[SystemSafety] Preliminary Hazard Analysis - Approaches

Wed Apr 24 13:14:12 CEST 2013

I think it is useful to use a checklist as input to your analysis to
identify potential hazardous events related to your system, but I think the
failure of system functions should be analysed bottom-up. This would
demonstrate how you got to the conclusion that certain specific events from
the list of top events are related to your system, at least in preliminary
stages, even if you don't have detailed design
information available. Unless it is a product with which you already have a
lot of experience, but even in that case functions could change depending
on the application environment.

2013/4/24 jean-louis Boulanger <jean.louis.boulanger at gmail.com>

> Hello
> The pha is done without knowledge of the breakdown
> The Idea is select the set of fear event related to your system
>
>
>
> Le mercredi 24 avril 2013, M Mencke a écrit :
>
>
>> Dear all,
>>
>>
>>
>> I have seen different approaches to Preliminary Hazard Analysis in the
>> railway sector.
>>
>>
>>
>> I have come across a top-down method, which (roughly) involves the
>> following steps:
>>
>>
>>
>> Use of an “Example Railway Hazard List” based on the hazardous events
>> modeled by RSSB’s Safety Risk Model. The hazardous events are classified
>> according to the type of event. For example, Collision, Fire, etc.
>>
>>
>>
>> The events on this list are linked to the functions of the system being
>> analysed. For example, avoiding a collision between two passenger trains
>> can be considered a function of the signaling system.
>>
>>
>>
>> The functions identified are broken down into components, modules, etc.,
>> therefore linking them to the top hazard.
>>
>>
>>
>> This sounds similar to a Fault Tree Analysis; my question is, is it
>> useful to apply this approach during initial design stages?
>>
>>
>>
>> From my point of view, if you select the top hazards which you consider
>> to be mitigated by your system from a list at the beginning of your
>> analysis, you could overlook some significant hazards which may be
>> generated by a (sub)system/function failure that you did not initially
>> identify.
>>
>>
>>
>> Personally, I prefer a bottom-up approach. It seems to me that by
>> analyzing failures of system functions through the application of keywords,
>> etc., effects on the subsystem and the system can be easily identified,
>> whereas the other way round, you have to be very familiar with the effects
>> in order to be able to work downwards.
>>
>>
>>
>> Any opinions would be appreciated.
>>
>>
>>
>> Kind regards,
>>
>>
>>
>> Myriam.
>>
>>
>>
>
>
> --
> Mr Jean-louis Boulanger
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130424/4be3ae65/attachment-0001.html>