Safety assurance

Safety assurance is the application of safety engineering practices, intended to minimize the risks of operational hazards.

Strategies of safety assurance

Reactive safety assurance

The reactive method is about responding to events with costly results, such as incidents and accidents. ^[1] The method is about incremental development of the safety requirements, where each increment is in response to risky events. It is most useful when dealing with technological failures, or unusual events. The level of safety is based on the quality of the investigation of reported incidents and accidents. .^[2] They are most appropriate for situations involving failures in system components (hardware failures and software bugs) and/or unexpected events. The contribution of reactive methods to safety assurance depends on the extent to which the information generated goes beyond the triggering cause(s) of the event, and the allocation of blame, ^[3] and includes contributory factors and findings to safety risks.^[1]

Proactive safety assurance

The proactivity method looks actively for the identification of safety risks through the analysis of the organization’s activities ,^[4] The goal is to identify hazards before they materialize into incidents or accidents and taking the necessary actions to reduce the safety risks (i.e., Risk Mitigation Plan). ^[2] Proactive safety assurance is based upon the notion that system failures can be minimized by identifying safety risks within the system before it fails, and taking the necessary actions to mitigate such safety risks. Reporting systems, safety audits and safety surveys are examples of the proactive method. ^[1] Proactive measures include operational reporting and control by constrains, as in the STAMP model.^[5] In 2012, the worlds first free safety audit application - iAuditor was released to provide workers with a collaborative model to create and share safety audit forms and checklists. Within six months over 1 million audits had been completed using iAuditor and the transition from paper based field auditing to a completely digital environment began.

Predictive safety assurance

A specific method of proactive safety assurance is by prediction, based on performance data. The predictive method captures system performance as it happens in normal operations to identify potential future problems. This requires continuous capturing of routine operational data in real time. Predictive methods are best accomplished by trying to find trouble, not just waiting for it to show up. Therefore, predictive safety data capture systems aggressively seek safety information that may be indicative of emerging safety risks from a variety of sources. ^[1]

Iterative safety assurance

Hazards may be identified in the aftermath of actual safety events (accidents or incidents), or they may be identified through proactive and predictive processes aimed at identifying hazards before they precipitate safety events. ^[1] Safety assurance can be achieved by instituting both reactive and proactive safety initiatives. A classic reactive safety assurance initiative is accident and incident investigation. ^[6] Safety is enabled through the integration of reactive, proactive and predictive safety data capture systems, mitigation strategies, and mitigation methods. The data used for each of the three safety methods is used at different levels of the operational drift, and the three mitigation strategies and methods intervene at different levels of the practical drift. ^[1]

Practices of safety assurance

Rigorous and practices to safety assurance mostly arose after WW2. ^[1]

Incremental development

The main procedure for Safety assurance is an endless procedure, iterating safety-oriented design based on risk analysis, and validation of the risk reduction.

Risk analysis

The goals of risk analysis are to identify hazards, and to estimate their costs. Hazards that should be analyzed are those attributed to the system, and those attributed to the operators. System-related hazards include hardware failures, software bugs and events arriving in exceptional situations. Operator-related hazards include unintentional and inadvertent actions, and the failure to follow the system situation and critical context changes. ^[7]

Safety-oriented design

Safety-oriented design has two goals: risk prevention and resilience assurance. ^[8]

Preventing known risks

Primarily, the concern is about risks which are typically attributed to use errors, such as unintentional and inadvertent actions, and failure to follow the system situation and context changes. Proactively risk reduction is achieved through operational reporting ^[1] and constrain enforcement, as in the STAMP model.^[5] According to this model, normal use is defined by constrains to the system operation, and accidents may be attributed to deviation from these constrains. Control by constrains involves collection and aggregation of operational data, analysis of that data, identification of accident precursors, and utilization of newly acquired safety information to eliminate accident precursors before an accident or incident occurs.

Resilience assurance

Assuring system resilience to hazards, which the system developers are unable to prevent: hardware failures, software bugs, exceptional situations and unexpected events.

Safety validation

A key action is the validation of risk reduction. Any change in the system involves introducing new risks. Therefore, the key activity in any practice of is to verify that the modified system is safer than the original. ^[2] Common practices for safety validation include virtual testing based on models of the interaction, and testing with operators (notably, opinion questionnaires, usability testing) and activity analysis.

References

↑ ^1.0 ^1.1 ^1.2 ^1.3 ^1.4 ^1.5 ^1.6 ^1.7 [1] Doc 9859 (2009). Safety Management Manual (SMM). International Civil Aviation Organization (ICAO)
↑ ^2.0 ^2.1 ^2.2 [2] Weiler & Harel (2011), Managing the Risks of Use Errors: The ITS Warning Systems Case Study
↑ [3] Dekker, 2007: The Field Guide to Understanding Human Error
↑ [4], Reason: Managing the Risks of Organizational Accidents
↑ ^5.0 ^5.1 [5] N. Leveson, STAMP: A framework for dynamic safety and risk management modeling
↑ [6] CGAR Annual report – 2010 - Flight Data Monitoring (FDM)
↑ [7] Zonnenshain & Harel (2008) Extended System Engineering - ESE: Integrating Usability Engineering in System Engineering, The 17th International Conference of the Israel Society for Quality, Jerusalem, Israel
↑ [8], Zonnenshain & Harel: Task-oriented SE, INCOSE 2009 Conference, Singapore

External links

[DocSMM-1] 1.0 ^1.1 ^1.2 ^1.3 ^1.4 ^1.5 ^1.6 ^1.7 [1] Doc 9859 (2009). Safety Management Manual (SMM). International Civil Aviation Organization (ICAO)

[Weiler-2] 2.0 ^2.1 ^2.2 [2] Weiler & Harel (2011), Managing the Risks of Use Errors: The ITS Warning Systems Case Study

[3] [3] Dekker, 2007: The Field Guide to Understanding Human Error

[4] [4], Reason: Managing the Risks of Organizational Accidents

[STAMP-5] 5.0 ^5.1 [5] N. Leveson, STAMP: A framework for dynamic safety and risk management modeling

[6] [6] CGAR Annual report – 2010 - Flight Data Monitoring (FDM)

[7] [7] Zonnenshain & Harel (2008) Extended System Engineering - ESE: Integrating Usability Engineering in System Engineering, The 17th International Conference of the Israel Society for Quality, Jerusalem, Israel

[8] [8], Zonnenshain & Harel: Task-oriented SE, INCOSE 2009 Conference, Singapore

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]