Re: [SystemSafety] Functional hazard analysis, does it work?

From: andy < >
Date: Mon, 18 Jan 2016 20:25:43 -0500

Dr. Squire;

I have had these same kinds of questions in the past. I have studied the relationship between probabilistic and non-probabilistic risk assessment mostly as a result of a project I worked on for the U.S. Nuclear Regulatory Commission regarding digital systems reliability versus non-digital systems for safety critical power reactor control. I have also studied the statistical work executed by the London folks on common cause failure and defense in depth. I believe probabilistic risk assessment is a bureaucratic, reductionist, and none to complete analysis of risk assessment focused on a “guns and guards” mentality dominant in the USA. I have written, 3 or 4 years ago, white papers on my conclusions and readings and done some graphic representations of the NRC regulations on common cause failure. I have studied Nancy Leveson’s systems approach and taken her week long course, also 3 or 4 years ago, and I have developed a favorable disposition towards her conclusions. My white papers were written to keep my own thinking organized and I can look for any of the products I developed for this purpose as well as share my bibliographies with you, although some of the documents from the city college folks in England were given to me as a professional courteousy and these references might be listed but not available for re-distribution according to my agreement.  

Let me know if any of this would be useful to you. It will take me a week or two to relocate the digital versions of this stuff.  


From: systemsafety-bounces_at_xxxxxx Sent: Monday, January 18, 2016 7:43 PM
To: systemsafety_at_xxxxxx Subject: [SystemSafety] Functional hazard analysis, does it work?  

A question to the list.  

Does the process of functional hazard analysis 'work' in terms of identifying all functional hazards that we are, or should be, interested in?  

The way the FHA process is defined in the various standards seems IMO to be very reductionist in nature, fine for identifying the specific consequences of a single functional failure mode, but what about functional interactions, multiple functional failures, the interaction of modes with functions and so on.  

The background to this is that the project I'm working with is about to commit to a significant campaign of 'FHA'-ing. So we're engaged in a little bit of professional navel gazing about the efficacy of the technique before we commit to the campaign.  


Matthew Squair



BEng (Mech) MSysEng



Mob: +61 488770655 <tel:%2B61%20488770655> 

Email: MattSquair_at_xxxxxx

Website: <> 


_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Tue Jan 19 2016 - 02:25:53 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST