Description
Book SynopsisA one-stop reference guide to design for safety principles and applications Design for Safety (DfSa) provides design engineers and engineering managers with a range of tools and techniques for incorporating safety into the design process for complex systems. It explains how to design for maximum safe conditions and minimum risk of accidents. The book covers safety design practices, which will result in improved safety, fewer accidents, and substantial savings in life cycle costs for producers and users. Readers who apply DfSa principles can expect to have a dramatic improvement in the ability to compete in global markets. They will also find a wealth of design practices not covered in typical engineering booksallowing them to think outside the box when developing safety requirements. Design Safety is already a high demand field due to its importance to system design and will be even more vital for engineers in multiple design disciplines as more systems become increasingly complex a
Table of ContentsSeries Editor’s Foreword xvii
Preface xix
Acknowledgments xxiii
Introduction: What You Will Learn xxv
1 Design for Safety Paradigms 1
Dev Raheja, Louis J. Gullo, and Jack Dixon
1.1 Why Design for System Safety? 1
1.1.1 What Is a System? 1
1.1.2 What Is System Safety? 2
1.1.3 Organizational Perspective 2
1.2 Reflections on the Current State of the Art 2
1.3 Paradigms for Design for Safety 3
1.3.1 Always Aim for Zero Accidents 4
1.3.2 Be Courageous and “Just Say No” 5
1.3.3 Spend Significant Effort on Systems Requirements Analysis 7
1.3.4 Prevent Accidents from Single as well as Multiple Causes 8
1.3.5 If the Solution Costs Too Much Money, Develop a Cheaper Solution 9
1.3.6 Design for Prognostics and Health Monitoring (PHM) to Minimize the Number of Surprise Disastrous Events or Preventable Mishaps 10
1.3.7 Always Analyze Structure and Architecture for Safety of Complex Systems 11
1.3.8 Develop a Comprehensive Safety Training Program to Include Handling of Systems by Operators and Maintainers 12
1.3.9 Taking No Action Is Usually Not an Acceptable Option 12
1.3.10 If You Stop Using Wrong Practices, You Are Likely to Discover the Right Practices 13
1.4 Create Your Own Paradigms 13
1.5 Summary 14
References 14
2 The History of System Safety 17
Jack Dixon
2.1 Introduction 17
2.2 Origins of System Safety 18
2.2.1 History of System Safety 19
2.2.2 Evolution of System Safety and Its Definitions 21
2.2.3 The Growth of System Safety 23
2.3 Tools of the Trade 30
2.4 Benefits of System Safety 31
2.5 System Safety Management 34
2.6 Integrating System Safety into the Business Process 34
2.6.1 Contracting for System Safety 34
References 36
Suggestions for Additional Reading 38
3 System Safety Program Planning and Management 39
Louis J. Gullo and Jack Dixon
3.1 Management of the System Safety Program 39
3.1.1 System Safety Management Considerations 40
3.1.2 Management Methods and Concepts 41
3.2 Engineering Viewpoint 44
3.2.1 Software Tools 45
3.2.2 Design Concepts and Strategy 45
3.2.3 System Development Process (SDP) 46
3.2.4 Systems Engineering V‐Model 46
3.2.5 Requirements Generation and Analysis 48
3.2.6 System Analysis 49
3.2.7 System Testing 49
3.2.8 Risk Management 50
3.3 Safety Integrated in Systems Engineering 50
3.4 Key Interfaces 51
3.5 Planning, Execution, and Documentation 52
3.5.1 System Safety Program Plan 52
3.5.2 Safety Assessment Report 58
3.5.3 Plans Related to System Safety 60
3.6 System Safety Tasks 61
References 61
Suggestions for Additional Reading 62
4 Managing Risks and Product Liabilities 63
Louis J. Gullo and Jack Dixon
4.1 Introduction 63
4.2 Risk 68
4.3 Risk Management 69
4.4 What Happens When the Paradigms for Design for Safety Are Not Followed? 71
4.5 Tort Liability 72
4.6 An Introduction to Product Liability Law 73
4.7 Famous Legal Court Cases Involving Product Liability Law 75
4.8 Negligence 77
4.9 Warnings 79
4.10 The Rush to Market and the Risk of Unknown Hazards 80
4.11 Warranty 81
4.12 The Government Contractor Defense 83
4.13 Legal Conclusions Involving Defective and Unsafe Products 84
References 85
Suggestions for Additional Reading 86
5 Developing System Safety Requirements 87
Louis J. Gullo
5.1 Why Do We Need Safety Requirements? 87
5.2 Design for Safety Paradigm 3 Revisited 89
5.3 How Do We Drive System Safety Requirements? 93
5.4 What Is a System Requirement? 94
5.4.1 Performance Specifications 96
5.4.2 Safety Requirement Specification (SRS) 98
5.5 Hazard Control Requirements 98
5.6 Developing Good Requirements 100
5.6.1 Recognize Bad Requirements 101
5.6.2 Requirements at the Top of the Issues List 102
5.6.3 Examples Good Requirements for System Safety 103
5.6.4 Negative versus Positive Requirements 104
5.7 Example of Certification and Validation Requirements for a PSDI 105
5.8 Examples of Requirements from STANAG 4404 111
5.9 Summary 113
References 114
6 System Safety Design Checklists 115
Jack Dixon
6.1 Background 115
6.2 Types of Checklists 116
6.2.1 Procedural Checklists 116
6.2.2 Observational Checklists 118
6.2.3 Design Checklists 119
6.3 Use of Checklists 122
References 123
Suggestions for Additional Reading 124
Additional Sources of Checklists 124
7 System Safety Hazard Analysis 125
Jack Dixon
7.1 Introduction to Hazard Analyses 125
7.1.1 Definition of Terms 126
7.2 Risk 126
7.3 Design Risk 127
7.3.1 Current State of the Art of Design Risk Management 127
7.3.2 Expression of Risk 127
7.3.3 Risk Management 128
7.4 Design Risk Management Methods and Hazard Analyses 135
7.4.1 Role of Hazard Analysis 135
7.5 Hazard Analysis Tools 136
7.5.1 Preliminary Hazard List 136
7.5.2 Preliminary Hazard Analysis 138
7.5.3 Subsystem Hazard Analysis (SSHA) 140
7.5.4 System Hazard Analysis (SHA) 143
7.5.5 Operating & Support Hazard Analysis (O&SHA) 145
7.5.6 Health Hazard Analysis (HHA) 148
7.6 Hazard Tracking 150
7.7 Summary 152
References 152
Suggestions for Additional Reading 152
8 Failure Modes, Effects, and Criticality Analysis for System Safety 153
Louis J. Gullo
8.1 Introduction 153
8.1.1 What Is an FMEA? 154
8.1.2 What Is an FMECA? 154
8.1.3 What Is a Single Point Failure? 155
8.1.4 Definitions 156
8.2 The Design FMECA (D‐FMECA) 156
8.3 How Are Single Point Failures Eliminated or Avoided in the Design? 158
8.4 Software Design FMECA 165
8.5 What Is a PFMECA? 172
8.5.1 What Is the Difference Between a Process FMECA and a Design FMECA? 172
8.5.2 Why PFMECAs? 173
8.5.3 Performing PFMECA, Step by Step 174
8.5.4 Performing PFMECA, Improvement Actions 180
8.5.5 Performing PFMECA and Reporting Results 181
8.6 Conclusion 182
Acknowledgments 182
References 182
Suggestions for Additional Reading 183
9 Fault Tree Analysis for System Safety 185
Jack Dixon
9.1 Background 185
9.2 What Is a Fault Tree? 186
9.2.1 Gates and Events 187
9.2.2 Definitions 187
9.3 Methodology 189
9.4 Cut Sets 193
9.5 Quantitative Analysis of Fault Trees 198
9.6 Automated Fault Tree Analysis 199
9.7 Advantages and Disadvantages 200
9.8 Example 200
9.9 Conclusion 207
References 207
Suggestions for Additional Reading 208
10 Complementary Design Analysis Techniques 209
Jack Dixon
10.1 Background 209
10.2 Discussion of Less Used Techniques 210
10.2.1 Event Tree Analysis 210
10.2.2 Sneak Circuit Analysis 213
10.2.3 Functional Hazard Analysis 217
10.2.4 Barrier Analysis 220
10.2.5 Bent Pin Analysis 222
10.3 Other Analysis Techniques 224
10.3.1 Petri Nets 225
10.3.2 Markov Analysis 225
10.3.3 Management Oversight Risk Tree (MORT) 226
10.3.4 System‐Theoretic Process Analysis 228
References 230
Suggestions for Additional Reading 230
11 Process Safety Management and Analysis 231
Jack Dixon
11.1 Background 231
11.2 Elements of Process Safety Management 232
11.3 Process Hazard Analyses 236
11.3.1 What‐If Analysis 238
11.3.2 Checklist 239
11.3.3 What‐If/Checklist Analysis 239
11.3.4 Hazard and Operability Study 239
11.3.5 Failure Modes and Effects Analysis 241
11.3.6 Fault Tree Analysis 241
11.3.7 Equivalent Methodologies 242
11.4 Other Related Regulations 242
11.4.1 US Legislation 242
11.4.2 European Directives 244
11.5 Inherently Safer Design 244
11.6 Summary 247
References 247
Suggestions for Additional Reading 248
12 System Safety Testing 249
Louis J. Gullo
12.1 Purpose of System Safety Testing 249
12.1.1 Types of System Safety Tests 250
12.2 Test Strategy and Test Architecture 252
12.3 Develop System Safety Test Plans 256
12.4 Regulatory Compliance Testing 259
12.5 The Value of PHM for System Safety Testing 265
12.5.1 Return on Investment (ROI) from PHM 266
12.5.2 Insensitive Munitions 268
12.5.3 Introduction to PHM 269
12.6 Leveraging Reliability Test Approaches for Safety Testing 271
12.7 Safety Test Data Collection 273
12.8 Test Results and What to Do with the Results 276
12.8.1 What to Do with the Test Results? 276
12.8.2 What Happens If the Test Fails? 276
12.9 Design for Testability 277
12.10 Test Modeling 277
12.11 Summary 278
References 278
13 Integrating Safety with Other Functional Disciplines 281
Louis J. Gullo
13.1 Introduction 281
13.1.1 Key Interfaces for Systems Safety Engineering 282
13.1.2 Cross‐Functional Team 283
13.1.3 Constant Communication 285
13.1.4 Digital World 285
13.1.5 Friend or Foe 286
13.2 Raytheon’s Code of Conduct 288
13.3 Effective Use of the Paradigms for Design for Safety 290
13.4 How to Influence People 293
13.5 Practice Emotional Intelligence 295
13.6 Practice Positive Deviance to Influence People 299
13.7 Practice “Pay It Forward” 301
13.8 Interfaces with Customers 303
13.9 Interfaces with Suppliers 304
13.10 Five Hats for Multi‐Disciplined Engineers (A Path Forward) 304
13.11 Conclusions 306
References 306
14 Design for Reliability Integrated with System Safety 307
Louis J. Gullo
14.1 Introduction 307
14.2 What Is Reliability? 308
14.3 System Safety Design with Reliability Data 312
14.4 How Is Reliability Data Translated to Probability of Occurrence? 316
14.5 Verification of Design for Safety Including Reliability Results 322
14.6 Examples of Design for Safety with Reliability Data 323
14.7 Conclusions 327
Acknowledgment 328
References 328
15 Design for Human Factors Integrated with System Safety 329
Jack Dixon and Louis J. Gullo
15.1 Introduction 329
15.2 Human Factors Engineering 331
15.3 Human‐Centered Design 331
15.4 Role of Human Factors in Design 332
15.4.1 Hardware 332
15.4.2 Software 334
15.4.3 Human–Machine Interface 336
15.4.4 Manpower Requirements 336
15.4.5 Workload 337
15.4.6 Personnel Selection and Training 337
15.5 Human Factors Analysis Process 337
15.5.1 Purpose of Human Factors Analysis 337
15.5.2 Methods of Human Factors Analysis 338
15.6 Human Factors and Risk 338
15.6.1 Risk‐Based Approach to Human Systems Integration 338
15.6.2 Human Error 344
15.6.3 Types of Human Error 345
15.6.4 Mitigation of Human Error 346
15.6.5 Design for Error Tolerance 347
15.7 Checklists 347
15.8 Testing to Validate Human Factors in Design 350
Acknowledgment 350
References 350
Suggestions for Additional Reading 351
16 Software Safety and Security 353
Louis J. Gullo
16.1 Introduction 353
16.2 Definitions of Cybersecurity and Software Assurance 358
16.3 Software Safety and Cybersecurity Development Tasks 368
16.4 Software FMECA 373
16.5 Examples of Requirements for Software Safety 374
16.6 Example of Numerical Accuracy Where 2 + 2 = 5 377
16.7 Conclusions 378
Acknowledgments 378
References 378
17 Lessons Learned 381
Jack Dixon, Louis J. Gullo, and Dev Raheja
17.1 Introduction 381
17.2 Capturing Lessons Learned Is Important 382
17.3 Analyzing Failure 383
17.4 Learn from Success and from Failure 385
17.5 Near Misses 387
17.5.1 Examples of Near Misses That Ended in Disaster 388
17.6 Continuous Improvement 392
17.7 Lessons Learned Process 395
17.8 Lessons Learned Examples 396
17.8.1 Automobile Industry Lessons Learned from the Takata Airbag Recall 396
17.8.2 Automobile Industry Lessons Learned from the 2014 GM Recall 398
17.8.3 Medical Safety 406
17.8.4 Hoist Systems 411
17.8.5 Internet of Things 413
17.8.6 Explosion in Florida 415
17.8.7 ARCO Channelview Explosion 417
17.8.8 Terra Industries Ammonium Nitrate Explosion 418
17.9 Summary 418
References 419
Suggestions for Additional Reading 421
18 Special Topics on System Safety 423
Louis J. Gullo and Jack Dixon
18.1 Introduction 423
18.1.1 Why Are Many Commercial Air Transport Systems Safe? 424
18.1.2 How Many Aircraft In‐Flight Accidents and Fatalities Occur in Recent Times and over History? 425
18.2 Airworthiness and Flight Safety 431
18.3 Statistical Data Comparison Between Commercial Air Travel and Motor Vehicle Travel 432
18.3.1 How Many Motor Vehicle Accidents Occurred Recently and in the Past? 432
18.3.2 When Do Systems Improve Safety? 433
18.4 Safer Ground Transportation Through Autonomous Vehicles 435
18.5 The Future of Commercial Space Travel 438
18.6 Summary 441
References 442
Appendix A: Hazards Checklist 443
Reference 449
Appendix B: System Safety Design Verification Checklist 451
Reference 472
Index 473
