ITEM TO CHECK




 /




PURPOSE




The purpose of Task 101 is to establish the foundation for a system safety program.




TASK DESCRIPTION




Establish and execute a system safety program which meets the tailored requirements (found in section 4. GENERAL REQUIREMENTS and which follow) and all other tasks/requirements designated by the managing activity (MA).




System safety implementation




Establish the mechanism they will use to ensure efficient and effective achievement of system safety objectives.  General elements of this mechanism include:  safety management system, organizational support, and compliance.



The contract shall propose their approach, including specific methods of implementation, to the Government for review and evaluation




Management system




Identify the overall management system they will be using to implement the program systems safety requirements.



The system shall include the policies associated with the implementation of systems safety, the mechanism for identifying, assessing, monitoring, and eliminating or minimizing system risks, and the procedures to be used for investigation and disposition of system-related mishaps and safety incidents, including potentially hazard conditions not yet involved in a mishap/incident.




Organizational Support




Identify the personnel and organizational structure to be used for the implementation of system safety in the program.  While specific organizational and personnel assignments are at the option of the contractor, the actual assignments shall be such that the program manager has ready access to the associated safety issues and can make appropriate, informed, and timely decisions regarding individual safety issues




Compliance




Comply with all imposed requirements of this standard and of associated system safety management requirements agreed to by both the contractor and the MA, as stated in the applicable contract.



When a contractor system safety proposal is provided to and agreed upon by the Government, it will form the basis of understanding as to how system safety will be accomplished in the associated program, and will be incorporated as part of the final program contract.



In the event of any conflict between the system safety requirements and other program requirements, the contractor shall submit the proposed necessary changes to the MA for review, approval, or comment.




System safety objectives 




The contractor, during the life of the program, will ensure the following:



Safety, consistent with mission requirements, is designed into the system in a timely, cost effective manner. 



Hazards associated with each system are identified, assessed, tracked, monitored, and either eliminated or minimized to a level acceptable to the MA.  Risk shall be identified as specified in Paragraph 4.5.(Risk Assessment - follows)



Actions taken to eliminate or minimize risk to a level acceptable to the MA shall be identified and archived for tracking and lessons learned purposes.



Historical safety data, including lessons learned from other systems, are considered and used.  



Minimum or no risk will be incurred in accepting and using new technology, materials or designs; and new production, test and operational techniques.



Changes to design, configuration, production or mission requirements; this includes any resulting system modifications and upgrades, retrofits, insertions of new technologies or materials, or use of new production, test or production techniques will be accomplished in a manner that maintains a risk level acceptable to the MA.



Inclusion of the appropriate safety features is accomplished during the applicable phases of the design, development, and production process



Consideration is given early in life cycle to safety and ease of disposal (including explosive ordinance disposal), and demilitarization of any hazardous materials associated with the system.



Actions should be taken to minimize the use of hazardous materials and, therefore, minimize the risks and life cycle costs associated with their use.



Document and submit significant safety decisions as "lessons learned" or as proposed changes to applicable design handbooks and specifications.




System safety design requirements




Standards, specifications, regulations, design handbooks, safety design checklists, and other sources of design guidance will be reviewed for pertinent safety design requirements applicable to the system.



Identify that safety design criteria derived from all applicable information, and this criteria shall be the basis for developing system specification safety requirements.



Expand the criteria and requirements for inclusion in the system specification and all associated follow-on specification.  Some general system safety design requirements are:



Identified hazards shall be eliminated or associated risk shall be reduced through design, including material selection or substitution.



When potentially hazardous materials must be used, such materials selected shall pose the least risk throughout the life cycle of the system.



Hazardous substances, components, and operations shall be isolated from other activities, areas, personnel, and incompatible materials. 



Equipment shall be located so that access during operations, servicing, maintenance, repair, or adjustment minimizes personnel exposure to hazards (e.g. hazardous chemicals, high voltage, electromagnetic radiation, cutting edges, or sharp points).



Risk resulting from excessive environmental conditions (e.g. temperature, pressure, noise, toxicity, acceleration and vibration) shall be minimized. 



Risk resulting from human error in system operation and support shall be minimized as part of the design effort. 



In the case of risk from hazards which cannot be eliminated, alternatives which will minimize such risk shall be considered.  (e.g. interlocks, redundancy, fail safe design, system protection, fire suppression, and other protective measures, such as clothing, equipment, devices and procedures.)



Power sources, controls, and critical components of redundant subsystems shall be protected by physical separation or shielding, or by other suitable methods mutually agreeable to the contractor and the MA.



When alternate design approaches cannot eliminate the hazard, safety and warning devices and warning and cautionary notes shall be provided in assembly, operations, maintenance and repair instructions, and distinctive markings shall be provided on hazardous components, equipment, and facilities to ensure personnel and equipment protection.



These shall be standardized in accordance with commonly accepted commercial practice or, if none exists, normal military procedures.



Where no such common practice exists, the contractor shall propose the method or methods to be used to the MA for review and approval.



The MA shall be provided copies of all warnings, cautions and distinctive markings proposed for review and comment.



The severity of personnel injury or damage to equipment as a result of a mishap shall be minimized.



Software controlled or monitored functions shall ensure minimal initiation of hazardous events or mishaps.



Design criteria shall not include inadequate or overly restrictive requirements regarding safety.



Where there is appropriate supporting information, recommend new safety criteria as required.




System safety precedence




The order of precedence for satisfying system safety requirements and resolving identified hazards shall be as follows:




 Design for minimum risk 




Eliminate hazards through design.  If an identified hazard cannot be eliminated, reduce the associated risk to an acceptable level, as defined by the MA, through design selection.




Incorporate safety devices




Reduce the hazard to a level acceptable to the MA through the use of fixed, automatic, or other protective safety design features or devices.



Provisions shall be made for periodic functional checks of safety devices when applicable.




Provide warning devices




Use devices to detect the condition and to produce an adequate warning signal to alert personnel of the hazard.



Warning signals and their application shall assure a minimal probability of incorrect personnel reaction to the signals and shall be standardized within like types of systems.




Develop procedures and training




Procedures and training shall be used where it is impractical to eliminate hazards through design selection or adequately reduce the associated risk with safety and warning devices.  However, use of warning, caution, or other written advisory shall not be used as the only risk reduction method for Category I or II hazards (as defined in paragraph 4.5.1 below).  Procedures may include the use of personal protective equipment.



The contractor shall propose use of standard cautionary notations where multiple applications occur



Safety critical tasks may require personnel proficiency;  the contractor will propose the proficiency certification process to be used to the MA for review and approval.




Risk assessment




Decisions regarding resolution of identified hazards shall be based on assessment of the risk involved.  To aid the achievement of the objectives of system safety, hazards shall be characterized as to hazard severity categories and hazard probability levels, when possible. Since the priority for system safety is eliminating hazards by design, a risk assessment procedure considering only hazard severity will generally suffice during the early design phase to minimize risk.



When hazards are not eliminated during the early design phase, a risk assessment procedure based upon the hazard probability, hazard severity, as well as risk impact, shall be used to establish priorities for corrective action and resolution of identified hazards.




Hazard severity




Hazard severity categories are defined to provide a qualitative measure of the worst credible mishap resulting from personnel error; environmental conditions; design inadequacies; procedural deficiencies; or system, subsystem or component failure or malfunction as shown in the following table.



  Description            Category                      Definition

CATASTROPHIC       I                  Death, system loss, or severe environmental damage

CRITICAL                  II                 Severe injury, severe occupational illness, major system or environmental damage

MARGINAL              III                 Minor injury, minor occupational illness,  or minor system or environmental damage

NEGLIGIBLE            IV                Less than minor injury, occupational illness, or less than minor system or environmental damage.



NOTE:  These hazard severity categories provide guidance to a wide variety of programs.  However, adaptation to a particular program is generally required to provide a mutual understanding between the MA and the contractors as to the meaning of the terms used in the category definitions.  The adaptation must define what constitutes system loss, major or minor system or environmental damage, and severe and minor injury and occupational illness.  Other risk assessment techniques may be used provided they are approved by the MA.




Hazard probability




The probability that a hazard will be created during the planned life expectancy of the system can be described in potential occurrences per unit of time, events, population, items, or activity.  Assigning a quantitative hazard probability to a potential design or procedural hazard is generally not possible early in the design process.  A qualitative hazard probability may be derived from research, analysis, and evaluation of historical safety data from similar systems.



Supporting rationale for assigning a hazard probability shall be documented in hazard analysis reports.  An example of a qualitative hazard probability ranking is shown at Table II.



Description *       Level             Specific Individual Item                                                 Fleet or Inventory**

FREQUENT         A              Likely to occur frequently                                           Continuously experienced

PROBABLE         B              Will occur several times in the life of an item             Will occur frequently

OCCASIONAL    C              Likely to occur some time in the life of an item          Will occur several times

REMOTE             D             Unlikely but possible to occur in the life of an item     Unlikely but can reasonable be expected to occur

IMPROBABLE    E              So unlikely, it can be assumed occurrence may not be experienced       Unlikely to occur, but possible



*Definitions of descriptive words may have to be modified based on quantity involved.

**The size of the fleet or inventory should be defined.



  




Risk impact 




The risk impact shall be assessed, as necessary, to discriminate between hazards having the same hazard risk index.  This impact consists of the effect and cost of an identified risk in terms of mission capabilities, and social, economic and political factors.  (Example- Release of small amount of radioactive material may not cause direct physical damage or equipment damage, but can cause extreme damage socially and politically to a program.)




Action on identified hazards




Action shall be taken to eliminate identified hazards or reduce the associated risk to a level defined by or acceptable to the MA.



Catastrophic, critical and other hazards specified by the MA shall not rely solely on warnings, cautions or procedures/training for control of risk.



If this is impossible or impractical, alternatives shall be recommended to the MA.




Residual risk




The risk associated with significant hazards for which there are no known control measures, no plans to control or incomplete control measures will be considered residual risk. The contractor will document each residual risk along with the reason(s) for incomplete resolution and notify the MA.



Develop planned approach for safety task accomplishment



 Identify qualified people to accomplish tasks



Establish authority for implementing safety tasks through all levels of management



Allocate appropriate resources, both manning and funding, to assure the safety tasks are completed.



Establish a system safety organization or function and lines of communication within the program organization and with associated organizations (government and contracted).



Establish interfaces between system safety and other functional elements of the program as well as between other safety disciplines such as nuclear range explosive chemical biological etc.



Designate the organizational unit responsible for executing each safety task. 



Establish the authority for resolution of identified hazards.



Define system safety program milestones and relate these to major program milestones, program element responsibility, and required inputs and outputs.



Establish an incident alerting/notification, investigation and reporting process, to include notification of the MA.




DETAILS TO BE SPECIFIED IN THE SOW




Imposition of Task 101.



Tailoring of Section 4 to meet specific program requirements.



Acceptable level of risk with reporting thresholds.



Minimum hazard probability and severity reporting thresholds.



MA requirements for incident processing.



Requirement for and methodology of reporting to the MA the following



Residual hazards/risks



Safety critical characteristics and features



Operating, maintenance and overhaul safety requirements



Measures used to abate hazards



Acquisition management of hazardous materials



Qualifications for key system safety personnel



Other specific system safety program requirements