System Safety Assessment

GUIDANCE

Investment Analysis > Investment Analysis Special Topics > System Safety Assessment

Download in Microsoft Word

Special Topic in Investment Analysis

December 1, 2000

Art Politano, ASD-430

System Safety Assessment

Guidance:

Investment Analysis Teams, using the Operational Safety Assessment (OSA) developed during the mission analysis phase of the Acquisition Management System, must develop a Comparative Safety Assessment (CSA) in which each safety hazard is assessed in context of the investment alternatives.

An Operational Safety Assessment (OSA) will be conducted during Mission Analysis in accordance with the NAS Modernization System Safety Management Plan (SSMP).

The SSMP refers to: (1) a list of NAS hazards potentially existing in the operational environment under study, and (2) the potential severity of each hazard. A NAS hazard is any unsafe act or condition, per each function, which can result in an accident. The severity of each NAS hazard is determined by the worst credible outcome, or effect of the NAS hazard on the aircraft or an operational system. The SSMP also refers to mapping the severity of each hazard to determine the level of acceptable safety performance (desired target level). Lastly in the case of a legacy system for which a product upgrade is needed, the SSMP also suggests the identification of specific safety hazards and requirements for their mitigation.

A Comparative Safety Assessment takes the hazards identified in the OSA and assesses each hazard’s safety risk for each viable alternative. Steps in conducting a Comparative Safety Assessment are to:

Define the alternative solutions under study in system engineering terms (mission, human, machine, media and management).
Develop a set of hierarchical functions that each solution must perform.
Using these hierarchical functions and the NAS hazard information of the OSA, develop a Preliminary Hazard List (PHL) for each alternative solution.
List and evaluate the risk of each hazard for the viable alternative solutions. A format is available from Appendix B of the FAA System Safety Management Plan (SSMP).
Evaluate the risk according to the guidelines in the System Safety Handbook and the NAS Modernization SSMP.
Document the assumptions and justifications for how the severity and probability of each hazard condition was determined.

In the event an OSA was not prepared in Mission Analysis, the IAT would start with the development of a Preliminary Hazard List (PHL), in accordance with the System Safety Handbook (2).

These steps should be conducted with the participation of key stakeholders, including safety specialists, sponsors, developers, and end users. Where possible, give preference to specific information rather than using assumptions. If assumptions are made, they should be conservative and should not adversely affect safety. The result of the CSA is a ranking of alternative solutions by reduction in safety risk or other benefits.

An example of a Comparative Safety Assessment can be found in Appendix B of the FAA System Safety Handbook (3).

Not all investment analyses require a Comparative Safety Assessment. The decision is made jointly by the Investment Analysis Team Lead and the System Safety Working Group (SSWG) at the beginning of the investment analysis. If the decision is made to conduct a Comparative Safety Assessment, the SSWG will assign a control number, track the CSA to its completion, and report to the JRC on any residual risk for each alternative solution.

Once the investment decision is made, the OSA and CSA, along with other products, are used by the Integrated Product Team to develop the System Safety Program Plan (SSPP) for the selected alternative. The objective of the SSPP is to ensure safety is designed into the systems, subsystems, equipment, facilities, and their interfaces and operation.

Rationale:

On June 28, 1998, the FAA Administrator issued Order 8040.4 to establish FAA Safety risk management policy. This policy requires all the lines of business (LOB) of the FAA to establish and implement a formal risk management program consistent with the LOB’s role in the FAA.

The Acquisition Management System (AMS) provides agency-wide policy and guidance that applies to all phases of the acquisition life cycle.

AMS policy, paragraphs 2.9.13 reads:

System safety management shall be conducted and documented throughout the acquisition management lifecycle. Critical safety issues identified during mission analysis are recorded in the Mission Need Statement; a system safety assessment of candidate solutions to mission need is reported in the Investment Analysis Report; and Integrated Product Teams provide for program-specific safety risk management planning in the Acquisition Strategy Paper.

Each line of business involved in acquisition management must institute a system safety management process that includes at a minimum: hazard identification, hazard classification (severity of consequences and likelihood of occurrence) measures to mitigate hazards or reduce risk to an acceptable level, verification that mitigation measures are incorporated into product design and implementation, and assessment of residual risk. Status of system safety shall be presented at all Joint Resource Council meetings.

References

Federal Aviation Administration, FAA System Safety Handbook, May 5, 2000 draft. Pages 4-3 to 4-7. Washington, D.C. , NAS Architecture Branch.

Ibid., pages 4-3 to 4-7.

Ibid., pages 4-8 and 4-9.