S-OS-.o/
MIL-STD-882B
30 M a r c h 1984
SUPERSEDING
MIL-STD-882A
.28 June 1977
M I L I T A R Y STANDARD
SYSTEMSAFETY
PROGRAM REQUIREMENTS
FSCSAFT
AMSC Number F3329
.
T H I S DOCUMENT CONTAINS
Licensed by Information Handling Services
.
y'
PAGES.
MIL-STD-882B
30 March1984
DEPARTMENT
OF
DEFENSE
WASHINGTON, DC 20301
System Safety Program Requirement s
MIL-STD-882B
1. T h i sM i l i t a r yS t a n d a r d
Agencies o f theDepartment
i s approved f o r useby
o f Defense.
a l l Departmentsand
2. B e n e f i c i a l comments (recommendations,additions,deletions)andanypertinentdatawhich
may be o f use i n i m p r o v i n g t h i s documentshouldbe
addressedto:
HQ Air ForceSystems Command (ALX ComSO), Andrews AFB, ,
Washington, DC 20334, b y u s i n g t h e s e l f - a d d r e s s e d S t a n d a r d i z a t i o n
Document
end o f t h i s document o r
ImprovementProposal (DD Form 1 4 2 6 )a p p e a r i n ga tt h e
by 1e t t e r .
3.
MIL-STD-882B i s exemptfrom
OMB a p p r o v a al c t i o n .
It i s consideredtech-
n i c a l i n f o r m a t i on i n c i d e n t t o t h e d e s i g n , p r o d u c t i o n , o r o p e r a t i o n o f
o f paragraph
c o n t r a c t i t e m s and i s n o t s u b j e c t t o r e v i e w u n d e r p r o v i s i o n s
9b, attachment A, OMB C i r c u l a r A-40,
No. 1, February 10, 1976.
.
Licensed by Information Handling Services
r e v i s e d by OMB T r a n s m i t t a l Memorandum
.S
I
.
.-
.
-
"
..
._ .
MIL-STD-882B
9779933 0359857 2 T l
MIL-STD-882B
30 March 1984
c
FOREWORD
The principalobjective of asystem safety program w i t h i n the Department of
Defense (DoD) i s t o make sure safety, consistent w i t h mission requirements, i s
designed intosystems,subsystems,equipment,
and f a c i l i t i e s , and t h e i r i n t e r faces.
DoD has approved this mil i t a r y standard f o r a l l
to use i n developing system safety programs.
DoD departments and agencies
i n a system depends d i r e c t l y on management
The degreeofsafetyachieved
emphasis. Governmentand
contractorswillapply
management emphasis t o safety
d u r i n g the system acquisition process and t h r o u g h o u t the 1 ife cycle of each
system, making sure mishap risk i s understood and risk reduction i s always
considered i n the management review process.
e
The success of the system safety
effort
depends on d e f i n i t i ve statements of
safety objectives and requirements by the managing a c t i v i t y and t h e i r
translation i n t o functional hardware and software. A formal safety program
t h a t stresses early hazard identification and elimination or reduction o f
associated risk t o a 1 eve1 acceptable to the managing a c t i v i t y i s t h e
principalcontribution of effective system safety.Selec€iveapplication
and
the tailoring o f t h i s m i l i t a r y standard must be accomplished, as indicated
herein, to specify the extent
of contractual and DoD in-house compl i ance
G
I
iii
A-3
Licensed by Information Handling Services
.
. ’
”
.......
MIL-STD-882B
30 March 1984
CONTENTS
1
Paragraph
I
1
111
1.2
1.3
1.3.1
1.3.2
1.3.2.1
1.3.2.2
1.3.2.3
1.3.3
2
3
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.19
3.1.20
3.1.21
3.1.22
3.2
4
4.1
4.2
4.3
4.4
4.5
4.5.1
4.5.2
4.6
5
.
1
:
1
..
=
=
.
.
Page
....................................................
.................................................
...........................................
.............................................
..........................................
..........................
.................................
....................................
.....................................
................................
....................................
...........................
.............................................
..............................................
..................................................
..................................................
.........................................
.............................
......................................
.........................................
.......................................
..................................................
......................................
....................................................
..................................................
...............................................
..................................................
...........................................
..................................
...............................
.......................
................................
...................................
...................................
..............................
...........................................
..............................
...................................
........................
.......................
................................
..........................................
.........................................
......................................
............................
.......................................
SCOPE
Purpose
Applicability
Appl ic a t i on
ApplyingTasks
Tail oring of Task Descriptions
D e t a i l s t o be S p e c i f i e d
A p p l i c a t i o nG u i d a n c e
Method o f Reference
C o n f l i c t i n gR e q u i r e m e n t s
REFERENCED
DOCUMENTS
DEFINITIONS AND ABBREVIATIONS
Definitions
Contractor
Damage
Hazard
HazardousEvent
H a z a r d o u sE v e n tP r o b a b i l i t y
Hazard P r o b a b i l i t y
H a z a r dS e v e r i t y
Managing A c t i v i t y
Mishap
O f f - t h e - s h e l fI t e m
Risk
Safety
Subsystem
System
System S a f e t y
System S a f e t yE n g i n e e r
System S a f e t yE n g i n e e r i n g
System SafetyGroup/WorkingGroup
System S a f e t y Management
System S a f e t y Manager
System S a f e t y Program
System S a f e t y ProgramPlan
Abbreviations
SYSTEMSAFETYREQUIREMENTS
System S a f e t y Program
System S a f e t y ProgramObjectives
System SafetyDesignRequirements
System SafetyPrecedence
RiskAssessment
H a z a r dS e v e r i t y
H a z a r dP r o b a b i l i t y
A c t i o no nI d e n t i f i e dH a z a r d s
TASK DESCRIPTIONS
i V
2668
Licensed by Information Handling Services
A-4
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
3
3
4
4
4
4
4
5
6
6
6
7
8
8
MIL-STD-882B
30 March 1984
c
I
Page
TASK
SECTION
100
TASK
-
100
1 o1
102
103
104
105
1.06
107
1oa
SECTION
TASK
201
2o2
203
204
205
206
207
208
209
210
211
212
213
-
PROGRAM MANAGEMENT AND UNTROL
100-1
-
100-2
..................................
- 100-4
.................. .......... 100-3
101-1 - 101-4
102-1 - 102-4
... ........................ 103-1
- 103-2
104-1 - 104-2
....................
105-1 - 105-2
..............................
........................ 107-1
106-1 - 106-2
- 107-2
................ ....... .................... 108-1 - 108-2
System SafetyProgram
System Safety Program Plan
I n t e g r a t i on/Management o f A s s o c i a t e C o n t r a c t o r s ,
S u b c o n t r a c t o r s ,a n dA r c h i t e c t
and EngineeringFirms
System Safety Program Reviews
System S a f e t y Group/System SafetyWorkingGroupSupport
HazardTrackingandRis-kResolution
T e s t and E v a l u a t i p n S a f e t y
System S a f e t yP r d g r e s s Summary
Qualific a t i ons o f Key Contractor System Safety Engineers/
Managers
- DESIGN AND EVALUATION
200-1 - 200-2
P r e l i m i n a r y H a z a r d L i s t ................................ 201-1 - 201-2
200
......
......................
.....
.
.....
...................
...................
..............
...............
...................
.
....................................
...............................................
......................................
....................... . .
......................
.. ........................
.................
........-...
............
Preliminary Hazard Analysis
202-1
Subsystem Hazard Analysis
203-1
System Hazard Analysis
204-1
Operati ng and Support Hazard Anal ysi S
205-1
Occupational Heal t h Hazard Assessment
206-1
Safety Verification
207-1
Training
208-1
S a f e t y Assessment
209-1
Safety Compliance Assessment
,
210-1
SafetyReviewofEngineering
Change Proposals and Requests f o r
211-1
Deviation/Waiver
Software Hazard Analysis
212-1
GFE/GFP System S a f e t y A n a l y s i s
213-1
c
Licensed by Information Handling Services
-
202-2
203-2
204-2
205-2
206-2
207-2
208-2
-
209-2
210-2
-
211-2
212-2
213-2
..
. . . . .
.
1
.......
__
.......
-c=-
MIL-STD-882B M 9999911 0359862 8 9 b M
...
_
.%
. .. . .
MIL-STD-882B
30 March 1984
APPENDIX A
GUIDANCE FOR IMPLEMENTATION OF
SYSTEM SAFETY PROGRAM REQUIREMENTS
1
Page
Paragraph
.
10
10.1
10.2
10.3
10.4
10.5
20
30
30.1
30.2
30.3
30.4
40
40.1
40.2
40.3
40.3.1
40.3.2
50
50.1
50.1.1
50.1.2
50.1.3
..
.
.
.
I
50.1.4
50.1.5
50.1.6
50.1.7
50.1.8
50.1.9
50.2
50.2.1
50.2.2
50.2.3
50.2.4
50.2.5
50.2.6
50.2.7
50.2.8
50.2.9
‘50.2.10
50.2.11
W
t
50.2.12
50.2.13
.................................................
...................................................
.................................................
....................................................
................................
......................
....................................
..............................
................................
.........................................
............................
..........................................
......................................
...................
.....................................
.........
........................
..............
.......
...................................
..............................
....
........................... .
.....................
..............................
..........................
....................................
.......... .....
.................................
.............................
...............................
..................................
...................
...................
.....................................
................................................
.......................................
............................
.........................
................................
..........................
GENERAL
Scope
Purpose
User
ContractualRequirements
Managing Acti v i t y Res ponsi b i l i t i es
REFERENCED DOCUMENTS
SYSTEM SAFETY REQUIREMENTS
System Safety Program Objectives and Design Requirements
System Safety Precedence
Risk Assessment
Action on Identified Hazards
TASK SELECTION
SelectionCriteria
ApplicationMatrix for Program Phases
Task Priori ti zat i on
Identifying and Quantifying System Safety Needs
Sel ecti ng Tasks to F i t the Needs
RATIONALE AND GUIDANCE FOR TASK SELECTIONS
Task Section 100 .Program Managementand Control
System Safety Program
System Safety Program Plan
Integrati on/Management of Associate Contractors.
Subcontractors and Architect and Engineering Firms
System Safety ProgramReviews
System Safety Group/System Safety Working Group Support
Hazard Tracking and Risk Resol ution
Test and EvaluationSafety
System Safety Progress Summary
Qualifications of Key Contractor System Safety
Engineers/Managers
Task Section 200 .Design andEva1 uation
Preliminary Hazard List
Preliminary Hazard Analysis
Subsystem Hazard Analysis
SystemHazard Analysis
Operat i ng and Support Hazard Analysis
OccupationalHealth Hazard Assessment
Safety Verification
Training
Safety Assessment
Safety Compliance Assessment
Safety Review o f Engineering Change Proposal S and
Requests for Devi a t i on/Waiver
Software Hazard Analysis
GFE/GFP System SafetyAnalysis
vi
i /
”
.
2470
Licensed by Information Handling Services
A-6
A- 1
A- 1
A- 1
A- 1
A- 1
A- 1
A- 2
A- 2
A-2
A- 3
A- 3
A- 3
A- 5
A- 5
A- 5
A- 5
A-8
A- 8
A- 8
A-8
A-8
A-8
A- 9
A- 9
A-10
A-10
A-10
Ar10
A-11
A-11
A-11
A-11
A-12
A-13
A-14
A-14
A-15
.A. 16
A-16
A-16
A-18
A-18
A-20
~
-~
-.
. L .
....-
I
"
MIL-STD-882B
W 9 9 9 9 9 3 3 0359863 7 2 2 W""".
MIL-STD-882B
30 March 1984
APPENDIX B
SYSTEM
SAFETY
I
PROGRAM REQUIREMENTS RELATED TO LIFE CYCLE PHASES
Page
Paragraph
60.
60.1
60.1.1
60.1.2
O
4
60.1.3
60.1.4
60.1.5
60.1.6
60.2
60.3
SYSTEM
SAFETY
PROGRAM REQUIREMENTS RELATED TO LIFE CYCLE
PHASES
Missi on Need Determi n a t i on Concept Expl o r a t i o n
Mission Need Determination
Concept Expl oration/Programmi ng and Requirements
Devel opmentPhase
Dëmonstration and Val i d a t i o n / C o n c e p t Design Phase
Fu1 1-Scal e E n g i neeri ng Devel opment/Fi na1 Desi gn Phase
Productionand Depl oymentPhase
C o n s t r u c t i o nP h a s e
SystemSafetyProgramRequirementsfor
Other A c q u i s i t i o n s
SystemSafetyRequirementsforTechnologyRequirements
..................................................
.
........
..............................
.....................................
.......
...
.........................
......................................
..
B- 1
B- 1
B- 1
B- 1
B-2
B-4
B-5
B-7
B-7
B-8
APPENDIX C
FOR MIL-STD-882B
DATA
REQUIREMENTS
4G?
Page
Paragraph
70.
DATA REQUIREMENTS FOR MIL-STD-882B
...............................
c- 1
TAB LES
Num ber
1
2
Page
.......
...........
APPLICATION
MATRIX
FOR SYSTEM PROGRAM DEVELOPMENT
APPLICATION MATRIX FOR FACILITIES ACQUISITION
A- 6
A-7
FIGURES
1
2
FIRST EXAMPLE HAZARD RISK ASSESSMENT
MATRIX
SECOND EXAMPLE HAZARD RISK ASSESSMENT
MATRIX
vii
a-7
Licensed by Information Handling Services
............
...........
A- 4
A- 4
THIS PAGE INTENTIONALLYLEFT
VI 11
A-8
Licensed by Information Handling Services
BLANK
MIL-STD-8826
30 March 1984
c
SYSTEM
SAFETY
1.
PROGRAM REQUIREMENTS
SCOPE.
1.1 Pur ose. This standardprovidesuniform
requirements f o r devel opi ng and
imp1 m e n t ng a system safety program of sufficient comprehensiveness t o ident i f y t h e hazardsof a system and t o impose designrequirements andmanagement
the associated
control S t o prevent mishaps by eliminatinghazardsorreducing
risk t o a 1eve1 acceptabl e t o the managing a c t i v i t y (MA). The term "managing
a c t i v i t y " usual 1y refers t o the Government procuring activity, b u t may i ncl ude
prime or associate contractors or subcontractors
who wish t o impose system
s a f e t y tasks on their suppliers.
-4"
1.2 A l i c a b i l i t
This standardappliesto
DoD systems and f a c i l i t i e s
i ncl u i n g test, maintenance and support, and training equipment. I t applies
t o a l l a c t i v i t i e s o f the system l i f e cycle; e.g., research,design,
technology development; t e s t and evaluation,production,construction,
operation and s u p p o r t , modification and disposal. The requirements will also
be appl i ed t o DoD i n - house programs
Y
II
.
1.3
Appl i c a t i on.
+
1.3.1 A 1 i n Tasks. Tasks described i n this standardareto
be
sel ecti vely app i ed i n DoD contract-defi n i t i zed procurements, requests for
proposal (RFP), statements of work (SOW), andGovernment in-house
developments requiring system safety programs for the development,
production, and i n i t i a l deploynentofsystems,
f a c i l i t i e s and equipment.
The word "contractor" herein al so i ncl udes Government a c t i v i t i e s devel opi ng
mil i t a r y systems and equipment
c
.
1.3.2 Tailoring ofTask
Descriptions. Task descriptionscontained i n
Section 5 a r e t o be tailored by the MA asrequired by governingregulations
and as appropriate to parti cul a r systems or equi ment program type ,
magnitude, and f u n d i n g , Intailoring the tasks,thedetail
and depthofthe
e f f o r t i s defined by- the MA and incorporated i n the appropriate contractual
may includeadditional
documents When preparingproposalsthecontractor
tasks or task modifications w i t h supporting rationale for each addition or
modffication.
.
8
Detailsto be Specified. The "Details t o be Specified"paragraph
under each task description i n Section 5 i s intended f o r l i s t i n g the specific
details, additions, modifications, deletions, or options to the-requirements
of the task t h a t should be considered by the MA when t a i l o r i n g the task
s t o be Specified"annotated by an
description to f i t program needs."Detail
"(R)" a r e required and must be provided t o the contractor for proper
implementation o f the task, i f the task is t o be contractually implemented.
1.3.2.1
1.3.2.2
Application Guidance. Applicationguidance and rationalefor
selecting tasks to f i t %he needs of a particul ar system safety program are
included i n appendices A and B. These appendicesaregenerallynotcontract u a l l y b i n d i n g ; however, the MA may choose t o impose portions o f Appendix B as
part o f Task 100.
í
1 .
247 3
A- 9
Licensed by Information Handling Services
MIL-STD-882B
30. March 1984
R--
1.3.2.3
Method o f Reference. When s p e c i f y i n gt h et a s k so ft h i ss t a n d a r d
as
c o n t r a c t u a lr e q u i r e m e n t s ,b o t ht h i ss t a n d a r d
andeach s p e c i f i c t a s k number
a r e t o be c i t e d . Appl ica b l e “ D e t a i l s To Be S p e c i f i ed” w
l
i be in c l uded i n
t h e SOW.
\”
*
1.3.3
C o n f l i c t i n gR e q u i r e m e n t s .
When c o n f l i c t i n gr e q u i r e m e n t so rd e f i c i e n c i e sa r ei d e n t i f i e dw i t h i ns y s t e ms a f e t yp r o g r a mr e q u i r e m e n t s ,t h ec o n t r a c t o r
s h a l ls u b m i tn o t i f i c a t i o n ,w i t hp r o p o s e da l t e r n a t i v e s
and s u p p o r t i n g
rationale,tothe
MA f o r r e s o l u t i o n .
2. REFERENCED DOCUMENTS. Referenceddocumentsarenotincluded
in this
document.Referenceddocumentsrequired
t o supplement t h i s m i l i t a r y
standardmust be s p e c i f i e d i n s y s t e ms p e c i f i c a t i o n s and o t h e rc o n t r a c t u a l
documents.
L
3.
3.1
DEFINITIONS AND ABBREVIATIONS.
Definitions.
The f o l l o w i n gd e f i n i t i o n sa p p l y :
3.1.1
C o n t r a c t o r . A p r i v a t es e c t o re n t e r p r i s eo rt h eo r g a n i z a t i o n a le l e m e n t
o f DoD o r any o t h e r Governmentagencyengaged
t op r o v i d es e r v i c e so rp r o d u c t sw i t h i na g r e e dl i m i t ss p e c i f i e d
by t h e MA.
3.1.2Damage.
The p a r t i a l o r t o t a l
1oss o f hardwarecaused.bycomponent
f a i l Ure; exposure o f hardware t o heat, f i r e , o r o t h e r e n v i r o n m e n t s ; human
e r r o r s ;o ro t h e ri n a d v e r t e n te v e n t so rc o n d i t i o n s .
A c o n d i t i o nt h a ti sp r e r e q u i s i t et o
3.1.3
Hazard.
3.1.4
HazardousEvent.
An o c c u r r e n c et h a ct r e a t e s
3.1.5
HazardousEventProbability.
q u a n t i t a t i v eo rq u a l i t a t i v et e r m s ,t h a t
a mishap.
a hazard.
in
The l i k e l i h o o d e, x p r e s s e d
a hazardousevent w
l
i occur.
3.1.6
H a z a r dP r o b a b i l i t y .
The a g g r e g a t ep r o b a b i l i t yo fo c c u r r e n c eo ft h e
i n d i v i d u a lh a z a r d o u se v e n t st h a tc r e a t e
a s p e c i f i ch a z a r d .
3.1.7
HazardSeverity.
An assessment o ft h ew o r s tc r e d i b l em i s h a pt h a t
c o u l d be causedby a s p e c i f i ch a z a r d .
3.1.8
Managing A c t i v i t y . The, o r g a n i z a t i o n a le l e m e n to f
DoD assigned
a c q u i s i t i o n management r e s p o n s i b i l i t y f o r t h e
system, o r p r i m e o r a s s o c i a t e
c o n t r a c t o r so rs u b c o n t r a c t o r s
who w i s h t o imposesystem s a f e t y t a s k s on t h e i r
suppl iers.
i n death,
3.1.9
Mishap. An u n p l a n n e de v e n to rs e r i e so fe v e n t st h a tr e s u l t s
i n j u r y , o c c u p a t i o n a l il1ness , o r damage t o o r l o s s o f equipment o r p r o p e r t y .
3.1.10
O f f - t h e - s h e l fI t e m .
An itemdeterminedby
a m a t e r i a la c q u i s i t i o n
decisionprocessreview
(DoD, M i l i t a r y Component, o r s u b o r d i n a t e o r g a n i z a t i o n
as a p p r o p r i a t e ) t o be a v a i l ab1 e f o r a c q u i s i t i o n t o s a t i s f y anapproved
2
.
.”
2474
Licensed by Information Handling Services
11-10
MIL-STD-882B
30March1984
materiel requirement w i t h no expenditure of f u n d s for deve1 opnent ,
modification,or improvement (e.g., commercial products,materiel
developed
by other Government agencies, or materiel developed by othercountries).
This
item may
be
procured by thecontractororfurnished
t o thecontractoras
Government-furnished equipment (GFE) or Government-furnished property (GFP).
3.1.1.1 Risk. An expressionofthe
severity and hazard probabil i t y .
p o s s i b i l i t y of a mishap i n terms of hazard
3.1.12 Safety. Freedom
from
thoseconditionsthat
can cause death,injury,
occupational il 1ness , or damage to or loss of equipment or property.
3.1.13 Subsystem.
system.
An element of asystem
t h a t , i n i t s e l f may constitute a
3.1.14 System. A composite, a t any level of complexity, o f personnel,
procedures , materials , tools , equi p e n t , facil i t i es , and software. The
elements of t h i s composite e n t i t y a r e used together i n theintended
operationalorsupport
environment t o perform agiven t a s k orachieve a
specific production, support, or missionrequirement.
3.1.15 System Safety. The application of engineering andmanagement
pri nci pl es , c r i t e r i a , and techniques t o optimize safety w i t h i n the
constraints of operationaleffectiveness,time,
and cost throughout a l l
phasesofthe
system l i f e cycle.
3.1.16 System Safety Engineer. An engineer who i s qualified by t r a i n i n g
and/or experienceto perform system safety engineering tasks.
3.1.17 System Safety Engi neeri ng. An engineering disci pl i ne requi ri ng
SDecializedprofessional
knowledge and s k i l l s i n applying s c i e n t i f i c and
engineering principles, criteria,
and techniquestoidentify
and eliminate
hazards, o r reduce the risk associated w i t h hazards.
3.1.18 System Safety Group/Working Group. A formallychartered group of
persons,representingorganizationsassociated
w i t h the system acquisition
program, organized to assist the MA system programmanager i n achievingthe
system safety objectives. Regul ations of the Mil i t a r y Components define
requirements, responsibilities, and memberships.
System Safety Management. An element of management t h a t definesthe
system safety program requirements and ensuresthe p l a n n i n g , implementation
and accomplishment ofsystem safety tasks and activities consistent w i t h the
overall program requirements.
3.1.19
3.1.20 System Safety Manager. A person responsible t o programmanagement
for s e t t i n g u p and managing the system safety program.
3.1.21System
Safety Program. The
combined
tasks and a c t i v i t i e s of system
safety managementand system safety engineering that
enhance operational
effectiveness by satisfying the system safety requirements i n a timely,
cost-effective manner throughout a l l phases of the system l i f e cycle.
3
247 5
Licensed by Information Handling Services
A-1 1
MIL-STD-882B
30March 1984
3.1.22 System Safety Program P l a n . A description of the planned methods t o
be used by the contractor to
implement thetailoredrequirements
of this stand a r d , includingorganizationalresponsibilities,resources,
methods of
accomplishment, milestones,depth o f e f f o r t , and integration w i t h other
program engi neeri ng and management acti v i t i es and re1 at'ed systems.
3.2 Abbreviations.Abbreviations
used i n this document aredefinedas
f 01 1ows :
Architect and Engi neeri ng Firm
AE
Cri t i cal Desi gn Review
CDR
CDRL
Contract Data Requirements List
CPCI
Computer Program Configurati on Item
Data I tem Des cri p t i on
DID
Department of Defense
DoD
Department of Trans p o r t a t i on
DOT
ECP
Engineering Change Proposal
EPA
E n v i ronmental Protection Agency
MA
Managing Acti v i t y
O&SHA
Operating & Support Hazard Analysis
Occupational Safety andHeal t h Administration
OSHA
P HA
Preliminary Hazard Analysis
P HL
Prel imi nary Hazard List
RFP
Request for Proposal
System Hazard Analysis
SHA
Statement of Work
sow
SSG
System Safety Group
SSHA
Subsystem Hazard Analysi S
SSPP
System Safety Program Plan
System Safety Working Group
SSWG
4.
4
SYSTEM SAFETY REQUIREMENTS.
4.1 System Safety Program. The contractorshallestablish
and m a i n t a i n a
system safety program t o support e f f i c i e n t and effective achievementof
overallobjectives.
4.2 System Safety Program Objectives. The system safety program shall
define a systematic approach t o make sure:
a . Safety,consistent w i t h missionrequirements
system i n a timely,cost-effective manner.
i s designed intothe
b. Hazards associated w i t h each system areidentified,evaluated,
and
el iminated, or the associated risk reduced t o a 1eve1 acceptable to the MA
throughouttheentire
l i f e cycleof a system. Risk shall be described i n risk
assessment terms (see paragraph 4.5 below).
1essons 1 earned from othersystems,
c. Histori cal safety data, including
areconsidered and used.
d. Minimum risk i s sought i n accepting and using new designs ,
materials, and production and testtechniques.
4
__
2676
Licensed by Information Handling Services
A-12
MIL-STD-882B
30 March 1984
c
e. Actionstaken to eliminate hazardsorreduce
acceptable to the MA are documented.
risk t o a 1evel
f . Retrofitactionsrequired
t o improve safetyare minimized t h r o u g h
the timely inclusion of safety features
d u r i n g research and development and
acquisition of a system.
.9 Changes i n design,configuration,ormissionrequirementsare
accomplished i n a manner t h a t maintains a risk 1evel acceptable to the
MA.
h. Consideration i s given t o safety,easeof
disposal , and
demilitarization of any hazardous materialsassociated w i t h the system.
i . Significantsafetydataare
documented as"lessonslearned"
submitted t o d a t a banks oras proposed changes t o applicabledesign
and specifications.
and are
handbooks
4.3 System Safety Design Requirements.
System safetydesignrequirements
will be specified after
reviewof pertinent standards, specifications,
regulation.s,design handbooks and other sources of designguidance for
appl icabil ity to the design
o f the system. Some general system safety design
requirementsare:
a. Eliminateidentifiedhazardsor
reduce associated risk t h r o u g h
design,includingmaterialselectionorsubstitution.
When potentially hazardous materials must be used, select those w i t h l e a s t risk throughout the l i f e
cycle o f the system.
b. Isolate hazardous substances, components, and operations from other
a c t i v i t i es, areas, personnel , and i ncompati bl e materi al s.
c. Locate equipment so thataccess during operations,servicing,
t o hazards
maintenance, repair, or adjustment m i nimi zespersonnelexposure
( e .g , hazardous chemi cal S, h i gh vol tage, el ectromagneti c radi a t i on, c u t t i ng
edges,orsharp
points).
.
d. M
i nimi ze ri s k resul t i ng from excessi ve envi ronmental condi ti ons
(e.9.)temperature,pressure,noise,toxicity,acceleration
and vibration).
e. Design t o minimize risk created by human error i n theoperation
and support of the system.
J
f. Consider al ternate approaches to minimize risk from hazards that
cannot be el imi nated. Such approaches incl ude inter1 ocks , redundancy,
f a i l safe desi gn, system protection, f i re suppression , and protective
cl oth i ng, equi pment , devi ces, and procedures.
g . Protectthe
redundantsubsystems
power sources,controls and c r i t i c a l components of
by physicalseparationorshieldi-ng.
h. When alternatedesign approachescannot eliminatethehazard,provide
warning and cautionnotes i n assembly, operations,maintenance, and repair
i nstructi ans , and d i s t i ncti ve markings on hazardous components and materi al S,
equipment, and facilitiestoensure
personnel and equipment protection. These
shall be standardized i n accordance w i t h MA requirements.
~
5
"_
2477
Licensed by Information Handling Services
A-13
I
MIL-STD-882B
99999LL 0359870 962
MIL-STD-882B
30 March 1984
i. M i n i m i z et h es e v e r i t yo fp e r s o n n e li n j u r yo r
t h e e v e n t o f a mishap.
damage t o equipment i n
.
j
Desi gn s o f t w a r e c o n t r o l 1ed o r m o n i t o r e d f u n c t i o n s t o
i n i t i a t i o n o f hazardouseventsormishaps.
m i nimize.
k.Reviewdesign
c r i t e r i af o ri n a d e q u a t eo ro v e r l yr e s t r i c t i v e
r e q u i r e m e n t sr e g a r d i n gs a f e t y .
Recommend
new d e s i g nc r i t e r i as u p p o r t e db y
s t u d y ,a n a l y s e s ,o rt e s td a t a .
4.4 System SafetyPrecedence.
The o r d e ro f precedence f o rs a t i s f y i n g system
s a f e t yr e q u i r e m e n t s and r e s o l v i n gi d e n t i f i e dh a z a r d ss h a l l
beas
follows:
.
a. D e s i g nf o r Minimum Risk. From t h ef i r s t ,d e s i g nt oe l i m i n a t e
hazards
I f an i d e n t i f i e dh a z a r dc a n n o t
be eliminated,reducetheassociated
MA, t h r o u g hd e s i g ns e l e c t i o n .
r i s k t o an a c c e p t a b l e l e v e l , as definedbythe
I f i d e n t i f i e dh a z a r d sc a n n o t
be
b. IncorporateSafetyDevices.
eliminatedortheirassociatedriskadequatelyreducedthroughdesign
s e l e c t i o n ,t h a tr i s ks h a l l
be reduced t o a 1e v e la c c e p t a b l et ot h e
MA through
t h e use o f f i x e d , a u t o m a t i c , o r o t h e r p r o t e c t i v e s a f e t y d e s i g n f e a t u r e s o r
d e v i c e s .P r o v i s i o n ss h a l l
be made f o rp e r i o d i cf u n c t i o n a lc h e c k so fs a f e t y
d e v i ces when appl icab1 e.
c.ProvideWarningDevices.
When n e i t h e rd e s i g nn o rs a f e t yd e v i c e sc a n
effectivelyeliminateidentifiedhazardsoradequatelyreduceassociated
r i s k , d e v i ces s h a l l be used t o d e t e c t t h e c o n d i t i o n
and t o produce an
o f thehazard.Warningsignalsand
a d e q u a t ew a r n i n gs i g n a lt oa l e r tp e r s o n n e l
t h e i r a p p l i c a t i o n s h a l l be d e s i g n e d t o m i n i m i z e t h e p r o b a b i l it y o f i n c o r r e c t
p e r s o n n e l r e a c t i on t o t h e s i gnal S and s h a l l be standardized w i t h i n 1 ike types
o f systems.
d. Deve1op Procedures and T r a i n i n g . Where i t i si m p r a c t i c a lt oe l i m i n a t e
h a z a r d st h r o u g hd e s i g ns e l e c t i o no ra d e q u a t e l yr e d u c et h ea s s o c i a t e dr i s kw i t h
s a f e t y andwarningdevices,procedures
and t r a i n i n g s h a l l beused.However,
w i t h o u t a s p e c i f i c w a i v e r , no w a r n i n g , c a u t i o n , o r o t h e r f o r m o f w r i t t e n a d v i s o r y s h a l l be used as t h e o n l y r i s k r e d u c t i o n
method f o r C a t e g o r y I o r II
hazards(asdefined
i n paragraph 4.5.1 b e l ow). Procedures may i n c l ude theuse
o f p e r s o n a lp r o t e c t i v ee q u i p m e n t .P r e c a u t i o n a r yn o t a t i o n ss h a l l
be standardi z e d as s p e c i f i e d by t h e MA. Tasksand a c t i v i t i e s j u d g e d c r i t i c a l
bythe MA
may r e q u i r e c e r t i f i c a t i o n o f p e r s o n n e l p r o f i c i e n c y .
4.5 R i s k A s s e s s m e n t D
. e c i s i o n sr e g a r d i n gr e s o l u t i o no if d e n t i f i e dh a z a r d s
s h a l l bebasedonassessmentof,
t h er i s ki n v o l v e d .
To a i dt h ea c h i e v e m e n to f
t h eo b j e c t i v e so fs y s t e ms a f e t y ,h a z a r d ss h a l l
be c h a r a c t e r i z e d as t o hazard
s e v e r i t y c a t e g o r i e s and hazard probabil i t y 1evel s, when p o s s i b l e . S i n c e t h e
p r i o r i t y f o r s y s t e ms a f e t yi se l i m i n a t i n gh a z a r d sb yd e s i g n ,
a r i s k assessment
procedureconsideringonlyhazardseverity
w
i
l generallysufficeduringthe
e a r l y d e s i g n phase t o m i n i m i z e r i s k .
When hazardsare n o t e l i m i n a t e d d u r i n g
t h e e a r l y d e s i g n phase, a r i s k assessmentprocedurebaseduponthehazard
p r o b a b i l i t y , as w e l l as h a z a r ds e v e r i t y ,s h a l l
beused t o e s t a b l i s h p r i o r i t i e s
f o r c o r r e c t i v e a c t i o n and r e s o l u t i o n o f i d e n t i f i e d hazards.
a
4.5.1 H a z a r dS e v e r i t y .H a z a r ds e v e r i t yc a t e g o r i e sa r ed e f i n e dt op r o v i d e
q u a l i t a t i v e measure o f t h e w o r s t c r e d i b l e m i s h a p r e s u l t i n g f r o m p e r s o n n e l
6
y,
2478
Licensed by Information Handling Services
A-l L
a
.
MIL-STD-882B
9999933 0 3 5 9 8 87 T
39
R
MIL-STD-882B
30 March 1984
error; environmental conditions;designinadequacies;proceduraldeficiencies;
or system, subsystem or component failureormalfunctionasfollows:
Mishap Defi n i t i on
Des cri p t i on
Category
CATASTROPHIC
I
Death o r system loss
CRITICAL
II
Severe injury,severeoccupational
i l 1ness, or major system damage.
MARGINAL
II I
Minor injury, minor occupational
i l 1 ness , or m i nor system damage.
Less t h a n minor
occupational
injury,
il 1 ness, or system damage.
IV
NEGLIGIBLE
Thesehazard severity categories provideguidance t o a wide variety of
programs. However, adaptation to a parti cul a r program i s generallyrequired
t o provide a mutual understanding between the MA and thecontractors as t o the
meaning o f theterms used i n the category defi n i tions. The adaptation must
define what consti tutes system l o s s , major or m i nor system damage, and severe
and m i nor injury and occupational il 1ness.
r
-i,
4.5.2 Hazard Probability. The probability t h a t a hazard will be created
d u r i n g the planned l i f e expectancyofthe
system can be descri bed i n potential
occurrences per u n i t of time,events,population,
i'tems, or activity.
Assigning a q u a n t i t a t i v e hazard probabil i t y t o a potential
design
or
A
procedural hazard isgenerally n o t possibleearly i n thedesignprocess.
qualitative hazard probabil i t y maybe derived from research, analysi s, a n d
evaluation of histori cal safety data
from simil a r systems.Supporting
rational e for assigning a hazard probabil i t y s h a l l be documented i n hazard
An exampl e of a qualitative hazard probabilityranking is:
analysis reports.
Descri p t i on*Level
L
Speci f i c I n d i v i dual I tem
F1 eetor
Inventory**
FREQUENT
A
Likely t o occur
frequently.
Continuously
experienced
PROBABLE
B
Will occur
several
tlmes
l i f e of an item
OCCASIONAL
C
Likely
occur
to
sometime
i n l i f e of an item
Will occur several
times
REMOTE
D
Unlikely b u t possible
Unlikely
to
occur i n l i f e of an item
b u t can reasonably
be expected t o occur
IMPROBABLE
E
in
Will occur
frequently
So unlikely, i t canUn1
be
i kely occur,
to
but
assumed occurence may n o t
possi bl e
be experienced
*Definitions o f descriptive words may have t o be modified based on quantity
i nvol ved.
**The s i z e of the f l eet or inventory shoul d be defined.
7
0-1
Licensed by Information Handling Services
MIL-STD-882B
."30March1984
I-.
4.6
A c t i o n on I d e n t i f i e d H a z a r d s .A c t i o ns h a l l
be taken t o e l i m i n a t ei d e n t i f i e d h a z a r d so rr e d u c et h ea s s o c i a t e dr i s k .
CATASTROPHIC andCRITICAL
hazardsshall be e l i m i n a t e d or t h e i r a s s o c i a t e d r i s k r e d u c e d t o
a l e v e l accepMA. If t h i si si m p o s s i b l eo ri m p r a c t i c a l ,a l t e r n a t i v e ss h a l l
be
t a b l et ot h e
recommended t o t h e MA.
5. TASK
DESCRIPTIONS.
The t a s kd e s c r i p t i o n sa r ed i v i d e di n t o
two general
s e c t i o n s :S e c t i o n
100,Program
Managementand
C o n t r o l and S e c t i o n 200, Design
and Eva1 u a t i on.
Custodi ans :
Army
AV
Navy AS
Preparing Activity
Air Force
10
-
-
-
Project
Revi e
w
ing A c t i v i t i es :
Army
AV, AT, SC, AR, M I
Navy
AS, O S , SH, YD, SA, EC
Air Force
11, 13,19,
26
-
/-
-
.
2480
Licensed by Information Handling Services
8
8-2
No.
- SAFT-O002
.
\.~
x
MIL-STD-882B
TASKSECTION 100
30 M a r c h 1984
TASKSECTION
100
PROGRAMMANAGEMENTANDCONTROL
i
Licensed by Information Handling Services
I
MIL-STD-882B
TASKSECTION 100
30 March 1984
'
THIS PAGE INTENTIONALLYLEFT
..
F
100-2
1434
Licensed by Information Handling Services
BLANK
IC
TASK 100
SYSTEM SAFETY PROGRAM
i
100.1 Purpose. The purposeof Task 100 i s t o conduct a basic system safety
in
program. The t o t a l system safety program i s this task pl us allothertasks
Sections 100 and 200 designated by the MA.
100.2 Task Description. Set up a system safety programwhich meets the
4., SYSTEM SAFETY REQUIREMENTS, and all other
requirementsofSection
desi gnated tasks i n Sections 100 and 200.
Detailsto
100.3
I
be Specified by the MA (Reference 1.3.2.1).
100.3.1
Detailsto
appl i ca bl e:
-
Imposition
(R) ofa.
~
I
,
(R) b .
be specified i n the SOW shallincludethefollowingas
Task 100.
Tailoring o f Section 4 t o meet specific program requirements.
(R) c.Acceptable
1eve1 of risk.
I
.r-
d.
Additionofotherspecific
system safety program requirements.
=&
c=
TASK 100
30 March 1984
100- 3
"
"
2483
Y
0-5
Licensed by Information Handling Services
I
.-
.
L
MIL-STD-882B
TASK 100
30 March1984
THIS PAGE INTENTIONALLYLEFT
TASK 100
30 March1984
Licensed by Information Handling Services
100-4
B-6
BLANK
MIL-STD-8626
9999933 0359877 237
MIL-STD-882B
30 March 1984
TASK 101
.
SYSTEM SAFETY PROGRAM PLAN
101.I Pur ose The purpose of the Task 101 i s t o deve1 op a system safety
pl an
I t shall describe i n detail tasks and a c t i v i t i e s of
program -+kPP).
system safety managementand system safety engineering required t o i d e n t i f y ,
evaluate, and eliminate hazards , or reduce the associated risk t o a 1 eve1
acceptable to the MA throughoutthesystem
life cycle.
101.2 Task Description. The contractorshalldevelop
a SSPP t o provide a
basis of understanding between the contractor and the MA as t o how the system
safety program will be accomplished t o meet contractualsafetyrequirements
included i n the general and special provisions of thecontract.
The SSPP
shallincludethe
following:
101.2.1 Program Scope and Objectives. Each SSPP shalldescribe,as
a minimum,
the four elements of an effective system safety program: a plannedapproach
for task accomplishment, qualified people t o accomplish tasks , a u t h o r i t y t o
imp1 ement tasks through a l 1 levels of management , and appropriate resources
both manningand f u n d i n g t o assuretasksare
completed. The SSPP shalldefine
aprogram t o s a t i s f y t h e system safetyrequirements imposed by the contract.
This section shall :
a.Descri be thescope
s a f e t y pro gram.
of theoverall
program and the re1atedsystem
b. List the tasks and a c t i v i t i e s o f system safety managementand
engineering. Descri be the i nterrel ations hips between system safety and other
functionalelements of the program. Other program requirements and tasks
applicable t o system safety shall be l i s t e d including the identification o f
where they are specified or described.
101.2.2
System SafetyOrganization.
The SSPP shalldescribe:
a . The system safetyorganizationorfunction
w i t h i n theorganization
the total program u s i n g charts t o show theorganizational and functional
re1 a t i ons h i ps , and 1 i nes of communi cati on.
of
b. The responsibility and authority of system safety person-nel , other
involved i n the system s a f e t y e f f o r t ,
contractororganizationalelements
unit
subcontractors , and system safety groups. Identifytheorganizational
responsible forexecuti ng each task. Identify the authority
i n regard t o
resol u t i on of al 1 identified hazards.
Include the name, address and t e l ephone
number of the system safety program manager.
c . The staffing of the system safetyorganizationfor
the duration of
the contract t o include manpower 1oading , control of resources
and the
TAS K1 O1
30 March 1984
101-1
Licensed by Information Handling Services
MIL-STD-882B
30 March1984
qualifications of key system safety personnelassigned , including those who
possesscoordination/approvalauthorityforcontractorprepareddocumentation.
d . The procedures by which thecontractor will integrate and coordinate
the system safety efforts including
assignmentofthe
system safety
requirements t o actionorganizations. and subcontractors,coordination of
subcontractor system safety programs , integration of hazard analyses, program
and designreviews, program statusreporting, and system safety groups.
e. The process through which contractor management decisions will be
made including timely notification, of unacceptable risks, necessary action,
mi shaps or mal functions , wai vers t o safety requirements , program devi ations ,
etc.
101.2.3
a.
System Safety Program Mil estones.
The SSPP shall :
Defi ne system safety program mil estones.
b. Provide a program schedule o f safetytasksincluding
start and
compl etion dates, reports, reviews,
and estimated manpower loading.
c.Identifyintegrated
system activities(i.e.,designanalyses,tests,
and demonstrations)applicable t o the system safety program b u t specified i n
otherengineeringstudies
t o precludeduplication.Includedas
a 'part o f this
sectionshall be theestimated manpower loadingrequiredto
do these tasks.
101.2.4
General System Safety Requirements and Criteria.
The SSPP shall:
a. Describegeneralengineeringrequirements
and design c r i t e r i af o r
safety. Describe safety requirements for support equipment and operational
safety requirements for a l l appropriate phasesof the l i f e cycle up t o , and
including,disposal.Listthesafetystandards
and system specifications
containingsafetyrequirementsthatshall
be complied w i t h by thecontractor.
Include t i t l e s , d a t e s , and where applicable, paragraph numbers.
b. Descri be the risk assessmentprocedures.
The hazard severity
categories, hazardprobabil i t y 1 evels, and the system safety precedence t h a t
shall be followed t o satisfythesafety
requirements of t h i s standard. State
any qualitative or quantitative measuresof safety to be used for risk
assessmentincluding a descriptionoftheacceptable
risk level.Include
in
system safety definitions which deviate from or are i n additiontothose
this standard.
c . Descri be closed-loop-procedures for taking action to resol ve
GFE and off-the-shelf equipment.
identified hazardsincludingthoseinvolving
101.2.5
Hazard Analyses,
The SSPP shalldescribe:
a. The anal ysi S techniques and formats to be used i n qualitative or
quanti tative analysis to identify hazards, their causes
and e f f e c t s , hazard
elimination, or risk reductionrequirements and how thoserequirementsare
met.
TASK 101
30 March 1984
101-2
6-8
Licensed by Information Handling Services
MIL-STD-882B
30 March 1984
b. The depth w i t h i n the system to which eachtechnique i s used including
components, perhazard identification associated w i t h thesystem,subsystem,
sonnel , ground support equipment, GFE, f a c i l i t i e s , and t h e i r i n t e r r e l a t i o n s h i p
i n the logistic support, training, maintenance,
and operationalenvironments.
. c.
The integrationofsubcontractor
hazardanalyses.
101.2.6
System Safety Data.
hazard analyses w i t h overall system
The SSPP s h a l l :
a . Descri be the approach for researching, d i s t r i b u t i n g , and analyzing
pertinenthistorical hazard or mishap data.
b.
Identifydeliverabledata
by t i t l e andnumber.
c. Identify non-del iverabl e system safety data and descri be the
procedures for a c c e s s i b i l i t y by the MA and retention of data of historical
value.
101.2.7
SafetyVerification.
The SSPP shalldescribe:
a. The verification(test,analysis,inspection,etc.)requirementsfor
i s adequatelydemonstrated.Identifyanycertification
making surethatsafety
requirementsforsafetydevicesorotherspecialsafetyfeatures.
F
L"
b. Procedures for making sure test information i s transmitted
the
to
for review and analysis.
c.
Procedure for ensuring thesafe
conduct of a l lt e s t s .
and
101.2.8 A u d i t Program. The SSPP shalldescribethetechniques
procedures t o be employed by the contractor to make sure the objectives
requirements o f the system safety program are beingaccomplished.
+.
101.2.9 Trainin
neeri ng , t e c n i ci
MA
and
The
SSPP
shalldescribethe
safety training for engian, operating
, and maintenance personnel
.
101.2.10 Mishapand Hazardous MalfunctionAnalysis and Reporting. The
contractor shall descri be i n the SSPP the .mishap and hazardous mal function
the MA.
analysisprocessincludingalerting
101.2.11
System SafetyInterfaces.
The SSPP shallidentify,
i n detail:
a. The interface between system safety and a l l otherapplicablesafety
and ordinance
disciplines suchas:
nuclear safety, range safety, explosive
s a f e t y , chemical and biological safety, laser safety
and any others.
b . The interface between system safety and a l l othersupportdisci pl ines
such as:maintenance,qualitycontrol,reliability,
human factorsengineering,
medical support (heal t h hazard assessments), and any others.
TASK 101
30 March 1984
2487
101-3
-
Licensed by Information Handling Services
B- 9
I
r
.
"-
.
"
MIL-STD-882B
m 9999933 0359880 803 m
~
.
"
..-
MIL-STD-882B
30 March 1984
6-
101.3
Details
to
be Specified by the MA (Reference
1.3.2.1).
101.3.1 Details t o be specified i n the SOW shallinclude
appl i cab1e:
(R)
a.ImpositionofTasks
(R) b.
fi cation of additional tasks
i nformati on t o be provided.
d.
required.
e.
-*
the following,as
100 and 101.
Identificationofcontractualstatusof
c.Identi
'i.c-
the SSPP.
t o be performed or additional
Format, content, and deliveryscheduleincludingupdatesof
any data
-
Requirements for reporting mis haps and hazardous mal functions.
S
i
TASK 101
30 March 1984
zsss
Licensed by Information Handling Services
101-4
3-10
"
. "
.
"
._ .
MIL"STD-882B
30 March 1984
c
TASK 102
INTEGRATION/MANAGEMENT OF ASSOCIATE CONTRACTORS, SUBCONTRACTORS, AND
ARCHITECT AND ENGINEERING FIRMS
1
102.1 Purpose. The purposeof
Task 102 i s to provide the system integrating
contractor and YA w i t h appropriate management surveillance o f other
contractors' system safety programs, and the capability t o establish and maint a i n uniform integrated system safety program requirements. This t a s k will
alsodescribearchitect
and engineeringfirms' ( A E ) system safety programs.
Task Description.
102.2
W
102.2.1
IntegratingContractor.
The contractordesignatedasintegratorfor
the safety functions of all associated contractors
shall :
&
a.Prepare
an integrated system safety program pl an (ISSPP) asthe SSPP
required by Task 101 defining the rol e of the integrator and the effort
required from each associate contractor t o he1 p integrate system safety
t o t a l system. In a d d i t i o n t o theothercontractually
requirementsforthe
imposed requirements from this standard,the p l a n s h a l l address and identify:
c-
(1) Analyses, r i s k assessment, and verification d a t a t o be developed by
each associatecontractor w i t h format andmethod t o be utilized.
( 2 ) Data each associatecontractor i s requiredto submit t o the
integrator and i t s scheduleddelivery keyed to program mil estones.
( 3 ) Schedule and otherinformationconsideredpertinent
by the
integrator.
( 4 ) Themethod of development of system 1eve1 requirements to be
as a p a r t of the system
allocated t o each oftheassociatecontractors
specification, end-item specifications, and otherinterfacerequirement
documentation.
( 5 ) Safety-relateddatapertainingtooff-the-shelfitems.
b. Initiateaction through the MA t o make sure each associatecontractor
i s requiredto be responsive t o the ISSPP.
Recommend
contractualmodification
where the need exists.
c. When conducting risk assessments, examine theintegrated system
design,operations, and specifically the interfaces
between theproducts of
be
each associatecontractor.
Data provided by associatecontractorsshall
used i n the conduct o f this effort.
When performing a safetyassessment, summarize the mishap risk
presented by theoperation o f theintegrated system.
d.
TASK 102
30 March 1984
102-1
-
"
Licensed by Information Handling Services
MIL-STD-882B
30 March1984
e. Provide assistance and guidance toassociatecontractorsregarding
safety matters
f . Resolve differences between associatecontractors
i n areasrelatedto
safety, especially during
development of safetyinputs t o system and item
specifications. Where prob1 ems cannot be resolved .by theintegrator,notify
the MA forresolution and action.
g. Initiateaction through the MA to make sureinformationrequired
by
or otherassociate
an associatecontractor (from theintegratingcontractor
provided i n an agreed-toformat.
contractors) t o accompl i s h s a f e t y t a s k s , i s
h . Develop a method ofexchanging
safetyinformation between
and conduct technical meetings between
contractors.Ifnecessary,schedule
t o discuss,review, and integrate the safety effort.
allassociatecontractors
i . Implement an a u d i t program to make suretheobjectives
and
requirements of the system safety program are beingaccomplished.
102.2.2 AssociateContractor.Associatecontractors
shall provide safety
and theintegrator
data and support needed by otherassociatecontractors
u n t i l theintegratordecides
t h a t such support i s no longernecessary and t h a t
decision i s approved by the MA.
102.2.3 Subcontractors.Applicableprovisions
of this standardshall
incl uded i n all contracts w i t h major subcontractors.
be
a. Major subcontractors shall be requiredto.maintainsuitable
have performed i n formats which will
documentation o f safetyanalysesthey
permitincorporation of t h e i r d a t a i n t o theoverallanalysis
program.
b.
Major subcontractors shall be requiredtodevelop
system safety
annexes t o the prime contractor's
program pl ans to be includedas
SSPP
c.Lessersubcontractors
and vendors shall be requiredtoprovide
informati on on' component and subassembly characteristi CS including fail Ure
modes, f a i l Ure rates; and possiblehazards, which will permit prime contractor
system.
personnel t o evaluatethe items for t h e i r impact on safetyofthe
102.2.4 Architect and Engineering Firms. The AE shall be responsiblefor
conducti nq facil itv hazard analyses and o t h e r f a c i l i t y SSPP functions as spec.
ified i n the SOW. -The AE shall-beresponsibleforsecuringtheexpertise
necessaryto perform therequired work and will have the same responsibilities
as a prime contractor i n hazard identification,tracking, and resolution. The
AE shall assure t h a t designsubcontratorsorconsultantsmaintain
and provide
suitable documentationof any safety analyses performed.
TASK 102
30 March1984
Licensed by Information Handling Services
102-2
MIL-STD-882B
30 March ,1984
102.3
Details t o be Specified by the MA (Reference1.3.2.1).
102.3.1 Details t o be specified i n the SOW shallinclude
appl i cab1e:
t h e following,as
the system safetyintegratingcontractor.
(R)
a.Designationof
(R)
b.
Impocition o f Tasks 100, 101 and102
c.
Format, content, and deliveryscheduleof
astailored.
any datarequired.
TASK 102
102-3
Licensed by Information Handling Services
3-1 3
30 March1984
.
. .
.
~.
"
MIL-STD-BBZB m 9 9 9 9 9 3 3 0359884 457 m
.
__
~
..
MIL-STD-8829
TASK 102
30 March 1984
THIS PAGE INTENTIONALLYLEFT
BLANK
B
TASK 102
30 March 1984
102-4
2492
..
Licensed by Information Handling Services
8-14
"
"
MIL-STD-88ZB
m
9999933 0359885 3 9 3
m
MIL-STD-882B.
30 March 1984
6
TASK 103
SYSTEM SAFETY PROGRAM REVIEWS
103.1 Purpose. The purposeof Task 103 i s t o establish a requirement for the
contractortopresent
system safety program reviews, t o periodically report the
status of the system safety program, and, when needed, t o supportspecial
requirements such ascertifications and firstflightreadiness
reviews.
103.2 Task Description. The contractorshallprovide
system safety program
reviews t o periodicallyreport t o the MA thestatusof
hazard analyses,safety
assessments, and other parts of the system safety program. Also, when needed,
the contractorshallsupportpresentations
t o Government certifying
a c t i v i t i e s such as munitions safety boards, nucl ear safety boards, or f l ig h t
safety reviewboards.
These may alsoincludespecial
reviews such as f i r s t
f l i g h t reviews orpre-constructionbriefings.
Details t o be Specified by the MA (Reference 1.3.2.1).
103.3
103.3.1
Details t o be specified i n the SOW shallincludethe
appl i cab1 e:
(R)
a.
Imposition of Tasks 100 and 103.
b.
Identification of reviews, theircontent,
c.
Method of documenting theresults
d.
Schedule for system safetyreviews.
f o l l o w i n g , as
and probable location(s).
of system safety reviews.
e.. Del i very schedule for any d a t a required prior t o and after the
rev i ews
.
TASK 103
30 March 1984
103-1
-
"
"
2493
Licensed by Information Handling Services
"
MIL-STD-BB2B
W 9 9 9 9 9 3 3 0359886 22T
..
MIL-STD-882B
TASK 103
30 March1984
,
"
THIS PAGE INTENTIONALLYLEFT
TASK 103
30 March1984
-r
"W
"
Licensed by Information Handling Services
103-2
BLANK
MIL-STD-882B
30 March 1984
c
TASK 104
SYSTEM SAFETY GROUP/SYSTEM SAFETY WORKING GROUP SUPPORT
Purpose. The purpose of Task 104 i s torequirecontractorsto
support
system safety groups (SSGs) and system safety working groups (SSWGs) which are
established i n accordance w i t h serviceregulationsorasotherwisedefined
by
the MA.
104.1
104.2 Task Description. The contractorshallparticipateas
an active member
by the
of MA SSG/SSWGs. Such participati on shallincludeactivitiesspecified
MA such as:
U
a.Presentation
of the contractorsafety
results of designoroperationsriskassessments.
program status, including
b. Summaries of hazard analysesincludingidentificationof
s t a t u s of resolution.
problems and
c.Presentation
of results o f analyses of R&D mishaps and hazardous
malfunctions i n c l u d i n g recommendations and actiontaken t o prevent future
recurrences.
d.
Documentation and distribution ofmeeting
e.
Responding t o actionitemsassigned
agendas and minutes.
by the chairman ofthe
SSG/SSWG.
Details t o be Specified by the MA (Reference 1.3.2.1).
104.3
Details t o be specified i n the SOW shouldincludethefollowing,as
appl i cab1 e:
104.3.1
(R)
a.
Imposition o f Tasks 100 and 104.
( R ) b. Contractor membership requirements and roleassignments,e.g.,
recorder, member , al ternate, or techni cal advisor.
( R ) c . Frequency ortotal
1ocations
.
number of SSG,!SSWG meetings and probable
d.
Specific SSG/SSWG supporttasks.
e.
Format, content, and del i veryschedul e o f any data required.
104-1
Licensed by Information Handling Services
c-J
TASK 104
30 March 1984
1
L
”*
r
MIL-STD-882B
TASK 104
30 March 1984
.-
.
-3
c
*
THIS PAGE INTENTIONALLY LEFT BLANK
m
1
TASK 104
30 March 1984
104-2
2496
Licensed by Information Handling Services
c-4
3
MIL-STD-88ZB
m 77777LL 0357887 T37 m
..
.
.
"
"
MIL-STD-882B
30 March 1984
c
TASK 105
HAZARD TRACKING AND R I S K RESOLUTION
105.1 Purpose. The purpose o f Task105
h a z a r d t r a c k i n g system.
istoestablish
a s i n g l ec l o s e d - l o o p
105.2 T a s kD e s c r i p t i o n .
The c o n t r a c t o rs h a l ld e v e l o p
a method orprocedure
t o documentand t r a c k h a z a r d s f r o m i d e n t i f i c a t i o n u n t i l t h e h a z a r d i s e l i m i natedortheassociatedriskisreducedto
a l e v e la c c e p t a b l et ot h e
MA, t h u s
A c e n t r a l i z e d file o r docup r o v i d i n g an a u d i t t r a i l o f h a z a r d r e s o l u t i o n s .
mentcal 1 ed a "hazard 1og" s h a l l be maintained. The hazard 1 og s h a l l c o n t a i n
as a m i nimum:
a.
D e s c r i p t i o no f eachhazard.
b.
Status o f eachhazard.
b
f
c. T r a c e a b i l i t y o f r e s o l u t i o n a c t i o n
oneachhazardfromthetimethe
hazard was i d e n t i f i e d t o t h e t i m e t h e r i s k a s s o c i a t e d w i t h t h e h a z a r d
MA.
.
reduced t o a l e v e al c c e p t a b l et ot h e
105.3
D e t a i l st o
105.3.1 D e t a i l s t o
appl ica b l e:
(R)
a.
(R) b.
was
be S p e c i f i e d by t h e MA (Reference 1.3.2.1).
be s p e c i f i e d i n t h e
I m p o s i t i o no fT a s k s
SOW s h a l li n c l u d et h ef o l l o w i n g
as
100 and 105.
Hazardthreshol d f o r i n c l u s i o n i n t h e h a z a r d
c.
Compl e t e s e t o f d a t a r e q u i r e d o n t h e h a z a r d
d.
Procedurebywhichhazardsareenteredintothe
1og.
1og, incl udi ng format
.
1og.
e. P r o c e d u r eb yw h i c ht h ec o n t r a c t o rs h a l lo b t a i nc l o s e - o u to rr i s k
MA ofeachhazard.
acceptancebythe
f.
Format,content,
and del iv e r y s c h e d u l e o f
any d a t a r e q u i r e d .
TASK 205
30 March 1984
105-1
c-5
Licensed by Information Handling Services
A
"
.
MIL-STD-882B
TASK 105
30 March1984
I
THIS PAGE INTENTIONALLY LEFT BLANK
TASK 105
30 March1984
105-2
2493
Licensed by Information Handling Services
C-6
MIL-STD-BB2B m 9 7 9 7 7 1 1 0357891 6 7 7
m
MIL-STD-882B
30March1984
TASK 106
TEST AND EVALUATION SAFETY
106.1 Purpose. The purpose of Task106 i s to make suresafetyisconsidered
i n t e s t and evaluation,toprovideexistinganalysisreports
and other safety
d a t a , and t o respond t o a l l s a f e t y requirementsnecessary
for testing
in-house, at other contractor facilities , and a t Government ranges , centers,
or 1 aboratori es.
106.2 Task Description. The contractor s h a l l make surethecontractortest
and evaluation safety activities
recommend actions and evaluateactions taken
t o reduceorcorrect
CATASTROPHIC andCRITICAL hazards i n the test and evaluationenvironment.Specific
t e s t and evaluationsafetyactivitytasks
shall
i ncl ude the fol 1owi ng:
106.2.1 Test and EvaluationPlanning.Planning
for t e s t and evaluation
safety from thebeginningofthecontractperiodtoconsiderthefollowing:
I
a.Test
program milestonesrequir i n g completionofhazard
assessments, or other safety studies.
analyses, risk
b. Schedule for analysis , eval u a t ion, and approval o f t e s t pl ans,
procedures, and other documents t o make sure safety i s considered d u r i n g a l l
t e s t i ng.
c. That t e s t equipments, install ation of t e s t equipments, and instrumentationareconsidered
i n hazard analysesprior t o t e s t start.
d . Meeting specializedrequirementsdesignated
by the MA and informing
the MA o f any identified hazards that are unique t o t h e t e s t environment.
106.2.2 Follow-up Actions. I n i t i a t i n g follow-upactiontoinsure
completion
of the corrective efforts
taken t o reduce or correct test
and evaluation
hazard s.
a
.
106.2.3 Reports.Maintainingarepositoryof
hazard/actionstatusreports.
Details to
106.3
t e s t and evaluation
be Specified by the MA (Reference1.3.2.1).
106.3.1 Details t o be specified i n the SOW shallincludethefollowing,as
appl i ca bl e:
(R)
a.Impositionof
Tasks 100 and 106.
( R ) b. Designation .of applicablespecialized
t e s t i ng.
(R)
system safety requirements for
c.
Scheduleformeetingrequirementsdesignated
d.
Format, content, and del iveryscheduleof
106-1
2499
Licensed by Information Handling Services
c-7
i n 106.2 above.
any data required.
TASK 106
30March1984
MIL-STD-8826
TASK 106
30 March 1984
- .
THIS PAGE INTENTIONALLYLEFT
BLANK
TASK 106
30 March 1984
106-2
Licensed by Information Handling Services
C-8
-*
,
-
..
"
."
I
- _"
.
MIL-STD-882B
30 March1984
c
I
TASK 107
SYSTEMSAFETY
!
PROGRESS SUMMARY
Purpose. The purpose o f Task 107 i s t o p r o v i d e a p e r i o d i cp r o g r e s s
report sumari zing the perti nent system safety
managementand e n g i n e e r i n g
activitythatoccurredduringthereportingperiod.
107.1
I
107.2 TaskDescription.
The c o n t r a c t o rs h a l lp r o v i d e
a p e r i o d i cs y s t e m
safetyprogressreportsummarizinggeneralprogress
made r e l a t i v e t o t h e
s y s t e ms a f e t yp r o g r a md u r i n gt h es p e c i f i e dr e p o r t i n gp e r i o d ,
and p r o j e c t e d
workfor .the n e x tr e p o r t i n gp e r i o d .
The r e p o r t s h a l l c o n t a i n t h e f o l 1 o w i n g
information:
a. A b r i e f summary o f a c t i v i t i e s , p r o g r e s s ,
and s t a t u s o f t h e s a f e t y
e f f o r t i n r e 1a t i o nt ot h es c h e d u l e dp r o g r a m
m
liestones. It s h a l l h i g h 1 i g h t
s i g n i f i c a n t achievements and prob1 ems. It s h a l li n c l u d ep r o g r e s st o w a r d
i n work.
completionofsafetydatapreparedor
e
b .N e w l yr e c o g n i z e ds i g n i f i c a n th a z a r d s
and s i g n i f i c a n t changes i n t h e
degree o f c o n t r o l o f t h e r i s k o f
known hazards.
C.
S t a t u so fa l
impl emen ted.
d.
1recommended
S i g n i f i c a n tc o s t
c o r r e c t i v ea c t i o n st h a t
have n o t been
and schedulechangesthatimpactthesafetyprogram.
e. D i s c u s s i o no fc o n t r a c t o rd o c u m e n t a t i o nr e v i e w e db ys a f e t yd u r i n gt h e
r e p o r t i n gp e r i o d .I n d i c a t ew h e t h e rt h e
documentswereacceptable
f o rs a f e t y
c o n t e n t and whetherornotinputstoimprovethesafetyposturewere
made.
f. Proposed agenda i t e m sf o rt h en e x ts y s t e ms a f e t yg r o u p / w o r k i n gg r o u p
meeting, i f suchgroupsareformed.
D e t a i l st o
107.3
be S p e c i f i e d by t h e MA (Reference L3.2.1).
107.3.1 D e t a i l s t o be s p e c i f i e d i n t h e SOW s h a l li n c l u d et h ef o l l o w i n g ,
appl ica b l e:
as
100 and 107.
(R)
a.
I m p o s i t i o no fT a s k s
(R)
b.
S p e c i f i c a t i o no fp r o g r e s sr e p o r t in gp e r i o d
c.Format,content,anddeliveryschedul
e of anydatarequired.
a
TASK 107
30 March1984
"
"
2501
-
Licensed by Information Handling Services
107-1
c-9
. Y
..
MIL-STD-BBZB
m 9997911 0359894 3Tb m
MIL-STD-882B
TASK 107
30 March 1984
T H I S PAGE INTENTIONALLY LEFT BLANK
TASK 107
30 March 1984
107-2
2502
Licensed by Information Handling Services
c-10
.
.
.
~
MIL-STD-BB2B
e
9999911 0359895 232
m
MIL-STD-882B
30 March 1984
c;
TASK 108
QUALIFICATIONS OF KEY CONTRACTOR SYSTEM SAFETY ENGINEERS/MANAGERS
108.1 Purpose. The purposeof Task 108 i s toestablishqualificationsfor
contractor system safety engineers and managers.
key
108.2 Task Description. The contractorshallassign
and retainqualified
individuals as key system safetyengineers and managers. Key engineers and
managers arethose who possesscoordinationor
approval authorityforcontractor documenfati on.
108.2.1 Pri nci pal System Safety Engi neer/Manager. Qual i f i cations of the
principal system safetyengineer or manager shall consist of one of each of
the options i n each ofthefol1 owing categories of education, t r a i n i n g , and
experience.
8
a. A minimum o f a Bache1 orofSciencedegree
i n engineering, appl i ed or
generalscience,orsafety
or business management.
b. Registration as a professionalsafetyengineer
i n one of thestates
of the United States, o r c e r t i f i c a t i o n by the Board o f Certified Safety
Professionals i n system safety.
c. Prior experienceasa
system safetyengineer on a f u l l -timebasis on
products or systems for a minimum of three (3) years d u r i n g theprecedingten
(10) years i n a t l e a s t one of thefollowingfunctionalareas:
1.
System Safety Management
2.
System SafetyAnalysis
3.
System Safety Design
4.
System Safety Research
5.
System SafetyOperations
6.
System SafetyAdministration
7.
System or EquipmentMishap
8.
Human FactorsEngineering
9.
Task Analysis
10.
Product
Assurance
Investigation
Engineering
11. Re1 i abil i t y Engi neering
TASK 108
30 March1984
108-1
2503
Licensed by Information Handling Services
c-11
*
.
"
"
.
MIL-STD-BBZB
9999933 035989b 379
m
MIL-STD-882B
30 March 1984
108.2.2 Other Safety Engi neers/Managers
engineers and managers shall be:
.
Qual i f i cati ons for other key safety
a. A minimum of a BachelorofSciencedegree
or busi ness management
generalscience,safety
.
.
i n engineering,appliedor
'
b Priordegree re1 ated experience of two (2) years i n a non-safety
f i e l d or one (1) year i n safety.
108.2.3 Waiver for Not Meeting Qualifications. The contractorshall submit a
requestfor waiver i f theprincipal system safetyengineer does not meet the
above qualifications.
108.3
Detailsto
108.3.1 Detailsto
appl ica bl e:
(R)
be Specified by the MA (Reference 1.3.2.1).
be specified i n the SOW shall include the following, as
a.
Imposi tionof
Tasks 100 and 108.
b.
Specification of other minimum qualifications.
TASK 108
30 March 1984
108-2
c-12
Licensed by Information Handling Services
I
MIL-STD-882B W 7777733 0357877 O05 W
MIL-STD-882B
TASK SECTION 200
30 March 1984
c
TASK SECTION 200
DESIGN AND ENGINEERING
-.
Y
200-1
2505
Licensed by Information Handling Services
C-1 3
I
MIL-STD-8BZB
m
9999933 0 3 5 9 8 9 8 T 4 1
m
MIL-STD-882B
TASK SECTION 200
30 March 1984
t
THIS PAGE INTENTIONALLYLEFT
BLANK
"t.
200-2
C-14
Licensed by Information Handling Services
MIL-STD-882B
30March 1984
TASK 201
PRELIMINARY HAZARD LIST
201.1 Purpose. The purpose of Task 201 i s t o compile a preliminary hazard
l i s t ( P m y e a r l y i n the system acquisition life cycle to enable the
MA t o
choose any hazardous areas on which t o p u t management emphasis.
201.2 Task Description. The contractorshall examine the system concept
shogtly after the concept defini t i o n e f f o r t begins andcompil e a PHL
identifying possi bl e hazards t h a t maybe
inherent i n thedesign.
The
contractor shall further investi gate sel ected hazards or
hazardous
characteristi cs identified by the PHL as directed by the MA t o determine t h e i r
significance.
(R)
a.ImpositionofTasks
b.
100 and
201.
Format, content, and del i very schedul e of ,any data required.
c.Identificationofspecialconcerns.
(.
201-1
2507
-.
Licensed by Information Handling Services
D- 1
TASK 201
30March 19
~
"
P
THIS PAGE INTENTIONALLYLEFT
TASK 201
30 March1984
-
201 2
D- 2
Licensed by Information Handling Services
BLANK
-
MIL-STD-882B
30 March 1984
c
TASK 202
PR!ELIMINARY HAZARD ANALYSIS
+
202.1 Purose.
The purpose o f Task 202 i s t o perform anddocument
a
cal
evaluate
p r e l i m i n a r y a z a r d a n a l y s i s (PHA) t o i d e n t i f y s a f e t y c r i t iareas,
hazards, and identify the safety design cri teri
a t o be used.
202.2 TaskDescription.
The c o n t r a c t o rs h a l pl e r f o r m
anddocument
a
i in a r y h a z a r d a n a l y s i s t o o b t a i n
an i n i t i a l r i s k assessment o f a concept
p r e lm
o r system, The PHA e f f o r t s h a l l be s t a r t e dd u r i n gt h ec o n c e p te x p lo r a t i o n
phase o r e a r l i e s t 1I f e c y c l e phases o f t h e p r o g r a m so t h a t s a f e t y
c o n s i d e r a t ions a r e in c l uded i n t r a d e o f f s t u d i e s and d e s i g n a l t e r n a t i v e s .
Basedon t h e b e s t a v a i l a b l e d a t a , i n c l u d i n g m i s h a p d a t a f r o m s i m i l a r s y s t e m s
and o t h e r 1essons 1 earned, hazards associated with the proposed design or
f u n c t i o n s h a l l be e v a l u a t e df o rh a z a r ds e v e r i t y ,h a z a r dp r o b a b i l i t y ,a n d
operstionalconstraint.Safetyprovisions
and a l t e r n a t i vesneeded t o
a 1eve1 a c c e p t a b l e t o
eliminate hazards or r e d u c e t h e i r a s s o c i a t e d r i s k t o
t h e MA s h a l l be considered. The PHA s h a l l c o n s i d e r t h e f o l 1 owing f o r
i d e n t i f i c a t i o n and e v a l u a t i o n o f h a z a r d s asa minimum:
.c
.S
b
a.Hazardouscomponents
(e.g.,
f u e l s ,p r o p e l l a n t s ,l a s e r s ,e x p l o s i v e s ,
t o x i c substances, hazardous construction materi al S, pressure systems, and
sources).
energy
other
b. S a rf e tl ayi nt et ed r fcaocnes i d e r a t i o n s
among various
elements
of
the system (e .g , m a t e r i a l c o m p a t i b i
i lti es, el ectromagnetlc i n t e r f e r e n c e ,
inadvertentactivation,fire/explosiveinitiation
and propagation,and
hardware and software control S)
.
.
.
c
Envi r o n m e n t a l c o n s t r a i n t s in c l u d i n g t h e o p e r a t i n g e n v i r o n m e n t s ( e .g
d r o p ,s h o c k ,v i b r a t i o n ,e x t r e m et e m p e r a t u r e s ,n o i s e ,e x p o s u r et ot o x i c
s u b s t a n c e s ,h e a l t hh a z a r d s ,f i r e ,e l e c t r o s t a t i cd i s c h a r g e ,l i g h t n i n g ,
e l e c t r o m a g n e t i ce n v i r o n m e n t a le f f e c t s ,i o n f z i n g
and n o n - i o n i z i n g r a d i a t i o n
in c l u d i n 1
ga s e r r a d i a t i o n )
.,
.
d. Operating,test,maintenanceandemergencyprocedures
(e.g.,human
f a c t o r s e n g i n e e r i n g , human e r r o r a n a l y s i s o f o p e r a t o r f u n c t i o n s
, t a s k s , and
as equipment layout, 1i g h t i n g
requirements;effectoffactors such
requirements p o t e n t i a l e x p o s u r e s t o t o x i c m a t e r i a l S , e f f e c t s o f n o i s e o r
r a d i a t i o n on human performance; 1i f e supportrequirements and t h e i r s a f e t y
i m p l i c a t i o n s i n manned systems, crash safety, egress, rescue, survival
, and
s a l vage)
,
.
e. F a c i l i t i e s ,s u p p o r te q u i p m e n t
(e.g.,
p r o v i s i o n sf o rs t o r a g e ,
assembly, checkout, prooftesti ng of hazardous systemsrassembl ies which
may
in c l ude t a x i c, f1 ammabl e, e x p l o s ve,
i
c o r r o s i ve o r c r y o g e n i c fl u i ds ; r a d i a t i o n
o r n o i s e mi t t e r s ; e l e c t r i c a l power sources) and t r a i n i ng(e.
t r a i n i ng and
c e r t i f i c a t i o n p e r t a i n i n g t o s a f e t y o p e r a t i o n s and maintenance
4 ..
i
TASK 202
30 March 1984
202-1
,
W"
~.
n-3
Licensed by Information Handling Services
.. ..
. "
-
.
.
...
" . -~
.
MIL-STD-BB2B
m
~
9999911 0359902 2T2
.-
-
MIL-STD-882B
30 ,March 1984
f . Safetyrelated equipment, safeguards, and possible a l ternate
approaches(e.g.,
interlocks, systemredundancy, hardware orsoftware f a i l
safedesignconsiderations,
subsystem protection,firesuppressionsystems,
personalprotective equipment, industrialventilation, and noise or r a d i a t i o n
barri ers )
'
u
.
202.3
Detailsto
202.3.1 Detailsto
appl i ca bl e:
(R)
a.Imposition
be Specified by the MA (Reference1.3.2.1).
be specified i n the SOW shall includethefollowing,as
of Tasks 100 and 202.
b. Format, content, and delivery schedul e o f any d a t a required,
i ncl udi ng m i nimum hazard probabil i t y and severity reporti ng thresholds
c. Any selected hazards or hazardous areasto
or excluded.
TASK 202
30March 1984
202-2
D-l
Licensed by Information Handling Services
.
be specifically examined
Y
MIL-STD-BB2B H 9999911 0359903 139 W
MIL-STD-882B
30 March 1984
TASK 203
SUBSYSTEM HAZARD ANALYSIS
Purpose. The purposeof Task 203 i s t o perform and document a
subsystemhazard analysis (SSHA) t o identify hazardsassociated w i t h design of
subsystems including component f a i l ure modes, c r i t i cal human error i n p u t s , and
hazards resulting from functional re1 a t i o n s h i p s betweencomponents and
equipments comprising eachsubsystem.
203.1
Task Description. The contractorshall
perform and document a
subsystem hazard analysi S t o identify all components and equi pments, i ncl u d i n g
software, whose performance,performancedegradation,functionalfailure,
or
inadvertentfunctioningcouldresult
i n a hazard or whose design does n o t
satisfycontractualsafetyrequirements.
The analysisshallincl
ude a
determi n a t i o n o f the modes of f a i l Ure including reasonabl e human errors as
well as sing1 e p o i n t fail ures and the effects on safety when failures occur i n
subsystem components. I f no specificanalysistechniquesaredirected,the
contractorshall o b t a i n MA approvalof technique(s)to be used prior t o
performing theanalysis.
The contractorshall update the SSHA when needed as
a r e s u l t of any system designchanges.
203.2
Details t o be Specified by the MA (Reference' 1.3.2.1).
203.3
203.3.1
Details t o be specified i n the SOW shallincludethefollowing,as
a ~ pilcab1 e:
(R)
a.
Imposition o f Tasks 100 and 203.
( R ) b. Format, content, and del i veryschedul e of any data required
mi nimum hazard severity and probabil i ty reporting thresholds.
c.
The specific subsystems t o be analyzed.
d.
Specification o f desiredanalysistechnique(s)and/or
i ncl u d i ng
format.
TASK 203
30 March 1sI84
203-1
D-5
Licensed by Information Handling Services
t...
-
.
L
.
~
.
.
- .
._. ..
"
MIL-STD-882B
W 7979911 0357904 075
MIL-STD-882B
TASK 203
30 March 1984
THIS PAGE INTENTIONALLY LEFT BLANK
W
TASK 203
30 March 1984
203-2
Licensed by Information Handling Services
D-6
~
m
- ".
.
.
MIL-STD-882B
30March 1984
TASK 204
SYSTEM HAZARD ANALYSIS
Purpose. The purpose of Task 204 i s t o perform and document a system
hazard analysis (SHA) t o determinethesafety
problem areas o f thetotal system
desi gn i ncl u d i ng potenti al safety cri t i cal human errors.
204.1
204.2 Task Description. The contractor s h a l l perform and document a system
hazard analysis t o identify hazards and assessthe risk ofthe t o t a l system
desi g n , including software, and specifically o f the subsystem interfaces.
This analysisshallinclude
a review of subsystems interrelationshipsfor:
a.
Compliance w i t h specifiedsafetycriteria.
b. Possi bl e independent,dependent, and simul taneoushazardousevents
including fail ures of safety devices and common cause t h a t could create a
hazard.
c. Degradation i n thesafetyof
a subsystem or thetotal
normal operationofanother
subsystem.
system from
Design changes t h a t affect subsystems.
d.
e.Effects
of reasonable human errors.
I f no specificanalysistechniquesaredirected,thecontractor
shall o b t a i n
MA approvaloftechnique
(S) t o beused
prior t o performing theanalysis.
The
SHA may
be
performed u s i n g similartechniquestothose
used forthe SSHA. The
contractor shall update the SHA when needed as a r e s u l t of any system design
changes.
’
204.3
Detailsto
be Specified by the MA (Reference 1.3.2.1).
204.3.1 Detailsto
appl icabl e:
(R)
a.
be specified i n the SOW shallincludethe
f o l l o w i n g , as
Imposition of Tasks 100 and
204.
b. Format, content, and del i veryschedul e of any datarequi-redincluding
minimum hazard severity and probabil i ty reporting thresholds.
c.Specification
of desiredanalysistechnique(s)and/orformat.
TASK 204
30March1984
204-1
252.3
Licensed by Information Handling Services
0-7
MIL-STD-882B
99999LL 0359906 948
MIL-STD-882B
TASK 204
30 March 1984
THIS PAGE INTENTIONALLYLEFT
TASK 204
30 March1984
204-2
I
2514
Licensed by Information Handling Services
0-8
BLANK
m
-
MIL-STD-882B
30 March 1984
c
TASK 205
OPERATING AND SUPPORT HAZARD ANALYSIS
an
205.1 Purpose. The purpose of Task 205 i s t o perform anddocument
operating and support hazard analysis (O&SHA) t o identify hazards and
recommend risk reduction al ternati ves d u r i n g a l l phases of intended systemuse.
205.2 Task Description. The contractor s h a l l perform and document an O&SHA
t o examine procedurallycontrol1 ed a c t i v i t i e s . The O&SHA identi fies and
evaluates hazards resulting from the imp1 ementation o f operations or tasks
pl anned system configuration/state a t
performed by persons,considering:the
each phase of activity; the facil i ty interfaces; the
planned environments (or
ranges thereof);the s u p p o r t i n g toolsorother
equipment specified for use;
and limitations;
operational/tasksequence,concurrenttaskeffects
or contractuallyspecified personnel
biotechnologicalfactors,regulatory
safety and heal t h requirements; and thepotential for unplanned events
includinghazardsi.ntroduced
by
human
errors. The O&SHA must identifythe
safety requirements (or a l ternati ves) needed t o eliminate identified hazards,
o r t o reduce theassociated risk t o a 1eve1which i s acceptable under either
The analysisshallidentify:
regulatoryorcontractuallyspecifiedcriteria.
a. Activities which occur under hazardous condlit i o n s , t h e i r
t o m i nimi ze r i s k d u r i n g these
periods, and the actions required
acti v i t i es/time periods.
b. Changes
needed
i n functionalordesignrequirements
hardware/software, facilities, tooling, or support/test
hazards orreduceassociatedrisks.
'
c. Requirements forsafetydevices
safety and 1i f e support equipment.
time
for system
equipment t o eliminate
and equipment, including personnel
d. Warnings, cautions, and special emergency procedures(e.g.,egress,
rescue,escape,render-safe,back-out,etc.).
e. Requirements for hand1 i ng, storage, transporation, mai ntenance , and
disposal of hazardous materi al s.
f.
Requirements forsafetytraining
and personnel certification.
The O&SHA documents system safety assessment of proceduresinvol ved i n :
system production,deployment, i n s t a l l a t i o n , assembly, test, operation,
maintenance, servicing, transportation, storage, modification,
demilitarization, and disposal. The contractor s h a l l update the O&SHA when
changes. I f no
needed as a r e s u l t of any system designoroperational
specificanalysistechniquesaredirected,thecontractor
shall obtain MA
approvaloftechnique(s)to
be used prior to performing theanalysis.
205-1
0-9
Licensed by Information Handling Services
TASK 205
30 March 1984
MIL-STD-882B
30 March 1984
Details t o be Specified by the MA (Reference1.3.2.1).
205.3
Details t o be specifiedinthe
appl i ca bl e:
205.3.1
(R)
a.
Imposition ofTasks
SOW shallinclude
the following, as
100 and 205.
( R ) b. Format, content, a n d del i very schedul e of any d a t a required, including
minimum hazard probabil i t y and severity reporting thresholds.
c.Specification
o f desiredanalysistechnique(s)and/orformat.
TASK 205
30 March1984
205-2
Licensed by Information Handling Services
i
0-10
1
MIL-STD-882B
30 March1984
I
c
TASK 206
OCCUPATIONAL HEALTH HAZARD ASSESSMENT
l
206.1 Purpose: The purpose of Task 206 i s t o perform and document an occupationalhealth hazard assessment (OHHA) t o identify heal t h hazards and propose
protective measures t o reducetheassociated
risk t o a levelacceptable t o the
MA.
Task Descri p t i on
206.2
206.2.1 -An OHHA shall be performed and documented t o identifyhealth hazards
and t o recommend engineering control S , equipment , and/or protecti ve procedures , t o reducetheassociated
risk t o a 1 evel acceptable t o the MA.
Specific occupational heal t h hazards and impacts that shall be
considered
i ncl ude :
a . Toxi c material s (e.g. , carcinogens or suspected carcinogens
poisons , asphyxiants and respiratory irritants).
, systemic
y
b . Physicalagents(e.g.,noise,heat
non-ionizing r a d i a t i o n ) .
or cold s t r e s s , i o n i z i n g and
c . System, facil i t y and personnel protective equipment design
requirements(e.g.,ventilation,noiseattenuation,
r a d i a t i o n barriers,etc.)
t o all ow safeoperation and maintenance. When feasibleengineeringdesigns
are n o t a v a i l ab1 e t o reduce hazards t o acceptable levels , al ternati ve
protective measures must be specified(e.g.,protectiveclothing,specific
operation or maintenance practices t o reduce r i s k t o an acceptable 1 evel ).
Details t o be Specified by the MA (Reference 1.3.2.1).
206.3
206.3.1
Details t o be speci'fied i n the SOW shall includethe
appl i ca bl e:
(R)
a.Imposition
b.
.
f o l l o w i n g as
o f Tasks 100 and 206.
Format y content, and deliveryschedule
-.
of any d a t a .required.-
TASK 206
f
30 Mqrch 1984."
206-1
14 69
Licensed by Information Handling Services
.( MIL-STD-882B
. TASK 206
30 March 1984
,
THIS PAGE INTENTIONALLYLEFT
'
TASK 206 .
30 March 1984
206-2
0-12
Licensed by Information Handling Services
BLANK
.
"
MIL-STD-882B
30 March 1984
c
=.
TASK 207 .
SAFETY VERIFICATION
..
. -
..
207.1 Purpose. The purposeof Task 207 i s t o define and perform t e s t s and
demonstrations or use other verification methods on s a f e t y c r i t i c a l hardware,
compliance w i t h safetyrequirements.
software, and procedurestoverify
*
.rc"
L
207.2 Task Description. The contractorshalldefine
and perform t e s t s ,
compliance w i t h safety requirements on
demonstrations, or otherwiseverifythe
s a f e t y c r i t i cal(defined by the MA) hardware, software, and procedures.
Induced or simulated f a i l uresshall be considered t o demonstratethefailure
equipment and software. Where
mode and acceptabilityofsafetycritical
hazards are identi f i ed d u r i n g the deve1opment e f f o r t and i t cannot be
whether theactiontaken
will adequately
determined by analysisorinspection
reducethe risk, safety tests shall
be conducted toevaluatetheeffectiveness
o f theactionstaken.
SSPPs and t e s t program plans s h a l l be revisedto
includethesetests.
Where costsforsafetytesting
Wou1 d be p r o h i b i t i v e ,
.
safety characteristics or procedures may
be
verified by engineeringanalyses,
mockups, or subscale/model simulation,
analogy, 1 aboratory test, functional
when approved by the MA. Specificsafetytestsshall
be integratedinto
appropriate system t e s t and demonstrationplans t o the maximum extent
possible.Testplans,testprocedures,
and results of alltestsincluding
.
designverification,operationalevaluation,technical
d a t a validation and
and shelf-life validation shall be
verification, productionacceptance.,
reviewed t o make sure:
a . Safety o f thedesign i s adequatelydemonstrated(includingoperating
and maintenance procedures), i nc] u d i ng v e r i f i c a t i o n of safety devi ces, warning
devi ces, etc. for
a l l CATASTROPHIC hazards n o t eliminated by design.
b. Results of safetyevaluations
and eval u a t i on reports.
Details t o be Specified by the MA (Reference 1.3.2.1).
207 .3
207.3.1 Details t o be specifiedinthe
a p p l i cab1 e:
(R)
o f the system are included i n thetest
a.Imposition
SOW shall includethefollowing,as
o f Tasks 100 and 207.
(R) b . Definition of safetycriticaloridentification
equipment and procedures.
i
o f safetycyitical
c. Deve1opment of or i n p u t s t o t e s t pl ans,procedures
verify safety requirements.
d.
Format, content, and deliveryscheduleof
and reports to
any d a t a required.
~
TASK 207
30 March1984
207-1
Licensed by Information Handling Services
MIL-STD-BB2B m 9999933 0359932 143 m
MIL-STD-882B
TASK 207
30 March1984
THIS PAGE INTENTIONALLYLEFT
TASK 207
30 March1984
"
~_"
2220
__ - -
207-2
I
Licensed by Information Handling Services
0-1
4
BLANK
MIL-STD-882B
30March 1984
c
TASK 208
TRAINING
208.1 Purpose. The purpose of Task 208 i s t o provide training for necessary
c e r t i f i c a t i o n of contractor andGovernment personnel who will be i n v o l ved w i t h
contractor activities i n such subjectsas hazard types and theirrecognition,
causes, effects, and preventive and control measures;procedures,
check1 i s t s ,
and human error; safeguards, safety devi ces, protecti ve equi ment ; moni tori ng
and warni ng devi ces; and conti ngency procedures.
Task Descri p t i on.
208.2
1
and Support Personnel. The contractor
208.2.1 T r a i n i n g ofTest,Operating,
shall conductasystem
safety training program for c e r t i f i c a t i o n of t e s t ,
operating and support
personnel.
Approved safety procedures
shall
be included
i n instruction 1esson pl ans and student exami nation for the training o f
engi neeri ng , techni ci an, operati ng, and maintenance personnel
Contractor
test, operations, and f i e l d support personnel shall be c e r t i f i e d as having
completeda trainingcourse i n safetyprinciples and methods. Specific
certificationrequirementsshall
be established by a program c e r t i f i c a t i o n
board t h a t includesthe system safety manager asa member.
.
208.2.2 TrainingofPersonnel
Invol ved i n Design, Deve1 opnent , and
Production. The contractor shall deve1op safetytraining programs using
r e s u l t s o f system and operating hazard analyses, and shall provi de for
specific types and 1 eve1 s o f contractor personnel : i .e , managers, engi neers,
and techniciansinvolved i n design,productassurance,
t e s t , and production.
.
208.2.3 Training of Government Personnel. Contractor safety t r a i n i n g shall
al so i ncl udeGovernment personnel who will be i n v o l ved i n contractor
activities.
208.3
Detailsto
be Specified by the MA (Reference 1.3.2.1).
208.3.1. Detailsto
appl i ca bl e:
(R)
be specified i n the SOW shallincludethefollowing,
a.
Impositionof
b.
Format, content, and deli veryscheduleof
Tasks 100 and
208.
208-1
c
Licensed by Information Handling Services
as
E-1
any d a t a required.
TASK 208
30March 1984
flIL-STD-8828
TASK 208
30 March 1984
..
.
THIS PAGE INTENTIONALLY LEFT BLANK
TASK 208
30 March 1984
208-2
Licensed by Information Handling Services
,
MIL-STD-882B
30 March' 1984
TASK 209
SAFETY ASSESSMENT
209.1 Purpose. The purpose o f Task 209 i s to perform anddocumenta
comprehensive evaluation of the mishap risk being assumed p r i o r t o t e s t
operation of a system or at contract completion.
or
209.2 Task Description. The contractorshall perform and documenta safety
assessment to identify all safety features of
the hardware, software, and
systemdesign and toidentifyproceduralhazardsthat
may
be
present i n the
system being acquired i ncl u d i ng s p e c i f i c procedural control S and precautions
t h a t should be fol1 owed.The
safetyassessmentshall
summarize:
a. The s a f e t y c r i t e r i a and methodology used t o cl assify and rank
hazards.
b. The analyses and t e s t s performed toidentifyhazardsinherent
system,including:
i n the
1. Those hazardsthat s t i l l havea residual risk, and theactions
t h a t havebeen taken t o reduce the associated risk t o a1 eveicontractually
s peci f i ed as acceptabl e.
2. Results of tests conducted t o val i d a t e s a f e t y c r i t e r i a
requirements and analyses.
c. The resultsofthesafety
program efforts.Include
a l i s t of a l l
w i t h s p e c i f i c s a f e t y recommendations or precautions
significanthazardsalong
requiredtoensuresafety
o f personnel and property.Categorizethe
l i s t of
hazardsasto
whether or not they may be expected under normal or abnormal
operati ng condi t i ons
.
d.
Any hazardousmateri alsgenerated
by o r used i n thesystem,
including:
1.
Identification o f materialtype,quantity,
and potentialhazards.
2. Safetyprecautions and proceduresnecessary d u r i n g use,storage,
transportation, and disposal.Includeallexplosiveshazardclassification
data deve1 oped i n accordance w i t h Expl osi ves Hazard C l assi f i cation Procedures.
3. A copy of the MaterialSafety
DD Form 1813).
Data Sheet (OSHA Form 20 o r
e. Conclude w i t h a signed statementthatallidentifiedhazards
have
been eliminatedor their associated risks controlled t o levels contractually
specified as acceptable, and t h a t the system i s ready t o t e s t or operate or
proceed t o the next acquisition phase.Inaddition,
the contractorshall make
TASK 209
30 March 1984
209-1
"
2523
Licensed by Information Handling Services
E-3
" _
MIL-STD-882B
30 March 1984
,
-
r.ecommendations appl icabl e t o hazards attheinterfaceof
other;system(s)ascontractuallyrequired.
209.3.
..
Detailsto
his system w i t h the
be Specified by the MA (Reference1.3.2.1).
209.3.1 .Detailsto
app1.i ca ble:
be specified i n the SOW shallincludethefollowing,as
(R)' a.Imposition
ofTasks
b.
100and209.
Format, content, and del ivery
schedule
,
I
.
-
TASK 209
30 March1984
2524
Licensed by Information Handling Services
209-2
€-4
of
any
data
red.
.>
...
. *-
I
MIL-STD-BB2B
9999933 0359937 723
MIL-STD-882B
30 March1984
I'
TASK 210
SAFETY COMPLIANCE ASSESSMENT
210.1 Purpose. The purpose of Task 210 i s t o perform and document a safety
compliance assessment t o verify compliance w i t h mil i t a r y , federal , n a t i o n a l ,
and industry codes imposed contractually or by 1 aw t o ensuresafedesign
of a
system, and t o comprehensively evaluate the safety risk
being assumed prior t o
t e s t or operation o f a system or a t contract compl e t i on.
5
210.2 Ta.sk Description. The contractorshall
perform and document a safety
compl i ance assessment t o identify anddocument compl i ance w i t h a p p r o p r i ate
The assessment i d e n t i f i esthe
desi gn and operational safety requirements.
contractually imposed standards,specifications, and codes appropriate t o the
The
safety of the system and documents compl iance w i t h theserequirements.
assessment. incl udes necessary hazard anal ysi S , desi gn drawi ng and procedural
reviews, and equipment inspections. The assessment shallincorporatethe
to
scope and techniques of PHA, SSHA, SHA, and O&SHA t o theextentnecessary
assurethesafedesign,operation,
maintenance , and support o f thesystem.
A
safety compl iance assessment shall :
a . Identify contractual mil i tary, federal , n a t i o n a l , and industry safety
specifications,standards, and codes applicable t o the system and document
and procedures w i t h theserequirements.
compl ianceofthedesign
b. Identify and evaluateresidual
hazards inherent i n the system or t h a t
a r i s e from system-unique i n t e r f a c e s , i n s t a l l a t i o n , t e s t , o p e r a t i o n ,
maintenance,
or support.
c. Identify necessary special ized safety desi
gn features , devi ces ,
procedures , s kill s , trai n i ng , facil i t i es , support requi rements , and personnel
protecti ve equipment.
d. Identify hazardous materials and theprecautions
and procedures
necessary for safe storage , hand1 i n g , transport , use, and disposal of the
materi al
.
Details t o be Specified by the MA (Reference 1.3.2.1).
210.3
210.3.1 Detailsto
appl i ca bl e:
(R) a.
b.
i
Impositionof
be specified i n the SOW shall -includethe
Tasks 100 and 210.
Format, content , and delivery schedul e of any d a t a required,
21 0-1
2525
f o l l o w i n g , as
,
Licensed by Information Handling Services
€-S
TASK 210
30 March1984
MIL-STD-882B
TASK 210
30 March 1984
THIS PAGE INTENTIONALLYLEFT
BLANK
L
I.
~
J
TASK 210
30 March 1984
-.. ,
210-2
~
”
2526
Licensed by Information Handling Services
€-S
MIL-STD-882B
30 March1984
TASK 211
SAFETY REVIEW OF ENGINEERING CHANGE PROPOSALS AND
REQUESTS FOR DEVIATION/WAIVER
211.1.
Purpose. The purpose o f Task211 i s t o p e r f o r m anddocument
analyses
o f e n g i n e e r i n g changeproposals (ECPs) a n dr e q u e s t sf o rd e v i a t i o n / w a i v e rt o
determinethesafetyimpactonthesystem.
211.2
TaskDescription.
211.2.1
ECP E v a l u a t i o n s . The c o n t r a c t o rs h a l a
l nalyze
each ECP t od e t e r m i n e
t h eh a z a r d sa s s o c i a t e dw i t h
it, a s s e s st h ea s s o c i a t e dr i s k ,
and p r e d i c t t h e
safetyimpactofthe
ECP o n t h e e x i s t i n g system. The b a s i s f o r d e t e r m i n i n g
t h a t no hazardsareintroducedbythe
ECP must be explained and anynecessary
s u p p o r t i n ge v i d e n c ei n c l u d e d
i n theevaluationdocumentation.
When an ECP i s
1eve1 o f s a f e t y o f t h e e x i s t i n g system, t h e MA must
determined to decrease the
be so n o t i f i e d .
211.2.2
Requests f o rD e v i a t i o n / W a i v e r .
The contractorshall,analyzeeach
requestfordeviation/waivertodetermi
ne thehazards and a s s e s s t h e r i s k o f
t h ep r o p o s e dd e v i a t i o nf r o mo rw a i v e ro f
a r e q u i r e m e n t ,o r a s p e c i f i e d m e t h o d
o r process. The change i n t h e r i s k i n v o l ved i n a c c e p t i ng t h e d e v i a t i o n o r
w
i
l be
w a i v e rs h a l l be i d e n t i f i e d . When t h el e v e lo fs a f e t yo ft h es y s t e m
or w a i v e r o f t h e r e q u i r e m e n t , method, o r process,
r e d u c e db yd e v i a t i o nf r o m
t h e MA mustbe so n o t i f i e d .
211.3.
D e t a i l st o
211.3.1
D e t a i l st o
appl icab1 e:
(R)
MA (Reference 1.3.2.1).
b eS p e c i f i e db yt h e
be s p e c i f i e d i n t h e
SOW s h a l li n c l u d et h ef o l l o w i n g ,
a.
I m p o s i t i o no f Tasks100and
b.
Format,content,anddeliveryschedul
as
211.
e o f anydatarequired.
TASK 211
30 March1984
211-1
-.
Licensed by Information Handling Services
E-?
MIL-STD-882B
TASK 211
30 March1984
THIS PAGE INTENTIONALLYLEFT
TASK 211
30 March1984
211-2
2528
LLicensed by Information Handling Services
E-8
BLANK
MIL-STD-882B
30 March 1984
TASK 212
SOFTWARE HAZARD ANALYSIS
Purpose. The purpose of Task 212 i s t o perform anddocument
a software
hazard analysis t o identify hazardous conditions incident t o safety cri t i cal
by the PHA,
operator information and commandand controlfunctionsidentified
SSHA, .SHA, or other efforts.
212.1
212.2 Task Description, The contractor s h a l l perform and document software
hazard analysis. on safety critical software-control1 ed functions t o identify
software errors/paths whichcou1 d cause unwanted hazardous condi t i ons.
212.2.1
PreliminarySoftware
Hazard Analysis. These e f f o r t s shall examine
softwaredesign t o identify unsafe inadvertent
cornmand/failUre-to-commandmodes
for resolution. This effortshall be.accomplished by tracingsafetycritical
operator information and commands t h r o u g h flow charts y storage allocation
charts , software and hardware specifications , and other appl icabl e
documentati on.
’
212.2.2
Fol1 ow-on Software Hazard Analysis. These effortsshall examine
software and i t s system interfaces for events, faults y and occurrences such as
t i m i n g which could-cause or contri bute t o undesi red events affecting safety.
This effort shall be accomplished by tracing safety cri t i cal operator
information andcommands through source/object code throughsystem simulation
and through other appl i cab1 e documentation. Safety cri t i cal programs/modul es
shall be analyzed for sensitivity t o software or hardware f a i l ures ( b i t
transformatio.n,.register perversion,interfacefailures,etc.)
which could
causethe system t o operate i n a hazardous manner.
i
.
Detailsto
212.3
be Specified by the MA (Reference 1.3.2.1).
212.3.1 Details to be specified i n the SOW shallincludethe
a p p l icabl e:
(R)
a.
Imposition o f Tasks 100 and 212.
(R)
b.
Defi n i t i o n of s a f e t y c r i t i cal
c.
Format , content, and delivery schedul e of any d a t a required.
d.
Degree of fault-to1erance
.
for Category I and I I hazards.
TASK 212
/
.
212-1
.r’
.
f o l l o w i n g , as
”-”-------”
”
2529
Licensed by Information Handling Services
€99
30 March1984
.
2.
.
J-.
.
MIL-STD-882B
TASK 212
30 March1984
THIS PAGE INTENTIONALLYLEFT
.
.
TASK 212
30 March1984
21 2-2
Licensed by Information Handling Services
BLANK
MIL-STD-882B
30 March 1984
TASK 213
GFE/GFP SYSTEM SAFETY ANALYSIS
213.1 Purpose. The purpose o f Task 213 i s t o make sure system safety
analyses for GFE/GFP are considered for integrati on into the system.
213.2
Task
Description. The contractorshallidentifythesa
f ety crit i cal
performance and design d a t a needed t o incorporatethe GFE/GFP i t ems.
213.2.1 Ifthe d a t a i s available and i s t o be supplied by the MA, the
contractor shall :
a.Identifythe
analysesare needed.
system safetyanalyses
t h a t are needed, a nd when these
b. Identify t o the MA any additional system safetyanalyses t h a t are
needed for interfaces between t h e GFE/GFP and the .rest o f thesystem.
c
c.
Perform theanalysis
upon receipt of MA approval t o do so.
a . Develop and submit t o the MA a proposed method for determining needed
safety-critical d a t a by a n a l y s i s ,t e s t , and/orinspection.
,
b.
213.3
Imp1ement
the approved method upon receipt of MA approval t o do so.
Details t o be Specified by the MA (Reference 1.3.2.1).
(R) a.
Imposition of Tasks 100 and 213.
( R ) b.
Definition of s a f e t yc r i t i c a l .
c. Format , content , and del i very schedule for any d a t a required
i ncl udi ng mi nimum hazard severity and probabil i ty reporti ng thresholds
.
TASK 213
!
30March
213-1
2532
E-11
Licensed by Information Handling Services
1981
,"
..~
.. -
MIL-STD-BB2B
MIL-STD-882B
TASK 213
30March1984
THIS PAGE INTENTIONALLYLEFT
TASK 213
30March1984
213-2
,--
-
"
"
2532
-
Licensed by Information Handling Services
BLANK
MIL-STD-BBZB m 9 9 9 9 9 3 3 0359925 B T T m
MIL-STD-882B
APPENDIX A
30 March1984
Appendix A
GUIDANCE FOR IMPLEMENTATION OF
SYSTEM SAFETY PROGRAM REQUIREMENTS
10. GENERAL. System safety i s theelement ofsystems
engineering i n v o l v i ng
theapplication of scientificand,engineeringprinciples
for thetimely
to
identification of hazards and i n i t i a t i o n o f theactionsnecessary
eliminatehazards or reduce theassociated risk t o an acceptablelevel w i t h i n
the system. I t draws upon professional knowledge and specializedskills i n
the mathemati cal , physical , and re1 ated s c i e n t i f i c d i s c i pl i nes, together
w i t h the pri ncipl es and. methods of engi neeri ng design and anal ysi S t o
specify,predict, and evaluatethesafety
o f the system. The degree o f
safety achieved in a system i s d i r e c t l y dependent upon the emphasis given.
This emphasis must be applied by the. Government and contractors d u r i n g a l l
phases o f the, 1i f e cycl e. Design s a f e t y i s a prelude t o operationalsafety
and the goal i s t o produce an inherentlysafe product t h a t will have the
or r e s t r i c t i o n s .
minimum operationalsafetyrequirements
10.1 Scope. This appendix provides rationale and guidance for the
selection o f requirements and tasks t o f i t the needs o f any system safety
program, and identifiesapplicable d a t a items for documenting theresults of
requiredtasks.
10.2 Purpose (Reference Paragraph 1.1). Provision for a system safety
program asdefined by this standard should be included i n allapplicable
contractsnegotiated
by DoD. These contractsincludethosenegotiated
within each DoD agency, by one DoD agency foranother, and by DoD for other
Government agencies. I n a d d i t i o n , each DoD in-house program shouldconduct
a system safety program. Thisappendix i s t o be used t o t a i l o r system
safety requirements i n the most cost effective manner t h a t meets established
program objectives. However, i t i s not intended t o be referencedor implemented incontractual documents.
User. The user of this appendix may includethe DoD MA, Government
in-houseactivity, prime contractors,associatecontractors,
or subcontractors, who wi sh t o impose system safety tasks upon t h e i r suppl i e r ( s )
10.3
.
10.4 Contractual Requirements.. Thisstandard
i s t o be tailored and incorporated i n the l i s t o f compliance documents. Tailored system safety program
SOW,
requirements are specified. i n the contractual provisions- including the
bidders'instructions,contract
d a t a requirements l i s t , general and special
provisionsections,annexes,
and othercontractual means. An SSPP may
be
submitted w i t h thecontractor's proposal and be subjecttocontract
negot i a t i o n . Upon approval by the MA, this SSPP should be attachedtothe
contract, referenced i n the SOW, and w i t h appl i cab1 e portions of this standard become thebasisforcontractualrequirements.
10.5
Managing ActivityResponsibilities.
The MA will:
a.Establish,plan,organize,
and implement an effective system safety
program t h a t i s integrated i n t o a l l l i f e c y c l e phases.
A- 1
E-13
Licensed by Information Handling Services
MIL-STD-882B
APPENDIX A
30 March 1984
MIL-STD-BBZB m 99999LE 0359926 736 m
b. Establ ish defi nitive system safety program requirements for the
procurement or development of a system. The requirements shall be s e t forth
clearly i n theappropriate system specifications and contractual documents
and def i ne :
1. In theappropriate system specifications,the system safety
designrequirements t h a t are a v a i l able and applicable, and the specific risk
1 evel s consi dered acceptable for the system.
Acceptabl e r i s k 1 evel s maybe
defined i n terms of a hazard severi t y l h a z a r d probabil i t y matrix, an overall
system mishap rate, or other suitable risk
assessmentprocedures.
2. In the SOW, the system safety requirements t h a t . cannot be
defined i n the system specifications. This would includegeneraldesign
guidelines i n paragraph 4.3.
3. In the SOW and contract d a t a requirements 1 i s t asapplicable,
d a t a ; e.g.,analyses,tests,orprogressreports
that
thespecifiedsafety
will be requiredduringthescopeoftheeffort.
c. Ensure t h a t an SSPP i s prepared t h a t reflects i n detail how the
total program i s t o be conducted.
d . Review and approve for impl ementationthe
contractor.
e.
Supply historicalsafety
SSPPs prepared by the
d a t a as available.
f . Monitor contractors' system s a f e t ya c t i v i t i e s and review and
approve del iverable d a t a , i f applicable, t o ensureadequate performance and
compliance w i t h system safetyrequirements.
g . Ensure t h a t theappropriate system specificationsare
ref1 ect results of analyses, tests, and evaluations.
updated t o
h . Eva1 uate new desi gn c r i t e r ia for i ncl usi on into mil i tary speci fi cations and standards and submit recommendations t o therespectiveresponsible
organization.
i . Establish system safety groups asappropriate t o assistthe
manager i n developing and impl ementing a system safety program.
program
j . Establish work breakdown structure elements a t appropriatelevels
for system safety program mandgement and engineering.
20. REFERENCED DOCUMENTS. Referenced documents are not includedherein.
Referenced documents required t o suppl ernent t h i s mil i t a r y standard are
specified i n the system specifications and othercontractual documents.
30. SYSTEM SAFETY REQUIREMENTS. Section 4, System Safety Requirements, provides basic system safety requirements most DoD systems and facil i t i e s
acquisition programs shouldmeet.
Task 100, which implements Section 4,
must be imposed as a s i ngl e generaltask t o instruct the contractor
t o conduct a system safety program. I t can be tailoredto f i t the differenttypes
A-2
Licensed by Information Handling Services
E-14
-
~~
"
MIL-STD-BBZB m 77777LL 0357727 672 W
-
.
.
MIL-STD-882B
APPENDIX A
30 March 1984
and sizes of programs.. Additionaltasks
i n section 100 and 200 orother
specific tasks n o t i n this standard, must also be detailed i n the SOW t o
f u l f i l l specific needs of i n d i v i d u a l programs.
30.1 System Safety Program Objectives and Design Requirements (Reference
program objectives and
paragraphs 4.2 and 4.3). These areverybasic
desi gn requirements needed t o meet the objectives, and are appl icabl e t o
most DoD systems and f a c i l i t i e s a c q u i s i t i o n programs.
30.2
System Safety Precedence (Reference paragraph 4 . 4 ) .
30.2.1 The overall goal of a system safety program i s t o designsystems
that
do not contain hazards. However, thenature of mostcomplex systems makes i t
impossible or impractical t o design them completelyhazard-free.
As hazard
analysesare performed,hazards will be identified t h a t will requireresol ut i o n . System safety precedence defi nes theorder t o be f o l 1 owed for
sati sfyi ng system safety requi rements and reducing ri s ks The al ternati ves
for eliminating the specific hazard or controlling its associated risk
will
have t o be evaluated so that an acceptabl e method for risk reduction can be
agreed t o .
.
30.2.2 Hazard identification,categorization, and correctiveactions
will need t o proceed t h r o u g h design,developnent, and testing o f a l l
development phases. Assessment of r i s k will be necessary i n determi ni ng
what correctiveactions should be taken. Whatever level of hazard risk
reduction if taken must be thoroughly j u s t i f i e d i n a l l cases.
30.3
Risk Assessment (Reference paragraph 4.5).
30.3.1 To determine what actions t o take t o correctidentifiedhazards,
a
system of determiningthe 1 evel of r i s k involved must bedeve1 oped. A good
risk assessment model willenabledecision
makers t o properlyunderstandthe
amount of risk involved re1 a t i v e t o what i t will cost i n schedule and
dol 1 ars to reduce that risk t o an acceptabl e 1 evel
.
30.3.2 To eliminateas many hazardsasppssible,prioritize
hazards for
correctiveaction.
A categorization of hazards may be conducted according t o
risk 1 evel c r i t e r i a. Categorization may be based on severity since n o t a l l
hazards are o f equalmagnitude. or cri t i cal i t y t o personnel safety and mission
consequences of hazardousevents may
success. In some cases,theanticipated
be minimal,while i n others,catastrophic.
Hazard categorizati-on may also
involve the determination of the 1i kel i hood of the hazardous event actually
occurring. This may
be
reported i n non-numeric (qualitative)terms, such as
frequent, occasional , or impossi bl e; or i n numeric ( q u a n t i t a t i ve) terms such
as once i n ten thousand f l i g h t s , or 1 X 10'4/fl i g h t . Priori t i z a t i o n may be
i n a comaccomplished either subjectively by qualitativeanalysesresulting
parative hazard risk assessment or through quantification o f theprobability
o f occurrence resul t i ng i n a numeric priority factor for t h a t hazardous cond i t i o n . Figures 1 and 2 show two sample matrices for hazard r i s k assessment
whichcan be appl ied t o provide qual i t a t i ve p r i o r i t y factors for assigning
In the f i r s t matrix an identified hazard assigned a hazard
correctiveaction.
risk indexof l A , l B , l C , ?A, 2B, or 34 m i g h t require immediate corrective
A-3
Licensed by Information Handling Services
F-1
MIL-STD-882B
APPENDIX A
30 March1984
FIGURE 1.
FIRST EXAMPLE HAZARD RISK ASSESSMENT MATRIX
II I
CATASTROPHIC
FREQUENCY OF OCCURRENCE
IV
NEGLIGIBLE
( A ) FREQUENT
1A
2A
3A
4A
( B ) PROBABLE
1B
28
3R
4B
1c
2c
3c
4c
1D
2D
3D
4D
1E
2E
3E
4E
.
( C ) OCCASIONAL
( D ) REMOTE
I
( E ) IMPROBABLE
Hazard Risk
Suggested
Index
lA, lB,
l D , 2C,
lE, 2E,
4C, 4D,
I
Criteria
Unacceptabl e
Undesi rabl e (MA decision
required)
Acceptable w i t h review by MA
Acceptabl ereview
without
l C , 2A, 2B, 3A
2D, 38, 3C
3E,
3D,
4A, 4B
4E
FIGURE 2.
SECOND EXAMPLE HAZARD RISK ASSESSMENT MATRIX
FREQUENCY OF OCCURRENCE
,
HAZARD CATEGORIES
II
I
CRITICAL
MARGINAL
III I
CATASTROPHIC
HAZARD CATEGORIES
II
CRITICAL
MARGINAL
IV
NEGLIGIBLE.
(A)
FREQUENT
1
3
7
13
(B)
PROBABLE
2
5
9
16
(C)
OCCAS IONAL
4
6
11
18
(D)
REMOTE
8
10
14
19
(E)
IMPROBABLE
117
2
15
20
Suggested Cri t e r i a
Unacceptable
Undesi rabl e (MA deci si on requi red)
Acceptable w i t h review by MA
Acceptabl e without review
Hazard Risk Index
1 - 5
6 - 9
10 17
18 20
-
-
A-4
-____
2535
Licensed by Information Handling Services
f-2
I
.
.~
-
I
"
~
~
~~~
i
MIL-STD-BBZB H 9999933 0359929 4 4 5
.
_ -
.
MIL-STD-882B
APPENDIX A
30 March 1984
c
.
adti on. A hazard risk index of l D , 2C, 2D, 3B, or W
3Cou1
d be tracked for
possiblecorrectiveaction.
A hazard risk index o f lE, 2 E , 30, o r 3E m i g h t
have a 1ower priority for corrective action
and may n o t warrant any tracking
actions. I n the second matrix, risk indices of 1 t h r o u g h 20 (1 being highest
risk)areassigned
somewhat a r b i t r a r i l y . This matrix designassigns a d i f ferent index t o each frequency-category p a i r thus a v o i d i n g the situation
of numbers assigned t o frequency and
caused by creatingindicesasproducts
category which causes common results such as 2 X 6 = 3 X 4 = 4 X 3. This
p r i o r i t i z a t i o n . These are only
situation hidesinformationpertinentto
exampl esof a r i s k assessment methods and do not f i t a l l programs.
30.4 .Action on Identif4ed Hazards (Reference p a r a g r a p h 4.6). The contractor i s r e w i r e d t o f o l 1 ow the svstem safety precedence t o resol ve
CATASTROPHIC and CRITICAL hazards, and g u a r d ' against MARGINAL hazards.
40.
40.1
TASK SELECTION
Selection
Criteria
40.1.1 A major challenge which confrontsall Government and industry
organizationsresponsible for a system safety program i s theselectionof
tasks whichcan materially a i d i n attaining program safetyrequirements.
Schedule and f u n d i n g constraints mandate a cost-effective selection, one
t h a t i s based on identified program needs. The considerationspresented
hereinareintendedto
provideguidance and rationale for this selection.
memory for lessonslearned t o provoke
They are a l s o intended tojogthe
questions whichmustbe
answered and t o encouragedialogue w i t h other
so t h a t answers t o questions
engineers, and operations and supportpersonnel
and solutions t o prob1 ems canbe
found.
40.1.2
Once appropriatetasks havebeen
selected,thetasks
themselves must
i n the"Details To
Be
Specified By the
be tailored and specifiedasoutlined
MA."
I t i s a l s o important t o coordinatetaskrequirements
w i t h otherengineeringsupportgroups,
such as l o g i s t i c s s u p p o r t , r e l i a b i l i t y , e t c . , t o
eliminate dupl i cation of tasks and t o be aware o f any a d d i t i o n a l information
o f value t o system safety which theseother groups can provide.Finally,
each task, as well as actionto be taken
the t i m i n g and depthrequiredfor
based on t a s k outcome, are 1argely dependent on individualexperience and
program requirements. For thesereasons, hard and fastrulesare
not
stated.
c
40.2 Application Matri x for Program Phases. Tab1 es I and I I hereinprovide
qeneralquidance on taskselection t o establish an acceptable and costeffeci i v e system safety program. These tables can be used to i n i t i a l l y i d e n t i f y
thosetasks which typically are included i n an effective system safety program
for the p a r t i cul ar acquisition phase i n v o l ved. The user of the documentcan
then refer t o the particular t a s k referenced by thematrix and determine from
thedetail ed purpose at the beginning o f the t a s k i f i t i s appropriate t o
identify as a. program task. The use of this matri x for devel opi ng a system
safety program i s t o be considered as o p t i o n a l guidance only and i s not t o be
construedascovering
a l l procurement situations. The provisions of a p p l i cab1 e regulations must al so be f o l 1 owed.
A-5
~
"
"
1531
-
-
-.
Licensed by Information Handling Services
F-3
. .
MIL-STD-BAZB m 99999LL 0359930 L b 7 m
. .
MIL-STD-882B
APPENDIX A
30 March1984
TABLE 1. APPLICATION
MATRIX
TASK
TASK
100
101
1o2
TITLE
TYPE
System S a f e t y Program
MGT
System S a f e t y Program Plan
MGT
Integration/ManagementofAssociate
MGT
contractors,Subcontractors, and
AE Firms
System S a f e t y ProgramReviews
M GT
SSG/SSWG Support
MGT
Hazard Tracking and Risk Resol ution
M GT
Test and EvaluationSafety
G MGT
System Safety Progress Summary
MGT
Qualifications of Key System S a f e t y
MGT
Personnel
Prel imi nary Hazard List
EN G
Prel imi nary Hazard Analysi S
ENG
SubsystemHazardAnalysis
ENG
SystemHazard Analysis
EN G
Operating and Support Hazard
ENG
Analysis
Occupational Heal t h Hazard G
ZNG
G
Assessment
Safety Verification
EN G
Trai n i ng
MGT
S a f e t y Assessment
MGT
S a f e t y Compl iance Assessment
MGT
S a f e t y Review of ECPs and Waivers
MGT
Software Hazard Analysis
ENG
GFE/GFP System Safety Analysi S
ENG
103
104
105
106
107
108
201
202
203
204
205
206
207
208
209
21 o
211
212
21 3
Notes:
-
ENG
-
MGT
FOR SYSTEM PROGRAM DEVELOPMENT
-
VALID
CONCEPT
G
G
S
PROGRAM PHASE
VALID FSED
G
G
G
G
S
S
S
G
S
G
G
S
G
G
N/A
G N/ A
S
S
S
G
G
G
G
S
G
G
G
G
S
S
G
G
G
G
S
G
G
GS
N/A
S
S
G N/A
S
S
G
S
S
S
G
G
G G
System Safety Engineering
Management
S
-
Sel e c t i vel y Appl i cabl e
G
-
General 1 y Appl icabl e
GC
Conceptual
Val i d a t i o n
N/A
FSED
-
Fu1 1-Scal e Engi neeri ng Deve1 opment
PROD
-
Production
A-6
Licensed by Information Handling Services
F-4
G
-
S
S
S
G
G
General 1 y Appl i cabl e To Desi gn
Changes Only
-
G
G
S
S
G
S
N/ A
GC
GC
GC
GC
GC
APPLICABILITYCODES
-
PROD
G
TASK TYPE
PROGRAM PHASE
CONCEPT
"
NotAppl icabl e
S
S
S
S
G
GC
MIL-STD-BBZB
99999330359933
OT3
MIL-STD-882B
APPENDIX A
30 March 1984
TABLE 2.
101
102
103
104
105
106
107
108
.
206
207
208
209
21 o
21 1
21 2
213
Notes:
ENG
MGT
-
"
P&R DEV
G
S
S
PROGRAM PHASE
CON DES FIN DES
G
G
G
G
ConceptDesign
FIN DES
-
Final Design
G
G
NIA
2539
Licensed by Information Handling Services
F-5
GC
GC
S
S
S
S
S
S
S
S
S
S
GC
S
G
S
S
S
S
- S e l e c t i v e l y Appl icabl e
- Generally Appl i cabl e
N/A
"
"
%
NIA
NIA
NIA
S
S
S
S
NIA
ENG
MGT
MGT
MGT
M GT
EN G
ENG
NIA
NIA
G
G
S
G
S
S
G
G
G
G
G
GC
A-7
S
S
6%
ENG
Programming and Requirements
Deve1 opnent
Construction
N/A
ENG
EN G
ENG
ENG
EN G
G
-
NIA
NIA
S
S
S
CON DES
G
S
S
System SafetyEngineering
Management
-
G
G
G
G
S
S
G
G
G
G
S
S
S
S
G
G
G
G
NIA
NIA
CON
G
S
MGT
MGT
MGT
MGT
MGT
MGT
APPLICABILITY CODES
P&R DEV
-
TASK
TYPE
MGT
MGT
MGT
TASK TYPE
PROGRAM PHASE
CON
FOR FACILITIES
ACQUISITION
TITLE
System Safety Program
System Safety Program Plan
IntegrationIManagementofAssociate
Contractors,Subcontractors, and
AE Firms
System Safety Program Reviews
SSGISSWG Support
Hazard Tracking and Risk Resol u t i o n
Test and EvaluationSafety
System SafetyProgress Summary
Qualifications of Key System Safety
Personnel
Prel iminary Hazard List
Prel imi nary Hazard Analysi S
Subsystem Hazard Analysis
SystemHazard Analysis
Operating and Support Hazard
Anal ysi S
Occupational Heal t h Hazard
Assessment
Safety Verification
Trai n i ng
Safety Assessment
Safety Compl i ance Assessment
Safety Review of ECPs and Waivers
Software Hazard Analysi S
GFE/GFP System Safety Analysis
TASK
1O0
201
202
203
204
205
APPLICATION
MATRIX
-
Generally Applicable To Design/
Construction ChangesOnly
-
Not Appl i cabl e
S
S
S
GC
S
MIL-STD-BB2B W 9999933 0359932 T 3 T
NIL-STD-882B
APPENDIX A
30 March 1984
40.3 Task Prioritization. The problem of prioritizing or establishing a
baseline group from a l l the tasks in this
document cannot be solved un1 ess
vari ab1 es 1 i ke system complexity, program phase, a v a i l a b i l i t y o f funds,
schedule,etc.,are
known. Task 100, System Safety Program, i s required,
and t a i l o r i n g should be based on t o t a l program cost and complexity. All
othertasksrequire
Task 100 as a prerequisite.
40.3.1 Identifying a n d Quantifying System Safety Needs. The elements o f a
system safety program must be selected t o meet thesafety needs. These
needs are identi fed by higher authority t h r o u g h directives and other documents. Identifying and quantifyingthese needs must be accomplished prior
t o theappropriateacquisition
phase so t h a t tasks and requirements commensurate w i t h the needs may be included. The tasks and requirements which are
included establish the framework for thecontinuing system safetydialogue
between the MA and the proposing contractors, one or more of whom will u1 t i mately be selected t o develop the system.
40.3.2 Selecting Tasks t o F i t the Needs. In most cases,the need forthe
Whil e experience pl ays a key rol e i n task selection,
tasks is sel f-evident
i t shoul d be suppl emented by analysis and investi g a t i o n . Oncerecommendationsfortaskapplications
havebeen
determined and more detailedequipment requirements identified , tasks and requirements can be priori t i zed and
a "rough order of magnitude" estimateshould bemade o f thetime and e f f o r t
required t o complete each t a s k . Thisinformation will be ofconsiderabl e
valueinselectingthetasks
whichcan be accomplished w i t h i n schedule and
f u n d i n g constraints.
.
50.
RATIONALE AND GUIDANCE FOR TASK SELECTIONS.
50.1
Task Section 100
-
Program Management and Control.
50.1.1 System Safety Program (Task 100). Thistask i s required i f
MIL-STD-882B i s t o be imposed. Task 100 requiresthecontractor
t o set up
a n d conduct a system safety program t o meet therequirements o f Section 4.
Because of thegeneralnature
o f Section 4, careful tailoring o f the
requirementscontainedtherein
i s necessary for each program, particularly
for re1 a t i vely smal 1 e f f o r t s .
50.1.2
System Safety Program Plan (Task 101).
The system safety program plan i s a basictool used by the MA t o
50.1.2.1
a s s i s t i n managing an effective system safety program. I t canbeused
to
evaluatethevariouscontractors'
approaches t o , understanding o f , and execution o f t h e i r system s a f e t y t a s k s , t h e i r depth o f p l a n n i n g t o make sure
t h e i r procedures for imp1 ementi ng and control 1 i ng system safety tasks are
adequate, and theirorganizationalstructure
t o make sureappropriateattentionwill be focused on system s a f e t y a c t i v i t i e s .
50.1.2.2
An SSPP i s normally prepared by thecontractor andwhen
approved
by the MA, becomes thebasis of understanding between thecontractor and the
MA as t o how the system safety program i s t o be conducted. The SSPP
identifies all safety
program activiti-esspecified by the MA andshows how
A-8
Licensed by Information Handling Services
MIL-STD-BBZB
-
9999911 0359933 9 7 6
m
MIL-STD-882B
APPENDIX A
30 March 1984
the safety program will provide i n p u t orprecludeduplication
of e f f o r t .
The pl an providesspecificinformation
t o show how thecontractor will meet
quantitative and/or. qual i t a t i ve safety requirements d u r i n g deve1 opment, production, and construction phases. When prepared i n response t o a request
for proposal,the SSPP servesas a t h o r o u g h cross-indextothesafety
managementand engineeringproposalscontained
i n the contractor's response.
This p l a n must cl early ref1 ect the safety features
of theresponse.
On
small programs, orlarge programs w i t h severalassociatecontractors
where
where the MA has a firm idea o f thetype and
the MA i s the integrator, or
magnitude of the system safety effort required , the MA may preparethe SSPP
and attach i t tothe SOW. This often will savefunds sincethe MA Wou1 d not
need t o buy the pl an from the contractor, and a l so informs the contractor
just what i s expected. Not only does t h i s allow contractorstopricethe
.
e f f o r t i n their bids, i t eliminatesthepossibility
of entering i n t o rounds
o f submittal /disapproval /resubmi t t a l by contractors inexperi enced i n system
safety. However, i f thecontractor does not prepare an SSPP, other t h a n i n
the proposal i t s e l f , t h e MA obtains no immediate informationasto
whether
thecontractorunderstandsthe
system safetyrequirements.
50.1.2.3
The format and instructions for preparing an SSPP arespecified i n
Task 101 and DoD Authorized Data Item DI-H-7047A, System Safety Program Plan.
This d a t a item must be tai'l ored for each program by requiring certain
paragraphs to be l i s t e d on thecontract d a t a requirements 1 i s t , DD Form 1423.
Preliminary SSPPs areoftenrequired
t o be submitted w i t h .the contractor's
proposal. T h i s allows for the proposed system safetyeffort t o be considered
d u r i n g sourceselection.Additionally,
i f thescope of t h e e f f o r t i s
too
large or small,ormisdirected,
i t providestime t o getthecontractor
to
correct the error prior to contract initiation.
50.1.3
Integration/Management of AssociateCont-ractors,Subcontractors
and
Architect and Engineering Firms (Task 102). Majorprograms or construction
projects will often have mu1 t i pl e associate contractors, integrating contractors, and AE firms under contract. An integrating contractor- or a facil i ti es
acquisition contractor will often have the responsi b i l i t y t o oversee system
AE firms. Task 102 providesthe
s a f e t ye f f o r t s ofassociatecontractorsor
authority for management surveil 1 ance needed by the integrating or facil i t i es
acquisition contractor by assigningthe various system safety roles o f associatecontractors,subcontractors,integrators
, and constructionfirms.
The
integrator should be tasked t o write an ISSPP according t o therequirements
be
outlined i n Task 101. The integrator and constructioncontractorshould
tasked t o perform system hazardanalyses and assessments t o cover theinterfaces between thevarious'contractors'portions
of the system or construction
made aware of theintegrator's
e f f o r t . All contractors and AE firmsshould be
or facil i t i es acquisition contractor' S rol e of overall system safety management. The integrator needs t o resolvedifferences between associates i n
safety-relatedareas.
The MA will aidtheintegrator
i n theseeffortsto
make
sure a l l contractors and firmsmutuallyunderstandthe
system safetyrequirements, and their respective responsibilities to
comply w i t h them.
50.1.4
System Safety Program Reviews (Task 103).
A-9
Licensed by Information Handling Services
MIL-STD-882B
APPENDIX A
30 March 1984
50.1.4.1
I n additiontothe
system safety reviews required by other DoD o r
serviceregulations and MIL-STDs ( a t milestonedesignreviews
and audits), the
MA may requirespecialsafetyreviews.Early
i n a major program, system
safety reviewsshould be held at least quarterly and asthe program
progresses,time between reviews can be extended. I n a d d i t i o n t o more
a t mil estonedesignreviews , the
detail ed coverage o f those items discussed
reviewsshouldaddressprogress
on a l l system safetytasksspecified
i n the
l
sow.
50.1.4.2
Special system safety reviews may be needed t o f u l f i l l requirements
ofmunitions safety boards, f i r s t f l i g h t readiness reviews , a n d other safety
c e r t i f i c a t i o na u t h o r i t i e s .
These reviewsshould
be specified i n the SOW as
p a r t of Task 103.
50.1.4.3
All program reviews provide an opportunity t o review and assign
of concern. A mutuallyacceptable
action items and t o exploreotherareas
agenda should be written t o make sureall system safety open items are
covered and t h a t a l l participantsare prepared for meaningful discussions.
System Safety Group/System Safety Working Group S u p p o r t (Task 104).
Individualserviceregulationsrequire
formation o f SSG/SSWGs for acquisit i o n of expensive, complex or c r i t i c a l systems, equipment or major f a c i l i ties.Contractorsupport
of an SSG/SSWG i s veryuseful and may
be
necessary
t o make sure procured hardware or software i s acceptablyfree from hazards
t h a t cou1 d injure personnelorcauseunnecessary
damage or loss. The 1 eve1
o f supportdesi red from thecontractor must be detailed i n the contract
through imposition o f Task 104.
50.1.5
e
i
?
P
50.1.6 Hazard Tracking and Risk Resolution (Task 105). A method or procedure mustbe
developed t o document and trackhazards and progress made
toward resolution o f theassociatedrisk.
Each prime or associatecontractor may m a i n t a i n t h e i r own hazard log or assessment report , or the integrator or MA will maintain the document. I f thecontractor i s t o m a i n t a i n the
1og, Task 105 must be imposed. Each hazard t h a t meets or exceedsthe
thresholdspecified by the MA s h o u l d be entered on thelog when f i r s t ident i f i e d , and each actiontaken t o eliminatethe hazard or reducetheassoprocedure for
ciated risk thoroughly documented. The MA willdetailthe
closi ng-out the hazard, or acceptance of any resi dual risk. The hazard 1 og
may
be
documented and deliveredas p a r t of the system safetyprogress sumor i t can be
mary using DI-H-7050A,System SafetyEngineeringReport,
i ncl uded as p a r t o f an overall program engi neeri ng/management report.
50.1.7 Test and E v a l u a t i o n Safety (Task 106). This taskprovides
needed
contractor management a c t i v i t i e s t o make s u r e a l l t e s t s a f e t y
requirements
p l a n n i n g for t e s t and evaluation
are met priorto and d u r i n g testing.Early
t h a t willrequirecertain
hazard
must be done t o considertestingmilestones
analyses,range or laboratoryrequirements t h a t may require specially
formattedassessments, reviewof t e s t documents, etc.
50.1.8 System SafetyProgress Summary (Task 107). The system safety
o f the status of system
progress summary provides a periodicwrittenreport
safetyengineering and management a c t i v i t i e s . This statusreport may be
.
Licensed
. ~- .-
2542
by Information
.
Handling Services
A-10
f -8
MIL-STD-882B
APPENDIX A
30 March 1984
6
submitted monthly orquarterly.
I t can be formatted and deliveredaccording
t o DI-H-7050A,System SafetyEngineeringReport,or
i t can be includedas
p a r t of an overall program engineering/management report.
L
50.1.9 Qualifications of Key Contractor System Safety Engineers/Managers
(Task 108). Some programs willrequire t h a t the key system safetyengineers
and managers possessspecialqualifications.
Some orallqualifications
l i s t e d i n Task 108 maybe
required, or the MA may specify other minimum
qual i fi cations. Care must be exercised i n applying Task 108 to assure some
opportunityfor growth and qualification o f neophytesystem safety personnel
who possess 1 i t t l e experience.
50.2Task
Section 200
-
Design and Eva1 u a t i on.
50.2.1 Preliminary Hazard List (Task 201). The PHL provides t o the MA a 1 i s t
ofhazards t h a t may requirespecialsafetydesi
gn emphasis or hazardous areas
where in-depthanalyses need t o be done. The MÄ may use theresults o f the
PHL to determinethe scope o f follow-on hazard analyses (PHA, SSHA, e t c . ) .
documented u s i n g DI-H-7048A, System Safety Hazard Analysis
The PHL maybe
Report.
50.2.2
Prel imi nary Hazard Analysis (Task 202).
50.2.2.1
PHA i s , a s implied by the t i t l e , t h e i n i t i a l e f f o r t
i n hazard
analysis d u r i n g the system design phase o r the programmingand requirements
I t may a l so be used on an
devel opment phase for facilities acquisition.
operational system fortheinitial
examination o f thestate of safety, The
purpose o f the PHA i s not t o affectcontrol of a l l risks b u t t o f u l l y
recognizethe hazardous s t a t e s w i t h a l l ofthe accompanying system
imp1 ications.
50.2.2.2
The PHA e f f o r t should becommenced duringthe i n i t i a l phasesof
system concept, or i n thecase of a fully operational system, a t the i n i t i a t i o n o f a safety evaluation. This
will he1 p i n the use of PHA resul t s i n
tradeoffstudies which are so important i n the early phases o f system
devel opment or, i n thecase of an operational system, aid i n an early
be
used i n
determination of the state o f safety. The o u t p u t of the PHA may
developing system safety requirements and i n preparing performance and
designspecifications.
In addition,the PHA i s thebasic hazard analysis
perwhich establishes the framework forother hazard analyses which maybe
formed.
.
50.2.2.3
The PHA should include, b u t n o t be limited t o , the f o l l o w i n g
acti vi t i es:
( a ) A review of perti nent historicalsafetyexperience.
(6) A categorized 1i s t i ng of basic energy sources.
( c ) An investi g a t i o n o f thevariousenergysourcestodetermi
provisions whichhavebeen
devel oped for their control
.
A-11
Licensed by Information Handling Services
ne the
.C
L
.
MIL-STD-882B
APPENDIX A
30March 1984
( d ) Identification of thesafetyrequirements
and otherregulations
substances
pertaining t o personnel safety, environmental hazards , and d$xi,c:
. .
with which the system will have t o comply.
' .
-
( e ) Recommend correctiveactions.
I
?
,.
;
L'
50.2.2.4
Sincethe PHA should be i n i t i a t e d very early i n theplanning-,
phase,the d a t a available t o theanalyst may
be
incomplete an&",qformal.,
t o permitconti nua1 revision'%nd u p d a t i n g
Therefore , structure the analysis
asthe conceptualapproach
i s modified and refined. As soon asthe
subsystem designdetail S are complete enough t o allow the analyst to-.begin
C
the subsystem hazard analysis i n detail , terminatethe PHA.' Provide.the
analyst performing the PHA w i t h thefollowingreferenceinputinformation:
( a ) Desi gn sketches , drawings , and d a t a describing the system a'nd
subsystemelements
forthevariousconceptualapproaches
under .
consideration.
.=,
( b ) Functional flow diagrams and re1ated d a t a describingthe proposed
sequence of a c t i v i t i e s , functions , and operations , involving the system
elementsduringthecontemplated
l i f e span.
7
( c ) Background information re1 ated t o safety requirementsassociated
w i t h thecontemplated testing,manufacturing,storage,repair,
and use
o f similarprevious programs or
locations and safetyrelatedexperiences
acti vi t i es.
50.2.2.5 The techniques used t o perform thisanalysis must be carefully
selected t o m i nimizeprob1ems'
in performingfollow-on analyses. The PHA may
be documented as outlined i n DI-H-7048A3System Safety Hazard AnalysisReport.
There areseveral formats t h a t can be used. Some of theseare:
50.2.2.5.1
Narrative format. The narrative format i sr e l a t i v e l y
many different formatsavailable.
unstructured and as a result there are
The format primarily depends on theanalyst and thetype o f information
required from theanalysis.
Matrix format. The matrix format i s the most
commonly used
50.2.2.5.2
approach for performing and documenting a PHA. There are numerous varieties
o f PHA matrix formats. i n use, most of which are fairly similar.
I
?
ri
50.2.2.5.3
Other formats. The format used should be tailored t o reflectthe
nature o f the system t o be analyzed,theextent
o f informationaboutthe
system, and the planned use of theanalysis
o u t p u t d a t a . Either format i s
acceptable and theanalyst must determine which
can
do the j o b most effect i v e l y . The use of system safety design checklists, such as Air Force Systems
Command Design Handbook 1 - X , i n the performance of a PHA can be a veryeffect i ve method.
50.2.3
Subsystem Hazard Analysis (Task 203).
50.2.3.1This
task would be performed i f a system under development
contained subsystems or components t h a t when integratedfunctionedtogether
Licensed by Information Handling Services
.
i
MIL-STD-882B
APPENDIX A
30 March 1984
t.
as a system. This analysislooks a t each 'subsystem ,or componentand
identi fies hazards associated w i t h operati ng or fail ure modes and i s
especially intended t o determi ne how operation or f a i l Ure of components
affectstheoverallsafety
of thesystem.Thisanalysisshouldidentify
necessary actions, using the system safety precedence t o determi ne how t o
eliminate or reduce the risk of identifiedhazards.
50.2.3.2
As soon assubsystems
are designed i n s u f f i c i e n td e t a i l , or well
into conceptdesign for facilitiesacquisition,the
SSHA can begin. I t should
be updated asthedesignmatures.
Desí gn changes t o components willal so
need t o be evaluated to, determine whether the safety ofthe system i s
affected. The techniques used for this analysis must be carefully selected to
mi nimi ze probl ems i n integrating subsystem hazard analyses into the
system
hazard analysis The SSHA may
be
documented as out1 ined i n DI-H-7048A, System
Safety Hazard Analysi s Report.
.
.
.
50.2.4
System Hazard Analysis (Task 204).
50.2.4.1
An SHA i s accomplished i n much the sameway asthe subsystem hazard
analysis. However, as the SSHA examines how component operation or f a i l ure
SHA determines how system operation and f a i l u r e modes
affectsthesystem,the
can affectthesafety
o f the system and i t s subsystems. The SHA shouldbegin
as the system designmatures, around thepreliminarydesign
review or the
facil it i e s conceptdesign review milestone, and should be updated u n t i l the
design i s complete. Design changes will need t o be evaluated t o determine
t h e i re f f e c t s on thesafety of the system and i t s subsystems. This analysis
shouldcontain recommended actions,applyingthe
system safety precedence, t o
eliminate or reducethe risk o f identified hazards.
c
50.2.4.2
Specifically,the
SHA examines a l l subsystem interfacesfor:
( a ) Compliance w i t h s a f e t y c r i t e r i a c a l l e d
system/subsystemrequirements
documents.
o u t i n theapplicable
( b ) Possible combinations of independent or dependent f a i l ures t h a t can
causehazards tothe system or personnel. Fai.1 ures of controls and safety
devi ces shoul d be consi dered.
.
( c ) How normal operations o f systems and subsystems can degrade the
safety of the
system.
( d ) Design changes to system,subsystems, or interfaces, 1ogic, and
softwarethat can create new hazards to equipment and personnel
.
i
The techniques used to perform this analysis must be carefullyselected t o
minimize probl ems i n integrating the SHA w i t h other hazard analyses. The SHA
maybe
documented asoutlined i n DI-H-7048A, System Safety Hazard Analysis
Report
i
254s
Licensed by Information Handling Services
A-13
MIL-STD-882B
APPENDIX A
30 March 1984
50.2.5
Operating and Support Hazard Analysis (O&SHA) (Task 205).
and evaluatethe
50.2.5.1 The O&SHA i s performed primarilytoidentify
hazards associated with the
environment , personnel , procedures, and
equipment i n v o l ved throughout theoperation o f a system/el ement. The O&SHA
may
be
performed on such activities as testing, installation, modification,
ground servicing,storage,operations,
maintenance,support,transportation,
a n d training.
emergency escape,egress,rescue,post-accidentresponses,
The O&SHA may al so be selectively appl ied t o facil i t i es acquisition projects
t o make sureoperation and maintenance manuals properlyaddresssafety
and
heal t h requirements
.
50.2.5.2
The O&SHA e f f o r t should s t a r t e a r l y enough t o provide inputsto
thedesign and prior t o system t e s t and operation. The O&SHA i s most
effective as a continuingclosed-loop iterative process, whereby proposed
changes , additions , and formul a t i o n o f functional activities are eval uated
for safetyconsiderations , prior t o formal acceptance. The analyst
performing the O&SHA should have available:
( a ) Engineeringdescriptions
and facil i ti es.
o f the proposed system,support
equipment
Draft procedures and prel imi nary operating manual s.
(b)
( c ) PHA, SSHA, and SHA reports.
Re1 atedrequirements
(d)
bilities.
, constraintrequirements , a n d personne 1 capa-
( e ) Human factorsengineering
d a t a and reports.
( f ) Lessons 1earned , incl udi ng a history o f mishaps caused by human
error.
.
50.2.5.3
Timely application of the O&SHA willprovidedesignguidance.
The
findings and recommendations resulting from the O&SHA may affect the diverse
functional responsi b i l i t i es associated w i t h a given program. Therefore, exercise care i n assuring t h a t theanalysisresultsareproperlydistributedfor
theeffective accompl ishment of the O&SHA objectives. The techniques used t o
perform this analysis must be careful 1y sel ected to m i nimi ze prob1 ems i n
integrating O&SHAs w i t h other hazard analyses. The O&SHA may
be
documented
using DI-H-7048A9System Safety Hazard AnalysisReport.
50.2.6
OccupationalHealth
Hazard Assessment (Task 206).
50.2.6.1
The f i r s t s t e p o f theoccupationalhealth
hazard assessment i s t o
identify and determine quantities o f potentially hazardous materials or physicalagents(noise,radiation,heatstress,coldstress)
involved w i t h the
system and i t s l o g i s t i cal support. The next step Wou1 d be t o analyze how
thesematerial S or physicalagents are used i n the system and f o r i t s
and type of
1ogistical support. Based on theuse,quantity,
substance/agent,estimate whereand how personnelexposures may occur and i f
possiblethedegreeorfrequency
o f exposure i n v o l ved. The final step Wou1 d
2566
Licensed by Information Handling Services
A- 14
MIL-STD-882B
APPENDIX A
30 March1984
include incorporation i n t o thedesign o f - the system and i t s l o g i s t i cal support
equipment/facil i t i es cost effective controls to
reduceexposures t o acceptable
1 evel s . The 1i f e cycl e costs of required controls cou1 d be h i g h and consideration o f al ternati ve systems maybe appropriate.
50.2.6.2
The purpose of thisanalysisis
not t o .dictatedesigns based on
health protection, b u t t o assure decision makers are aware of the heal t h
hazards invol ved and t h e i r impacts so t h a t know1 edgeabl e decisions regarding
potentialtradeoffs
can bemade.
50.2.6.3
The f o l l o w i n g factorsassociated w i t h the system and the
and maintain the systemshould
1 ogisti cal support required to operate
consi dered:
(a)Toxicity,quantity,
be
and physical s t a t e of material s .
( b ) Routine or planned uses and re1 eases of hazardous materials or
physicalagents.
( c ) Accidental
exposure
potent
(d)
ials.
Hazardous waste generated.
( e ) Hazardous materi al hand1 i ng , transfer
requi rements
.
(f)
Protecti ve cl o t h i ng/equi pment needs.
(9)
Detection and measurement devicesrequired
1 evel s .
(h)
I
v
transportation
t o quantify exposure
Number of personnel potentially a t risk.
( i ) Engineeringcontrols t h a t could be used, such asisolation,enclosure,
ventil ati o n , noise or r a d i a t i o n barri ers , etc.
To definetheacceptablelevel
of risk for health hazardsthe MA
50.2.6.4
should require use of chemical substance and physicalagentexposure
limits
f o u n d i n appropriateregulations and directive documents, or contact a
qual i f i ed i ndi v i dual in the bioenvironmental engi neeri ng or medi cal community.
conFor hazardoussubstances or agents w i t h unspecifiedexposurelimitsthe
t r a c t o r must provi de the r a t i o n a l e for acceptabl e r i s k c r i t e r i a used for the
OHHA. The OHHA may
be
documented using DI-H-7048A, System Safety Hazard
Anal ysi S Report.
50.2.7
Q
, and
SafetyVerification
(Task 2 0 7 ) .
50.2.7.1 Many safetyrequirements,asspecified
i n system specifications,
requirements documents, etc.,will
need t o be verified by analysis,
inspection,demonstration, or t e s t . Also, d u r i n g design and development,
through redesign,
hazardanalyses will identify hazards t h a t will beremoved
, etc. Imposition of these changes willrequire
controls,safetydevices
verification. Task 207 outlines how safetyverification should be
Licensed by Information Handling Services
.L
.
I
MIL-STD-88ZB m 99999LL 0359940 O06 W
.
MIL-STD-882B
APPENDIX A
30 March1984
Much safetyverificationwill
be outlined i n system/subsystem
t e s t plans and procedures. However, forverification o f risk control
actions taken on h a z a r d s identi fed d u r i n g devel opment, special test
pl ans/procedureswill
be needed. Safetytests may
be
documented and reported
or they maybe
included i n
using DI-H-7050, System SafetyEngineeringReport,
the system/subsystem testreports.
50.2.7.2
50.2.8
Training (Task 208).
50.2.8.1 Many programs willrequirecertificationtraining
ofpersonnel
involved w i t h devel opment, t e s t , and operation o f the system. A good system
safety program can only be carried o u t i f a l l theplayersinvolved
need t o
understand how t o do t h e i r p a r t . Contractordesignengineers
understandbasic system safetyprinciplestodesignhazard-freesystems.
A
good t r a i n i n g program willincludetrainingdesignengineersas
a top
priority. Managersneed
t o be educated a b o u t theimportance o f good i n i t i a l
safetydesigns vs. costlyredesign and retrofits.Contractor
and Government
t e s t personnel need t o be trained i n safe hand1 i n g , operation, and testing
o f equipment
Operational and maintenancepersonnel
need safetytraining i n
their functions.
.
50.2.8.2
Training can be accomplished i n different
cl assroom t r a i n i n g sessions using a t h o r o u g h 1 esson
necessary handouts i s one of the most effective and
Imposing exami nations and final certification he1ps
understood and willhopefullyapplythematerialpresented.
50.2.8.3 The contractor'ssafety
the SSPP (Task 101).
ways.
Formal
pl an containing a l 1 the
e f f i c i e n t methods.
assure the trainees have
t r a i n i n g program should be detailed i n
50.2.9 Safety Assessment (Task 209). The safetyassessment, as outlined i n
the task, can be written by foll owing DI-H-7049A, Safety Assessment Report.
The importance o f thisreportis
t h a t i t t e l l s theuser or the t e s t team of
alltheresidualunsafedesign
or operatingcharacteristics of thesystem.
I t alsoattempts t o quantifythe risk of any hazards not eliminated, and
i denti f i es any control S , inhibits , or safety procedures.
50.2.10
Safet Y ComDl i ance Assessment (Task 210).
50.2.10.1
A safety compliance assessment i s conducted t o verifythesafe
design o f a system and t o o b t a i n a comprehensive evaluation o f the safety
r i s k being assumed prior t o testoroperation
o f a system. I t can be
documented by foll owing DI-H-7049A, Safety Assessment Report. I t i s an
operationally oriented analysis,
concerned w i t h the safe useof a system,
i s , therefore, broad
equipment, or f a c i l i t y . A safety complianceassessment
o f thesystem, b u t relatively general
inscope,coveringalmosteveryaspect
i n t o detailonly t o theextentnecessary
t o verifythe
innature,delving
system'ssafety or ascertaintherisks
and precautionsnecessaryfor
its
safe use. A safety compl i ance assessment maybe the only analysis conducted
on a program or i t may serveas a pre-test or pre-operationalsafetyreview,
integrating and summarizing operationalsafetyconsiderationsidentifiedin
more detail ed hazard analyses.
A- 16
Licensed by Information Handling Services
MIL-STD-882B
APPENDIX A
30 March 1984
c.
A safety complianceassessment
may
be
theonlyanalysis
conducted
Thelow risk can r e s u l t from
severaldifferentfactors.
The system may
be
an integration of primarily
off-the-shelf equipments i n v o l v i n g l i t t l e or no new design. I t may
be
a
system which i s 1ow ri S k by nature o f i t s techno1 ogy or compl exi t y .
Compliance w i t h federal, military, national, and industry specifications,
sufficient to make sure o f the basic safety of
standards, and codes maybe
the system. A safety compliance assessment may a l so be conducted on higher
safetyrisksystems,
such asresearchor
advanced development projects,
where thehigherrisks
must be accepted, b u t for which safe operation is
s t i l l required and therisks must be recognized and reduced t o acceptable
1 evel s.
50.2.10.2
on a r e l a t i v e l y low safety risk program.
b
50.2.10.3
Thisassessment may be conducted d u r i n g any phase o f system
deve1opment.
I t should be started as soon as sufficientinformation becomes
available. For exampl e,evaluation of equipment shouldbegin w i t h th'e
design o f equipment components or w i t h the receipt of equipment
'specifications from a subcontractoror vendor. The analysis can also be
tailored i n the SOW t o meet the p a r t i cul ar needs of a program.
r
L.
50.2110.4 A safety complianceassessment
t o , the fol1 owi ng:
s h o u l d include, b u t n o t be 1 imited
Identification
(a)
of appropriate
safety
standards
and verification of
systemcompliance.Standards
may
be
specified by theprocuring agency i n a
document. This does not precludethe
specification or othercontractual
contractor from i dentifyi ng a d d i t i onal standards whi ch are appropriate. The
d a t a from similar
contractorshouldalso
review available historical safety
systems.Verificati on may
be
achieved by several methods, including
independent evaluation,or
analysis, use o f checklists, inspection, test,
manufacturer' S c e r t i f i c a t i o n .
( b ) Analysis and resolution of system hazards.Systems,
even those
comprised e n t i r e l y o f equipments i n full compliance w i t h appropriatestandards, may contain hazards resulting from u n i que uses, interfaces, instal 1 at i on, e t c . Another facet of this assessment i s t o identify,evaluate, and
eliminate any such "residual"hazards or reduce theirassociatedrisksto
acceptable 1evel s. To accomplish t h i s , t h e assessmentshould incorporate
the scope and techniques o f other hazard analysestothedetailnecessary
to
assure a reasonably safe system.
(c)Identification
of specializedsafetyrequirements.
The above anaand othernecessaryprecautions.
l y s i s shouldlead to safety design features
t o safely
The contractor should identifyallsafetyprecautionsnecessary
operate and supportthesystem.
This incl udes appl icabl e precautions external tothe system or outsidethecontractor'sresponsibility.
For exampl e ,
hazard risk may have t o be control 1 edby
special i zed safety equipment and
training because the contract does not allow for redesign or modificatiqnof
off-the-shelfequipments,orthecontractor
may not be responsible for prov i ding necessary emergency 1i g h t i n g , fire protection, or personal safety
equipment
.
6-1
Licensed by Information Handling Services
MIL-STD-882B
APPENDIX A
30 March1984
( d )I d e n t i f i c a t i o no f
hazardousmaterials and t h ep r e c a u t i o n s
procedures necessary f o r t h e s a f e hand1 i n g o f t h e m a t e r i a l
.
and
50.2.11
S a f e t yR e v i e wo fE n g i n e e r i n g .Change Proposals and Requests f o r
Deviation/Waiver(Task211).Thistask
may
be
documented u s i n g DI-H-7050A,
System S a f e t yE n g i n e e r i n gR e p o r t .
ECPs t o t h ee x i s t i n gd e s i g n
and requests
f o rd e v i a t i o n / w a i v e rf r o me x i s t i n gr e q u i r e m e n t sm u s t
be assessed f o r any
p o s s ib l e s a f e t y i m p a c t s t o t h e
s y s t e m .O f t e n ,c o r r e c t i o no f
a deficiency
w
i
l i n t r o d u c e o t h e r o v e r 1 ooked d e f i c i e n c i e s . T h i s t a s k i s d e s i g n e d t o
p r e v e n tt h a to c c u r r e n c eb yr e q u i r i n gc o n t r a c t o rs y s t e ms a f e t ye n g i n e e r st o
examineeach ECP or r e q u e s t f o r d e v i a t i o n / w a i v e r ,
and i n v e s t i g a t e a l l
conceivabl e ways t h e change o r d e v i a t i o n c o u l d r e s u l t i n an a d d i t i o n a l
hazard(s). The t a s ks p e c i f i e st h a tt h e
MA b e n o t i f i e d i f t h e ECP o rr e q u e s t
f o rd e v i a t i o n / w a i v e rd e c r e a s e st h ee x i s t i n gl e v e lo fs a f e t y .
50.2.12
SoftwareHazardAnalysis(Task212).
50.2.12.1
The
purpose o sf o f t w a r eh a z a r da n a l y s i si st o (: a e) n s u r e
accuratetranslationofsafetyspecificationrequirementsinto
computer
CPCI s p e c i f i p r o g r a mc o n f i g u r a t i o ni t e m
(CPCI) requirements,(b)ensurethe
cationsclearlyidentifythesafetycriteriato
be used ( f a i l - s a f e , f a i l operati onal , f a i l - r e c o v e r y , e t c . ) ( c ) i d e n t i f y
programs, routines, modules, o r
functionswhichcontrolorinfl
uence s a f e t y c r i t i c a l f u n c t i o n s , ( d ) a n a l y z e
those programs, routines
, modules,and f u n c t i o n s and t h e i r s y s t e m i n t e r f a c e s
for events, faults,
andenvironmentswhichcoul
d cause o r c o n t r i b u t e t o undes i r e de v e n t sa f f e c t i n gs a f e t y ,
and ( e )e n s u r et h a tt h ea c t u a l
coded s o f t w a r e
does n o tc a u s ei d e n t i f i e dh a z a r d o u sf u n c t i o n st oo c c u ro ri n h i b i td e s i r e d
f u n c t i o n s ,t h u sc r e a t i n gh a z a r d o u sc o n d i t i o n s ,
and e f f e c t i v e l y m i t i g a t e i d e n t i f i e d end itemhardwarehazardousanomalies.
50.2.12.1.1
Some o ft h ec u r r e n ta n a l y s i st e c h n i q u e s
and m e t h o d o l o g i e st h a t
a r e a v a i l ab1 e t o c o n d u c tt h i sa n a l y s i sa r e :( a )s o f t w a r ef a u l tt r e e ,( b )
s o f t w a r es n e a kc i r c u i t ,( c )s o f t w a r e / h a r d w a r ei n t e g r a t e dc r i t i c a lp a t h ,
and
( d )n u c le a rs a f e t yc r o s s - c h e c ka n a l y s i s .
Due t o t h e v a r i o u s s t r e n g t h s
and
may r e q u i r e
weaknesses o f each t e c h n i que, a thorough software hazard analysis
a p p l i c a t i o n o f more t h a n one t e c h n i que on a p a r t i c u l a r s o f t w a r e e l ement.
A d d i t i o n a l l y ,t h ea p p l i c a t i o no f
good s o f t w a r ee n g i n e e r i n gp r a c t i c e s
is vital
todesigningsoftwarethatissafe
and analyzable.
i s s h o u l db e g i ne a r l y
i n t h e development
50.2.12.2
Softwarehazardanalys
and u p d a t i n g as
phaseandshoul
d be s t r u c t u r e d t o p e r m i tc o n t i n u a lr e v i s i o n
t h e d e s i gn matures. To i n s u r e , an e f f e c t i v e a n a l y s i s e f f o r t , t h e f o l l o w i n g
i n f o r m a t i o n i s needed:
i
( a ) System and subsystem s p e c i f i c a t i o n s and o t h e ra l l o c a t i o n documents
w h i c hd e s c r i be t h e system, a l l o f t h e v a r i o u s i n t e r f a c e s w i t h t h e s o f t w a r e ,
and normal /abnormal envi ronments which the system coul
d encounter.
( b )F u n c t i o n a l
fl ow diagrams and r e 1a t e dd a t ad e s c r i b i n gt h ep r o p o s e d
sequence o f a c t i v i t i e s , f u n c t i o n s , and o p e r a t i o n s i n v o l v i n g t h e s y s t e m e l e ments d u r i n gt h ec o n t e m p l a t e d
l i f e span.
,
-.
2550
Licensed by Information Handling Services
A- 18
MIL-STD-882B
APPENDIX A
30 March 1984
c
( c ) Computer program functional flow charts (or theirfunctional
, and other program structure documents
equivalents) storage all ocation charts
as they become a v a i l able or change.
( d ) Background information re1 atedtosafetyrequi
rements associated
with the contempl ated t e s t i ng , manufacturi ng , storage , repair , anti cipated
environments as appl i cabl e, as well as 1 essons 1 earned from simil ar programs
or acti v i t i es.
L
50.2.12.3 The preliminarysoftware hazard analysiseffort begins when the
u n t i l program
system requirementsallocation
hasbeen made and willcontinue
codingbegins.
The f i r s t t a s k of this effortwill be t o make sure o f an
accuratefl ow-down of system levelsafetyrequirements
as well asrequirements
generated from the system PHA i n t o the CPCI designspecification.
Additionally,theanalysiscontains
recommended actions t o eliminateidenThis
t i f ied hazards or reduce their associated risk t o an acceptabl e 1 evel
e f f o r t Wou1 d general1 y i ncl ude the fol1 owi ng:
.
( a ) Review of system and subsystem specifications t o identify and
verify hardware-software , software-software , and operator-software
interfaces.
( b ) Analysis of functional flow diagrams (ortheirfunctional
and other program documentation t o
equivalent), storage allocation charts,
make surespecification and safety requirements will be met.
( c ) Exami n a t i o n of thesoftware t o determi ne the independence/ dependence and interdependence among modules , t a b 1 es , variabl es , etc. Elements of
will
software which d i r e c t l y or indirectly influence safety critical software
be identifiedas being safetycriticalfunction
should be analyzed f o r t h e i r
undesi red effects.
50.2.12.4
Follow-on software hazard analysis expands upon thepreliminary
software hazard analysis by examining the a c t u a l source and object code o f
s a f e t y c r i t i c a l programs , routines , modules , and functions -to verify the
actualdesignimplementation.
This e f f o r t should be updated u n t i l coding i s
complete. All design changes and modificationsshould
be evaluated t o determine theeffect on system safety. T h i s analysiscontains recommended actions
necessarytoeliminateidentifiedhazardsor
reduce their associated risk t o
an acceptablelevel.Specifically,
this analysis examines:
( a ) Safety critical algorithms , modules , routines and cal cul ations for
correctness and forinput/output, t i m i n g , and multiple event sensitivity.
( b ) Programs , routines , modules , or functions for design or coding
errors whichcou1 d cause or contribute t o an undesiredeventaffectingsafety.
( c ) S a f e t y c r i t i cal programs , routines modul es or functions f o r
compi i ance with safety cri teria call ed o u t i n appl i cabl e CPCI specifications
S a f e t y c r i t i calportions of software must be examined a t the source/object
code 1evel as appropriate.
A-19
Licensed by Information Handling Services
MIL-STD-BBZB m 9999911 0359944 751 m
~
MIL-STD-882B
APPENDIX A
30March1984
( d ) P o s s i b l e combinations o f independent or dependent. hardware or software f a i l u r e s , u n i n t e n d e d p r o g r a m jumps, and sing1 e o r mu1 t i p 1 e e v e n t s t h a t
c o u l d cause t h es y s t e mt oo p e r a t e
i n a hazardousmanner.
(e)Desi gn changes t o t h e system,subsystems,
s o f t w a r e t h a t cou1 d c r e a t e new hazards.
The s o f t w a r eh a z a r da n a l y s i s
may bedocumentedas
System Safety Hazard Analysis Report.
50.2.13
GFE/GFP(Task
System
Analysis
Safety
o ri n t e r f a c e s ,
1o g i c , and
o u t l i n e d i n DI-H-7048A,
213).
50.2.13.1
T h i st a s ks h o u l d
be imposed o n l y i f thesystemunderdevelopment
w
i
l c o n t a i n GFE o r GFP t h a t i n t e r f a c e s d i r e c t l y w i t h contractordeveloped
hardwareorsoftware.
50.2.13.2
T h i st a s kp e r m i t st h ec o n t r a c t o rt oi n t e g r a t et h e
GFE/GFP i t e m s
i n t ot h es y s t e md e s i
gn w i t h f u l l know1 edge o f t h e a s s o c i a t e d h a z a r d s
and r i s k
c o n t r o l sb yr e q u i r i n ga c q u i s i t i o no fe x i s t i n ga n a l y s i sd o c u m e n t a t i o n .
I f no
suchdocumentation i s a v a i l ab1 e, the contractor must perform the necessary
a n a l y s i st oa s s u r e
a s a f ei n t e r f a c e .T h i sa n a l y s i s
may bedocumentedand
d e l ivered by a p p r o p r i a t e l y t a i l o r ng
i and a p p l y i n g DI-H-7048A,System
Safety
HazardAnalysisReport.
A-20
Licensed by Information Handling Services
L
MIL-STD-BBZB m 99999LL 0359945 698 m
MIL-STD-882B
APPENDIX B
30 March1984
APPEND IX B
SYSTEM SAFETY PROGRAM REQUIREMENTS RELATED TO LIFE CYCLE PHASES
60.
60.1
S
I
.
Mission need determination--conceptexploration.
60.1.1 Mission Need Determination. The system safetyeffortwillsupportthe
in
justificaion o f major system new s t a r t s by identifying safety deficiencies
existing or projected capabil i t y and by identifying opportunities for system
safety t o improve mission capability or reduce l i f e cycle costs.
"
60.1.2
Concept Expl oration/Programi ng and Requirements Deve1opment Phase.
System safety tasks appl icabl e t o the concept expl oration/programing and
requirements deve1opment phase are those required t o evaluate the a l ternative
system concepts under considerationfor development and establishthe system
safety programs consistent with theidentifiedmission
needs and l i f e cycle
requirements. System safetytaskswillincludethefollowing:
( a ) Prepare an SSPP t o describethe
e f f o r t for theconceptexplorationphase.
proposed integrated system safety
( b ) Eva1 uate al 1 consi dered materi al S , desi gn features, maintenance ,
servicing,operationalconcepts,
and environments which willaffectsafety
throughoutthe l i f e cycle. Considerhazards which may be encountered i n the
u1 timate disposition Ö f the enti re system,
o r components thereof , or o f
dedicated support equipment , which encompasses hazardous materi al s and
substances.
( c ) Perform a PHA t o identify hazardsassociated
concept.
w i t h each a l t e r n a t i ve
( d ) Identify possi bl e safety interface probl ems i ncl u d i ng probl ems
associated w i t h software-controlled system functions.
( c ) High1 ig h t specialareas of safety consideration,
system limitations, risks, and man-ratingrequirements.
( d ) Review safe and successfuldesigns
consi derati on i n al ternati ve concepts.
( e ) Definethe
s i m i 1 ar systems.
Identifysafety
the system l i f e cycle.
requirements t h a t may require a waiver d u r i n g
( 9 ) Identify any safety design analysis,test,demonstration
val i d a t i on requirements
.
- "_"
~
"
"
of simil ar systems for
system safety requirements based on pastexperience
(f)
!
such as
~.
.
"
"
"
"
2
.
2% 3
Licensed by Information Handling Services
B- 1
G-5
and
with
MIL-STD-882B
APPENDIX B
3.0 March 1984
,
( h ) Document the system safetyanalyses,results,
and
recommendations for each promi s i ng a l ternati ve system concept.
( i ) Prepare a summary report o f theresults of the system safety tasks
sion-making
conducted d u r i n g the program i n i t i a t i o n phase t o supportthedeci
process.
( j ) T a i l o r the system safety program for thesubsequent
phases o f the
i n theappropriate demonstrat i on
l i f e cycle and includedetailedrequirements
and validation phase contractual documents.
60.-1.3
Demonstration and Validation/Concept Design Phase. System safety
and val idation/conceptdesign phase will be
tasksduringthedemonstration
tailored t o programs r a n g i n g from extensi ve study and analyses t h r o u g h
hardware devel opment t o prototype t e s t i n g , demonstrati on and val i d a t i o n .
System safetytaskswillincludethefollowing:
( a ) Prepare or updatethe SSPP t o descri be the proposed integrated
system safety effort planned for thedemonstration and validation/concept
desi gn phase.
( b ) Participate i n tradeoffstudies
t o ref1ectthe
impact on system
safety requirements and risk. Recommend system design changes based on these
studies t o make surethe optimum degree o f s a f e t y i s achieved consistent w i t h
performance and system requirements.
( c ) Perform o r update the PHA done d u r i n g theconcept expl o r a t i o n /
programing and requirements devel opment phase t o evaluatetheconfiguration
be tested. Prepare an SHA report of thetestconfiguration
consideringthe
planned t e s t environment and t e s t methods.
to
( d ) Establish system safety requirements for system design and c r i t e r i a
for verifing t h a t theserequirements havebeen
met. Identifytherequirements
for inclusion i n theappropriatespecifications.
b
( e ) Perform detail ed hazard analyses (SSHA or SHA) ofthedesi
gn t o
assesstheriskinvol
ved in test operation o f the system hardware and software. O b t a i n and include risk assessment of othercontractor'sfurnished
equi p e n t , o f GFE, and of a l l interfacing and ancill ary equipment t o be used
d u r i n g system demonstration tests.Identifythe
need for. specialtests t o
demonstrate/eval uate safety functions.
.
- c f ) Identifycriticalparts
and assembl i e s , productiontechniques,
assembly procedures, facil i t i e s , t e s t i ng , and i nspecti on requi rements which
may affect safety and will make sure:
.
(1) Adequate.safetyprovisionsareincluded
i n the p l a n n i n g and
1 ayout o f theproduction line to establish safety control
of the
and operations.
demonstration system w i t h i n theproductionprocesses
Adequate safetyprovisionsareincluded
i n inspections,tests,
procedures, andcheck1 i s t s for quality control of the equipment being
manufactured so t h a t safety achieved i n design i s maintained d u r i n g
oroduction.
(2)
B-2
Licensed by Information Handling Services
6-6
1
c.
.
( 3 ) Production and manufacturingcontrol
warnings , cautions, and specialsafetyprocedures.
MIL-STD-882B
APPENDIX B
30 March 1984
d a t a containrequired
( 4 ) Testing and evaluationare performed on earlyproduction
a t the earliest
hardware todetect and correctsafetydeficiencies
opportunity.
( 5 ) Minimum r i s ki s involved i n accept i n g and using new des
materi a l s , and production and test techniques.
( 9 ) Establishanalysis,inspection
and t e s t requirements for GFE or other
contractor-furnished equipment (hardware,software, and f a c i l i t i e s ) t o verify
prior t o use t h a t applicable system safety requirements are satisfied.
( h ) Perform operating and support h a z a r d analyses of each t e s t , and
review a l lt e s t plans and procedures.Evaluatetheinterfaces
between the
t e s t system confi g u r a t i on and personnel , support equipment , special test
equipment, t e s t f a c i l i t i e s , a n d the test environment d u r i n g assembly,
checkout, operation, foreseeable
emergencies , disassembly and/or tear-down o f
the test confi g u r a t i o n . Make surehazardsidentified
by analyses and t e s t s
minimized. Identifythe need for
areeliminated or theassociatedriskis
specialtests t o demonstrate or evaluatesafety o f testfunctions.
c
( i ) Review t r a i n i n g pl ans and programs for adequate safety
consi derations
.
( j) Review system operation and maintenance publ i cations for adequate
o f applicable Occupational
safety considerations, and ensuretheinclusion
Safety a n d Heal t h Admi n i s t r a t i on (OSHA) requirements
.
( k ) Review 1 ogisti c support publ i cations for adequate safety cono f appl icabl e US Department of
si derations , and ensure the inclusion
Transportation (DOT), US Environmental Protection Agency ( E P A ) , and OSHA
requirements
.
(1 ) Evaluate results of s a f e t y t e s t s , f a i l Ure analyses, and mishap
investi gations performed d u r i n g thedemonstration and val i d a t i . o n phase.
Recommend redesi gn or other corrective action (this
subparagraphdoes not
apply t o the f a c i l i t y conceptdesignphase).
( m ) Make sure system safety requirementsareincorporated
i n t o the
system specification/design documentbased on updated system safety studies,
analyses , and t e s t s .
( n ) Prepare a summary report o f theresults o f the system safety tasks
conducted d u r i n g the demonstration and val idation/concept deve1opment phase
t o supportthedecision-makingprocess.
!
( o ) Continue t o tailorthe
system safety program.
Prepareorupdate
the
SSPP for the full -scal e engineering devel opment phase and production phase.
"~
2555
Licensed by Information Handling Services
B-3
- I
MIL-STO-882B
APPENDIX B
30 March 1984
Full-scaleEngineeringDevelopment/FinalDesign
Phase. To p r o v i de
duringthe
s u p p o r tt ot h es y s t e me n g i n e e r i n g
program, t h es y s t e ms a f e t yt a s k s
f u l l - s c a l ee n g i n e e r i n gd e v e l o p m e n t / f i n a ld e s i g n
phase w
i
l include the
f o l 1 owing:
60.1.4
(a)Prepareorupdate
asappl icabl e t h e SSPP f o r t h e f u l l - s c a l e
.
e n g i n e e r i n g deve1opmentphase.
C o n t i nue e f f e c t i veand t i m e l y imp1 ementation
o f t h e SSPP d u r i n g f a c i l it y f i n a l d e s i g n phase.
( b )R e v i e wp r e l i m i n a r ye n g i n e e r i n gd e s i g n st o
make s u r es a f e t yd e s i g n
r e q u i r e m e n t sa r ei n c o r p o r a t e d
andhazards i d e n t i f i e d d u r i n g t h e e a r l i e r
phases
a r ee l i m i n a t e do rt h ea s s o c i a t e dr i s k sr e d u c e dt o
an a c c e p t a b l el e v e l .
i n s y s t e ms p e c i f i c a t i o n / d e s i g n
( c )U p d a t es y s t e ms a f e t yr e q u i r e m e n t s
documents.
( d )P e r f o r mo ru p d a t et h e
SSHA, SHA and O&SHA and s a f e t ys t u d i e s conc u r r e n tw i t ht h ed e s i g n / t e s te f f o r tt oi d e n t i f yd e s i g na n d / o ro p e r a t i n ga n d
supporthazards.
Recommend a n yr e q u i r e dd e s i g n
changesand
c o n t r o pl r o c e dures.
(e)Perform
an O&SHA f o r each t e s t , and r e v i e wa l lt e s tp l a n s
andproced u r e s .E v a l u a t et h ei n t e r f a c e sb e t w e e nt h et e s ts y s t e mc o n f i g u r a t i o n
and pers o n n e l ,s u p p o r te q u i p m e n t ,s p e c i a lt e s te q u i p m e n t ,t e s tf a c i l i t i e s ,
and t h e
testenvironmentduringassembly,Check-out,operations,foreseeable
emergencies,disassembly,and/ortear-down
o ft h et e s tc o n f i g u r a t i o n .
Make s u r e
hazardsidentifiedbyanalyses
and t e s t s a r e e l m
i in a t e d o r t h e j r a s s o c i a t e d
r i s kc o n t r o l l e d .I d e n t i f yt h e
need f o rs p e c i a lt e s t st od e m o n s t r a t eo rv e r i f y
s y s t e ms a f e t yf u n c t i o n s
c
E s t a b l i s ha n a l y s e s ,i n s p e c t i o n ,
and t e s t r e q u i r e ments f o ro t h e rc o n t r a c t o r s 'o r
GFE/GFP (hardware,software,and
facilities)
t o v e r i f y p r i o r t o use t h a t a p p l icabl e system safety requirements are
satisfied.
( f )P a r t ic ip a t ei nt e c h n i c a ld e s i g n
r e s u l t s o f t h e SSHA, SHA and/or O&SHA.
andprogramreviewsandpresent
( 9 )I d e n t i f y
and e v a l u a t et h ee f f e c t so fs t o r a g e ,s h e l f - l i f e ,p a c k a g i n g ,
t r a n s p o r t a t i o n , hand1i n g , t e s t , o p e r a t i o n ,
and maintenance on the safety
thesystem and i t s components.
of
( h ) Eva1u a t e r e s u l t s o f s a f e t y t e s t i n g , o t h e r s y s t e m t e s t s , f a i l U r e
l y s e s and m i s h a pi n v e s t i g a t i o n s .
Recommend r e d e s i g no ro t h e rc o r r e c t i v e
action.
(i) I d e n t i f y ,e v a l u a t e ,
studies.
and p r o v i d es a f e t yc o n s i d e r a t i o n so rt r a d e o f f
( j ) Reviewappropriateengineeringdocumentation(drawings,specificat i o n s ,e t c . )t o
make s u r es a f e t yc o n s i d e r a t i o n s
havebeen i n c o r p o r a t e d .
( k ) Review l o g i s t i c support pub1 i c a t i o n s f o r a d e q u a t e s a f e t y
considerations, andensuretheinclusionof.applicable
DOT,EPA,
requirements.
B- 4
Licensed by Information Handling Services
and OSHA
ana-
MIL-STD-BBZB
9 9 9 9 9 3 3 03599Lt9 2 3 3
m
MIL-STD-8826
APPENDIX B
30 March1984
c
(1)Verifythe
adequacy o f safety and. warning devices, l i f e support
equi went , and personal protecti ve equipment
.
( m ) Identifythe. need forsafetytraining
t r a i n i n g courses.
and provide safetyinputs
to
( n ) Providesystem safetysurveil1 ance and support of t e s t u n i t production and of pl a n n i n g for full -scal e production and .deployment. Identify
c r i t i cal parts and assembl i e s , production techniques , assembly procedures ,
f a c i l i t i e s , t e s t i n g , and inspectionrequirements which may affect safety andwill make sure:
.
4
(1) Adequate safetyprovisionsareincluded
i n the p l a n n i n g and
layout of the
production
l i n e t o establish
safety
control
of the demonstrat i o n system withintheproductionprocess
and operations.
( 2 ) Adequate safetyprovisionsareincluded
i n inspections,tests,
procedures , andcheck1 i s t s for qual i t y control of the equipment being manufactured so t h a t safety achieved i n design i s maintained d u r i n g production.
( 3 ) Production and manufacturingcontrol
ings, cautions , and specialsafetyprocedures.
d a t a containrequired
warn-
( 4 ) Testing and evaluationare performed on early production hardware t o detect and correct safety deficiencies a t theearliestopportunity.
(5) Minimum r i s k i s i nvolved i n accepting and usi ng new desi gns ,
material s , and production and test techniques.
*
( o ) Make sure procedures devel oped for system t e s t , maintenance , operaof expendabl e hazardous
t i o n , and servicing provide forsafedisposal
materials. Consider any material or manufactured component (whether or not
an identifiable spare p a r t or rep1 enishable component) when access t o hazardous material will be required by personnel d u r i n g pl anned servicing,teardown, or maintenance a c t i v i t i e s , o r i n reasonably foreseeabl e unpl anned
d a t a devel oped i n SSHAs,
eventsresulting from workplace operations.Safety
SHAs, and O&SHAs, and summarized in
safety
assessment
reports
must al so ident i f y any hazards which must be considered when the system , or components
and subject t o disposal. (Not a p p l i thereof,areeventuallydemilitarized
cab1 e for facilities construction.!
( P ) Prepare a summary report of theresults of the system safetytasks
conducted d u r i n g the full-scale engineering
devel opment phase t o supportthe
deci s i on-maki ng process.
(9)Tail
or system safety program requirements for theproduction
and
de pl owen t pha s e.
60.1.5
Production and
Deployment
Phase. As p a r t of the on-going system
safety program, the system safetytasksduringtheproduction
and deployment
phase willincludethefollowing
( t h i s paragraph i s not applicable t o the .
facilitiesconstructionlifecycle.):
B-5
Licensed by Information Handling Services
MIL-STD-BBZB m 9999911 0359950 T55 m
MIL-STD-882B
APPENDIX B
30 March 1984
( a ) Prepareorupdatethe
SSPP t o reflectthe system safety program
requirementsforthe
production and deployment phase.
( b ) I d e n t i f y c r i t i cal parts and assembl i e s , p r o d u c t i o n techniques ,
assemblyprocedures, f a c i l i t i e s , t e s t i n g , and inspectionrequirements w h i c h
may affect safety and will make sure:
(1) Adequate safetyprovisionsareincluded
i n the p l a n n i n g and
1 ayout of theproduction 1 ine t o establish safety control of the system
w i t h i n theproductionprocess
and operations.
(2) Adequate safetyprovisionsareincluded
i n inspections,tests,
procedures, and check1 i s t s for qual i t y control of the equipment being manufactured so t h a t safety achieved i n design i s maintained d u r i n g p r o d u c t i o n .
( 3 ) Productiontechnical
manuals or manufacturingprocedurescontain
requiredwarnings,cautions , and specialprocedures.
( 4 ) Minimum r i s k i s i n v o l ved i n accepting and using new designs,
material S , and production and test techniques.
(c)Verify t h a t testing and evaluation i s performed on early production
hardware t o detect and correctsafetydeficiencies
a t the earliest opport u n i ty.
( d ) Perform O&SHAs o f each t e s t , and review a l l t e s t pl ans and procedures.Evaluatetheinterfaces
between thetest system configuration and pert e s t equipment , t e s t f a c i l i t i e s , and the
sonnel s supportequipment,special
emergent e s t environment d u r i n g assembly,checkout,operation,foreseeable
Make sure
c i e s , disassembly and/or tear-down o f thetestconfiguration.
or theirassociated
hazards identified by analyses and testsareeliminated
r i s k reduced t o an acceptabl e 1 evel
.
( e ) Review technical d a t a for warnings cautions, and specialprocedures
i n the O&SHA for safeoperation,maintenance,seridentifiedasrequirements
h a n d l i n g , and transportation.
vicing,storage,packaging,
( f ) Perform O&SHAs of deployment operati ons , and review a l l depl oyment
between the system being
Pl ans and procedures. Eva1 uatetheinterfaces
deNployed w i t h personnel , support equipment, packaging,
facil i t i es, and the
de‘ployment environment , d u r i ng transportati on, storage, hand1 i n g , assembly,
i n s t a l l a t i o n , checkout, and demonstration/testoperations.
Make sure hazards
identified by analysesareeliminated
or their associated risk is
reduced t o
an acceptable 1 evel
.
a
(9) Review procedures and monitor results o f periodicfieldinspections
t o make sure acceptabl e 1 evel S o f safety
or tests (including recall -for-tests)
major or c r i t i c a lc h a r a c t e r i s t i c s of safetysignificant
are kept.Identify
or otherfactors.
items t h a t deteriorate w i t h age,environmentalconditions,
- ( h ) Perform or update hazard analyses t o identify any new hazards t h a t
may r e s u l t from designchanges.
Make surethesafety
imp1 ications of the
changes areconsidered i n a l l configurationcontrolactions.
B-6
6-10
Licensed by Information Handling Services
MIL-STD-882B
APPENDIX B
30 March 1984
( i ) Evaluate results of failureanalyses
Recommend correctiveaction.
and mishap investigations.
( j ) Monitor the system throughoutthe
l i f e cycle t o determinethe adequacy o f the design, and operati ng, maintenance, andemergency procedures.
( k ) Conduct a safety review o f proposed new operating and maintenance
procedures , or changes , t o make sure the procedures , warnings , and cautions
not degraded. These reviews shall be
are adequate and inherentsafetyis
documented as updates t o the O&SHAs.
(1 ) Document hazardous conditions and system defi cienci es for deve1 opment of follow-onrequirements for modified or new systems.
1'
(m) Update safety documentation, such asdesign handbooks , military
standards and specifications, t o ref1ectsafety"lessonslearned."
I
( n ) Evaluatethe adequacy of safety and warning devices , l i f e support
equi pment , and personnel protecti ve equipment
.
Construction Phase. As part of thecontinuing system safety program
for facil i t i es , the system safety tasks for this phase will include the
f o1 1owi ng :
60.1.6
( a ) Ensure theapplicationofallrelevant
b u i l d i n g safety codes
and U.S. Army Corps of
including OSHA, Nati onal FireProtectionAssociation,
Engi neers safety requirements
.
( b ) Conduct h a z a r d analyses t o determi ne safety requirements a t a l l
interfaces between t h e f a c i l i t y and those systems planned for i n s t a l l a t i o n .
( c ) Review equipment installation,operation, and maintenance plans t o
make sure a l l design and procedural safety requirements havebeen
met.
( d ) Continue theupdating
thedesignphases.
o f the hazard correctiontracking
( e ) Evaluate mishaps orotherlosses
o f safety deficiencies or oversight.
begun d u r i n g
t o determine i f they were theresult
( f ) Update hazard analyses t o identify any new hazards t h a t may r e s u l t
from change orders.
60.2 System safety program requirements for otheracquisitions.
For programs
t h a t do not fol1 ow the standard system 1i f e cvcl e phases out1 ined i n themevious paragraphs the res
ponsi bl e &ti v i t y must carefully integrate the
beingused. .. .
requirements of this s t a n d a r d intotheacquisitionprocess
Although different, facilities, ship construction,
and certain major one-of-ak i n d procurements s t i l l evolvethrough a concept/desi gn/assembly/
acceptancesequence somewhat analogous t o theclassic 1 ife cycle. The MA
should carefully describe what system safety d a t a are t o be submitted i n the
appropriatecontractual document, assuringthese d a t a aresubmitted prior t o
key deci si on poi nts
.
B-7
Licensed by Information Handling Services
..
i
MIL-STD-88ZB m 9999911 0359952 8 2 8 m
MIL-STD-882B
APPENDIX B
30 March 1984
System Safety Requirements for Technology Development. Considersystem
safetyduring development oftechnology.
System safety concernsa'shoul d be
documented. Thisdocumentationwillprovidethesystemsafety
background data
necessary s h o u l d a decision bemade t o imp1 ement the technology within a
system deve1opment program.
60.3
i
B-8
Licensed by Information Handling Services
-.L"?
MIL-STD-BBZB m 99797ll 0359953 7bLI m
MIL-STD-882B
APPENDIX C
20 March1983
APPENDIX .C
DATAREQUIREMENTS
70.
DATA
REQUIREMENTS
FOR
MIL-STDL882B.
70.1 D a t ai t e md e s c r i p t i o n s
requirementsare 1o c a t e da r e
Location
FOR MIL-STD-882B
and theparagraphs
as f o l 1 ows:
.
of MIL-STD-882B where t h e i r
Paragraph
DI-H-7047A
Paragraph
101 3.1.14
Task
Task 202
Task 203
Task 204
Task 205
Task 206
Task 212
Task 213
Task
Task
D I D No.
and
D I -H-7048A
DI-H-7048A
DI-H-7048A
DI-H-7048A
D I -H-7048A
D I -H-7048A
DI-H-7048A
210
211
* V.S. GOVERNMENT PRIhTING OFFICE:
c- 1
"
2561
6-13
Licensed by Information Handling Services
1984-705-040/A-2063
THIS PAGE INTENTIONALLYLEFT
2562
7
G-14
Licensed by Information Handling Services
BLANK