Re: [SystemSafety] systemsafety Digest, Vol 42, Issue 11

From: Dale Masini < >
Date: Tue, 19 Jan 2016 18:52:19 +1100


Hi Matt,

Agree, while the process is reasonable, it is not perfect. Indeed most techniques have their own unique flaws. I add the results of the FHA to a Common Cause Analysis (CCA) and a Zonal Safety Analysis (ZSA). The three combined, I have found, give you some good coverage and consideration all round, of singular and multiple failures. You can find details of CCA and ZSA in SAE ARP 4761

Cheers

Mark Masini
CPEng FIEAust

On 19 January 2016 at 13:21, <
systemsafety-request_at_xxxxxx

> Send systemsafety mailing list submissions to
> systemsafety_at_xxxxxx >
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> or, via email, send a message with subject or body 'help' to
> systemsafety-request_at_xxxxxx >
> You can reach the person managing the list at
> systemsafety-owner_at_xxxxxx >
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of systemsafety digest..."
>
>
> Today's Topics:
>
> 1. Functional hazard analysis, does it work? (Matthew Squair)
> 2. Re: Functional hazard analysis, does it work?
> (paul_e.bennett_at_xxxxxx > 3. Re: Functional hazard analysis, does it work? (andy)
> 4. Re: Functional hazard analysis, does it work? (Matthew Squair)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Jan 2016 11:42:37 +1100
> From: Matthew Squair <mattsquair_at_xxxxxx > To: "systemsafety_at_xxxxxx > <systemsafety_at_xxxxxx > Subject: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID:
> <CAC6_e4N9VHt8iAxQfNyo08yw+Kb2=
> ogPGakhbZKL9+cO31c7FA_at_xxxxxx > Content-Type: text/plain; charset="utf-8"
>
> A question to the list.
>
> Does the process of functional hazard analysis 'work' in terms of
> identifying all functional hazards that we are, or should be, interested
> in?
>
> The way the FHA process is defined in the various standards seems IMO to be
> very reductionist in nature, fine for identifying the specific consequences
> of a single functional failure mode, but what about functional
> interactions, multiple functional failures, the interaction of modes with
> functions and so on.
>
> The background to this is that the project I'm working with is about to
> commit to a significant campaign of 'FHA'-ing. So we're engaged in a little
> bit of professional navel gazing about the efficacy of the technique before
> we commit to the campaign.
>
> --
> *Matthew Squair*
>
>
> BEng (Mech) MSysEng
> MIEAust CPEng
>
> Mob: +61 488770655
> Email: MattSquair_at_xxxxxx > Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160119/4eb46cce/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 19 Jan 2016 01:24:49 +0000
> From: paul_e.bennett_at_xxxxxx > To: "Matthew Squair" <mattsquair_at_xxxxxx > systemsafety_at_xxxxxx > Subject: Re: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID: <20160119012450.08CE1C05CA_at_xxxxxx > Content-Type: text/plain; charset="UTF-8"
>
> On 19/01/2016 at 12:42 AM, "Matthew Squair" <mattsquair_at_xxxxxx > >
> >A question to the list.
> >
> >Does the process of functional hazard analysis 'work' in terms of
> >identifying all functional hazards that we are, or should be,
> >interested
> >in?
> >
> >The way the FHA process is defined in the various standards seems
> >IMO to be
> >very reductionist in nature, fine for identifying the specific
> >consequences
> >of a single functional failure mode, but what about functional
> >interactions, multiple functional failures, the interaction of
> >modes with
> >functions and so on.
>
> Your impressions are correct in that just doing FHA would focus too much
> on just the hazards associated with the functionality. In a full HAZOP to
> identify the hazards that must be addressed, you also need to consider a
> range of risks associated with the operational environment, the personnel
> of all types who will interact with the system (and their tasks) and a
> number
> of potential natural hazards that may occur. My HAZOP kick-off check-list
> is
> 5 pages long which can prompt us to ask the right sort of questions. It was
> initially listed in Def-Std 00-55 or 00-56 but I have added a few more to
> it
> since adopting it as a starting point about 20 years ago.
>
> >The background to this is that the project I'm working with is
> >about to
> >commit to a significant campaign of 'FHA'-ing. So we're engaged in
> >a little
> >bit of professional navel gazing about the efficacy of the
> >technique before
> >we commit to the campaign.
>
> Just don't let them rely on the FHA alone. It is a useful sub section of a
> full
> HAZOP but you need to explore a much wider scope than the hazards posed
> by the functionality alone.
>
> >--
> >*Matthew Squair*
> >
> >
> >BEng (Mech) MSysEng
> >MIEAust CPEng
> >
> >Mob: +61 488770655
> >Email: MattSquair_at_xxxxxx > >Website: www.criticaluncertainties.com
> ><http://criticaluncertainties.com/>
>
> Regards
>
> Paul E. Bennett IEng MIET
> Systems Engineer
>
> --
> ********************************************************************
> Paul E. Bennett IEng MIET.....<email://Paul_E.Bennett_at_xxxxxx > Forth based HIDECS Consultancy.............<http://www.hidecs.co.uk>
> Mob: +44 (0)7811-639972
> Tel: +44 (0)1392-426688
> Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
> ********************************************************************
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 18 Jan 2016 20:25:43 -0500
> From: "andy" <loeblas_at_xxxxxx > To: "'Matthew Squair'" <mattsquair_at_xxxxxx > <systemsafety_at_xxxxxx > Subject: Re: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID: <001c01d15258$5177f230$f467d690$_at_xxxxxx > Content-Type: text/plain; charset="utf-8"
>
> Dr. Squire;
>
> I have had these same kinds of questions in the past. I have studied the
> relationship between probabilistic and non-probabilistic risk assessment
> mostly as a result of a project I worked on for the U.S. Nuclear Regulatory
> Commission regarding digital systems reliability versus non-digital systems
> for safety critical power reactor control. I have also studied the
> statistical work executed by the London folks on common cause failure and
> defense in depth. I believe probabilistic risk assessment is a
> bureaucratic, reductionist, and none to complete analysis of risk
> assessment focused on a ?guns and guards? mentality dominant in the USA. I
> have written, 3 or 4 years ago, white papers on my conclusions and readings
> and done some graphic representations of the NRC regulations on common
> cause failure. I have studied Nancy Leveson?s systems approach and taken
> her week long course, also 3 or 4 years ago, and I have developed a
> favorable disposition towards her conclusions. My whi
> te papers were written to keep my own thinking organized and I can look
> for any of the products I developed for this purpose as well as share my
> bibliographies with you, although some of the documents from the city
> college folks in England were given to me as a professional courteousy and
> these references might be listed but not available for re-distribution
> according to my agreement.
>
>
>
> Let me know if any of this would be useful to you. It will take me a week
> or two to relocate the digital versions of this stuff.
>
>
>
> andy
>
>
>
>
>
>
>
> From: systemsafety-bounces_at_xxxxxx > systemsafety-bounces_at_xxxxxx > Squair
> Sent: Monday, January 18, 2016 7:43 PM
> To: systemsafety_at_xxxxxx > Subject: [SystemSafety] Functional hazard analysis, does it work?
>
>
>
> A question to the list.
>
>
>
> Does the process of functional hazard analysis 'work' in terms of
> identifying all functional hazards that we are, or should be, interested in?
>
>
>
> The way the FHA process is defined in the various standards seems IMO to
> be very reductionist in nature, fine for identifying the specific
> consequences of a single functional failure mode, but what about functional
> interactions, multiple functional failures, the interaction of modes with
> functions and so on.
>
>
>
> The background to this is that the project I'm working with is about to
> commit to a significant campaign of 'FHA'-ing. So we're engaged in a little
> bit of professional navel gazing about the efficacy of the technique before
> we commit to the campaign.
>
>
>
>
> --
>
> Matthew Squair
>
>
>
>
>
> BEng (Mech) MSysEng
>
> MIEAust CPEng
>
>
>
> Mob: +61 488770655 <tel:%2B61%20488770655>
>
> Email: MattSquair_at_xxxxxx >
> Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160118/4558c309/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Tue, 19 Jan 2016 13:20:49 +1100
> From: Matthew Squair <mattsquair_at_xxxxxx > To: andy <loeblas_at_xxxxxx > Cc: systemsafety_at_xxxxxx > Subject: Re: [SystemSafety] Functional hazard analysis, does it work?
> Message-ID: <35E69A16-855B-4309-8012-5250D84F2321_at_xxxxxx > Content-Type: text/plain; charset="windows-1251"
>
> Thx Andy,
>
> Though I'm not a Dr, that's the wife. :))
>
> Matthew Squair
>
> MIEAust, CPEng
> Mob: +61 488770655
> Email; Mattsquair_at_xxxxxx > Web: http://criticaluncertainties.com
>
> > On 19 Jan 2016, at 12:25 PM, andy <loeblas_at_xxxxxx > >
> > Dr. Squire;
> > I have had these same kinds of questions in the past. I have studied
> the relationship between probabilistic and non-probabilistic risk
> assessment mostly as a result of a project I worked on for the U.S. Nuclear
> Regulatory Commission regarding digital systems reliability versus
> non-digital systems for safety critical power reactor control. I have also
> studied the statistical work executed by the London folks on common cause
> failure and defense in depth. I believe probabilistic risk assessment is a
> bureaucratic, reductionist, and none to complete analysis of risk
> assessment focused on a ?guns and guards? mentality dominant in the USA. I
> have written, 3 or 4 years ago, white papers on my conclusions and readings
> and done some graphic representations of the NRC regulations on common
> cause failure. I have studied Nancy Leveson?s systems approach and taken
> her week long course, also 3 or 4 years ago, and I have developed a
> favorable disposition towards her conclusions. My w
> hite papers were written to keep my own thinking organized and I can look
> for any of the products I developed for this purpose as well as share my
> bibliographies with you, although some of the documents from the city
> college folks in England were given to me as a professional courteousy and
> these references might be listed but not available for re-distribution
> according to my agreement.
> >
> > Let me know if any of this would be useful to you. It will take me a
> week or two to relocate the digital versions of this stuff.
> >
> > andy
> >
> >
> >
> > From: systemsafety-bounces_at_xxxxxx > systemsafety-bounces_at_xxxxxx > Squair
> > Sent: Monday, January 18, 2016 7:43 PM
> > To: systemsafety_at_xxxxxx > > Subject: [SystemSafety] Functional hazard analysis, does it work?
> >
> > A question to the list.
> >
> > Does the process of functional hazard analysis 'work' in terms of
> identifying all functional hazards that we are, or should be, interested in?
> >
> > The way the FHA process is defined in the various standards seems IMO to
> be very reductionist in nature, fine for identifying the specific
> consequences of a single functional failure mode, but what about functional
> interactions, multiple functional failures, the interaction of modes with
> functions and so on.
> >
> > The background to this is that the project I'm working with is about to
> commit to a significant campaign of 'FHA'-ing. So we're engaged in a little
> bit of professional navel gazing about the efficacy of the technique before
> we commit to the campaign.
> >
> > --
> > Matthew Squair
> >
> >
> > BEng (Mech) MSysEng
> > MIEAust CPEng
> >
> > Mob: +61 488770655
> > Email: MattSquair_at_xxxxxx > > Website: www.criticaluncertainties.com
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160119/af2db628/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> systemsafety mailing list
> systemsafety_at_xxxxxx > https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
>
> End of systemsafety Digest, Vol 42, Issue 11
> ********************************************
>



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Jan 19 2016 - 08:52:32 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST