Systems Safety Responsibilities Primary responsibility Incorporate Systems Safety

Systems Safety Responsibilities �Primary responsibility – Incorporate Systems Safety in to Systems Engineering ◦ Hazard Identification and Mitigation Effort Using the System Safety Methodology MIL-STD-882 E Task 101 ◦ Plan ◦ Define Roles and Responsibilities ◦ Requirements ◦ Report on assessment and status ◦ Use a Hazard Tracking System 3/9/2021 1

Systems Safety Responsibilities �Task 101 (continued) ◦ Report �Hazards and associated risks �Functions, items, and materials �Recommend requirements �Recommend mitigation measures �Each plan will identify specific responsibilities 3/9/2021 2

Systems Safety Design Precepts �General design guidance intended to facilitate safety of the system and minimize hazards. �Safety design precepts are intended to influence, but not dictate, specific design solutions. 3/9/2021 3

System Safety Planning Safety Order of Precedence INTEGRATED PRODUCT TEAMS SYSTEM SAFETY SPECIALISTS * ELECTRICAL * MECHANICAL * EXPLOSIVES * RF & LASER * SOFTWARE * Many Others Include safety considerations when assessing design alternatives CAN THE SOURCE OF THE HAZARD BE DESIGNED OUT? no yes GREAT!! CAN SAFETY DEVICES BE USED TO MITIGATE RISK? no yes GOOD! CAN WARNING DEVICES BE USED TO REDUCE POSSIBILITY OF A MISHAP? no yes ADEQUATE WILL PROCEDURES, TRAINING & LABELS SUFFICE? UNACCEPTABLE 3/9/2021 yes MARGINAL no 4

System Safety Planning System Safety Program Plan (SSPP) TASK 102 ◦ Key to your System Safety Program ◦ Purpose - document the systems safety methodology for the identification, classification, and mitigation of safety hazards ◦ Details the tasks and activities required to implement a systematic approach of hazard analysis, risk assessment, and risk management 3/9/2021 5

Systems Safety Planning SSPP Task 102 (cont) ◦ Goal �Eliminate the hazard �If it can’t be eliminated, then reduce the risk to the lowest acceptable level within the constraints of cost, schedule, and performance by applying the system safety design order of precedence �Design For minimum Risk �Incorporate Safety Devices �Provide Warning Devices �Develop Procedures and Training 3/9/2021 6

Systems Safety Planning SSPP Task 102 (continued) ◦ Procedures to integrate system-level and System of Systems level hazard management efforts �Define roles �Define safety interfaces �Integrate provided Hardware and Software �Facilitate Safety Review �Recommend mitigation measures �Assess feasibility, cost, and effectiveness �Allocate Implementation responsibility 3/9/2021 7

Systems Safety Planning SSPP Task 102 (continued) �The process through which contractor management decisions will be made ◦ Timely notification of hazards with Catastrophic and Critical severity levels ◦ High and Serious risks ◦ Determining actions necessary in the event of mishaps, incidents, or malfunctions ◦ Requesting waivers for safety requirements and program deviations. 3/9/2021 8

Severity Categories MIL-STD 882 E FAA Systems Safety Severity Category Description 1 Catastrophic 2 Critical Hazardous 3 Marginal Major 4 Negligible Minor 3/9/2021 MIL STD 882 E Table I 9

Severity Categories (cont) Category MIL-STD 882 E FAA Sys Safety HDBK 1 Catastrophic Could result in one or more of the following, death, permanent total disability, irreversible significant environmental impact, or monetary loss equal to or exceeding $10 M Results in multiple fatalities and/or loss of the system 3/9/2021 MIL STD 882 E Table I 10

Severity Categories (cont) Category MIL-STD 882 E FAA Sys Safety HDBK 2 Critical/ Hazardous Could result in one or more of the following; permanent partial disability/injuries or occupational illness that may result in hospitalization of at least three personnel, reversible significant environmental impact, or monetary loss equal to or exceeding $1 M, but less than $10. Reduces the capability of the system or the operators ability to cope with adverse conditions to the extent that there would be: Large reduction in safety margin or functional capability Crew physical distress/excessive workload such that operators cannot be relied upon to perform required tasks accurately or completely (1) Serious or fatal injury to small number of occupants of aircraft (except operators) Fatal injury to ground personnel and/or general public 3/9/2021 MIL STD 882 E Table I 11

Severity Categories (cont) Category MIL-STD 882 E FAA Sys Safety HDBK 3 Marginal/ Major Could result in one or more of the following: injury or occupational illness resulting in one or more lost work day)s), reversible moderate environmental impact, or monetary loss equal to or exceeding $100 K, but less than $1 M. Reduces the capability of the system or the operators to cope with adverse operating condition to the extent that there would be Significant reduction in safety margin or functional capability, Significant increase in operator workload, Conditions impairing operator efficiency or creating significant discomfort; Physical distress to occupants of aircraft (except operator) including injuries; Major occupational illness and/or major environmental damage, and/or major property damage. 3/9/2021 MIL STD 882 E Table I 12

Severity Categories (cont) Category MIL-STD 882 E 4 Could result in one or Negligible/ more of the following: Minor injury or occupational illness mot resulting in a lost work day, minimal environmental impact, or monetary loss less than $100 K. FAA Sys Safety HDBK Does not significantly reduce system safety. Actions required by operators are well within their capabilities. Include: Slight reduction in safety margin or functional capabilities Slight increase in workload such as routine flight plan changes Some physical discomfort to occupants or aircraft (except operators) Minor occupational illness and or minor environmental damage and/or minor property damage 3/9/2021 MIL STD 882 E Table I 13

Probability Levels Description Level Specific Individual Fleet or Item Inventory Quantitative Frequent A Likely to occur often Continuously in the life of an item experienced > 10% Probable B Will occur several times in the life of an item Will occur frequently <10% > 1% Occasional C Likely to occur sometime in the life of an item Will occur several times <1% >. 1% 3/9/2021 MIL STD 882 E App A Table II A 14

Probability Levels (Continued) Description Level Specific Individual Item Remote D Unlikely, but possible to Unlikely, but occur in the life of an item can reasonable be expected to occur <1/100 > 1/1, 000 Improbable E So unlikely, it can be Unlikely to assumed occurrence may occur, but not be experienced in the possible life of an item < 1/1, 000 Eliminated F Incapable of occurrence. This level is used when potential hazards are identified and later eliminated 0 3/9/2021 Fleet or Inventory Same as item Quantitative MIL STD 882 E App A Table IIA 15

Risk Assessment Matrix Severity Catastrophic (1) Probability Critical (2) Marginal (3) Negligible (4) Medium Frequent (A) High Serious Probable (B) High Serious Medium Occasional © High Serious Medium Low Remote (D) Serious Medium Low Improbable (E) Medium Low Eliminated (F) Eliminated 3/9/2021 TAble III 882 16

Software Risk Levels Description of Risk Levels A SW implementation or SW design defect that upon occurring during normal or credible off-nominal operations or tests: High • Can lead directly to a catastrophic or critical mishap • Places the system in a condition where no independent functioning interlocks preclude the potential occurrence of a catastrophic or critical mishap Serious • Can lead directly to a marginal or negligible mishap • Places the system in a condition where only one independent functioning interlock or human action remains to preclude the potential occurrence of a catastrophic or critical hazard 3/9/2021 882 E App B Table B-1 17

Software Risk (Continued) Risk Levels Description of Risk Levels A SW implementation or SW design defect that upon occurring during normal or credible off-nominal operations or tests: Medium • Influences a marginal or negligible mishap, reducing the system to a single point of failure • Places the system in a condition where two independent functioning interlocks or human actions remain to preclude the potential occurrence of a catastrophic or critical hazard Low • Influences a catastrophic or critical mishap, but where three independent functioning interlocks or human actions remain • Would be a causal factor for a marginal or negligible mishap, but two independent functioning interlocks or human actions remain • A SW degradation or a safety critical function that is not categorized as high, serious, or medium safety risk • A requirement that, if implemented, would negatively impact safety, however, code is implemented safely 3/9/2021 882 E App B TAble B-1 18

Systems Safety Planning �Hazard Management Plan (HMP) Task 103 ◦ Purpose � � Identification Classification Mitigation Detail required tasks and activities � Hazard Analysis � Risk Assessment � Risk Management 3/9/2021 19

Systems Safety Planning �HMP ◦ ◦ ◦ Task 103 (continued) Scope and Objective Interfaces Organization Milestones Requirements and Criteria Hazard Analysis 3/9/2021 20

Systems Safety Planning �HMP ◦ ◦ ◦ Task 103 (continued) Supporting Data Validation and Verification Audit Program Training Incident Reporting 3/9/2021 21

Systems Safety Planning �Demilitarization and Disposal Plan ◦ Stand Alone Plan �Identified in PHL �Systems Requirements Hazard Analysis �Environmental Hazard Analysis 3/9/2021 22

Systems Safety Ethics �Definition ◦ The study of the moral issues and decisions confronting individuals and organizations engaged in engineering and the study of related questions about the moral ideals, characters, policies and relationships of people and corporations involved in technological activity. 3/9/2021 23

Systems Safety Ethics (Continued) �IEEE Code of Ethics ◦ “accept responsibility in making engineering decisions consistent with the safety, health, and welfare of the public, and to disclose promptly factors that might endanger the public or the environment. ” ◦ “be honest and realistic in stating claims or estimates based on available data. ”. 3/9/2021 24

Systems Safety Ethics �Engineers or Managers ◦ Reasonable care to ensure work and consequences of work cause no unacceptable risk to safety ◦ Not make claims for their work that are untrue, or misleading ◦ Claims not supported by a line of reasoning that is recognized in the particular field of application. 3/9/2021 25

Systems Safety Ethics (Continued) �Engineers or Managers ◦ Take all reasonable steps to maintain and develop their competence by attention to new developments in science and engineering relevant to their field of activity, and encourage others working under their supervision to do the same. ◦ Declare their limitation if they do not believe themselves to be competent to undertake certain task, and declare such limitations should they become apparent after a task has begun 3/9/2021 26