Safety Assessment Report (SAR)

advertisement
Logotype
Safety Assessment Report
(SAR)
Editor
Administrator
Date
Secrecy
XXXX XXXXXX
YYYY-MM-DD
Open/Unclassified
Version
Document number
X.X
XXX
Safety Assessment Report (SAR) for XXX
Picture of the object
Approximately 15x10 cm
Remove the frame and place the image here instead.
Logotype
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
1
SUMMARY ........................................................................................................... 6
2
CONCLUSIONS ................................................................................................... 7
2.1
2.2
2.3
General.................................................................................................................. 7
Personal Injury....................................................................................................... 7
Financial Damage .................................................................................................. 8
3
OBJECTIVES AND SCOPE ................................................................................ 9
4
DEFINITIONS, ASSUMPTIONS AND BACKGROUND FOR THE ASSUMPTIONS
........................................................................................................................... 10
4.1
4.2
4.3
5
SYSTEM IDENTIFICATION ............................................................................... 11
5.1
5.2
5.3
6
Technical Design ................................................................................................. 11
Interfaces to other systems/service units ............................................................. 11
Field of application/Use environment ................................................................... 11
MODES OF OPERATION .................................................................................. 12
6.1
6.2
7
Definitions ............................................................................................................ 10
Assumptions ........................................................................................................ 10
Background for the assumptions.......................................................................... 10
General................................................................................................................ 12
Modes of Operation ............................................................................................. 12
ANALYSIS METHODS ...................................................................................... 13
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA) .................. 13
Operating and Support Hazard Analysis (O&SHA) .............................................. 13
Environmental Hazard Analysis (EHA)................................................................. 13
Risk Assessment ................................................................................................. 14
Risk-Reducing Actions ......................................................................................... 17
Risk Log .............................................................................................................. 18
Requirements Analysis ........................................................................................ 18
Hazardous Substances ........................................................................................ 19
Interviews ............................................................................................................ 19
8
DESCRIPTION OF RISKS ................................................................................. 20
9
PROPOSED SAFETY INSTRUCTIONS ............................................................ 21
10 REFERENCES ................................................................................................... 21
10.1 References .......................................................................................................... 21
10.2 Interviews ............................................................................................................ 21
2
Logotype
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
APPENDICES
Risk Log with the closing of risks ............................................................................Appendix 1
Requirements Analysis ...........................................................................................Appendix 2
Hazardous Substances ..........................................................................................Appendix 3
3
Logotype
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Revision Information
Date
YYYY-MM-DD
Version
1.0
Issuer
Reviewed
4
Description
Final issue
Logotype
Safety Assessment Report (SAR)
WORD LIST
Abbreviation
Explanation
EHA
Environmental Hazard Analysis
FMV
Swedish Defence Materiel
Administration (Försvarets
Materielverk)
GFE
Government Furnished Equipment
GFI
Government Furnished Information
MVIF
Maintenance instruction in the
Swedish Armed Forces
O&SHA
Operating and Support Hazard
Analysis
PHA
Preliminary Hazard Analysis
PHL
Preliminary Hazard List
SAR
Safety Assessment Report
SCA
Safety Compliance Assessment
SHA/SSHA
System Hazard Analysis/Sub System
Hazard Analysis
SI
Safety Instructions
SSPP
System Safety Program Plan
5
Date
YYYY-MM-DD
Logotype
1
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
SUMMARY
The supplier XXX has, on behalf of XXX, carried out system safety analyses (SHA/SSHA) on XXX,
MXXXX-XXXXXX.
This safety assessment report concerns XXX as a complete unit with necessary accessories. The
report does not include XXX.
The analyses have been performed and evaluated in accordance with the requirements in the
specification for XXX, annexed to the request for proposal/order XXX and System Safety Program
Plan (SSPP) for XXX technical service, edition XXX, dated YYYY-MM-DD.
The task has been to identify, analyze and evaluate potential risks for injury to persons or damage to
property or the external environment caused by the system. The work has also included proposals for
action and implementation of measures to minimize the probability of hazardous events and limit the
consequences if they do occur.
Section 2 Conclusions presents all the remaining risks that are considered to be either “not tolerable”
or “limited tolerable”. A more detailed description of each risk and proposals for action as well as an
account for measures already implemented are described in section 8 Description of risks, their
consequences and recommended and already implemented actions.
The safety assessment report provides a consultative basis with proposed actions such as design
changes and/or additions or amendments in the relevant publications in order to increase safety for
persons, property and the external environment during the life cycle of the system.
The supplier XXX together with XXX has actively been working with system safety issues during
the acquisition. The implementation of the proposed actions was verified at XXX, YYYY-MM-DD.
Wording 1:
The system safety work identified a total of XXX risks. After implementation of
risk-reducing actions a total of XXX risks remain. Based on the risk levels given in
the risk matrix in the contract XXX, the system is estimated to have XXX tolerable
risks (T), XXX limited tolerable risks (BT) and XXX not tolerable risks (ET).
Wording 2:
The system safety work identified a total of XXX risks. If the proposed riskreducing actions in this report are implemented a total of XXX risks will remain.
Based on the risk levels given in the risk matrix in TTEM XXX the system will
have XXX tolerable risks (T), XXX limited tolerable risks (BT) and XXX not
tolerable risks (ET).
6
Logotype
2
2.1
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
CONCLUSIONS
General
System safety is defined as the property of a system not to cause personal injury or damage to
property or the external environment. A system is defined as an assembly of supplies, facilities and
personnel. The term system generally also includes instructions, regulations etc. for use in training,
operation and maintenance in both war, crisis and peace.
To perform a realistic safety assessment, this document is based on the hazardous events that can
cause personal injury, environmental damage and/or financial damage (i.e. material damage on your
own or third party’s property or the costs associated with environmental remediation) and that may
occur both nationally and internationally. The system safety activities do not normally include risks
of hostile weapon effects against your own system, personnel or environment.
Hazardous events may occur either as a result of human error, material failure or a combination of
these two factors. This document is intended to be a basis to both reduce risks and, in some cases, to
exclude the risks altogether.
It is essential that the relevant documentation describes and highlights the remaining risks that
cannot, or is not intended to, be avoided by redesigning the system.
Marking, such as handling or warning labels, is sometimes necessary as an additional security
measure, e.g. according to current safety legislation. Marking is not recommended as an alternative to
possible constructive measures.
2.2
Personal Injury
In accordance with the risk levels in section 7 Analysis methods, the following risks of personal
injury are considered not tolerable or limited tolerable after implementation of the proposed riskreducing actions. FMV has approved the closure and acceptance of the limited tolerable risks of
personal injury. We have not been able to remedy the not tolerable risks of personal injury and leave
them for further handling.
Risk ID
Risk description
Current risk level
(probability A-E for a
certain injury class I-IV)
7
Note
Logotype
2.3
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Financial Damage
In accordance with the risk levels in section 7 Analysis methods, the following risks of damage to
your own or third party’s property and environmental damage (expressed in monetary terms, e.g.
environmental remediation costs) are considered not tolerable or limited tolerable after
implementation of the proposed risk-reducing actions. We have not been able to remedy the not
tolerable risks of financial damage and leave them for further handling. The following risks of
irreversible environmental damage have been identified. The risks are not tolerable. It is for the
Swedish Armed Forces to decide about closure and acceptance of these risks.
Alternatively: No risks for irreversible environmental damage have been identified.
Risk ID
Risk description
Current risk level
(probability A-E for a
certain injury class I-IV)
8
Note
Logotype
3
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
OBJECTIVES AND SCOPE
The objective of the system safety analyses (SHA/SSHA) has been to identify, analyze and evaluate
the risks that are considered likely to initiate hazardous events or hazardous conditions, and to
propose measures to prevent the identified hazardous events/hazardous conditions or limit the
damage if they do occur.
In section 8 Description of risks, their consequences and recommended and already implemented
actions, the proposed risk-reducing actions are presented together with each risk, under the heading
Proposed actions. Already implemented measures are presented under the heading Implemented
actions YYYY-MM-DD. The purpose of the proposed actions is to minimize or eliminate risks of
personal injury and damage to property and environment as far as possible.
The following analyses have been conducted:
 System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA)
 Operating and Support Hazard Analysis (O&SHA)
 Environmental Hazard Analysis (EHA)
The safety assessment report should be viewed as a descriptive document for XXX to be able to
reduce the probability of a hazardous event and/or limit the consequences if it does occur.
The performed system safety activities have lead to the identification of risks, assessment of
probabilities and consequences, proposed actions, implementation of actions and closure of risks.
This has been documented according to Appendix 1, Risk Log.
The system safety activities have also included studying the need for directions/instructions and
additions to warnings in the existing documentation as well as operating instructions related to
supervision in accordance to the system safety requirements.
A list showing which laws and regulations that should apply to XXX and whether these are met with
or not has been established. See Appendix 2, Requirements Analysis.
A list of hazardous substances has been established. See Appendix 3, Hazardous substances.
9
Logotype
4
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
DEFINITIONS, ASSUMPTIONS AND BACKGROUND FOR
THE ASSUMPTIONS
4.1
Definitions
The analysis covers XXX regarding design, operation, materiel care and maintenance of XXX in
accordance with the Swedish Armed Forces maintenance system (Vård FM).
4.2
Assumptions
The following assumptions apply to the analysis:





4.3
The system XXX is assumed to be complete and without any defects before a hazardous
event occurs.
Personnel handling the system are assumed to receive the training necessary to operate and
maintain the system XXX in a safe manner before the system is taken into use.
All preventive maintenance is performed according to the current materiel care schedules.
Maintenance personnel at the various maintenance levels have intimate knowledge of the
system XXX and have been trained for the purpose.
Equipment that is to be connected to the system XXX is not affected by this analysis but is
assumed to be adapted to the purpose and comply with applicable electrical safety
requirements, system requirements etc.
Background for the assumptions
The assumptions have been made in order to obtain a probability of hazardous events that reflect the
actual usage.
If untrained personnel were to operate the system XXX in full, the risks could in many cases be
incalculable.
10
Logotype
5
5.1
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
SYSTEM IDENTIFICATION
Technical Design
A brief description of the system’s fundamental design, function, components, existing subsystems,
interfaces between subsystems etc.
5.2
Interfaces to other systems/service units
A description of all the technical interfaces to other systems/service units and what support/supplies
are required, e.g. electricity, water, fuel, heating, cooling, pressure etc.
5.3
Field of application/Use environment
A description of the field of application for the system includes how the system should be used and in
which environments it is intended to be used.
11
Logotype
6
6.1
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
MODES OF OPERATION
General
During its life cycle the equipment undergoes several different stages, each of which with its special
conditions. The product/system utilization has been divided into a number of different modes of
operation, as certain risks only occur e.g. at certain sequences or conditions and it can be important
that this is made clear in the analysis. Certain risks may occur only during assembly, operation or
maintenance etc. The risks’ relations to different modes of operation are presented in Appendix 1,
Risk Log.
6.2
6.2.1
Modes of Operation
Transportation
Example: ”Transportation of XXX” refers to preparations such as loading and unloading, and driving
on roads and in different terrains. No operative activities are in progress in XXX.
6.2.2
Setting up and breaking
Example: ”Setting up and breaking” refers to the activities after the unit has arrived to the
deployment area, including the elements shutdown/arrangement, setting up/breaking of
communications etc. and loading for redeployment. At setting up camouflage, grounding
and connection of electrical networks as well as establishing connection with other units
takes place. Breaking basically includes the same operations as the setting up, but in
reverse order.
6.2.3
Operative activities
Example: During the operative activities, work is taking place in XXX, which is now set up on a
deployment area where reconnaissance has been conducted.
6.2.4
Maintenance
Example: ”Maintenance” refers to both preventive and corrective maintenance. Preventive and
corrective maintenance include daily and special attendance, basic attendance, actions
according to MVIF and repairs.
6.2.5
Arrangement/storage
Example: ”Arrangement/storage” refers to storage in store XXX or container XXX etc.
6.2.6
Disposal
Example: ”Disposal” refers to organized forms and methods in stores supply for the final disposal of
materiel systems and their constituent supplies from all or part of the Swedish Armed
Forces. Methods include: destruction, dismantling, scrapping, shredding, disassembly,
recycling and/or deposition.
12
Logotype
7
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
ANALYSIS METHODS
The analyses in this report have been implemented according to the System Safety Program Plan
(SSPP) for XXX, Issue XXX, dated YYYY-MM-DD.
The system safety analyses include (e.g. SHA, SSHA, O&SHA and EHA).
7.1
System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA)
The purpose of the System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA) is to
evaluate the hazards that exist in the system and subsystems. The operational oriented analyses for
XXX and its subsystems form part of the verification of XXX safety. The safety assessment aims to
identify hazardous events and assess the operational risks associated with these, primarily for the
entire object/materiel system and the interaction between subsystems, the subsystems and its
components.
The analysis activities have been to identify potential risks, evaluate them by assessing their impact
and probability, and to propose safety-enhancing changes.
7.2
Operating and Support Hazard Analysis (O&SHA)
The purpose of the Operating and Support Hazard Analysis (O&SHA) is to assess the hazards in
handling and during maintenance. The analysis should also evaluate whether the operation and
maintenance procedures are sufficient and appropriate to eliminate, control or reduce the identified
defects or hazards.
The analysis activities have involved the identification of health risks and to propose measures to
eliminate or reduce these to acceptable levels.
7.3
Environmental Hazard Analysis (EHA)
The purpose of the Environmental Hazard Analysis (EHA) is to identify, analyze and evaluate the
events that may pose a burden on the environment. The first step in the environmentally oriented
analysis is to identify substances that are potentially hazardous to the environment and in what
quantity these exist.
The analysis activities have been to survey and evaluate the substances as regards quantity and
impact.
13
Logotype
7.4
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Risk Assessment
All identified risks of injury and financial damage (including environmental damage) are numbered
and named. For each risk the probability of a hazardous event and the probability that the assets
worthy of protection are exposed to the hazardous event are evaluated. The result of these gives the
probability of an accident.
An accident will always have a consequence. However, the outcome of a particular accident may
vary. To put it simply, the possible adverse outcomes are broken down by severity into four so-called
injury classes.
An assessment/estimation of the likely percentage distribution between these injury classes is
performed. The risk of an injury corresponding to a certain injury class is estimated by multiplying
the probability of the accident and the percentage of the total outcome of the accident.
The four injury classes (I-IV) of each risk now have an estimated probability. Each of these is
arranged under each probability class (A-E) in the current risk matrix. The risk matrix shows the
level of tolerance of each injury class within the probability classes.
The risk of an accident is valued after the injury class considered having the strictest tolerance level.
For example, the “entire” risk of an accident is considered limited tolerable if the damage
corresponding to injury class IV is supposed to occur with a limited tolerable frequency even if the
damage corresponding to injury classes I, II and III is supposed to occur with a tolerable frequency
and vice versa.
7.4.1
Injury classes/Consequences
The following injury classes, probabilities and risk levels for personal injury or financial damage
have been used in the assessment and evaluation of the system’s risks before and after the
implemented measures. The injury classes, probabilities and risk levels applied during the analysis of
the system have been set and specified in FMV Technical specification XXX.
NOTE! The injury classes, probabilities and risk levels presented below are only examples. The
request for proposal (RFP) for the materiel system is to determine what applies for the specific
materiel system.
Injury classes for personal injuries
Injury class
I
II
III
IV
Definition
Death
Serious injury
Less-serious injury
Negligible injury
14
Logotype
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Injury classes for financial damage
Injury class
Definition
The damage in monetary terms
(own and other’s property damage and remediation
costs)
I
Approximately the same cost as a total system loss > 105 $ (> 100 000)
II
Significant loss
104 – 105 $ (10 000 – 100 000)
III
Limited loss
103 – 104 $ (1000 – 10 000)
IV
Slight loss
< 103 $ (< 1000)
7.4.2
Accident probability/frequency
The table below defines the probability of an injury/accident occurring for one example of the
materiel system during one year of use. (For risks associated with the mode of operation “disposal”
the probability that an accident occurs for one example of the materiel system at some point during
this phase is evaluated.) The probabilities are divided into the intervals A-E as follows:
Probability
class
Description
Probability/frequency
(for one example during one year of use)
A
The accident is expected to
occur
>10-1
B
The accident is likely to occur
10-2 – 10-1
C
The accident is likely to occur
at some point
10-3 – 10-2
D
Improbable, but the accident
could occur at some point
10-6 – 10-3
E
Unlikely, the accident could
only happen in exceptional
circumstances
<10-6
15
Logotype
7.4.3
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Risk Matrix
The risk matrices define the risk levels for an accident’s injury class outcomes in combination with
each injury class’ occurrence probability. The levels of risk are highlighted in the risk matrices with:
T = Tolerable
BT = Limited tolerable
ET = Not tolerable
Example: Risk matrix for personal injuries
Injury class
I
II
III
IV
A
ET
ET
ET
BT
B
ET
ET
BT
T
Probability
C
D
ET
ET
ET
BT
BT
T
T
T
E
T
T
T
T
Example: Risk matrix for financial damage
Injury class
I
II
III
IV
A
ET
ET
ET
BT
B
ET
ET
BT
T
Probability
C
D
ET
BT
BT
T
T
T
T
T
16
E
T
T
T
T
Logotype
7.5
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Risk-Reducing Actions
Actions considered able to reduce/eliminate the risks as described in section 8 are preceded by the
heading Proposed actions. This heading lists the actions recommended by the provider. Actions that
have already been implemented are presented under the heading Implemented actions, YYYY-MMDD.
Actions can be divided in different action classes. Below is a breakdown of actions in 6 different
classes. From a general risk management perspective, actions that belong to a class with a lower
figure should have priority over actions belonging to classes with higher figures as shown below.
1. Design Changes
These actions involve some form of redesign. This implies that the risk is managed by removing,
adding, replacing or changing something in the system’s physical characteristics.
2. Protective Devices
These actions mean that the risk is managed through the introduction of e.g. fixed or automatic safety
devices, stop modes, protection zones or protective equipment.
3. Warning Devices
These actions imply that the risk is managed by warning devices, such as sound or light signals, text
messages etc. that cannot be misinterpreted.
4. Instructions/Warning Labels
These are actions in which the risk is managed by calling attention to it in written form for the
personnel who will use the equipment. This can be done through instructions and/or warning labels.
5. Training
These actions mean that the risk is managed by calling attention to it as part of the training on the
system for the personnel who will use the equipment.
6. Testing
These actions imply that the risk should be verified with some form of trial or testing before final
approval is issued.
For each action proposed in section 8 it is clear what action class it belongs to. Each action is
preceded by the name of the action class.
17
Logotype
7.6
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Risk Log
The risk log, Appendix 1, documents the risk management process that includes the above-described
elements of risk management. The following is documented in the risk log:

All identified risks according to the methods described in 7.1-7.3. These are numbered and
named with appropriate names.

Initial risk assessment and risk evaluation according to 7.4. All estimated probabilities are
reported.

All risk-reducing actions, proposed as well as already implemented, according to 7.5.

A new risk assessment and risk evaluation, also according to 7.4, after proposed or
implemented actions.

Acceptance and closure of tolerable risks. It is clear from the risk log when and by whom each
risk has been closed.
7.7
Requirements Analysis
Materiel systems intended to be transferred to the Swedish Armed Forces should meet the basic
health and safety requirements as listed in Appendix 2, the parts applicable with regard to the
materiel system’s intended use and the environment the system will operate in.
Appendix 2 lists the most common regulations for this type of equipment and should therefore not be
considered complete. In the list, basic health and safety requirements have been termed “shall
requirements” (S).
18
Logotype
7.8
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
Hazardous Substances
It is often not possible to completely avoid contact with products that pose or may pose health or
environmental risks in the workplace or the equivalent. Therefore it is important for everyone to
know what characterizes the different products and which hazards are associated with them. The
preventive and corrective recommendations, along with some factual information, have been
compiled on so-called Safety Data Sheets in the Swedish Armed Forces’ database for hazardous
substances.
These safety data sheets provide both recommendations how to deal with hazardous and
environmentally harmful products in order to avoid/reduce risks, and recommendations for actions to
be taken in connection with accidents (injuries).
The hazardous substances/materials that personnel may come into contact with have been listed and
assessed. See Appendix 3. The list includes references to the Swedish Armed Forces’ database for
hazardous substances or relevant safety data sheets.
7.9
Interviews
Interviews have been conducted with personnel at XXX and YYY. (Any references see section 10.)
19
Logotype
8
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
DESCRIPTION OF RISKS
Below is a description of the risks identified after completed analyses including their consequences
and recommended and already implemented actions. To obtain complete information about each risk,
the risk log should be studied parallel to this report.
The risks are not presented in order of priority or severity.
Risk No. X Personal injury caused by...
Describe the risk briefly, describe the source of the risk/the hazardous condition and how it can cause
injury, describe the assets worthy of protection and possible damage, describe in which modes of
operation the risk exists and if there are circumstances or contributing factors that may aggravate the
consequences.
Proposed actions
Describe the proposed action and how it is expected to affect the risk, e.g. reduce the probability of a
hazardous event, change the injury class outcome (i.e. a greater proportion of accidents result in less
serious injuries or damages).
Implemented actions YYYY-MM-DD
Describe the risk-reducing actions that have been implemented.
20
Logotype
9
Safety Assessment Report (SAR)
Date
YYYY-MM-DD
PROPOSED SAFETY INSTRUCTIONS
Propose restrictions and what risks these are derived from. Describe, if possible, what it takes for the
restrictions to be cancelled.
10
REFERENCES
10.1 References
Example:
Specification for XXX, Appendix to the request for proposal XXX
The Swedish work environment act, AML
The Swedish code of statutes, SFS
The Swedish work environment code of statutes, AFS
The Swedish Armed Forces’ database for hazardous substances, FÄ
10.2 Interviews
Last name, Fist name, title, unit/department, company, interview, city, YYYY-MM-DD.
21
Download