[SystemSafety] systemsafety Digest, Vol 42, Issue 11

Dale Masini markndale at gmail.com
Tue Jan 19 08:52:19 CET 2016 

Hi Matt,

Agree, while the process is reasonable, it is not perfect. Indeed most
techniques have their own unique flaws. I add the results of the FHA to a
Common Cause Analysis (CCA) and a Zonal Safety Analysis (ZSA). The three
combined, I have found, give you some good coverage and consideration all
round, of singular and multiple failures. You can find details of CCA and
ZSA in SAE ARP 4761

Cheers

Mark Masini
CPEng FIEAust

On 19 January 2016 at 13:21, <
systemsafety-request at lists.techfak.uni-bielefeld.de> wrote:

> Send systemsafety mailing list submissions to
>         systemsafety at lists.techfak.uni-bielefeld.de
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> or, via email, send a message with subject or body 'help' to
>         systemsafety-request at lists.techfak.uni-bielefeld.de
>
> You can reach the person managing the list at
>         systemsafety-owner at lists.techfak.uni-bielefeld.de
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of systemsafety digest..."
>
>
> Today's Topics:
>
>    1. Functional hazard analysis, does it work? (Matthew Squair)
>    2. Re: Functional hazard analysis, does it work?
>       (paul_e.bennett at topmail.co.uk)
>    3. Re: Functional hazard analysis, does it work? (andy)
>    4. Re: Functional hazard analysis, does it work? (Matthew Squair)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Jan 2016 11:42:37 +1100
> From: Matthew Squair <mattsquair at gmail.com>
> To: "systemsafety at lists.techfak.uni-bielefeld.de"
>         <systemsafety at lists.techfak.uni-bielefeld.de>
> Subject: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID:
>         <CAC6_e4N9VHt8iAxQfNyo08yw+Kb2=
> ogPGakhbZKL9+cO31c7FA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> A question to the list.
>
> Does the process of functional hazard analysis 'work' in terms of
> identifying all functional hazards that we are, or should be, interested
> in?
>
> The way the FHA process is defined in the various standards seems IMO to be
> very reductionist in nature, fine for identifying the specific consequences
> of a single functional failure mode, but what about functional
> interactions, multiple functional failures, the interaction of modes with
> functions and so on.
>
> The background to this is that the project I'm working with is about to
> commit to a significant campaign of 'FHA'-ing. So we're engaged in a little
> bit of professional navel gazing about the efficacy of the technique before
> we commit to the campaign.
>
> --
> *Matthew Squair*
>
>
> BEng (Mech) MSysEng
> MIEAust CPEng
>
> Mob: +61 488770655
> Email: MattSquair at gmail.com
> Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160119/4eb46cce/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 19 Jan 2016 01:24:49 +0000
> From: paul_e.bennett at topmail.co.uk
> To: "Matthew Squair" <mattsquair at gmail.com>,
>         systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID: <20160119012450.08CE1C05CA at smtp.hushmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> On 19/01/2016 at 12:42 AM, "Matthew Squair" <mattsquair at gmail.com> wrote:
> >
> >A question to the list.
> >
> >Does the process of functional hazard analysis 'work' in terms of
> >identifying all functional hazards that we are, or should be,
> >interested
> >in?
> >
> >The way the FHA process is defined in the various standards seems
> >IMO to be
> >very reductionist in nature, fine for identifying the specific
> >consequences
> >of a single functional failure mode, but what about functional
> >interactions, multiple functional failures, the interaction of
> >modes with
> >functions and so on.
>
> Your impressions are correct in that just doing FHA would focus too much
> on just the hazards associated with the functionality. In a full HAZOP to
> identify the hazards that must be addressed, you also need to consider a
> range of risks associated with the operational environment, the personnel
> of all types who will interact with the system (and their tasks) and a
> number
> of potential natural hazards that may occur. My HAZOP kick-off check-list
> is
> 5 pages long which can prompt us to ask the right sort of questions. It was
> initially listed in Def-Std 00-55 or 00-56 but I have added a few more to
> it
> since adopting it as a starting point about 20 years ago.
>
> >The background to this is that the project I'm working with is
> >about to
> >commit to a significant campaign of 'FHA'-ing. So we're engaged in
> >a little
> >bit of professional navel gazing about the efficacy of the
> >technique before
> >we commit to the campaign.
>
> Just don't let them rely on the FHA alone. It is a useful sub section of a
> full
> HAZOP but you need to explore a much wider scope than the hazards posed
> by the functionality alone.
>
> >--
> >*Matthew Squair*
> >
> >
> >BEng (Mech) MSysEng
> >MIEAust CPEng
> >
> >Mob: +61 488770655
> >Email: MattSquair at gmail.com
> >Website: www.criticaluncertainties.com
> ><http://criticaluncertainties.com/>
>
> Regards
>
> Paul E. Bennett IEng MIET
> Systems Engineer
>
> --
> ********************************************************************
> Paul E. Bennett IEng MIET.....<email://Paul_E.Bennett@topmail.co.uk>
> Forth based HIDECS Consultancy.............<http://www.hidecs.co.uk>
> Mob: +44 (0)7811-639972
> Tel: +44 (0)1392-426688
> Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
> ********************************************************************
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 18 Jan 2016 20:25:43 -0500
> From: "andy" <loeblas at comcast.net>
> To: "'Matthew Squair'" <mattsquair at gmail.com>,
>         <systemsafety at lists.techfak.uni-bielefeld.de>
> Subject: Re: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID: <001c01d15258$5177f230$f467d690$@net>
> Content-Type: text/plain; charset="utf-8"
>
> Dr. Squire;
>
> I have had these same kinds of questions in the past.  I have studied the
> relationship between probabilistic and non-probabilistic risk assessment
> mostly as a result of a project I worked on for the U.S. Nuclear Regulatory
> Commission regarding digital systems reliability versus non-digital systems
> for safety critical power reactor control.  I have also studied the
> statistical work executed by the London folks on common cause failure and
> defense in depth.  I believe probabilistic risk assessment is a
> bureaucratic, reductionist, and none to complete analysis of risk
> assessment focused on a ?guns and guards? mentality dominant in the USA.  I
> have written, 3 or 4 years ago, white papers on my conclusions and readings
> and done some graphic representations of the NRC regulations on common
> cause failure.  I have studied Nancy Leveson?s systems approach and taken
> her week long course, also 3 or 4 years ago, and I have developed a
> favorable disposition towards her conclusions.  My whi
>  te papers were written to keep my own thinking organized and I can look
> for any of the products I developed for this purpose as well as share my
> bibliographies with you, although some of the documents from the city
> college folks in England were given to me as a professional courteousy and
> these references might be listed but not available for re-distribution
> according to my agreement.
>
>
>
> Let me know if any of this would be useful to you.  It will take me a week
> or two to relocate the digital versions of this stuff.
>
>
>
> andy
>
>
>
>
>
>
>
> From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:
> systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Matthew
> Squair
> Sent: Monday, January 18, 2016 7:43 PM
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: [SystemSafety] Functional hazard analysis, does it work?
>
>
>
> A question to the list.
>
>
>
> Does the process of functional hazard analysis 'work' in terms of
> identifying all functional hazards that we are, or should be, interested in?
>
>
>
> The way the FHA process is defined in the various standards seems IMO to
> be very reductionist in nature, fine for identifying the specific
> consequences of a single functional failure mode, but what about functional
> interactions, multiple functional failures, the interaction of modes with
> functions and so on.
>
>
>
> The background to this is that the project I'm working with is about to
> commit to a significant campaign of 'FHA'-ing. So we're engaged in a little
> bit of professional navel gazing about the efficacy of the technique before
> we commit to the campaign.
>
>
>
>
> --
>
> Matthew Squair
>
>
>
>
>
> BEng (Mech) MSysEng
>
> MIEAust CPEng
>
>
>
> Mob: +61 488770655 <tel:%2B61%20488770655>
>
> Email: MattSquair at gmail.com
>
> Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160118/4558c309/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Tue, 19 Jan 2016 13:20:49 +1100
> From: Matthew Squair <mattsquair at gmail.com>
> To: andy <loeblas at comcast.net>
> Cc: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID: <35E69A16-855B-4309-8012-5250D84F2321 at gmail.com>
> Content-Type: text/plain; charset="windows-1251"
>
> Thx Andy,
>
> Though I'm not a Dr, that's the wife. :))
>
> Matthew Squair
>
> MIEAust, CPEng
> Mob: +61 488770655
> Email; Mattsquair at gmail.com
> Web: http://criticaluncertainties.com
>
> > On 19 Jan 2016, at 12:25 PM, andy <loeblas at comcast.net> wrote:
> >
> > Dr. Squire;
> > I have had these same kinds of questions in the past.  I have studied
> the relationship between probabilistic and non-probabilistic risk
> assessment mostly as a result of a project I worked on for the U.S. Nuclear
> Regulatory Commission regarding digital systems reliability versus
> non-digital systems for safety critical power reactor control.  I have also
> studied the statistical work executed by the London folks on common cause
> failure and defense in depth.  I believe probabilistic risk assessment is a
> bureaucratic, reductionist, and none to complete analysis of risk
> assessment focused on a ?guns and guards? mentality dominant in the USA.  I
> have written, 3 or 4 years ago, white papers on my conclusions and readings
> and done some graphic representations of the NRC regulations on common
> cause failure.  I have studied Nancy Leveson?s systems approach and taken
> her week long course, also 3 or 4 years ago, and I have developed a
> favorable disposition towards her conclusions.  My w
>  hite papers were written to keep my own thinking organized and I can look
> for any of the products I developed for this purpose as well as share my
> bibliographies with you, although some of the documents from the city
> college folks in England were given to me as a professional courteousy and
> these references might be listed but not available for re-distribution
> according to my agreement.
> >
> > Let me know if any of this would be useful to you.  It will take me a
> week or two to relocate the digital versions of this stuff.
> >
> > andy
> >
> >
> >
> > From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:
> systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Matthew
> Squair
> > Sent: Monday, January 18, 2016 7:43 PM
> > To: systemsafety at lists.techfak.uni-bielefeld.de
> > Subject: [SystemSafety] Functional hazard analysis, does it work?
> >
> > A question to the list.
> >
> > Does the process of functional hazard analysis 'work' in terms of
> identifying all functional hazards that we are, or should be, interested in?
> >
> > The way the FHA process is defined in the various standards seems IMO to
> be very reductionist in nature, fine for identifying the specific
> consequences of a single functional failure mode, but what about functional
> interactions, multiple functional failures, the interaction of modes with
> functions and so on.
> >
> > The background to this is that the project I'm working with is about to
> commit to a significant campaign of 'FHA'-ing. So we're engaged in a little
> bit of professional navel gazing about the efficacy of the technique before
> we commit to the campaign.
> >
> > --
> > Matthew Squair
> >
> >
> > BEng (Mech) MSysEng
> > MIEAust CPEng
> >
> > Mob: +61 488770655
> > Email: MattSquair at gmail.com
> > Website: www.criticaluncertainties.com
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160119/af2db628/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> systemsafety mailing list
> systemsafety at lists.techfak.uni-bielefeld.de
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
>
> End of systemsafety Digest, Vol 42, Issue 11
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160119/0efef9ba/attachment-0001.html>

More information about the systemsafety mailing list