Proceedings of the Eighth International Conference on Probabilistic Safety Assessment & Management (PSAM)
Download citation file:
- Ris (Zotero)
- Reference Manager
There are frequently calls for safety to start early in the life cycle of a system, and in particular at the design stage. But how early is early? And is there a point at which, if too early, there is little real added value, or even a negative effect due to safety ‘constraining’ unnecessarily the creative design process? This paper concerns an attempt to carry out safety assessment during the concept exploration phase of potential new systems for the Air Traffic Management (ATM) industry, based at an ATM research centre. The safety assessment process or framework is called SAND — Safety Assessment for New Designs, and comprises non-quantitative approaches to safety investigation. The main emphasis of SAND is to explore the concepts and determine how to make them safer. At a deeper level, the approach is there to help avoid the occurrence of latent failures and conditions in system design, and to engender a better safety understanding by the designers that will pervade the whole system development life cycle, so that designers and developers themselves are thinking about safety during their work.
The SAND approach or process has three main stages: Scoping; Analysis; and Feed-Forward. This means effectively deciding how much safety the concept project ‘needs’, carrying out the analysis, and then documenting the findings and feeding them forward to later stages and more formal safety assessment processes. The analysis component relies on a small ‘toolkit’ comprising the following techniques: task analysis; human error identification (TRACER); hazard identification (HAZOP); learning from incident experience (Saflearn); learning from real-time simulations (SAFSIM); Human Factors Case; hazard logging (HARTS); and safety requirements documentation (SIDES). The ‘infrastructure’ or safety framework surrounding these safety activities is based on a safety policy and a developing Safety Management System (SMS). However, there is no regulatory oversight nor requirements for safety work at this early stage in the system life cycle. The safety activities themselves are carried out by a small team of safety people who work with the individual project teams.
This paper firstly outlines the nature of ATM system concept development and research, to set the context within which safety assessment must work. It then briefly describes the framework, the techniques used and the types of results and insights that can be gained at such early stages in system design and development. It then considers the deeper issues of the direct and indirect value of such attention to safety at an early stage, and discusses the relative ‘pro's and con's’ of such an approach.