Update to MIL-STD-882E - System Safety

advertisement
AN UPDATE ON THE
REVISION TO MIL-STD-882E
(SYSTEM SAFETY SOCIETY SHARING
SESSION – 11 APR 2013)
WONG FANG AIK/FAN YUE SANG
Ministerial Emphasis On Safety
“The SAF needs to carry out realistic training, and this will
be done without compromise to safety”
June 2008
“The underlying approach is not to wait for accidents or
incidents to occur, but to reduce risks and minimise the
chances/probability of incidents happening”
March 2007
“Each loss of life in training or operations is one too many;
We want to achieve ZERO FATALITIES!”
March 2007
2
Ministerial Statement on NS
Training Deaths
Nov 2012
“The SAF has a robust training safety system in place…but more needs to be done”
“The respective COIs have uncovered clear breaches of Training Safety Regulations
(TSRs) that led to the deaths”
The number of grenades used had clearly exceeded the limit specified in the TSRs
There was specific instances of individual negligence. The Combat School of
Intelligence had a weak safety culture
Chief Safety Officer and the Platoon Comd have been relieved of their duties
pending decision for a General Court Martial
Head of Wing (School), School Sergeant Major, Exercise Supervising Officer and
Exercise Conducting Officer have been relieved of their duties pending decision for a
General Court Martial
“Any Comd who ignores safety regulation, whether wilfully or negligently, puts his
soldiers at risk, is not fit for command.”
3
Scope
Introduction
Purpose of Revision
MIL-STD 882E Contents
Key Changes
In Summary
MIL-STD -882E
Introduction
An Odyssey: MIL-STD-882 Series
MIL-STD-882
– July 1969
MIL-STD-882A
– June 1977
MIL-STD-882B
– March 1984
MIL-STD-882B, Notice 1
– July 1987
MIL-STD-882C
– Jan 1993
MIL-STD-882C, Notice 1
– Jan 1996
MIL-STD-882D
– Feb 2000
MIL-STD-882E
– May 2012
(GEIA-STD-0010 best practices issued in 2008)
Purpose of Revision
US Government and Industries desire to reinstate Task
Descriptions from 882C in 882E. Allow these Tasks to
be available and be specified in contract documents
Aligns the safety standard practice with current DoD
policy
i.
8 Dec 2008 DOD incorporate requirement to use MIL-STD 882
process for Environment, Safety and Occupational Health (ESOH)
risk management.
ii.
7 Jan 2011
DASD(SE) required 882E be a standard, generic
method for the identification, classification, and mitigation of
hazards that can be practically applied by not only system safety
professionals, but also by other functional disciplines such as fire
protection engineers, occupational health engineers, etc
Main Contents in 882E
• Standard arranged into 3 Key Parts
•
General Requirements: 8 Mandatory Requirements
1.
2.
3.
4.
5.
6.
7.
8.
Document the System Safety Approach
Identify Hazards
Assess Risk
Identify Risk Mitigation Measures
Reduce Risk
Verify Risk Reduction
Accept Risk
Manage Life-Cycle Risk
-100-Series tasks –
Management
-200-Series tasks –
Analysis
-300-Series tasks –
Evaluation
-400-Series tasks –
Verification
•
Tasks (100 – 400 series): Optional
•
Appendix A: Guidance for The System Safety Effort
Appendix B: Software System Safety Engineering and
Analysis
Key Changes
Facilitates the use of 882E by multiple functional
disciplines as an integral part of Systems Engg eg
Environmental engineers, Fire protection engineers,
Occupational health professional etc.
Standardized and mandatory definitions in all contracts
(Section 3 to Mil-Std-882E). Changed from 14 to 49
definitions.
General Requirements (Section 4 to Mil-Std-882E)
Risk Assessment Matrix updated
For severity, dollar value on losses increased to reflect today’s
program costs
For probability, addition of a new Eliminated category
Revised Risk Assessment Matrix – Shall be used
Key Changes
General Requirements (Section 4)
1.
Document the System Safety Approach
2.
Identify & document Hazards
3.
Assess & document Risk
4.
Identify & document Risk Mitigation Measures
5.
Reduce Risk to an acceptable level
6.
Verify, validate and document Risk Reduction
7.
Review hazards and accept residue risk by the
appropriate authority & document
8.
Track hazards, their closures and residue risk Manage
Life-Cycle Risk
Key Changes
Identify Risk Mitigation Measures
System Safety Design Order of Precedence
increased from 4 to 5.
Eliminate Hazards Through Design
Selection
Reduce RiskNo
Through
Change Design Alteration
If not able
to select appropriate
design, then consider
design
Incorporate
Safety Engineered
Features
or
change
or alteration
Devices
Provide Warning Devices
Features that actively interrupt the mishap sequence
No Change
• Emergency Develop
cooling system
of a nuclearand
reactor
Procedures
Training
Incorporate
Procedures, Training, and
• Uninterruptible
PowerSignage,
Supply (UPS)
PPE
TABLE I. Severity Categories
SEVERITY CATEGORIES
Severity
Category
Catastrophic
Critical
Marginal
Negligible
Severity
Level
Environment, Safety, and Occupational
Health Mishap Result Criteria
1
Could result in one or more of the following: death, permanent total
disability, irreversible significant environmental impact that violates law
or regulation, or loss exceeding $10M. ($1M)
2
Could result in one or more of the following: permanent partial disability,
injuries or occupational illness that may result in hospitalization of at least three
personnel, reversible significant environmental impact causing a violation of
law or regulation, or loss exceeding $1M but less than $10M. ($200k/$1M)
3
Could result in one or more of the following: injury or occupational illness
resulting in 1 or more lost work days, reversible moderate environmental
impact causing a violation of law or regulation, or loss exceeding $100K
but less than $1M. ($10k/$200k)
4
Could result in one or more of the following: injury or illness resulting in a
lost work day, minimal environmental impact violating law or regulation,
or loss less than $100k
$2K < x< $10K.
TABLE II. Probability Levels
PROBABILITY LEVELS
Description Level
Specific Individual Item
Fleet or Inventory
A
Likely to occur often in the life of an item; with a probability of Continuously experienced.
occurrence greater than 10-1 in that life.
B
Will occur several times in the life of an item; with a
probability of occurrence less than 10-1 but greater than 10-2
in that life.
Will occur frequently.
C
Likely to occur sometime in the life of an item; with a
probability of occurrence less than 10-2 but greater than 10-3
in that life.
Will occur several times.
Remote
D
Unlikely, but possible to occur in the life of an item; with a
probability of occurrence less than 10-3 but greater than 10-6
in that life.
Unlikely but can reasonably
be expected to occur.
Improbable
E
So unlikely, it can be assumed occurrence may not be
experienced in the life of an item; with a probability of
occurrence of less than 10-6 in that life.
Unlikely to occur, but
possible.
F
Incapable of occurrence in the life of an item. This category
is used when potential hazards are identified and later
eliminated.
Incapable of occurrence within
the life of an item. This
category is used when potential
hazards are identified and later
eliminated.
Frequen
t
Probable
Occasional
Eliminated
TABLE III. Risk Assessment Matrix
RISK ASSESSMENT MATRIX
Catastrophic
(1)
Critical
(2)
Marginal
(3)
Negligible
(4)
Frequent
(A)
High
1
High
3
Serious
7
Medium
13
Probable
(B)
High
2
High
5
Serious
9
Medium
16
Occasional
(C)
High
4
Serious
6
Medium
11
Low
18
Remote
(D)
Serious
8
Medium
10
Medium
14
Low
19
Improbable
(E)
Medium
12
Medium
15
Medium
17
Low
20
Eliminated
(F)
Eliminated
Risk Assessment code (RAC) : eg 1A, 3E, etc
Key Changes
Re-introduced and revised optional task descriptions
from 882C. Total 25 optional tasks.
100 series tasks - Management
200 series tasks - Analysis
300 series tasks - Evaluation
400 series tasks - Verification
Included new Tasks
Task 103 - Hazard Management Plan
Task 106 - Hazard Tracking System
Task 108 - Hazardous Materials Management Plan
Task 208 - Functional Hazard Analysis
Task 209 - System-of-Systems Hazard Analysis
Task 210 - Environmental Hazard Analysis
etc
Key Changes
Updated “Appendix A – Guidance for the System Safety
Effort”
Task application matrix updated
Example on probability levels table includes quantitative values.
Added Appendix B – Software System Safety Engineering
and Analysis
Additional detail on software system safety techniques and practices
Based on DOD Joint Software System Safety Engineering handbook
In Summary
More reader-friendly: contents re-structured; clearer
terminology.
More up-to-date: incorporate current DOD policy and
defines task descriptions to improve system safety
practices.
Use of 882E across all functional disciplines
Improve consistency of system safety practices across
programs.
Task 100 Series - Management
Task 100 Series - Management
Task 101 Hazard Identification and Mitigation Effort Using The
System Safety Methodology
Task 102 System Safety Program Plan
Task 103 Hazard Management Plan
Task 104 Support of Government Reviews/Audits
Task 105 Integrated Product Team/Working Group Support
Task 106 Hazard Tracking System
Task 107 Hazard Management Progress Report
Task 108 Hazardous Materials Management Plan
Task 200 Series - Analysis
Task 200 Series - Analysis
Task 201 Preliminary Hazard List
Task 202 Preliminary Hazard Analysis
Task 203 System Requirements Hazard Analysis
Task 204 Subsystem Hazard Analysis
Task 205 System Hazard Analysis
Task 206 Operating and Support Hazard Analysis
Task 207 Health Hazard Analysis
Task 208 Functional Hazard Analysis
Task 209 System-of-Systems Hazard Analysis
Task 210 Environmental Hazard Analysis
Task 300 Series – Evaluation
Task 300 Series – Evaluation
Task 301 Safety Assessment Report
Task 302 Hazard Management Assessment Report
Task 303 Test and Evaluation Participation
Task 304 Review of Engineering Change Proposals, Change Notices,
Deficiency Reports, Mishaps, and Requests for Deviation/Waiver
Task 400 Series - Verification
Task 400 Series - Verification
Task 401 Safety Verification
Task 402 Explosives Hazard Classification Data
Task 403 Explosive Ordnance Disposal Data
Download