System Safety for the 21st Century E-Book

Contents

Cover

Half Title page

Title page

Copyright page

Foreword to System Safety for the 21st Century

Foreword to System Safety 2000

Preface

Acknowledgments for System Safety for The 21st Century

Acknowledgments for System Safety 2000

Part I: Introduction to System Safety

Chapter 1: The History of System Safety

The 1960s—MIL-STD-882, DOD, and NASA

The 1970s—The Management Oversight and Risk Tree

The 1980s—Facility System Safety

The 1990s—Risk-Based Process System Safety

The 2000s—Quest for Intrinsic Safety

Review Questions

References

Chapter 2: Fundamentals of System Safety

Basic Definitions

Fundamental Safety Concepts

System Safety Fundamentals

System Safety Tenets

Review Questions

References

Chapter 3: Current Approaches to System Safety

Department of Defense

NASA

Facility System Safety

The Chemical Industry

Department of Energy

Review Questions

References

Chapter 4: Problem Areas

Standardization

Risk Assessment Codes

Data

Communications

Life Cycle

Education and Training

Human Factors

Software

Review Questions

Reference

Chapter 5: The Future of System Safety

More First-Time Safe Systems

Cost-Effective Management Tools

The New Face of System Safety

Proactive or Reactive?

Review Questions

Reference

Part II: System Safety Program Planning and Management

Chapter 6: Establishing the Groundwork

Generic Model

Product Safety

Dual Programs

Planning and Development Methodology

Review Questions

Chapter 7: Tasks

Hazard Identification

Hazard Analysis and Control

System Safety Support Tasks

Review Questions

Chapter 8: System Safety Products

System Safety Program Plan

Preliminary Hazard List

Preliminary Hazard Analysis

Hazard Tracking Log

Subsystem Hazard Analysis

System Hazard Analysis

Operating Hazard Analysis

Change Analysis Report

Accident Analysis Report

Review Questions

Chapter 9: Program Implementation

Review Questions

Part III: Analytical Aids

Chapter 10: Analytical Trees

Purposes

Tree Construction

Fault Trees Versus Fault tree Analysis

Review Exercise

References

Chapter 11: Risk Assessment and Risk Acceptance

Risk Management Concepts

Risk Assessment Shortcomings

Total Risk Exposure Codes

Review Questions

References

Chapter 12: Human Factors

Human Reliability

Human Error Rates

Improving Human Reliability

Human Factors for Engineering Design

Review Questions

References

Part IV: System Safety Analysis Techniques

Chapter 13: Energy Trace and Barrier Analysis

Purpose of ETBA

Input Requirements

General Approach

Instructions

Review Questions

References

Chapter 14: Failure Mode and Effects Analysis

Purpose of FMEA

Input Requirements

General Approach

Instructions

Appendix: Sample FMEA

I. Summary

II. Project Description

III. Methodology

Review Questions

References

Chapter 15: Fault Tree Analysis

Purpose of FTA

Input Requirements

General Approach

Instructions

Appendix: Sample FTA

I. Summary

II. Project Description

III. Methodology

Review Questions

References

Chapter 16: Project Evaluation Tree

Purpose of PET

Input Requirements

General Approach

Instructions

Appendix: PET User’s Guide

Review Questions

References

Chapter 17: Change Analysis

Purpose

Input Requirements

General Approach

Instructions

Review Questions

References

Chapter 18: Management Oversight and Risk Tree

Purpose of MORT and Mini-MORT

Input Requirements

General Approach

Instructions

Review Questions

References

Chapter 19: Event and Causal Factors Charts

Purpose

Input Requirements

General Approach

Instructions

Review Questions

References

Chapter 20: Other Analytical Techniques

Software Hazard Analysis

Common Cause Failure Analysis

Sneak Circuit Analysis

Extreme Value Projection

Time-Loss Analysis

Additional Techniques

Review Questions

References

Part V: Process Safety

Chapter 21: Process Safety Management

Introduction

Background

Future

Summary

Review Questions

References

Appendix: List of Highly Hazardous Chemicals, Toxics and Reactives

Chapter 22: EPA’s Equivalent Process Safety Requirements—Risk Management Program (RMP)

Background

Overall Risk Management Program

Summary

Review Questions

References

Appendix: Seventy-six Substances Listed Under 40 CFR 68

Chapter 23: Process Safety Implementation

Introduction

PSM Implementation

RMP Implementation

Implementation Lessons

Summary

Review Questions

References

Chapter 24: Process Safety Reviews

Introduction

Mechanics of an Individual Audit

Lessons

Summary

Review Questions

References

Part VI: Professionalism and Professional Development

Chapter 25: Professionalism and Professional Development

Introduction

What is Professionalism?

Professional Development

Accreditation of Certifications

Why Become Certified?

Summary

Review Questions

References

Appendix I: The Scope and Functions of the Professional Safety Position

Appendix II: System Safety Society Fundamental Principles and Canons

Article IV Guidelines for Use with the Fundamental Canons of Ethics

Appendix III: Professional System Safety and Related Societies and Organizations

Glossary

References

Index

SYSTEM SAFETY FOR THE 21ST CENTURY

Copyright © 2004 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993 or fax 317-572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print, however, may not be available in electronic format.

Library of Congress Cataloging-in-Publication Data is available.

ISBN 0-471-44454-5

FOREWORD TO SYSTEM SAFETY FOR THE 21ST CENTURY

I just heard it again. A colleague of mine said that he has always taken the “systems view” with regard to system safety. I was once again surprised, shocked is probably a better word, that not everyone had that view. It reminded me that there remain varying views of the scope of system safety. The scope of the system safety discipline is broad, just like the industries that use the discipline. The system safety discipline has expanded well beyond the U.S. Department of Defense community and U.S. borders and, as such, its recognized discipline approach and broad scope are becoming better define.

The System Safety Society and most system safety professionals take a broad view of the scope of system safety, a “system view.” It considers the system safety discipline as analyzing all safety aspects for any size system (with a product being just a small system) throughout its entire life cycle. It uses a disciplined systems approach to manage safety risk by tapping into the known knowledge bases and using specific tools and techniques for analysis where knowledge bases do not exist or are insufficient for the technologies used in the system. Known knowledge bases include existing safety codes, safety standards, and lessons learned that have been developed in all technology areas. The system safety professional focuses more attention, however, where there are nonexistent or insufficient knowledge bases from which to draw upon. In this case, the system safety professional uses the specific tools and techniques available in the system safety profession to augment the lack of information in existing knowledge bases. The top-level analyses identify where new safety requirements are necessary and where existing safety codes and standards can be used. The system safety discipline bridges the gap when existing knowledge bases are lacking and manages safety risks by identifying hazards from the known knowledge bases and the tools and techniques of this profession.

Because the system safety professional focuses more attention where there are no or insufficient knowledge bases, some in industry perceive that the scope of the system safety discipline is just in those areas, where little or no knowledge bases exist. However, the scope of the system safety discipline is much broader and the system safety professional must have a complete understanding of how to use and apply the existing safety resources, in addition to when to use other system safety analyses to evaluate the entire system throughout its entire life cycle. Some colleagues refer to system safety as the “umbrella” safety, since you must draw upon all safety resources for the technologies involved in the design. The system safety discipline has an established methodology and unique tools for analysis. It establishes acceptable levels of risk as part of the process and does not necessarily seek zero risk or rely only on checklists or standards. It considers rare events and life-cycle operations and analyzes both normal and abnormal circumstances. The discipline manages for success using training, independent assessments, management commitment, and lessons learned and it plans for failure by establishing emergency response procedures, graceful degradation, surveillance, and maintenance.

This system safety discipline is unique because it addresses the safety of an entire system and its operations using existing knowledge bases and, where knowledge bases are insufficient, the tools of this profession. I am of the opinion that the methodology and tools of the system safety discipline should be applied to every system. I believe every company should develop and implement a system safety program that addresses the hazards in its organization, the products it purchases, and the systems that it designs and operates. Only the degree and depth of the system safety program will vary from system to system. As one colleague stated, I wouldn’t spend too much time on the analysis of a paper clip. Using the system safety discipline, I am convinced that a company will apply its resources more effectively and achieve success in its ability to effectively manage safety risks.

The second edition of this book not only updates the text with the current information on standards such as MIL-STD-882D, it also adds another important tool and approach for the system safety engineer: a discussion on process safety in the chemical industry. Dick Stephans provides in-depth information of how to apply the system safety process to this specialized discipline: the users, distributors, or manufacturers of hazardous chemicals and related materials such as flammables and explosives. Historical accidents have demonstrated the need for legislation and specific legislative requirements from the Occupational Safety and Health Administration (OSHA) and the Environmental Protection Agency (EPA) are presented along with examples to reinforce understanding. Dick Stephans highlights the value of the system safety philosophy, in this case, to the chemical process standards and the application of methodologies to satisfy those requirements.

It is common now to see the application of the system safety approach, tools, and techniques in more and more industries without using the words system safety. This is evident by the more than 100 techniques described in the System Safety Analysis Handbook. While I am thrilled that the philosophy continues to expand, it is important to understand the basis for which most of the techniques are derived to ensure that they are applied appropriately.

Past President, System Safety Society (1999–2001)

PAIGE V. RIPANI

FOREWORD TO SYSTEM SAFETY 2000

Professional credentials or experience in “systems safety” are not required to appreciate the potential value of the systems approach and system safety techniques to general safety and health practice. This book will help the reader move from system safety practice into far broader applications.

A joint conference of safety practitioners, led by the System Safety Society chapter in Washington, D.C., did much to expose the full capabilities of the systems approach to safety. The meeting produced a list of more than thirty techniques and approaches for use in system safety that were fully covered in the Journal of the System Safety Society. At least three interesting points emerged:

Bringing new ideas into the system is not easy, even if the ideas are good and people believe in them. They can be forced into practice, as the government has done on defense and certain other contracts. However, believers in the complete systems approach must also be able to convert their organizations to the idea. Few safety and health practitioners have the clout or skill to arrange this conversion.

A few system safety disciples and at least one government agency and one private group saw that no single approach leads to the level of safety performance needed for their complex operations. However, their ideas are not widely seen as having solid application in routine industrial safety and health practice. As a holistic approach emerged as a solution to long-range safety and health success, a few authors tried to place this complete approach into writing for the average practitioner. Their success was not spectacular, even when the material made good reading. The job of joining a holistic approach is harder because of the vested interests of various stakeholders and their approaches to safety and health problems. This book does not cast doubt on any of the viewpoints, but it does explore seldom-covered relationships that help us resolve their use for ourselves.

We find that the systems approach, old as it is, now figures prominently in most safety and health approaches and techniques. However, few system safety practitioners consider themselves as working in health fields such as stress management, wellness, industrial hygiene, or toxicology. Nevertheless, the fields are closely related to total practice. I have just reviewed the writings of two prominent industrial hygienists and a health physicist. Their success stems from viewing the whole system and any interacting systems—an interdisciplinary approach. Each of the three heads a major corporate safety and health department with “system safety” specialists. These three do not consider themselves system safety specialists but are wonders at applying a systems approach to their work.

One difficulty in applying certain systems approaches and techniques to problem solving is an inability of the practitioners to merge the various approaches and techniques, to relate them to each other, and to understand the relationship of diverse system safety techniques. Joe Stephenson shows in this text not only how the approaches vary, but also how they are similar and can interact with each other. This is a valuable service to the many disciplines and practitioners of the safety and health community.

Ranging from the traditional views of early systems safety adherents and developers, through the complete viewpoint of large-scale practitioners such as Idaho’s System Safety Development Center to the all-encompassing viewpoint of DeBono, Stephenson brings it all into perspective. He relates how those tasks are visualized and traditionally used by system safety practitioners. He demonstrates how some of the systems approaches interface with each other and what they mean to their mutual success. Finally, he has made clear how some systemic techniques interface and can combine to form a complete system to solve safety and health problems.

Joe Stephenson makes practical the application of system safety techniques to safety and health problems not previously amenable to system safety solutions. Seeing the forest instead of the trees is a unique contribution of this book. The interaction of many disciplines and specialties can be seen. This book is a common ground for assessing a systems approach to safety and health disciplines and practice.

TED FERRY

PREFACE

As we continue into the twenty-first century, many challenges face the safety, engineering, and management communities. Risks and the potential for catastrophic loss are dramatically increasing as technology advances at an ever-increasing rate. The public demands a high level of safety in products and services, yet, in the face of world competition, the safety effort must be timely and cost-effective.

System safety tools and techniques currently used primarily in the aerospace, weapons, and nuclear industries offer great potential for meeting these challenges. The systematic application of system safety fundamentals early in the life cycle to produce “first time safe” products and services can provide significant, cost-effective gains in the safety effort in transportation, manufacturing, construction, utilities, facilities, and many other areas.

Yet, there are obstacles hampering current system safety efforts and restricting the expansion of system safety.

System safety continues, in many cases, to be more of an art than a science. The quality of system safety products is determined by the skill and talent of the individual analyst, not by the systematic application of accepted tools and techniques.

There is also a shortage of system safety engineers and of safety professionals, engineers, and managers trained in system safety.

A key factor is the lack of commonality of system safety terms, tools, and techniques.

The purpose of this book is to aid in expanding and improving the system safety effort to meet the needs of the next century by providing a basis for planning, evaluating, upgrading, conducting, and managing system safety programs.

It is designed to be used as a textbook, a planning guide, and a reference. This book is specifically written for:

Safety professionals, including people in industrial and occupational safety, system safety, environmental safety, industrial hygiene, health, occupational medicine, fire protection, reliability, maintainability, and quality assurance

Engineers, especially design engineers and architects

Managers and planners

Students and faculty in safety, engineering, and management

Students and others generally unfamiliar with system safety should read it straight through, in order, and retain it as a reference.

Managers and planners may find skimming through Part 1 first helpful, but will benefit most from Part 2.

Experienced system safety professionals are encouraged to keep an open mind—some will initially view parts of the book as heresy!—and be patient. A large portion of the book will be old hat to many of you, but several new concepts, techniques, and approaches are presented. Current practitioners may benefit most from Part 3.

Part 4 and the appendices contain how-to and reference information that should be of value to all who are interested in the system safety effort.

Part 5 is a new part devoted to process safety and particularly the U.S. OSHA and EPA rules to provide for safety to workers, the public, and the environment for those sites using certain hazardous substances above a listed threshold quantity. Most important is that that the level of calculated risk provides sites with a roadmap for safety actions.

Part 6 provides a discussion of professionalism that is important reading for the student and practitioner as well. The focus is on the system safety professional, but much of the information pertains to other related environmental, health, and safety fields.

A concerted effort was made to present information in a useful, clear, systematic, and understandable manner, with an emphasis on practical applications.

In summary, managers, engineers, and safety professions—regardless of previous system safety knowledge—should benefit from this book, with students and others unfamiliar with system safety learning the most and those applying the knowledge benefiting the most.

ACKNOWLEDGMENTS FOR SYSTEM SAFETY FOR THE 21ST CENTURY

There are several people who either directly or indirectly helped or inspired the update to System Safety 2000. The following are just some of those people:

Joe Stephensen—THE author and teacher of system safety. We will miss him and his contribution to system safety.

Paige Ripani, past national president of the System Safety Society, acknowledged not just for her foreword to the 2nd edition, but also for more than 15 years of dedication to the field of system safety.

Pat Clemens is the unsung hero of system safety and risk analysis. Inspiration to many current (and future) system safety practitioners; former president of the Board of Certified Safety Professionals (BCSP).

Roger Brauer, the potentate of safety professionalism. We are indeed fortunate to have him in our midst. He has personally led a crusade to enhance the safety profession and the standard for safety professionals.

Paul Kryska—Leader and Manager of System Safety; National President of the Society at the time of publishing. Paul has vehemently practiced system safety in the Washington, D.C., area, in Albuquerque, NM, and now in Silicon Valley.

Warner Talso is the conscience of the System Safety Society and has been for more than ten years. He is the editorial power behind the publication of the first two editions of the System Safety Analysis Handbook. He is a best friend, a confident, and former Army nuclear weapons officer. I’ll miss our Saturday breakfast burritos since my wife and I have moved to Nevada.

Perry D’Antonio of Sandia National Laboratories—the person who turned the Society around in 1995 and 1996.

Curt Lewis—International Society of Air Safety Investigators’ Fellow and fellow director, BCSP. His daily Air Safety Bulletin is provided to thousands.

Fred Manuele, who provided the advice to “keep it a primer,” whose guidance during the development of the current edition of the book provided a theme upon which this edition was structured.

Major Bob Baker, “Mr. Air Force System Safety,” at the U.S. Air Force Safety Center at Kirtland AFB in New Mexico.

Michael Wilson and Pat McClure of the Los Alamos National Laboratory’s D-5, Nuclear Design and Risk Analysis Group, who are “leading the world in risk analysis” and also providing key support in and beyond the United States for security and nuclear power safety.

To my employer, ARES Corporation, a relatively small, highly specialized, and highly respected company where everyone learns and provides excellence to its clients. They have been a repeat sponsor of the International System Safety Conferences and a technical power in government and industry risk assessment.

Finally, to my wife and most fervent supporter, Jo, who allowed me to add this “volunteer” project to my plate in the midst of family, work, Board of Certified Safety Professionals activities, and System Safety Society obligations.

ACKNOWLEDGMENTS FOR SYSTEM SAFETY 2000

I would like to thank three groups, all of whom contributed to System Safety 2000, albeit in different ways.

First, I would like to thank those who made direct contributions to the effort:

Next, I would like to thank the individuals and organizations for and with whom I have worked during the last decade who have shared knowledge and afforded me the opportunity to learn, teach, and apply a variety of system safety tools on a variety of projects.

They are, in chronological order:

Finally, I would like to thank my family for the tolerance, support, and understanding provided during the weekends, holidays, and early morning hours when I was hibernating in my office agonizing over a missed deadline. Special thanks to my wife, Phyllis, for her typing, copying, and mailing services and for extraordinary patience. And a sincere apology to my family for all the things we did not do in 1989 and 1990.

PART I

INTRODUCTION TO SYSTEM SAFETY

CHAPTER 1

The History of System Safety

Prior to the 1940s, safety was generally achieved by attempting to control obvious hazards in the initial design and then correcting other problems as they appeared after a product was in use or at least in a testing phase. In other words, designers relied, at least in part, on a trial-and-error methodology. In the aviation field, this process became known as the fly-fix-fly approach. An aircraft would be designed using the best knowledge available, flown until problems were detected (or it crashed), and then the problems would be corrected and the aircraft would be flown again. This method obviously worked best with low, slow aircraft.

That this approach was not acceptable for certain programs—such as nuclear weapons and space travel—soon became apparent, at least to some. The consequences of accidents were too great. Trial-and-error and fly-fix-fly approaches were not adequate for systems that had to be first-time safe.

Thus, system safety was born, or, more accurately, evolved. The history of system safety consists of

Traditional trial-and-error or fly-fix-fly approach not adequate for aerospace and nuclear programs

1960s—MIL-STD-882 (DOD, NASA)

1970s—MORT (Department of Energy)

1980s—Other agencies

The roots of the system safety effort extend back at least to the 1940s and 1950s. Accurately tracing the early transition from the traditional trial-and-error approach to safety to the first-time safe effort that lies at the heart of system safety is really impossible, but such a transition occurred as both aircraft and weapon systems became more complex and the consequences of accidents became less acceptable.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!