Resources - System Safety

Comparative Safety Assessment

The risk management concept emphasizes the identification of the change in risk with a change in alternative solutions. Safety Comparative Safety Assessment is made more complicated considering that a lesser safety risk may not be the optimum choice. Recognition of this is the keystone of safety risk management. These factors make system safety a decision making tool. It must be recognized, however, that selection of the greater safety risk alternative carries with it the responsibility of assuring inclusion of adequate warnings, personnel protective systems, and procedural controls.

Safety Comparative Safety Assessment is also a planning tool. It requires planning for the development of safety operating procedures and test programs to resolve uncertainty when safety risk cannot be completely controlled by design. It provides a control system to track and measure progress towards the resolution of uncertainty and to measure the reduction of safety risk. Assessment of risk is made by combining the severity of consequence with the likelihood of occurrence in a matrix.

Risk Acceptability Matrix

High Risk --Unacceptable. Tracking in the FAA Hazard Tracking System is required until the risk is reduced and accepted.
Medium -- Acceptable with review by the appropriate management authority. Tracking in the FAA Hazard Tracking System is required until the risk is accepted.
Low -- Low risk is acceptable without review. No further tracking of the hazard is required.

Risk Acceptance Criteria

An example based on MIL-STD-882C is shown below. The matrix may be referred to as a Hazard Risk Index (HRI), a Risk Rating Factor (RRF), or other terminology, but in all cases, it is the criteria used by management to determine acceptability of risk.

The Comparative Safety Assessment Matrix below illustrates an acceptance criteria methodology. Region R1 on the matrix is an area of high risk and may be considered unacceptable by the managing authority. Region R2 may be acceptable with management review of controls and/or mitigations, and R3 may be acceptable with management review. R4 is a low risk region that is usually acceptable without review.

Example of a Comparative Safety Assessment Matrix

Early in a development phase, performance objectives may tend to overshadow efforts to reduce safety risk. This is because sometimes safety represents a constraint on a design. For this reason, safety risk reduction is often ignored or overlooked. In other cases, safety risk may be appraised, but not fully enough to serve as a significant input to the decision making process. As a result, the sudden identification of a significant safety risk, or the occurrence of an actual incident, late in the program can provide an overpowering impact on schedule, cost, and sometimes performance. To avoid this situation, methods to reduce safety risk must be applied commensurate with the task being performed in each program phase.

In the early development phase (investment analysis and the early part of solution implementation), the system safety activities are usually directed toward:

  1. establishing risk acceptability parameters
  2. practical tradeoffs between engineering design and defined safety risk parameters
  3. avoidance of alternative approaches with high safety risk potential
  4. defining system test requirements to demonstrate safety characteristics, and
  5. safety planning for follow-on phases.

The culmination of this effort is the safety Comparative Safety Assessment that is a summary of the work done toward minimization of unresolved safety concerns and a calculated appraisal of the risk. Properly done, it allows intelligent management decisions concerning acceptability of the risk.

The general principles of safety risk management are:

  1. All system operations represent some degree of risk.
  2. Recognize that human interaction with elements of the system entails some element of risk.
  3. Keep hazards in proper perspective.
  4. Do not overreact to each identified risk, but make a conscious decision on how to deal with it.
  5. Weigh the risks and make judgments according to your own knowledge, inputs from subject matter experts, experience, and program need.
  6. It is more important to establish clear objectives and parameters for Comparative Safety Assessment related to a specific program than to use generic approaches and procedures.
  7. There may be no "single solution" to a safety problem. There are usually a variety of directions to pursue.
  8. Each of these directions may produce varying degrees of risk reduction. A combination of approaches may provide the best solution.
  9. Point out to designers the safety goals and how they can be achieved rather than tell him his approach will not work.
  10. There are no "safety problems" in system planning or design. There are only engineering or management problems that, if left unresolved, may lead to accidents.
  11. The determination of severity is made on a “worst credible case/condition” in accordance with MIL-STD-882C.
  12. Many hazards may be associated with a single risk. In predictive analysis, risks are hypothesized accidents, and are therefore potential in nature. Severity assessment is made regarding the potential of the hazards to do harm.

Source: FAA Office of System Safety

Certisafety Section Home Page

Copyright ©2000-2019 Geigle Safety Group, Inc. All rights reserved. Federal copyright prohibits unauthorized reproduction by any means without permission. Disclaimer: This material is for training purposes only to inform the reader of occupational safety and health best practices and general compliance requirement and is not a substitute for provisions of the OSH Act of 1970 or any governmental regulatory agency. CertiSafety is a division of Geigle Safety Group, Inc., and is not connected or affiliated with the U.S. Department of Labor (DOL), or the Occupational Safety and Health Administration (OSHA).