450 likes | 964 Views
Introduction to System Safety Engineering. This Session. Aims of course overview of course content a few practicalities Scene-setting motivation for system safety So what is system safety?. Outline of Course. Mixture of “lectures”… quite informal – feel free to interrupt with questions
E N D
This Session • Aims of course • overview of course content • a few practicalities • Scene-setting • motivation for system safety • So what is system safety?
Outline of Course • Mixture of “lectures”… • quite informal – feel free to interrupt with questions • … and practical exercises • short, structured exercises • based around examples from various domains • working in with demonstrator • model answers will be provided for some (others more open-ended) • Detailed timetable for the week in front of handout • Bibliography and glossary in back of files • Feedback forms in front of files - let us know how we do • Introduction to SSE Hazard Analysis Techniques • Terminology Safety Analysis Techniques • Hazard Identification The Safety Case • Risk Assessment Software Safety
Aims of the Course These are three-fold • awareness – of primary concepts and range of issues associated with achieving and assuring safety • including legal context, management • understanding – of role of safety analysis techniques in achievement and assurance of safety • including strengths and weaknesses of particular techniques, and issues such as software and human factors • workingknowledge – knowledge of what is involved in applying key safety analysis techniques • proficiency can only be developed through experience
Why System Safety ? • Why do we strive to make systems safe? • Self interest • we wouldn’t want to be harmed by systems we develop and use • unsafe systems are bad business • we can be sued under civil law • We have to do so • required by criminal law (HSWA) • required by standards • But what do the law and standards represent? • moral values • laws try to preclude what society finds morally reprehensible • ultimately assessed by the courts, as representatives of society • standards try to define what is acceptable practise • to discharge legal and moral responsibilities Moral issues drive the legal framework
Public Perceptions of Safety 1 Some (approximate) quotations: “I shall ensure that nuclear power is absolutely safe” Former Secretary of State “Just to let you know I’m back safely” Mobile phone call overheard in airport car park “I don’t feel safe – there’s no seat belt. I feel much saferin my car when I’m in control” Agitated lady train passenger
Public Perceptions of Safety 2 The cost of safety “You can’t place a value on human life (safety)” Commonly heard phrase • UK Department of Transport figure for 2004 was £1.25M • value of an investment expected to save a single life • based on survey work examining willingness to pay • New building codes following the Ronan Point collapse • implicitly valued human life at £14M • Cost of “child proof” tops on medicine bottles • costs about £5 per estimated life saved • initially it was decided not to introduce them! Decisions are based on cost – often inconsistently
Public Perceptions of Safety 3 • Dial F for Fear – New Scientist 10/4/99 • Mobile phones may cause cancer • “Nowhere could we find any compelling evidence that mobile phone emissions are likely to cause illness” • The Times – 6/12/06 • “After 21 years, scientists say: mobiles don’t cause cancer” • 420,000 users in biggest review yet • common fear of link is debunked • The Guardian – January 07 • Study into links between mobile phones and cancer approved
Public Perceptions of Safety 4 • So why is everyone worried? • Bad news is often all we hear • Science cannot offer people what they want - total certainty • Health and safety scares acquire a life of their own • Proving something is harmless is (tantamount to) impossible • Journalism affects our perceptions • Selective (biased?) reporting • Road deaths are about 10 per day in the UK • only unusual “newsworthy” accidents are reported • Almost all rail accidents are reported • implications for how the industry makes risk decisions
Public Perceptions of Safety 5 • Its the London underground (so not very new)! • in some other cities there are (partial) barriers • but this form of design is surprisingly widespread “In the weird world of public risk perception, familiarity breeds acceptance” • Consider an (imaginary) new transportation system • trains arrive at 40mph • passengers on platform are within 2 feet of trains • there are no barriers between passengers and trains • additional passengers push onto platform with no control over • rate of arrival or numbers Would you approve its introduction?
Public Perceptions of Safety 6 Which is most radioactive • Coal-fired power station • Nuclear power station? Which emits most carcinogens • Coal-fired power station • Nuclear power station? We are all the public Now let us consider some facts or, at least, some statistics! Risk perceptions often at variance with facts
Background Mortality and Safety • Average life expectancy approximately 73 years • “Background mortality” 1.6 x 10-6 per hour, but varies with age • HSE “Reducing Risks, Protecting People” (R2P2) gives more precise data, and identifies different causes • A simple view of a “safe” system • Contribution to expected mortality low with respect to background mortality • Typical(?) business user of civil aircraft • 3 x 10-7 for 100 hours per annum • 3 x 10-5 per annum, against 1.4 x 10-2 background mortality (pa) • Over two orders of magnitude better, i.e. < 1% increase in risk • Most people are (fairly) happy about flying
Acceptability of Risk • Politics and journalism • Introduction of train protection expected to kill more people than it saves • but track side workers, not passengers • We are also poor at “getting a feel for” low probabilities • And this colours judgement too • Acceptability of risk affected by many factors • (Apparent) degree of control (lady on the train, aircraft) • Number of deaths in one accident (aircraft versus cars) • Familiarity (cars, underground) • “Dreadness” of risk (“falling out of the sky”, nuclear radiation) • Voluntary vs. involuntary risk (hang gliding vs nuclear accident)
Probability Scale NB - Age of the universe 1014 hours
Motoring journalists reported instability of A-class when subjected to the “Elk test” Reports appeared in the German press that management knew of the problem Daimler Benz Share Price
Poor safety has economic consequences Different types of consequence • Action through the courts, fine or compensation • Regina versus Port of Ramsgate Ltd. • collapse of passenger ferry walkway. 6 killed, 7 injured • fine >£2M (Operator, Designer, Manufacturer, Certifier). • Cost of remedial action/recall • Mercedes Benz A Class • reportedly several hundred pounds per vehicle • puts back “break even” time (amortising design costs) by years • Boeing 737 (rudder “hard-over”) • reportedly $1.3Bn • Share price/company viability • Vickers Medical • Daimler Benz
So what is System Safety Engineering? • “The essence of System Safety is that the system does what it is supposed to do, and does not do what it is not supposed to do” System Safety Society • “System Safety is the application of special technical and managerial skills to the systematic, forward-looking identification and control of hazards throughout the lifecycle of a project, program or activity” • Harold Roland and Brian Moriarty • “System Safety uses systems theory and systems engineering approaches to prevent foreseeable accidents, and to minimise the result of unforeseen ones” Nancy Leveson
Characteristics of System Safety Engineering • Emphasises “designing in” safety, not “bolting on” • Deals with system as a whole • Including interfaces, human issues • Considers systems in context • Physical, technical, political, legal, management • Recognises the importance of trade-offs • Takes broad view of sources of risk • More than just reliability / avoiding dangerous failures • Bases decisions on analysis • Rather than following prescriptive rules and standards
Risk Based Approach • General cultural changes • public willingness to accept imposed risks is decreasing • introduction of notion of safety case following Piper Alpha • worldwide focus on corporate governance, following Enron and other high-profile cases • has caused re-examination of all areas of corporate activity, not just financial probity • Risk based approach • setting and managing to risk targets • more stable than prescriptive rules • can integrate safety into broader risk management regime • balance safety against other issues • now enshrined in many safety standards (military and civil)
System Safety Engineering - Technical Activities • Understand the system of interest • Including environmental / human context • Identify and evaluate risks associated with the system • Applied experience, predictive analysis • Develop means of controlling the risks • Evaluating cost / benefit trade-offs • Driving design • Verify the effectiveness of the controls • Through analysis, testing etc. • Provide evidence of acceptable safety • For certification / customer acceptance • Repeat activities and maintain safety throughout system life
Benefits of a Systematic Safety Process • Without a systematic process decisions will be made • But on the basis of selective and biased information • And they will be inconsistent so limited financial resources will be used inefficiently • A systematic safety process • Gives a basis for evaluating risks “on an equal footing” • Enables a comprehensive assessment of risks, and justifiable decisions about the acceptability of designs • doesn’t (shouldn’t try to) remove variance in public perceptions, but does give a basis for well-informed decisions • System safety engineering • Design of safe products, informed by analysis • Need to consider all accident causes, not just technical failures