update to mil-std-882e - system safety · 2013-04-14 · us government and industries desire to...
TRANSCRIPT
AN UPDATE ON THE REVISION TO MIL-STD-882E
( S Y S T E M S A F E T Y S O C I E T Y S H A R I N G S E S S I O N – 1 1 A P R 2 0 1 3 )
W O N G F A N G A I K / F A N Y U E S A N G
2
� “The SAF needs to carry out realistic training, and this will
be done without compromise to safety” June 2008
Ministerial Emphasis On Safety
� “The underlying approach is not to wait for accidents or
incidents to occur, but to reduce risks and minimise the
chances/probability of incidents happening” March 2007
� “Each loss of life in training or operations is one too many;
We want to achieve ZERO FATALITIES!” March 2007
3
� “The SAF has a robust training safety system in place…but more needs to be done”
Ministerial Statement on NS Training Deaths Nov 2012
� “The respective COIs have uncovered clear breaches of Training Safety Regulations (TSRs) that led to the deaths”
� The number of grenades used had clearly exceeded the limit specified in the TSRs� There was specific instances of individual negligence. The Combat School of
Intelligence had a weak safety culture
� Chief Safety Officer and the Platoon Comd have been relieved of their duties pending decision for a General Court Martial� Head of Wing (School), School Sergeant Major, Exercise Supervising Officer and Exercise Conducting Officer have been relieved of their duties pending decision for a General Court Martial
� “Any Comd who ignores safety regulation, whether wilfully or negligently, puts his soldiers at risk, is not fit for command.”
Scope
� Introduction
� Purpose of Revision
� MIL-STD 882E Contents
� Key Changes
� In Summary
MIL-STD -882E
An Odyssey: MIL-STD-882 Series
� MIL-STD-882 – July 1969
� MIL-STD-882A – June 1977
� MIL-STD-882B – March 1984
� MIL-STD-882B, Notice 1 – July 1987
� MIL-STD-882C – Jan 1993
� MIL-STD-882C, Notice 1 – Jan 1996
� MIL-STD-882D – Feb 2000
� MIL-STD-882E – May 2012
(GEIA-STD-0010 best practices issued in 2008)
Introduction
� US Government and Industries desire to reinstate Task Descriptions from 882C in 882E. Allow these Tasks to be available and be specified in contract documents
� Aligns the safety standard practice with current DoDpolicy
i. 8 Dec 2008 DOD incorporate requirement to use MIL-STD 882 process for Environment, Safety and Occupational Health (ESOH) risk management.
ii. 7 Jan 2011 DASD(SE) required 882E be a standard, generic method for the identification, classification, and mitigation of hazards that can be practically applied by not only system safety professionals, but also by other functional disciplines such as fire protection engineers, occupational health engineers, etc
Purpose of Revision
Main Contents in 882E
• Standard arranged into 3 Key Parts
• General Requirements: 8 Mandatory Requirements1. Document the System Safety Approach
2. Identify Hazards
3. Assess Risk
4. Identify Risk Mitigation Measures
5. Reduce Risk
6. Verify Risk Reduction
7. Accept Risk
8. Manage Life-Cycle Risk
• Tasks (100 – 400 series): Optional
• Appendix A: Guidance for The System Safety Effort
Appendix B: Software System Safety Engineering and Analysis
-100-Series tasks –Management
-200-Series tasks –Analysis
-300-Series tasks –Evaluation
-400-Series tasks –Verification
� Facilitates the use of 882E by multiple functional disciplines as an integral part of Systems Engg egEnvironmental engineers, Fire protection engineers, Occupational health professional etc.
� Standardized and mandatory definitions in all contracts (Section 3 to Mil-Std-882E). Changed from 14 to 49 definitions.
� General Requirements (Section 4 to Mil-Std-882E)
� Risk Assessment Matrix updated� For severity, dollar value on losses increased to reflect today’s
program costs� For probability, addition of a new Eliminated category� Revised Risk Assessment Matrix – Shall be used
Key Changes
Key Changes
� General Requirements (Section 4)
1. Document the System Safety Approach
2. Identify & document Hazards
3. Assess & document Risk
4. Identify & document Risk Mitigation Measures
5. Reduce Risk to an acceptable level
6. Verify, validate and document Risk Reduction
7. Review hazards and accept residue risk by the appropriate authority & document
8. Track hazards, their closures and residue risk Manage Life-Cycle Risk
Identify Risk Mitigation Measures
Key Changes
System Safety Design Order of Precedence increased from 4 to 5.
No Change
Eliminate Hazards Through Design Selection
No ChangeReduce Risk Through Design Alteration
If not able to select appropriate design, then consider designchange or alteration
Incorporate Safety Engineered Features or Devices
Features that actively interrupt the mishap sequence
• Emergency cooling system of a nuclear reactor
• Uninterruptible Power Supply (UPS)
Provide Warning Devices
No ChangeDevelop Procedures and Training
Incorporate Signage, Procedures, Training, and PPE
����
����
����
TABLE I. Severity Categories
SEVERITY CATEGORIES
Environment, Safety, and Occupational Health Mishap Result Criteria
Severity Level
Severity Category
Could result in one or more of the following: death, permanent totaldisability, irreversible significant environmental impact that violates lawor regulation, or loss exceeding $10M. ($1M)
Could result in one or more of the following: permanent partial disability,injuries or occupational illness that may result in hospitalization of at least threepersonnel, reversible significant environmental impact causing a violation oflaw or regulation, or loss exceeding $1M but less than $10M. ($200k/$1M)
Could result in one or more of the following: injury or occupational illnessresulting in 1 or more lost work days, reversible moderate environmentalimpact causing a violation of law or regulation, or loss exceeding $100K
but less than $1M. ($10k/$200k)
Could result in one or more of the following: injury or illness resulting in alost work day, minimal environmental impact violating law or regulation,or loss less than $100k $2K < x< $10K.
Catastrophic
Critical
Marginal
Negligible
1
2
3
4
TABLE II. Probability Levels
PROBABILITY LEVELS
Specific Individual ItemDescription Level Fleet or Inventory
Likely to occur often in the life of an item; with a probability of occurrence greater than 10-1 in that life.
Will occur several times in the life of an item; with a probability of occurrence less than 10-1 but greater than 10-2
in that life.
Likely to occur sometime in the life of an item; with a probability of occurrence less than 10-2 but greater than 10-3
in that life.
Unlikely, but possible to occur in the life of an item; with a probability of occurrence less than 10-3 but greater than 10-6
in that life.
So unlikely, it can be assumed occurrence may not be experienced in the life of an item; with a probability of occurrence of less than 10-6 in that life.
Incapable of occurrence in the life of an item. This category is used when potential hazards are identified and later eliminated.
Continuously experienced.
Will occur frequently.
Will occur several times.
Unlikely but can reasonably be expected to occur.
Unlikely to occur, but possible.
Incapable of occurrence within the life of an item. This category is used when potential hazards are identified and later eliminated.
A
B
C
D
E
F
Frequent
Probable
Occasional
Remote
Improbable
Eliminated
TABLE III. Risk Assessment Matrix
RISK ASSESSMENT MATRIX
Frequent(A)
Probable(B)
Occasional(C)
Remote(D)
Improbable(E)
Eliminated(F)
Catastrophic(1)
1
2
4
8
12
Eliminated
Critical(2)
3
5
6
10
15
Marginal(3)
7
9
11
14
17
Negligible(4)
13
16
18
19
20
Risk Assessment code (RAC) : eg 1A, 3E, etc
High
High
High
Serious
Medium
High
High
Serious
Medium
Medium
Serious
Serious
Medium
Medium
Medium
Medium
Medium
Low
Low
Low
� Re-introduced and revised optional task descriptions from 882C. Total 25 optional tasks. � 100 series tasks - Management� 200 series tasks - Analysis� 300 series tasks - Evaluation� 400 series tasks - Verification
� Included new Tasks � Task 103 - Hazard Management Plan � Task 106 - Hazard Tracking System� Task 108 - Hazardous Materials Management Plan� Task 208 - Functional Hazard Analysis� Task 209 - System-of-Systems Hazard Analysis� Task 210 - Environmental Hazard Analysis� etc
Key Changes
Key Changes
� Updated “Appendix A – Guidance for the System Safety Effort”� Task application matrix updated
� Example on probability levels table includes quantitative values.
� Added Appendix B – Software System Safety Engineering and Analysis� Additional detail on software system safety techniques and practices
� Based on DOD Joint Software System Safety Engineering handbook
� More reader-friendly: contents re-structured; clearer terminology.
� More up-to-date: incorporate current DOD policy and defines task descriptions to improve system safety practices.
� Use of 882E across all functional disciplines
� Improve consistency of system safety practices across programs.
In Summary
Task 100 Series - Management
Task 100 Series - Management
� Task 101 Hazard Identification and Mitigation Effort Using The System Safety Methodology
� Task 102 System Safety Program Plan
� Task 103 Hazard Management Plan
� Task 104 Support of Government Reviews/Audits
� Task 105 Integrated Product Team/Working Group Support
� Task 106 Hazard Tracking System
� Task 107 Hazard Management Progress Report
� Task 108 Hazardous Materials Management Plan
Task 200 Series - Analysis
Task 200 Series - Analysis
� Task 201 Preliminary Hazard List
� Task 202 Preliminary Hazard Analysis
� Task 203 System Requirements Hazard Analysis
� Task 204 Subsystem Hazard Analysis
� Task 205 System Hazard Analysis
� Task 206 Operating and Support Hazard Analysis
� Task 207 Health Hazard Analysis
� Task 208 Functional Hazard Analysis
� Task 209 System-of-Systems Hazard Analysis
� Task 210 Environmental Hazard Analysis
Task 300 Series – Evaluation
Task 300 Series – Evaluation
� Task 301 Safety Assessment Report
� Task 302 Hazard Management Assessment Report
� Task 303 Test and Evaluation Participation
� Task 304 Review of Engineering Change Proposals, Change Notices, Deficiency Reports, Mishaps, and Requests for Deviation/Waiver
Task 400 Series - Verification
Task 400 Series - Verification
� Task 401 Safety Verification
� Task 402 Explosives Hazard Classification Data
� Task 403 Explosive Ordnance Disposal Data