140 likes | 325 Views
HAZOP. System Safety: HAZOP and Software HAZOP , by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999. What is HAZOP?. Technique for identifying and analyzing the hazards and operational concerns of a system.
E N D
HAZOP System Safety: HAZOP and Software HAZOP, by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999
What is HAZOP? • Technique for identifying and analyzing the hazards and operational concerns of a system. • Central activity – a methodical investigation of a system description (design representation).
What this presentation does not cover: • The book puts a LOT of emphasis on • Selecting the study initiator • Selecting the study leader • Planning the study • Roles during the study • Questions vs. follow-up • Completion criteria (P.S. It also tells how to conduct the study itself :-)
Reasonable Limits for this class • This is a human-intensive activity • As such, the details on the previous page are of extreme importance – authors are experienced and therefore recognize this • You won’t be able to conduct a HAZOP study on the basis of these slides • Goal: Understand what it is – set the bar higher
Study process itself in a nutshell Introductions Presentation of design notation Examine design methodically one unit at a time Is it possible to deviate from design intent here? YES Examine both consequences and causes of the possible deviation NO NO Document results Define follow-up work YES Time up? Agree on documentation Sign off
Examine design methodically each unit in turn • Suppose the design representation is a collection of state transition tables: • Units are states, transitions, event/action pairs • For EACH, list the recommended attributes (see table from the Hazop book) • For each attribute, use the guide words to trigger the questions about ways to deviate
The suggested guide words • No: negation of design intention; no part of design intention is achieved but nothing else happens • More: Quantitative increase • Less: Quantitative decrease • As well as: Qualitative increase where all design intention is achieved plus additional activity • Part of: Qualitative decrease where only part of the design intention is achieved • Reverse: logical opposite of the intention • Other than: complete substituion, where no part of the original intention is achieved but something quite different happens
When timing matters • Add the following guide words: • Early: something happens earlier in time than intended • Late: something happens later in time than intended • Before: something happens earlier in a sequence than intended • After: something happens later in a sequence than intended
Guide words chosen • Match the system being examined to appropriate table or modify the closest • Match the design representation • Note: not all guide words apply to all attributes • For attribute “speed” of an electric motor, omit guide word “as well as” and “part of” • For attribute “data flow” on a dfd, “less” is not used because meaning covered by “part of” • Generally, study leader selects from the guide words, provides interpretations based on chosen design representation and context, distributes to team in advance of the study
Applications • Originally developed for chemical plants • Book has detailed examples for • Software using data flow diagrams • Software using state transition diagrams • Includes timing attributes of response time and repetition time • Software using various OO models • Digital electronics • Communication systems • Electromechanical systems • Same guide words, different interpretations
More detailed outline of the HAZOP process – Figure 9.2 For all entities For all attributes For each guide word Is deviation credible? Example matrices See book excerpts
Fig 9.2 HAZOP meeting process