[PPT] - zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Independent PowerPoint Presentation

SLIDE 1

16 May 2016

Independent Safety Assessment and System Safety Update zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Andy Tankard, Principal M anager Safety Quality Environment & Risk

SLIDE 2

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

AEO Assessments

Tara Naseri, Senior System Safety Specialist

Image courtesy of Transport for NSW

Safety Technical Forum | 2

SLIDE 3

Safety Technical Forum | 3

Feedback

n generic findings

from current AEO assessment and audit activities

Underestimation of the importance of System

Safety Assurance throughout the assets lifecycle

Misinterpretation of System

Safety Assurance as Work Health and Safety (WHS)

The applicability
f

the requirements based on the scope

f the provided engineering services
Lack of familiarisation with the system

safety standards for new

r altered asset
Lack
f

awareness

f

ISA involvement and its relevancy

Provision of

inconsistent deployed project evidence

SLIDE 4

Safety Technical Forum | 4

Feedback

n generic findings

from current AEO assessment and audit activities

50 audits carried out
Productive action management
Process improvement

across all industries

Openness
f the whole industry

to change and adaptability

SLIDE 5

Independent Safety Assessment zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Richard Adams, Manager Safety & R isk Assurance

Safety Technical Forum | 5

SLIDE 6

Safety Technical Forum | 6

Asset Safety Assurance

Now an established technique in asset safety assurance A number of large projects are now actively under assessment or in the process

f

engaging ISAs Technical note issued in June 2015 so TfNSW can engage an ISA Currently no ISAs appointed in planning phase of projects – an area for future improvement Anecdotal evidence that ISA is driving improved rigor in the safety assurance of assets

SLIDE 7

Safety Technical Forum | 7

ISA AEOs

Currently three ISA AEOS Three currently under assessment Existing requirements duplicate a number of standard AEO requirements Too many ISA AEO requirements Revised set of requirements later this year with significant consolidation

SLIDE 8

Safety Technical Forum | 8

Risk Tolerability

TfNSW published internally risk tolerability criteria for all transport modes in 2015 Currently these are not applied in projects – need for guidance on how they should be applied is under development Quantified Risk Analysis (QRA) is now used extensively to support safety assurance and decision making. Has many benefits but also many drawbacks. Guide to Risk Tolerability and QRA will be published later in the year

SLIDE 9

Safety Technical Forum | 9

System Safety for New or Altered Assets

TS20001 will be updated in coming months to be non-mode specific Aligning with ASA moving to incorporate all transport modes Hazard Management remains an area of

concern. Guide to Hazard

Management is planned but likely later than TS20001 and Risk Tolerability

SLIDE 10

Guest speaker zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Charles-Andre Bellini, Systems Assurance, Atkins Australia

Safety Technical Forum | 10

SLIDE 11

Safety Technical Forum | 11

SLIDE 12

Hazard Management zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Richard Adams, Manager Safety and Risk Assurance

Safety Technical Forum | 12

May 2016

SLIDE 13

Safety Technical Forum | 13

Contents

Hazard Management

Role of Hazard Management in System Safety
Current issues in Hazard Management
Hazard vs Risk, Hazard Logs vs Risk Registers
Integration of Safety into Design
Hazard levels
Hazard Logs and Hazard Management across the lifecycle
Hazard Management and the assurance structure in complex

projects

Features of good hazard management
Hazard Management Activity

SLIDE 14

Safety Technical Forum | 14

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Hazard Management in System Safety

TS20001 – System Safety for New or Altered Assets ‘System Safety The concurrent application of a systems based approach to safety engineering and of a risk management strategy covering the identification and analysis of hazards and the elimination, control or management of those hazards through out the life cycle of a system or asset’ NASA ‘A disciplined, systematic approach to the analysis of risks resulting from hazards that can effect humans, the environment and mission assets’

SLIDE 15

Safety Technical Forum | 15

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Hazard Management in System Safety

Hazard Management or Safety Risk Management is at the core of System Safety Safe Work Australia ‘Safe design means the integration of control measures early in the design process to eliminate or, if this is not reasonably practicable, minimise risk to health and safety throughout the lifecycle of the plant being designed’

SLIDE 16

Safety Technical Forum | 16

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Hazard Management in System Safety

Legislative duties to ensure safety SFAIRP necessitate safety risk management Key element of a safety argument is compliance with safety requirements – this can only be achieved through sound hazard management International good practice through international standards require hazard analysis as part of Safety Assurance e.g. EN50126, European Common Safety Method, DEF-STAN 00-56 ONRSR Guidance on SFAIRP – key is the reasonable level of knowledge

f a duty holder around all risks that it is exposed to or exposes others to

SLIDE 17

Safety Technical Forum | 17

Definitions

Hazard

A

physical situation or state of a system,

ften following from some

initiating event, that may lead to an accident (DEF-STAN 00-56)

A

condition that could lead to an accident (EN50126-2) Safety

Freedom

from unacceptable risk

f

harm (EN50126) Risk

The rate of occurrence of accidents

and incidents resulting in harm (caused by a hazard) and the degree of severity

f that

harm (EN50126-2) Accident

An unintended event, or sequence of events, that

cause harm (DEF-STAN 00-56)

SLIDE 18

Safety Technical Forum | 18

Current Issues in Hazard Management

Combining and confusing system hazards with project risks, construction risks and work health safety risks

Hazard Management

in a System Assurance context is about safety risks that may arise in the operations and maintenance phase

Project risks are

transitional – they have minimal impact on the safety and integrity

f the transport network
nce in the
perational phas

e

Construction and work

health safety risks are very important but are also transitional

SLIDE 19

Safety Technical Forum | 19

Current Issues in Hazard Management

Too many hazards at too lower level

Hazards logs with many

hundreds

f

entries – there should be tens even for complex systems

Controls

at such a detailed level they do not represent safety requirements

Hazards need to sit

between causes and accidents / consequences

SLIDE 20

Safety Technical Forum | 20

Current Issues in Hazard Management

Absence of traceability

Hazard log is

the centre

f traceability

for all hazard management issues, safety requirements and V&V evidence

Key

assurance artifact that provides ability to trace to all assurance evidence

Hazard log provides traceability
f

how safety issues have been dealt with during a project – must link to the design and its records

SLIDE 21

Safety Technical Forum | 21

Current Issues in Hazard Management

Lack

f

maintained journal / records

f

change

Hazard log is

a living document through the whole lifecycle. Changes through the lifecycle reflect the safety decisions made and are thus key assurance evidence

Hazard log needs to document how

each hazard has been analysed through the design process. It is also an artifact of the requirements definition process

Provides

audit trail of hazards considered and the rationale for each hazard’s closure. Records the the decisions at reaching a demonstrable SFAIRP position

SLIDE 22

Safety Technical Forum | 22

Hazard Management and Risk Management

ISO31000 is the established international standard for Risk Management Hazard Management is essentially safety risk management. There are subtle differences

ISO31000 generally

aimed at Enterprise Risk Management – managing risks and opportunities in an organisational environment

Hazard management

is a form

f risk management

intrinsic to Safety Engineering

Concepts

are similar but the recording and managing of hazards and controls take a different form – system safety and hazard management are engineering activities

SLIDE 23

Safety Technical Forum | 23

Hazard Logs versus Risk Registers

A Hazard Log is a form of Risk Register but a Risk Register is not necessarily a Hazard Log Risk Register Hazard Log

Includes all risks under consideration Includes all identified hazards (safety) of a system Documents all treatment and controls for risks Details all controls for hazards and links them to system safety requirements – applies hierarchy

f controls

Is a business management tool Is a Safety Engineering tool Assesses risk against criteria Assesses safety risk against safety criteria Provides SFAIRP justification Provides basis for auditing and management of controls and treatments Provides traceability to all verification and validation evidence Includes a journal Records the rationale for safety related design decisions

SLIDE 24

Safety Technical Forum | 24

Integration

f Safety

into Design

SLIDE 25

Safety Technical Forum | 25

Integration

f Safety

into Design

Hazard Analysis must inform and lead the design to the safest outcome reasonably practicable

Hazard controls become safety

requirements

Hazard analysis

evolves to represent design

Safety

engineers and designers collaborate around feasibility

f

risk elimination and control

Hazard Log records

all changes and design decisions

SLIDE 26

Safety Technical Forum | 26

Hazard Levels

SLIDE 27

Safety Technical Forum | 27

Hazard Levels – Bow Tie Representation

SLIDE 28

Safety Technical Forum | 28

Hazard Management in Complex Changes

SLIDE 29

Safety Technical Forum | 29

Hazard Management in Complex Changes

SLIDE 30

Safety Technical Forum | 30

Features of good Hazard Management

All reasonably foreseeable hazards identified through a comprehensive

program of diverse hazard identification activities

Reflects the intended operational context and use
Includes all modes of intended operation and degraded modes
Mapping of causes through hazards to accidents and outcomes is

complete and understood

Fully integrates with the design and engineering process
Drives a ‘safety led’ design and system
Maintains full traceability to sources of hazards and to safety

assurance evidence

Focusses on the higher levels of risk
Supports the SFAIRP demonstration
Provides a Hazard Log that can sit beside the asset / system for its

entire operational life – reflects why the system is as it is

SLIDE 31

Safety Technical Forum | 31

Features of good Hazard Management

SLIDE 32

Safety Technical Forum | 32

Features

f a good

Hazard Log

Clearly

identifies all identified hazards at the same and appropriate level, i.e. system boundary

Provides clear traceability

cause – hazard –

utcome –

V&V evidence – design – as built system – safety assurance evidence

Identifies causes,

consequences and controls for all hazards

Considers

all operational modes and degraded mode

Applies

Hierarchy

f

Controls

Maintains

a journal

f changes
Provides

a SFAIRP demonstration

Represents

why the asset / system is at it is (not just a representation

f

the hazards associated with the final design solution)

Is

a living artefact spanning the entire asset lifecycle

Identifies safety requirements

– provides links to validation evidence as it becomes available

Has appropriate statuses to manage hazards

through the lifecyle

SLIDE 33

Safety Technical Forum | 33

Features of a good Hazard Log – Traceability

SLIDE 34

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA

Group activity

Exercise Two

Safety Technical Forum | 34

SLIDE 35

Safety Technical Forum | 35