Preface to the Fourth Edition xiii
Acknowledgments xvi
Part I The System Safety Program 1
1 System Safety: An Overview 3
Background 3
The Difference Between Industrial Safety and System Safety (Leveson 2005) 7
System Safety and the Assessment of Risk 9
2 System Safety Concepts 15
Fundamentals 15
The System Safety Process 16
System Safety Criteria 18
Hazard Severity 18
Hazard Probability 19
The Hazard Risk Matrix 20
System Safety Precedence 22
Cost and Risk Acceptance 25
Quantitative Risk Assessment 28
Principles of Risk Management 29
Management Commitment 30
3 System Safety Program Requirements 32
The Safety Charter 32
Selling Safety to Management 33
The System Safety Effort 34
Life Cycle Phases and the System Safety Process 40
4 The Industrial Safety Connection 44
The Occupational Safety and Health Act 44
The Human Factors Element 46
Accident Prevention Through System Design 47
The Process of Task Analysis 52
The Job Safety Analysis and System Safety 53
Guidelines for Preparing a Job Safety Analysis 56
Signatures and Approvals 61
Attachments to the JSA Form 62
Changes in Hazard/Scope 62
System Safety: An Integral Part of the Overall Organization 62
5 Probability Theory and Statistical Analysis 66
Introduction 66
Probability 67
Statistics 70
Summary 73
Part II System Safety Analysis: Techniques and Methods 75
6 Preliminary Hazard Analysis 77
Introduction 77
The PHA Development Process 78
The Preliminary Hazard Analysis Report 84
PHA Example 84
System Description 85
System Operation 86
Preliminary Assessment 87
Evaluation of System Risk 87
Summary 96
7 Subsystem and System Hazard Analyses 97
Introduction 97
The SSHA Report 98
SSHA Example 99
System Description 100
Evaluation of Subsystem Hazard Risk 101
Summary 104
8 Operating and Support Hazard Analysis 105
Introduction 105
Ergonomics 105
When to Perform the O&SHA 108
O&SHA Example 110
Scope and Purpose of the Example O&SHA 110
Risk Assessment 110
Risk Assessment 1: 1B 112
Risk Assessment 2: 1A 113
Risk Assessment 3: 2B 114
Summary 116
9 Energy Trace and Barrier Analysis 117
Introduction 117
The Energy-Barrier Concept 117
Uses of the ETBA 118
Performing the ETBA 118
The ETBA Worksheet 119
ETBA Example 120
System Description 120
The ETBA 120
Summary 124
10 Failure Mode and Effect Analysis 126
Introduction 126
Types of FMEAs 126
Performing an FMEA 127
The FMEA Report 129
FMEA Example 131
System Component/Subassembly Description 131
Subsystem: Hoist Assembly 131
Component: Electric Hoist Motors and Controls 132
Component: Magnetorque Electric Load Brake 133
Component: Motor Brake Assembly 133
Component: Hoist Gear Reduction Assembly and Wire Rope Drum 133
Subsystem: Motor-Driven Power Wheel 134
Subsystem: Trolley Drive Assembly 134
Subsystem: Bridge Drive Assembly 134
Subsystem: Control Station 134
Subsystem: 1.5 Ton Crane Micro-Drive System 135
Passive Components 135
System Operation 136
Failure Mode(s) and Effect(s) 136
Evaluation of Potential Subsystem or Component Failures 138
Summary 141
11 Fault or Functional Hazard Analysis 142
Introduction 142
The FHA Process 143
FHA Example 144
System Description 144
The FHA Process 147
The FHA 147
Summary 148
12 Fault Tree Analysis 150
Introduction 150
Qualitative and Quantitative Reasoning 151
Constructing a Fault Tree 151
Fault Tree Symbols 153
FTA Examples 155
Probability Values and the Fault Tree 159
Summary 162
13 Management Oversight and Risk Tree 164
Introduction 164
The MORT Analytical Chart 165
MORT Use 166
The MORT Event Tree 167
Symbols 168
MORT Analysis Example 168
MORT Color Coding 170
Procedure for MORT Analysis 171
Summary 173
14 HAZOP and What-If Analyses 174
Introduction 174
Background 175
Definitions 175
Objectives 176
Team Members 176
Reference Data Requirements 177
The Concept of "Nodes" 177
Conducting the What-If Analysis 178
What-If Analysis Steps 179
The What-If Analysis Worksheet 180
Conducting the HAZOP Study 183
The HAZOP Worksheet 183
The Analysis Report 185
Summary 185
15 Special Use Analysis Techniques 188
Introduction 188
Sneak Circuit Analysis 189
Types and Causes of Sneaks 189
SCA Input Requirements 190
Advantages and Disadvantages of the SCA 192
Software Hazard Analysis 193
Types of SWHA Techniques 193
The Software Preliminary Hazard Analysis 193
Software Fault Hazard Analysis 194
Software Fault Tree ("Soft Trees") 194
Emulation Analysis 195
Software System Hazard Analysis 195
Summary 195
16 Prevention Through Design and the Prevention of Incidents 197
Introduction 197
Incident Prevention Through Design and Planning 198
Historical Case Study - The Design of WW-II Bombers 198
Design Failures or Oversights Can Also Impact the Production Phase 200
Risk Mitigation 200
The Owner 201
The Design Team 203
The Construction Team 204
Safety Planning 205
The Safety Management Paradox 205
The Problem 206
The Solution 207
Summary 207
Epilogue 209
Acronyms and Abbreviations 211
Glossary of Terms 215
Bibliography 241
Index 243
