《风险评价技术及方法》 4_Preliminary_Hazard_List

Chapter4PreliminaryHazardList4.1INTRODUCTIONThepreliminaryhazardlist(PHL)isananalysistechniqueforidentifyingandlistingpotentialhazardsandmishapsthatmayexistinasystem.ThePHLisperformedduringconceptualorpreliminarydesignandisthestartingpointforallsubsequenthazardanalyses.OnceahazardisidentifiedinthePHL,thehazardwillbeusedtolaunchin-depthhazardanalysesandevaluations,asmoresystemdesigndetailsbecomeavailable.ThePHLisameansformanagementtofocusonhazardousareasthatmayrequiremoreresourcestoeliminatethehazardorcontrolrisktoanacceptablelevel.EveryhazardidentifiedonthePHLwillbeanalyzedwithmoredetailedanalysistechniques.Thisanalysistechniquefallsundertheconceptualdesignhazardanalysistype(CD-HAT).ThePHLevaluatesdesignattheconceptuallevel,withoutdetailedinformation,anditprovidesapreliminarylistofhazards.Therearenoalternatenamesforthistechnique.4.2BACKGROUNDTheprimarypurposeofthePHListoidentifyandlistpotentialsystemhazards.AsecondarypurposeofthePHListoidentifysafetycriticalparametersandmishapcategories.ThePHLanalysisisusuallyperformedveryearlyinthedesigndevelop-mentprocessandpriortoperforminganyotherhazardanalysis.ThePHLisusedasamanagementtooltoallocateresourcestoparticularlyhazardousareaswithinthedesign,anditbecomesthefoundationforallothersubsequenthazardanalyses55HazardAnalysisTechniquesforSystemSafety,byCliftonA.Ericson,IICopyright#2005JohnWiley&Sons,Inc.performedontheprogram.Follow-onhazardanalyseswillevaluatethesehazardsingreaterdetailasthedesigndetailprogresses.TheintentofthePHListoaffectthedesignforsafetyasearlyaspossibleinthedevelopmentprogram.ThePHLisapplicabletoanytypeofsystemataconceptualorpreliminarystageofdevelopment.ThePHLcanbeperformedonasubsystem,asinglesystem,oranintegratedsetofsystems.ThePHLisgenerallybasedonpreliminarydesigncon-ceptsandisusuallyperformedearlyinthedevelopmentprocess,sometimesduringtheproposalphaseorimmediatelyaftercontractawardinordertoinfluencedesignandmishapriskdecisionsasthedesignisformulatedanddeveloped.Thetechnique,whenappliedtoagivensystembyexperiencedsystemsafetyper-sonnel,isthoroughatidentifyinghigh-levelsystemhazardsandgenerichazardsthatmayexistinasystem.Abasicunderstandingofhazardtheoryisessentialaswellasknowledgeofsystemsafetyconcepts.Experiencewiththeparticulartypeofsystemunderinvestigation,anditsbasiccomponents,isnecessaryinordertoidentifysys-temhazards.Thetechniqueisuncomplicatedandeasilylearned.TypicalPHLformsandinstructionsareprovidedinthischapter.ThePHLtechniqueissimilartoabrainstormingsession,wherebyhazardsarepostulatedandcollatedinalist.Thislististhenthestartingpointforsubsequenthazardanalyses,whichwillvalidatethehazardandbegintheprocessofidentifyingcausalfactors,risk,andmitigationmethods.GeneratingaPHLisaprerequisitetoperforminganyothertypeofhazardanalysis.Useofthistechniqueishighlyrec-ommended.Itisthestartingpointformoredetailedhazardanalysisandsafetytasks,anditiseasilyperformed.4.3HISTORYThetechniquewasestablishedveryearlyinthehistoryofthesystemsafetydiscipline.ItwasformallyinstitutedandpromulgatedbythedevelopersofMIL-STD-882.4.4THEORYThePHLisasimpleandstraightforwardanalysistechniquethatprovidesalistofknownandsuspectedhazards.APHLanalysiscanbeassimpleasconductingahazardbrainstormingsessiononasystem,oritcanbeaslightlymorestructuredprocessthathelpsensurethatallhazardsareidentified.ThePHLmethoddescribedhereisapro-cesswithsomestructureandrigor,withtheapplicationofafewbasicguidelines.ThePHLanalysisshouldinvolveagroupofengineers/analystswithexpertiseinavarietyofspecializedareas.Themethodologydescribedhereincanbeusedbyanindividualanalystorabrainstorminggrouptohelpfocustheanalysis.Therec-ommendedmethodologyalsoprovidesavehiclefordocumentingtheanalysisresultsonaworksheet.Figure4.1showsanoverviewofthebasicPHLprocessandsummarizestheimportantrelationshipsinvolvedinthePHLprocess.Thisprocessconsistsofcom-biningdesigninformationwithknownhazardinformationtoidentifyhazards.56PRELIMINARYHAZARDLISTKnownhazardouselementsandmishaplessonslearnedarecomparedtothesystemdesigntodetermineifthedesignconceptutilizesanyofthesepotentialhazardelements.ToperformthePHLanalysis,thesystemsafetyanalystmusthavetwothings—designknowledgeandhazardknowledge.Designknowledgemeanstheanalystmustpossesabasicunderstandingofthesystemdesign,includingalistofmajorcomponents.Hazardknowledgemeanstheanalystneedsabasicunderstandingabouthazards,hazardsources,hazardcomponents,andhazardsinsimilarsystems.Hazardknowledgeisprimarilyderivedfromhazardchecklistsandfromlessonslearnedonthesameorsimilarsystemsandequipment.InperformingthePHLanalysis,theanalystcomparesthedesignknowledgeandinformationtohazardchecklists.Thisallowstheanalysttovisualizeorpostulatepossiblehazards.Forexample,iftheanalystdiscoversthatthesystemdesignwillbeusingjetfuel,hethencomparesjetfueltoahazardchecklist.Fromthehazardchecklistitwillbeobviousthatjetfuelisahazardouselementandthatajetfuelfire/explosionisapotentialmishapwithmanydifferentignitionsourcespresentingmanydifferenthazards.TheprimaryoutputfromthePHLisalistofhazards.Itisalsonecessaryandben-eficialtocollectan