●
e.g. to evacuate building due to fire or fumes
●
Provide procedures and training
– Reduce likelihood of hazard, or mitigate
●
may involve use of personal protective equipment
– Do not assume procedures are enough by
themselves
●
consider evolution of power guillotine regulations
●
Precedence order
Residual Risk - 1
●
Residual Risks are those that cannot be
‘designed out’
– risks inherent to design, where benefit is desirable
●
Significant residual risks must be formally
accepted by the appropriate authority (typically
customer / operator)
●
Can use Decision Authority Matrix, e.g.
Hazard Severity Categories
Frequency of I II III IV
Occurrence CATASTROPHIC CRITICAL MARGINAL NEGLIGIBLE
A FREQUENT HIGH HIGH HIGH MEDIUM
B PROBABLE HIGH HIGH MEDIUM LOW
(MIL-STD-882C)
C OCCASIONAL HIGH HIGH MEDIUM LOW
D REMOTE HIGH MEDIUM LOW LOW
E IMPROBABLE MEDIUM LOW LOW LOW
Residual Risk 2
●
Usually a requirement to document all actions
taken to resolve risk within terms of contract
●
Customer authority can then decide whether
Risk Management Summary
●
Risk Assessment is the process of identifying
the risk associated with system hazards
●
Approach in many sectors (military, rail…) is to
use Hazard Risk Matrix to determine the risk
associated with a hazard from severity and
probability estimates
– then decide on acceptability of risk
●
Alternative approach (Civil Aerospace) is
based around severity
– assumption of fixed level of acceptable risk...
– … so can derive objectives, including probability,
from severity