Everyone knows how to identify hazards, right? Just look at a system functional diagram and start listing hazards that would result from component and functional failures. Or, look at all the system energy sources and list the bad things that can happen if they fail or malfunction. Or, look at system control laws and evaluate the effect of potential malfunctions. Although these approaches sound plausible and are taken by many, the problem is that effective hazard recognition is not quite that simple. One of the major problems encountered during hazard analysis is properly organizing the overall analysis such that the correct and proper hazards can be identified. Sometimes systems are so large and complex that an analyst easily goes off in the wrong direction and misses hazards or misidentifies hazards. This situation is analogous to the old adage that one cannot see the trees for the forest. The solution is to develop a system mishap model (SMM) that aids in visualizing the trees in the forest. The SMM helps the safety analyst to organize a hazard analysis and to visualize the trees within the forest; it maps the overall hazard space of a system. The SMM is not a hazard analysis, but rather a hazard analysis aid. This paper explains the SMM and its usage, along with several examples.
展开▼
