Re: [sc] [Scanned] One for the Hazard IDs!



Re: [sc] [Scanned] One for the Hazard IDs!

From: ajrae_at_xxxxxx
Date: Wed, 2 Feb 2011 12:44:36 -0000
Message-ID: <3fbb670ebe1183896223cea7a0a22f5f.squirrel@xxxxxx>
Following from Nancy's accurate observation below:

The hazard in this case (light not being shown) was clearly identified,
since the lights phoned home to report the failure. Note that the cause of
the fault didn't stop fault being detected or reported, so the hazard and
its mitigation were independent with respect to the specific cause.

From a hazard analysis point of view, you don't need to identify every
possible cause of failure to determine how reliable the field equipment is
- this is one of the cases where field data is likely to be more credible
than any piecewise analysis - but you do need to consider whether common
mode failures are credible (ie, are we likely to lose the lights and the
fault reporting from a common cause).

We have insufficient information to know whether the frequency of the
hazard (determined by reliability of the lights) was appropriate, or
whether the window of exposure between the fault and the repair team
coming out was determined through appropriate risk assessment.

We do know that the fault was visible at least one driver (his testimony
indicates that he knew there was supposed to be a light). I think it's a
bit of a stretch to assume that the hazard was highly likely to lead to a
fatal accident, and therefore deserving of heroic mitigation.


> "
> Content-Type: multipart/mixed;
> 	boundary="90e6ba4fbf048f4160049b4bc619
> "
> X-YCS-Spam-Score: 0.0 (/)
>
> --90e6ba4fbf048f4160049b4bc619
>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I must be missing something in all this discussion. The hazard is the
> light being out. The cause of an electrical failure (the light being out)
> being a short seems like something that would be readily conceivable.
> All the causes of a short circuit do not have to be identified to protect
> oneself against such an event.
>
> Nancy
>
> On Wed, Feb 2, 2011 at 4:41 AM, Peter Sheppard
> <peter.sheppard@xxxxxx>wrote:
>
>> http://www.thisistamworth.co.uk/news/Little-angel-killed-cruel-twist-fat
>> e/article-3149898-detail/article.html<http://www.thisistamworth.co.uk/news/Little-angel-killed-cruel-twist-fat%0Ae/article-3149898-detail/article.html>
>>
>> Peter Sheppard
>> Principal Safety Engineer
>> BSc (Hons), FIET, FIRSE, FSaRS
>>
>>
>>
>
>
> --
> Dr. Nancy Leveson
> Professor, Aeronautics and Astronautics
> Professor, Engineering Systems
> MIT
>
> http://sunnyday.mit.edu
>
> --90e6ba4fbf048f4160049b4bc619
>
> Content-Type: text/plain
> X-Original-Content-Type: text/html; charset=ISO-8859-1
>
>
> [The content of this part has been removed by the mailing list software]
>
> --90e6ba4fbf048f4160049b4bc619
> --
>
>
Received on Wed 02 Feb 2011 - 12:44:36 GMT