System Safety Engineering an Overview for Engineers And

Total Page:16

File Type:pdf, Size:1020Kb

System Safety Engineering an Overview for Engineers And A-P-T Research, Inc. SSyysstteemmSSaaffeettyyEEnnggiinneeeerriinngg AAnnOOvveerrvviieewwffoorr EEnnggiinneeeerrssaannddMMaannaaggeerrss P. L. Clemens October 2005 Topics… • What is System Safety Engineering? • When should System Safety be used? • How is System Safety done? • Who should perform System Safety analyses? • What does System Safety Cost? • Why do System Safety? M-05-02600-2 What’s a SYSTEM? (and a few other basics)… • SYSTEM: an entity, at any level of complexity, intended to carry out a function, e.g.: • A doorstop • An operating procedure • An aircraft carrier • An implantable insulin pump • Systems pose HAZARDS. Hazards threaten harm to ASSETS. • ASSETS are RESOURCES having value to be protected, e.g.: • Personnel • The product • The environment • Equipment • Productivity • Reputation • RISK, is an attribute of a hazard-asset combination — a measure of the degree of harm that is posed. M-05-02600-3 What’s System Safety? It has two chief aspects… • A DOCTRINE of Management Practice: • Hazards (threats to Assets) abound and must be identified. • Risk is an attribute of a hazard that expresses the degree 1 of the threat posed to an asset — risks must be assessed. • A non-zero Risk Tolerance Limit must be set — a management function. • Risks of Hazards exceeding the Tolerance Limit must be suppressed (or accepted by management). • A Battery of ANALYTICAL METHODS to support practice of the DOCTRINE — The analytical methods are divisible into: 2 • TYPES, addressing What / When / Where the analysis is done • TECHNIQUES, addressing How the analysis is done M-05-02600-4 The Types & Techniques of Analysis… TECHNIQUES (How)… TYPES (What / When / Where)… • Preliminary Hazard Analysis • Preliminary Hazard Analysis (PHA*)1/2/3 (PHA*) • Failure Modes and Effects • System Hazard Analysis Analysis (FMEA)1/3 • Subsystem Hazard Analysis • Fault Tree Analysis2/4 • Operating and Support Hazard • Event Tree Analysis3/4 Analysis • Cause-Consequence • Occupational Health Hazard Analysis3/4 Analysis • Hazard & Operability Study • Software Hazard Analysis (HAZOP)1/3 • many others… • Job Hazard Analysis But, 1/3 The TYPES and TECHNIQUES are to… (JHA/JSA) WHAT • Digraph Analysis1/3 • IDENTIFY HAZARDS, and to… IS • ASSESS THEIR RISKS. RISK? • many others… 1 Hazard Inventory 2 Top Down 3 Bottom Up 4 Logic Tree M-05-02600-5 What is RISK? RISK: An expression of the combined SEVERITY and PROBABILITY of HARM to an ASSET. SYSTEM ASSETS* PROGRAMMATIC may be: ASSETS* may be: • Personnel • Cost • Equipment • Schedule • Productivity • Mission • Product • Performance • Environment • Constructability • …others • …others RISK is an attribute of a THREATS to ASSETS HAZARD-ASSET are called combination! HAZARDS. M-05-02600-6 Hazards are TTHHRREEAATTSS to AASSSSEETTSS HAZARDS MUST BE IDENTIFIED! …or System Safety and Risk Management cannot be practiced! HAZARDS… are best described as terse Loss Scenarios, each expressing SOURCE MECHANISM OUTCOME Thusly: “Faulty control logic producing yaw overdrive and model damage.” NOT: “Pranged wind tunnel model.” OR “Occupancy of an unventilated confined space leading to death from asphyxia.” NOT: “Running out of air.” M-05-02600-7 The Risk Plane… SEVERITY and PROBABILITY, Cataclysmic the two variables that constitute risk, R = K3 > K2 g n si define a a e k RISK PLANE. r is c R In Likely R = K2> K1 R = P x S = K1 SEVERITY RISK Iso-risk is contours CONSTANT along any ISO-RISK CONTOUR. PROBABILITY is a function of EXPOSURE 0 INTERVAL. NEVER PROBABILITY M-05-02600-8 Using ISO-Risk Contours… ACCEPTANCE: Risk Tolerance Boundaries follow iso-risk contours. B NOT ACCEPTABLE SEVERITY A PROVISIONALLY ACCEPTABLE Further Risk Reduction Note that risk ACCEPTABLE Desirable. at A equals risk at B. (de minimis) 0 PROBABILITY 0 M-05-02600-9 The Risk Plane Becomes a Matrix… Segmenting the Risk Plane into tractable cells produces a Matrix to enable using subjective judgment. SEVERITY F E D C B A PROBABILITY I Matrix cell zoning approximates II the continuous, iso-risk contours in the Risk Plane. Zones in the Matrix SEVERITY III define Risk Tolerance Boundaries. IV Jeopardy PROBABILITY M-05-02600-10 A Typical Risk Assessment Matrix*… A guide for applying subjective judgment… Severity of Consequences Probability of Mishap** Category / Personnel Equipment Down Descriptive Injury / Loss F E D C B A Word Illness $ Time Impossible Improbable Remote Occasional Probable Frequent I >4 Catastrophi Death >1M c Mo 1 Severe II 250K 2Wks Injury or to to Critical Severe 2 Illness 1M 4Mo Minor III 1k 1 Day Injury or to to Marginal Minor 3 Illness 250K 2Wks IV No Injury <1K <1 Negligible or Illness Day *Adapted from MIL-STD-882D **Life Cycle: Personnel: 30 yrs / Others: Project Life Risk Code/ Imperative to Operation requires written, Operation 1 suppress risk 2 time-limited waiver, endorsed 3 permissible Action to lower levels by management M-05-02600-11 The “Flow” of System Safety Practice… Program Initiation • Documenting the • Documenting the Eight key Performance Steps SSyysstteemmSSaaffeettyy Approach are distributed through Approach Five Major Functional •• TTaasskkss Elements of the •• SScchheedduullee •• TTeeaamm System Safety Program •• TToooollss Hazard Identification ••RReeccooggnniizziinngg&& Risk Assessment DDooccuummeennttiinngg UUnnddeerrssttaannddiinngg ••AAsssseessssiinnggMMiisshhaappRRiisskk HHaazzaarrddss HHaazzaarrddss Understanding MMaattuurriinngg Continuous Risk Drivers DDeessiiggnn Hazard Iterative ll Tracking LLiiffee CCyyccllee Risk Reduction MMoonniittoorriinngg Continuous Changes Risk Reduction Risk Acceptance ••IIddeennttiiffyyiinnggMMiittiiggaattiioonnMMeeaassuurreess ••RReessiidduuaallRRiisskk UUnnddeerrssttaannddiinngg Review & RRiisskkOOppttiioonnss ••RReedduucciinnggRRiisskkttooAAcccceeppttaabbllee Review & LLeevveell AAcccceeppttaannccee ••VVeerriiffyyiinnggRRiisskkRReedduuccttiioonn M-05-02600-12 Major System Safety Cross-Link Disciplines… • Programmatic Risk Management • The “…ilities” ISN’T RELIABILITY PROGRAMMATIC • Reliability RISK MANAGEMENT ENGINEERING treats its own • Availability ENOUGH? special classes • Maintainability USUALLY NOT! of hazards, posing risk to, • Survivability • Reliability e.g.: • Configuration Management explores the • Cost Probability of • Schedule • Procedures Preparation Success, alone. • Performance • …others… • Constructability • System Safety • …others explores the Probability of Failure AND its Severity Penalty. M-05-02600-13 Topics… • What is System Safety Engineering? • When should System Safety be used? • How is System Safety done? • Who should perform System Safety analyses? • What does System Safety Cost? • Why do System Safety? M-05-02600-14 System* Safety Application throughout Life Cycle… DON’T OVERLOOK: • Operational / Mission Phases • Maintenance • Decommissioning A typical approach: • Etc… / / N N E IO N W IN N T IO O T IO N T D A T D G U T L G P E C A E IN O A IA G I E IL N I L K T R R T IN S C A R L A S E I N E T IG B A TE P IN D N E S A ST SH O N O D E F N LA C D I P LIFE CYCLE ry to n e ) v IL In C rd / a L z H is is a (P s s H ly s ly a a a n , n A d … A e d n d n re r a e then… T s) a ) t w lt si z A a o u y r a H ic D a l o p H P d - F a / U ( n p ( n d - s i To A n m si a to ly ) t a A REVISIT the ANALYSIS when there is… o n E B A M • Modification of: (F – System Design / Architecture – Applied Stresses (service or environmental) *NOTE – Maintenance Protocol • A “Near Miss” “System” includes hardware, software, procedures, • A Loss Event (to support autopsy) training / certification, maintenance protocol, etc. — the GLOBAL System. M-05-02600-15 Comparing Two Work Models for Design-Build Efforts*… Review Reliability / Maintainability / Safety / Constructability / other “ilities” Serial “Traditional” Design Approach 30% 60% 90% Modify / Retrofit / Recover Time Effort / Calendar Saved Concurrent “Enlightened” Engineering Approach 30% 60% 90% Ongoing Analysis / Review / Crossfeeding Results • Continuous, iterative feedback of analysis results into design CONCURRENT • Earlier accommodation to findings DESIGN • Manhours and calendar time conserved RESULTS: • Fewer “surprises” / performance-threatening retrofits • Fewer awkward compromises — more coherent design *Journal of the American Society of Safety Engineers; November, 1999 M-05-02600-16 What systems benefit best by System Safety application? • Use System Safety if the system… • is complex — i.e., interrelationships among elements is not readily apparent, and/or • uses untried or unfamiliar technology, and/or • contains one or more intense energy sources — i.e., energy level and/or quantity is high, and/or • has reputation-threatening potential, and/or • falls under the purview of a mandating regulation (e.g., 29 CFR 1910.119) M-05-02600-17 Why / When use more specialized analytical techniques? Top-down Analysis (e.g., Fault Tree Analysis) and / or Bottom-up Analysis (e.g., Failure Modes and Effects Analysis) • when SYSTEM COMPLEXITY exceeds PHA capability, and/or… • to evaluate risk more precisely in support of RISK ACCEPTANCE DECISIONS, and/or… • to support DESIGN DECISIONS on matters of component selection/system architecture, etc. M-05-02600-18 Design Decisions — an example… Risk too high? Then F Go Redundant! Subsystem A B C 1 Level F Redundancy But WHERE to redundify? F1 F2 • System? • Subsystem? A B C A´ B´ C´ • Assembly? • Subassembly? • Component? Component 2 Level • Piece Part? F Redundancy Variations in system architecture, using the same components, can produce profound differences in A A´ B B´
Recommended publications
  • Hearing Loss Prevention and a Survey of Firefighters
    Update 2017 Vol. 29, Issue 1 The Council for Accreditation in Occupational Hearing Conservation Hearing Loss Prevention and a Survey of Firefighters Submitted by: Natalie Rothbauer, Illinois State University According to the Occupational and Safety Administration (OSHA), Candidates with the following medical conditions shall not be certified as approximately 30 million people are exposed to hazardous noise annually, meeting the medical requirements of this standard: (1) Chronic vertigo which places them at risk for auditory injuries such as noise-induced or impaired balance as demonstrated by the inability to tandem gait hearing loss (NIHL) and tinnitus. Noise-induced hearing loss can be walk. (2) On audiometric testing, average hearing loss in the unaided costly to workers as it can interfere with their daily tasks. It may make it better ear greater than 40 decibels (dB) at 500 Hz, 1000 Hz, and 2000 impossible to hear important warning signals and other important sounds, Hz when the audiometric device is calibrated to ANSI Z24.5. (3) Any possibly resulting in a worker being relieved from duty. Firefighting is ear condition (or hearing impairment) that results in a person not being considered a hearing critical profession because warning signal audibility able to safely perform essential job tasks. - NFPA Standard 1582 (pp. 11) could be the difference between life and death (Hong et al, 2013). Knowledge A literature review did not reveal a consistent sound exposure profile for Survey data indicated that many firefighters were knowledgeable of some career firefighters due to the variable noises and length of work shift. Some of the aspects of hearing loss and approaches to prevention.
    [Show full text]
  • System Safety Engineering: Back to the Future
    System Safety Engineering: Back To The Future Nancy G. Leveson Aeronautics and Astronautics Massachusetts Institute of Technology c Copyright by the author June 2002. All rights reserved. Copying without fee is permitted provided that the copies are not made or distributed for direct commercial advantage and provided that credit to the source is given. Abstracting with credit is permitted. i We pretend that technology, our technology, is something of a life force, a will, and a thrust of its own, on which we can blame all, with which we can explain all, and in the end by means of which we can excuse ourselves. — T. Cuyler Young ManinNature DEDICATION: To all the great engineers who taught me system safety engineering, particularly Grady Lee who believed in me, and to C.O. Miller who started us all down this path. Also to Jens Rasmussen, whose pioneering work in Europe on applying systems thinking to engineering for safety, in parallel with the system safety movement in the United States, started a revolution. ACKNOWLEDGEMENT: The research that resulted in this book was partially supported by research grants from the NSF ITR program, the NASA Ames Design For Safety (Engineering for Complex Systems) program, the NASA Human-Centered Computing, and the NASA Langley System Archi- tecture Program (Dave Eckhart). program. Preface I began my adventure in system safety after completing graduate studies in computer science and joining the faculty of a computer science department. In the first week at my new job, I received a call from Marion Moon, a system safety engineer at what was then Ground Systems Division of Hughes Aircraft Company.
    [Show full text]
  • Control of Hazardous Energy by Lock-Out and Tag-Out
    Control of Hazardous Energy By Lock-out and Tag-out Why Lock-Out and Tag-Out? Basics of Lock-Out and Tag-Out Learning From Case Histories What Industry Process Safety Leaders Say Additional Reading February 23, 2005 This Safety Alert can also be found on the CCPS Web site at http://www.aiche.org/ccps/safetyalert Copyright 2005 American Institute of Chemical Engineers Engineers Chemical of Institute Copyright 2005 American CCPS Safety Alert, February 23, 2005 The Center for Chemical Process Safety was established by the American Institute of Chemical Engineers in 1985 to focus on the engineering and management practices to prevent and mitigate major incidents involving the release of hazardous chemicals and hydrocarbons. CCPS is active worldwide through its comprehensive publishing program, annual technical conference, research, and instructional material for undergraduate engineering education. For more information about CCPS, please call 212-591-7319, e-mail [email protected], or visit www.aiche.org/ccps Copyright 2005 American Institute of Chemical Engineers 3 Park Avenue New York, New York 10016 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise without the prior permission of the copyright owner. It is sincerely hoped that the information presented in this document will lead to an even more impressive record for the entire industry; however, the American Institute of Chemical Engineers, its consultants, CCPS Subcommittee members, their employers, and their employers’ officers and directors disclaim making or giving any warranties, expressed or implied, including with respect to fitness, intended purpose, use or merchantability and/or correctness or accuracy of the content of the information presented in this document.
    [Show full text]
  • Towards Safety Assessment Checklist for Safety-Critical Systems P.V
    Article can be accessed online at http://www.publishingindia.com Towards Safety Assessment Checklist for Safety-critical Systems P.V. Srinivas Acharyulu*, P. S. Ramaiah** Abstract 1. Introduction Safety-critical systems are ever increasing in day to Safety-Critical Systems are those systems whose failure day life such as use from microwave oven to robots could result in loss of life, significant property damage, involving computer systems and software. Safety- or damage to environment (Knight, J.C, 2002). Safety in critical systems must consider safety engineering and broad pertains to the whole system, computer hardware, safety management principles in order to be safe when software, other electronic & electrical components and they are put into use. Safety analysis must be done. stake holders. A safety-critical system is such a system Safety assessment of such systems is difficult but not impossible. They must deal with the hazards analysis which has the potential to cause hazard either directly or in order to reduce or prevent risks to environment, indirectly. The emphasis of this paper is on the element property damage and / or loss of life through risk-free of software for such safety critical systems, which can and failure free or fail-safe operations. The existing be referred to as safety critical software. Some of the methods are found to be limited and inadequate safety critical applications include flight control systems, to address the risks associated and for safety medical diagnostic and treatment devices, weapon assessment. This paper proposes a methodology for systems, nuclear power systems, robots and many. Failure safety assessment of safety critical systems based on free and risk free or fail-safe operations may not lead to identifying significant and non-significant aspects of hazards.
    [Show full text]
  • A Checklist for Inherently Safer Chemical Reaction Process Design and Operation
    A Checklist for Inherently Safer Chemical Reaction Process Design and Operation Introduction Chemical reaction hazard identification • Reaction process design considerations Ž Where to get more help March 1, 2004 This Safety Alert can also be found on the CCPS Web site at http://www.aiche.org/ccps/safetyalert Copyright 2004 American Institute of Chemical Engineers The Center for Chemical Process Safety was established by the American Institute of Chemical Engineers in 1985 to focus on the engineering and management practices to prevent and mitigate major incidents involving the release of hazardous chemicals and hydrocarbons. CCPS is active worldwide through its comprehensive publishing program, annual technical conference, research, and instructional material for undergraduate engineering education. For more information about CCPS, please call 212-591-7319, e-mail [email protected], or visit www.aiche.org/ccps Copyright 2004 American Institute of Chemical Engineers 3 Park Avenue New York, New York 10016 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise without the prior permission of the copyright owner. It is sincerely hoped that the information presented in this document will lead to an even more impressive record for the entire industry; however, the American Institute of Chemical Engineers, its consultants, CCPS Subcommittee members, their employers, and their employers’ officers and directors disclaim making or giving any warranties, expressed or implied, including with respect to fitness, intended purpose, use or merchantability and/or correctness or accuracy of the content of the information presented in this document.
    [Show full text]
  • Risk Management – an Area of Knowledge for All Engineers
    RISK MANAGEMENT – AN AREA OF KNOWLEDGE FOR ALL ENGINEERS A Discussion Paper By: Paul R. Amyotte, P.Eng.1 & Douglas J. McCutcheon, P.Eng.2 1Chemical Engineering Program Department of Process Engineering & Applied Science Dalhousie University Halifax, Nova Scotia, Canada B3J 2X4 <[email protected]> 2Industrial Safety & Loss Management Program Faculty of Engineering University of Alberta Edmonton, Alberta, Canada T6G 2G6 <[email protected]> Prepared For: The Research Committee of the Canadian Council of Professional Engineers October 2006 SUMMARY The purpose of this paper is to “seed” the discussion by the Research Committee of the Canadian Council of Professional Engineers (CCPE) on the topic of risk management. The paper is in part a research paper and in its entirety a position paper. As can be inferred from the title, the authors hold the firm opinion that risk management is an area of knowledge with which all engineers should have familiarity and a level of competence according to their scope of practice. The paper first makes the distinction between hazard and risk. The two terms are often used interchangeably when in fact they are quite different. A hazard is a chemical or physical condition that has the potential to cause harm or damage to people, environment, assets or production. Risk, on the other hand, is the possibility or chance of harm arising from a hazard; risk is a function of probability and severity of consequences. A description of the process of risk management is then given. A generic framework for risk management is presented to illustrate the essential activities of hazard identification and the analysis, assessment and management of risks.
    [Show full text]
  • Safety Engineer What Do They Do? Safety Engineers Make Sure Workplaces Are Safe
    Safety Engineer What Do They Do? Safety Engineers make sure workplaces are safe. They monitor the general work environment, inspect buildings and machines for hazards and safety violations, and recommend safety features in new processes and products. Safety Engineers evaluate plans for new equipment to assure that it is safe to operate and investigate accidents to determine the cause and how to keep them from happening again. Safety Engineers also design special safety clothing and safety devices to protect workers from injury when operating machines. They may educate workers through safety campaigns or classes. Some Safety Engineers specialize in fire prevention They analyze the design of buildings and the items in them to determine the best place to put fire extinguishers, sprinklers and emergency exits. Others specialize in product safety. They conduct research to make sure products are safe and recommend how a company can change its product design to make it safe. What Do I Have To Do To Be One? To work as a Safety Engineer, you must have a Bachelor's Degree in Industrial Engineering; Industrial Management or a related field. People who work in this occupation are curious and detail-oriented; have strong analytical skills; and are creative. Some courses to take to prepare you for this occupation include: Chemistry, Computers, Communications, English, Math, and Science. You should also be able to present your ideas effectively both orally and in writing. You should be able to work within precise limits or standards of accuracy and rate information using standards that can be measured or checked. How Much Do They Make? Salaries of Safety Engineers usually depend on their education level, work experience, area of specialization and level of responsibility.
    [Show full text]
  • NAVY Safety & Occupational Health Manual OPNAV M-5100.23 of 5 Jun
    OPNAV M-5100.23 5 Jun 2020 NAVY SAFETY AND OCCUPATIONAL HEALTH MANUAL THIS PAGE INTENTIONALLY LEFT BLANK THIS PAGE INTENTIONALLY LEFT BLANK OPNAV M-5100.23 5 Jun 2020 TABLE OF CONTENTS SECTION A. SAFETY MANAGEMENT SYSTEM Chapter 1. INTRODUCTION A0101. Purpose……………………………………………………………………..... A1-2 A0102. Scope and Applicability……………………………………………………… A1-2 A0103. Definition of Terms………………………………………………………….. A1-4 A0104. Background…………………………………………………………………... A1-4 A0105. Discussion……………………………………………………………………. A1-5 A0106. Introduction to the Navy SMS Framework………………………………….. A1-6 A0107. Responsibilities………………………………………………………………. A1-7 Chapter 2. POLICY AND ORGANIZATIONAL COMMITMENT A0201. Introduction………………………………………………………………….. A2-1 A0202. Methodology………………………………………………………………… A2-1 A0203. Organizational Commitment and Accountability…………………………… A2-3 A0204. Appointment of SMS Personnel……………………………………………… A2-4 Chapter 3. RISK MANAGEMENT A0301. Introduction………………………………………………………………….. A3-1 A0302. Methodology………………………………………………………………… A3-1 A0303. Error Tolerance……………………………………………………………… A3-1 A0304. Principles…………………………………………………………………..... A3-2 A0305. Requirements………………………………………………………………… A3-3 Chapter 4. ASSURANCE A0401. Introduction………………………………………………………………….. A4-1 A0402. Methodology………………………………………………………………… A4-1 A0403. Requirements……………………………………………………..................... A4-1 A0404. Continuous Improvement………………………………………………….… A4-2 A0405. Management Review……………………………………………………….... A4-2 Chapter 5. PROMOTION A0501. Introduction………………………………………………………………….. A5-1
    [Show full text]
  • Lockout/Tagout: Don't Flip out Over LOTO Compliance
    COVER STORY Lockout/Tagout: Don’t Flip Out over LOTO Compliance Update your understanding of this life- and limb-saving standard. By Evelyn Sacks welder was crushed to death by a hydraulic door on a scrap met- al shredder. He was trying to remove a jammed piece of metal from the door. "e system’s energy had not been released, and the door had not been blocked open. A mechanic was fatally crushed in an escalator while per- forming maintenance. He had removed the escalator stairs and crawled inside the escalator mechanism. When a coworker Adropped the escalator’s electrical circuit box, it triggered a relay that sent power to the escalator. "e stairs began moving, and the mechanic could not escape. "e escalator had no locks or tags on any power controls. "ese grizzly examples are typical of the estimated 150–200 fatalities (and 50,000 or so injuries) that occur each year due to a failure to control the release of hazardous energy. Lockout/tagout (LOTO) 1910.147 refers to the Occupa- tional Safety and Health Administration (OSHA)-required practices and proce- dures to protect workers from unexpected start-up of machinery or from haz- ardous energy released during service or maintenance. "e standard is based on the fact that simply turning equipment o# is not enough to block stored energy. Lockout devices hold energy-isolating equipment in a safe or o# position. "ey prevent equipment from becoming energized because the lockout devices cannot be removed without a key or other unlocking mechanism. Tagout devices, by contrast, are prominent warning devices that are fastened to energy-isolating devices to warn employees not to reenergize the machine while they are being serviced or maintained.
    [Show full text]
  • Traditional Safety Engineering Techniques, Discussion of Responsibility Assignment
    Three Approaches to Safety Engineering Civil Aviation Nuclear Power Defense Civil Aviation Fly-fix-fly: analysis of accidents and feedback of experience to design and operation Fault Hazard Analysis: ± Trace accidents (via fault trees) to components ± Assign criticality levels and reliability requirements to components ± Specify development procedures (e.g., DO-178B, Software Certification Requirements Fail Safe Design³1RVLQJOHIDLOXUHRUSUREDEOH combination of failures during any one flight shall jeopardize the continued safe flight and landing of the DLUFUDIW´ Other airworthiness requirements (seat belts, oxygen) Fail-Safe Design in Aviation Design integrity and quality Redundancy Isolation (so failure in one component does not affect another) Component reliability enhancement Failure indications (telling pilot a failure has occurred, may need to fly plane differently) Specified flight crew procedures Fail-Safe Design in Aviation (2) Design for checkability and inspectability Failure containment Damage tolerance ± Systems surrounding failures should be able to tolerate them in case failure cannot be contained Designed failure paths ± Direct high energy failure that cannot be tolerated or contained to a safe path ± (JXVHRIVWUXFWXUH³IXVHV´LQS\ORQVVRHQJLQHZLOOIDOORII before it damages the structure Fail-Safe Design in Aviation (3) Safety margins or factors Error tolerance ± Design so human cannot make mistakes or errors are tolerated Examples: Careful design of cockpit layouts and switches Use of color coding or different
    [Show full text]
  • Auditory Hazards of Air Bags March 27, 1997 Dr. Ricardo Martinez
    Auditory Hazards of Air Bags March 27, 1997 Dr. Ricardo Martinez, Director National Highway Traffic Safety Administration (NHTSA) 400 7th Ave. SW Washington, DC 20590 Dear Dr. Martinez: As the President of the National Hearing Conservation Association (NHCA), I am writing to you about the problems created by the government mandate requiring air bags to be installed in all new U. S. automobiles. Although we are sensitive to the fact that airbags have saved approximately 1500 lives, that is only part of the story. As the President of an association whose mission is the prevention of hearing loss due to noise and other environmental factors, I urge you to reconsider your position. The NHCA is an organization of professionals who share a common goal - the prevention of noise-induced hearing loss. The Association is composed of audiologists, physicians, industrial hygienists, safety specialists, engineers and scientists, occupational health nurses, equipment manufacturers, and others, all of whom are concerned with the prevention of hearing loss for the 30+ million Americans who are exposed to hazardous noise at work. NHCAs interests extend to all situations in which hazardous noise exists, whether occupational settings in industry, construction, farming, or the armed forces. As well, NHCA is interested in preventing noise-induced hearing loss in non-occupational applications in the consumer and recreational sectors. Although it is true that airbags can save lives, data as reported on the NHTSA web page indicate that approximately 60 lives have been lost due to airbag deployments. It does seem tragic indeed that drivers have no choice about whether they put a potentially lethal device in their cars, when alternatives such as lap and shoulder belts exist and are finding increasing use among the public.
    [Show full text]
  • M. Tech. DEGREE INDUSTRIAL SAFETY ENGINEERING
    M.Tech. (Industrial Safety Engineering) M. Tech. DEGREE INDUSTRIAL SAFETY ENGINEERING SYLLABUS FOR CREDIT BASED CURRICULUM (2009 -2010) DEPARTMENT OF MECHANICAL ENGINEERING NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPPALLI – 620 015, INDIA. Department of Mechanical Engineering, National Institute of Technology, Tiruchirappalli – 620 015. M.Tech. (Industrial Safety Engineering) M.Tech. - INDUSTRIAL SAFETY ENGINEERING The total credits required for completing the M.Tech. Programme is 63 SEMESTER I Code Course of Study L T P C MA 611 Probability and Statistics 3 1 0 4 ME 653 Safety Management 3 0 0 3 ME 655 Occupational Health and Hygiene 3 0 3 4 ME 657 Safety in Engineering Industry 3 0 0 3 ME 659 Regulation for Health, Safety and 3 0 0 3 Environment Elective I 3 0 0 3 18 1 3 20 SEMESTER II Code Course of Study L T P C ME 652 Computer Aided Risk Analysis 3 0 0 3 ME 654 Safety in Chemical Industry 3 0 0 3 ME 656 Fire Engineering and Explosion 3 0 0 3 Control ME 658 Industrial Safety Lab 0 0 3 1 Elective II 3 0 0 3 Elective III 3 0 0 3 Elective IV 3 0 0 3 18 0 3 20 SEMESTER III Code Course of Study L T P C ME 797 Project work - Phase I 0 0 0 12 SEMESTER IV Code Course of Study L T P C ME 798 Project work - Phase II 0 0 0 12 Total Credits 63 Department of Mechanical Engineering, National Institute of Technology, Tiruchirappalli – 620 015. M.Tech.
    [Show full text]