APPLIED SAFETY (ME 502)

SYSTEM SAFETY TECHNOLOGY

A. Control of Specific Risk
1. Planning
2. Hazard Analysis
3. Risk Evaluation
4. Control Validation – Prevent – eliminate
5. Compliance Verification
6. Performance Evaluation
7. Monitoring and updates
B. Control of Systematic Risks
1. Management Implementation
2. Hazard Identification
3. Operation Readiness (process)
4. Human factor
5. Measurements
6. Information analysis and communication
7. Safety service
C. Risk Control Technology
1. Risk Identification
2. Risk Assessment
3. Management Decision and Review
4. Risk Control/Transfer
5. System Audit

PLAN DO CHECK ACT – CYCLE (PDCA)

Performance Evaluation evaluate whether

1. Poor
2.
3.
4.
5. Excellent

Property(50%) – SAFETY PROGRAM – Life(50%)

Under SAFETY PROGRAM
1. Training
2. Promotion – Trial
3. Implementation

Activities

Risk Management

In the On-Line Safety Library you will find a large amount of information covering

specific risk management programs as well as hazard specific information.
Using a Risk Management approach to lowering accidents and injuries in the
workplace us an essential tool for managers. A systematic approach to an objective
look at the work environment and occupational hazards is the first Risk Management
step towards actually managing workplace risk to prevent accidents that can result in
damage to facilities, product and people

The Risk Management process is devoted to assessments and controlling risks that can
result in business losses either through acts of nature or acts by people or from poor
engineering design of a process or piece of equipment.
Steps in risk management will allow you to develop procedures and strategies that
reduce the effects of risk-related situations, risk avoidance and identification of those
risks that may be acceptable after all possible steps have been taken.

Using an approach that implements engineering controls to create an initial low-

hazard environment is the first step for effective risk management. Engineering
controls are those things you do to ensure safety by design and include elements such
as machine guards, proper lighting, security systems and environmental controls.

Administrative risk management control is a less effective means for controlling risk,
however engineering controls cannot be implemented for all events.  Administrative
risk management is the second line of defense for prevention and mitigation of
potential hazards. Administrative controls include written policies and procedures to
ensure employees follow safe practices and include identification and implementation
of an effective employee training program.

Once the overall concept has been accepted, listing all risks is the initial step needed
to allocate resources for developing risk management controls. Each specific risk
should be viewed as a potential event that could cause loss or injury. Evaluation of
each risk source is needed to understand the possibility and potential for each risk-
event. After initial identification and 'rating" of all risk-events, you can developed
specific engineering and administrative controls to eliminate the risk or at least drive
the probability of an event to a lower, acceptable level.

Assessment of each risk and potential loss is required to make the best impact
relationship between it and all other risks so you can properly address the highest,
most probable events and those that would have the most negative effects.  This can
be done on a company level, department level, or even for a specific work area or
task.  Using engineering controls can achieve a zero probability of a risk management
event.

Risk Categorization 
Before choosing risk-specific steps, each risk-event should be grouped into general
areas for the type of possible actions.  These include avoidance or elimination,
reduction of possibility, transfer of risk, such as outsourcing or leasing of equipment
or facilities, and risk retention which is the least effective risk management approach
because you must either accept the loss or insure against the loss to include process
and business interruption loss recovery.

Avoiding or Elimination of Risk

All business operations will carry some risk, however specific industrial processed
can be engineered to prevent specific risk-events.  Prior to establishing a new process
or installing new equipment, a team consisting of management, maintenance and
purchasing professionals should evaluate the risk-impact of the equipment and process
to ensure all steps will be taken to select equipment and materials that are no or low
risk by design.  Also consider how the new systems and equipment will fit in the
current facility design in regards to ease of maintenance, flow of  materials and people
through the proposed location and placement of system equipment.  Evaluation of
support systems, such as lighting, ventilation and drainage must also be evaluated as
part of the risk management process.

Reducing Risks
Risk reduction in the risk management process can reduce the overall effect of a risk-
event.  These steps include such things as install of fire suppression systems, guard
rails, reduction of the amount of hazardous materials and specific procedures and
policies that prohibit risky activities.  In conjunction with administrative risk
management controls, personal protective equipment, when properly selected and
maintained can significantly reduce employee exposure to workplace hazards. 
Personal protective equipment (PPE) controls include the necessary employee training
on the use, limitations and maintenance of PPE as well as the management of the PPE
program.

Transfer Risks
By using outside sources for high-risk material, processes and services you are
effectively transferring the risk to another company.  Evaluation of the loss-effect
versus the increased financial costs of outsourcing risk should be considered.  Any
risk transfer also includes the effect on your operations if the company providing the
outsourced risk activity fails due to risk-events.  To minimize this secondary effect,
your risk management plan should include identification of resources and
organizations that could provide the outsourced material, process and services with
little interruption to your operations.

Project Risk Management

This aspect of risk management must address very specific risk management tasks
such as evaluation, responsibilities, operations and financial resources allocated to risk
management.

Consider:
Assigning a safety and risk manger who reports directly to the project manager and is
responsible for not only project site safety, but also tasked with evaluating activities to
ensure risk-events are foreseen and addressed before a risk related problem occurs.

Establish a risk management database. Each risk should have an evaluation sheet that
records the date identified, description of risk, probability and importance and specific
steps implemented to eliminate or reduce the effect of the risk.  Any outstanding
actions related to each specific risk should be assigned to a specific person for action
and tracked to ensure completion

Implement a process for reporting of unsafe conditions and processes.  Involve all
employees by actively encouraging involvement of all employees under a continuous 
improvement plan that recognizes participation and reporting of unsafe or risky
situations.

Risk Management Plan

An effective risk management plan includes not only identification and reduction or
elimination of specific risks.  It must also include a management and leadership
component that sets the tone for continued evaluation, effective security controls,
supervisor training and implementation of workplace safety programs as well as
employee training.  An effective risk management program will yield results in not
only lowering exposure to risk-events, but also improved efficiencies, increased
productivity, employee retention and overall improvement in all company operations. 
The philosophy used in developing your risk management program can spill over into
day-to-day actions by all employees that results in a continuous improvement cycle. 
Your risk management plan should also incorporate historical data as well as
development of retention of specific risk management actions for future reference. 
Risk management plans and procedures need not be static in nature.  A periodic
review should be conducted annually to ensure the plan continues to address all
current risk or changes in risk exposure. In the event of a risk loss, using risk
management historical data to determine where the system failed can be used to fine
tune your risk management plan in areas other than just the specific risk-event that
caused the loss.  Ask, what decisions were made and how were they made that
resulted in failure of the risk management system.  You can then make corrections to
all aspects of your risk management plan.

Safety engineering
From Wikipedia, the free encyclopedia

Safety engineering is an applied science strongly related to systems engineering and the subset System
Safety Engineering. Safety engineering assures that a life-critical system behaves as needed even when
pieces fail.

Contents

 [hide]

1 Overview

2 Analysis techniques

o 2.1 Failure modes and effects analysis

o 2.2 Fault tree analysis

3 Safety certification

4 Preventing failure

o 4.1 Probabilistic fault tolerance: adding redundancy to equipment

and systems

5 When does safety stop, where does reliability begin?

o 5.1 Inherent fail-safe design

6 Containing failure

7 See also

8 References

o 8.1 General references

9 External links

[edit]Overview

Ideally, safety-engineers take an early design of a system, analyze it to find what faults can occur, and then
propose safety requirements in design specifications up front and changes to existing systems to make the
system safer. In an early design stage, often a fail-safe system can be made acceptably safe with a few
sensors and some software to read them. Probabilistic fault-tolerant systems can often be made by using more,
but smaller and less-expensive pieces of equipment.

Far too often, rather than actually influencing the design, safety engineers are assigned to prove that an
existing, completed design is safe. If a safety engineer then discovers significant safety problems late in the
design process, correcting them can be very expensive. This type of error has the potential to waste large
sums of money.
The exception to this conventional approach is the way some large government agencies approach safety
engineering from a more proactive and proven process perspective, known as "system safety". The system
safety philosophy is to be applied to complex and critical systems, such as commercial airliners, complex
weapon systems, spacecraft, rail and transportation systems, air traffic control system and other complex and
safety-critical industrial systems. The proven system safety methods and techniques are to prevent, eliminate
and control hazards and risks through designed influences by a collaboration of key engineering disciplines and
product teams. Software safety is a fast growing field since modern systems functionality are increasingly being
put under control of software. The whole concept of system safety and software safety, as a subset of systems
engineering, is to influence safety-critical systems designs by conducting several types of hazard analysesto
identify risks and to specify design safety features and procedures to strategically mitigate risk to acceptable
levels before the system is certified.

Additionally, failure mitigation can go beyond design recommendations, particularly in the area of maintenance.
There is an entire realm of safety and reliability engineering known as Reliability Centered Maintenance (RCM),
which is a discipline that is a direct result of analyzing potential failures within a system and determining
maintenance actions that can mitigate the risk of failure. This methodology is used extensively on aircraft and
involves understanding the failure modes of the serviceable replaceable assemblies in addition to the means to
detect or predict an impending failure. Every automobile owner is familiar with this concept when they take in
their car to have the oil changed or brakes checked. Even filling up one's car with fuel is a simple example of a
failure mode (failure due to fuel exhaustion), a means of detection (fuel gauge), and a maintenance action
(filling the car's fuel tank).

For large scale complex systems, hundreds if not thousands of maintenance actions can result from the failure
analysis. These maintenance actions are based on conditions (e.g., gauge reading or leaky valve), hard
conditions (e.g., a component is known to fail after 100 hrs of operation with 95% certainty), or require
inspection to determine the maintenance action (e.g., metal fatigue). The RCM concept then analyzes each
individual maintenance item for its risk contribution to safety, mission, operational readiness, or cost to repair if
a failure does occur. Then the sum total of all the maintenance actions are bundled into maintenance intervals
so that maintenance is not occurring around the clock, but rather, at regular intervals. This bundling process
introduces further complexity, as it might stretch some maintenance cycles, thereby increasing risk, but reduce
others, thereby potentially reducing risk, with the end result being a comprehensive maintenance schedule,
purpose built to reduce operational risk and ensure acceptable levels of operational readiness and availability.

[edit]Analysis techniques

The two most common fault modeling techniques are called failure mode and effects analysis and fault tree
analysis. These techniques are just ways of finding problems and of making plans to cope with failures, as
in probabilistic risk assessment. One of the earliest complete studies using this technique on a commercial
nuclear plant was the WASH-1400 study, also known as the Reactor Safety Study or the Rasmussen Report.

[edit]Failure modes and effects analysis

Main article:  Failure mode and effects analysis

Failure Mode and Effects Analysis (FMEA) is a bottom-up, inductive analytical method which may be performed
at either the functional or piece-part level. For functional FMEA, failure modes are identified for each function in
a system or equipment item, usually with the help of a functional block diagram. For piece-part FMEA, failure
modes are identified for each piece-part component (such as a valve, connector, resistor, or diode). The effects
of the failure mode are described, and assigned a probability based on the failure rate and failure mode ratio of
the function or component.

Failure modes with identical effects can be combined and summarized in a Failure Mode Effects Summary.
When combined with criticality analysis, FMEA is known as Failure Mode, Effects, and Criticality Analysis or
FMECA, pronounced "fuh-MEE-kuh".

[edit]Fault tree analysis

Main article:  Fault tree analysis

Fault tree analysis (FTA) is a top-down, deductive analytical method. In FTA, initiating primary events such as
component failures, human errors, and external events are traced through Boolean logicgates to an undesired
top event such as an aircraft crash or nuclear reactor core melt. The intent is to identify ways to make top
events less probable, and verify that safety goals have been achieved.

A fault tree diagram

Fault trees are a logical inverse of success trees, and may be obtained by applying de Morgan's theorem to
success trees (which are directly related toreliability block diagrams).
FTA may be qualitative or quantative. When failure and event probabilites are unknown, qualitative fault trees
may be analyzed for minimal cut sets. For example, if any minimal cut set contains a single base event, then
the top event may be caused by a single failure. Quantitative FTA is used to compute top event probability, and
usually requires computer software such as CAFTA from the Electric Power Research
Institute or SAPHIRE from the Idaho National Laboratory.

Some industries use both fault trees and event trees. An event tree starts from an undesired initiator (loss of
critical supply, component failure etc.) and follows possible further system events through to a series of final
consequences. As each new event is considered, a new node on the tree is added with a split of probabilities of
taking either branch. The probabilities of a range of "top events" arising from the initial event can then be seen.

[edit]Safety certification

Usually a failure in safety-certified systems is acceptable if, on average, less than one life per 10 9 hours of
continuous operation is lost to failure. Most Western nuclear reactors, medical equipment, and
commercial aircraft are certified to this level. The cost versus loss of lives has been considered appropriate at
this level (by FAA for aircraft underFederal Aviation Regulations).

[edit]Preventing failure

A NASA graph shows the relationship between the survival of a crew of astronauts and the amount of redundantequipment
in their spacecraft (the "MM", Mission Module).

[edit]Probabilistic fault tolerance: adding redundancy to equipment and

systems
Once a failure mode is identified, it can usually be prevented entirely by adding extra equipment to the system.
For example, nuclear reactors contain dangerous radiation, and nuclear reactions can cause so much heat that
no substance might contain them. Therefore reactors have emergency core cooling systems to keep the
temperature down, shielding to contain the radiation, and engineered barriers (usually several, nested,
surmounted by a containment building) to prevent accidental leakage.

Most biological organisms have a certain amount of redundancy: multiple organs, multiple limbs, etc.

For any given failure, a fail-over or redundancy can almost always be designed and incorporated into a system.

[edit]When does safety stop, where does reliability begin?

Assume there is a new design for a submarine. In the first case, as the prototype of the submarine is being
moved to the testing tank, the main hatch falls off. This would be easily defined as an unreliable hatch. Now the
submarine is submerged to 10,000 feet, whereupon the hatch falls off again, and all on board are killed. The
failure is the same in both cases, but in the second case it becomes a safety issue. Most people tend to judge
risk on the basis of thelikelihood of occurrence. Other people judge risk on the basis of their magnitude of
regret, and are likely unwilling to accept risk no matter how unlikely the event. The former make good reliability
engineers, the latter make good safety engineers.

Now let us say there is a need to design a Humvee with a rocket launcher attached. The reliability engineer
could make a good case for installing launch switches all over the vehicle, making it very likely someone can
reach one and launch the rocket. The safety engineer could make an equally compelling case for putting only
two switches at opposite ends of the vehicle which must both be thrown to launch the rocket, thus ensuring the
likelihood of an inadvertent launch was small. An additional irony is that it is unlikely that the two engineers can
reconcile their differences, in which case a manager who doesn't understand the technology could choose one
design over the other based on other criteria, like cost of manufacturing.

[edit]Inherent fail-safe design

For more details on this topic, see  Inherent safety.

When adding equipment is impractical (usually because of expense), then the least expensive form of design is
often "inherently fail-safe". The typical approach is to arrange the system so that ordinary single failures cause
the mechanism to shut down in a safe way (for nuclear power plants, this is termed a passively safe design,
although more than ordinary failures are covered).

One of the most common fail-safe systems is the overflow tube in baths and kitchen sinks. If the valve sticks
open, rather than causing an overflow and damage, the tank spills into an overflow.

Another common example is that in an elevator the cable supporting the car keeps spring-loaded brakes open.
If the cable breaks, the brakes grab rails, and the elevator cabin does not fall.

Inherent fail-safes are common in medical equipment, traffic and railway signals, communications equipment,
and safety equipment.
[edit]Containing failure

It is also common practice to plan for the failure of safety systems through containment and isolation methods.
The use of isolating valves, also known as the block and bleed manifold, is very common in isolating pumps,
tanks, and control valves that may fail or need routine maintenance. In addition, nearly all tanks containing oil
or other hazardous chemicals are required to have containment barriers set up around them to contain 100% of
the volume of the tank in the event of a catastrophic tank failure. Similarly, long pipelines have remote-closing
valves periodically installed in the line so that in the event of failure, the entire pipeline is not lost. The goal of all
such containment systems is to provide means of limiting the damage done by a failure to a small localized
area.

[edit]See also

 ARP4761

 Earthquake engineering

 Effective Safety Training

 Forensic engineering

 Hazard and operability study

 IEC 61508

 Nuclear safety

 Process Safety Management

 Risk assessment

 Risk management

 Safety life cycle

 Workplace safety

SWOT analysis
From Wikipedia, the free encyclopedia

SWOT analysis is a strategic planning method used to evaluate the Strengths, Weaknesses, Opportunities,

and Threats involved in a project or in a business venture. It involves specifying the objective of the business
venture or project and identifying the internal and external factors that are favorable and unfavorable to achieve
that objective. The technique is credited to Albert Humphrey, who led a convention at Stanford University in the
1960s and 1970s using data from Fortune 500 companies.

A SWOT analysis must first start with defining a desired end state or objective. A SWOT analysis may be
incorporated into the strategic planning model. Strategic Planning has been the subject of much research. [citation
needed]
  Strengths: characteristics of the business or team that give it an advantage over others in the
industry.

 Weaknesses: are characteristics that place the firm at a disadvantage relative to others.

 Opportunities: external chances to make greater sales or profits in the environment.

 Threats: external elements in the environment that could cause trouble for the business.

Identification of SWOTs are essential because subsequent steps in the process of planning for
achievement of the selected objective may be derived from the SWOTs.

First, the decision makers have to determine whether the objective is attainable, given the SWOTs. If the
objective is NOT attainable a different objective must be selected and the process repeated.

The SWOT analysis is often used in academia to highlight and identify strengths, weaknesses,
opportunities and threats.[citation needed] It is particularly helpful in identifying areas for development. [citation needed]

Contents

 [hide]

1 Matching and converting

o 1.1 Evidence on the

use of SWOT

2 Internal and external factors

3 Use of SWOT analysis

4 SWOT - landscape analysis

5 Corporate planning

o 5.1 Marketing

6 See also

7 References

8 External links

[edit]Matching and converting

Another way of utilizing SWOT is matching and converting.

Matching is used to find competitive advantages by matching the strengths to opportunities.

Converting is to apply conversion strategies to convert weaknesses or threats into strengths or

opportunities.

An example of conversion strategy is to find new markets.

If the threats or weaknesses cannot be converted a company should try to minimize or avoid them.[1]

[edit]Evidence on the use of SWOT

SWOT analysis may limit the strategies considered in the evaluation. J. Scott Armstrong notes that
"people who use SWOT might conclude that they have done an adequate job of planning and ignore such
sensible things as defining the firm's objectives or calculating ROI for alternate strategies." [2] Findings
from Menon et al. (1999) [3] and Hill and Westbrook (1997) [4] have shown that SWOT may harm
performance. As an alternative to SWOT, Armstrong describes a 5-step approach alternative that leads to
better corporate performance.[5]

[edit]Internal and external factors

The aim of any SWOT analysis is to identify the key internal and external factors that are important to
achieving the objective. These come from within the company's unique value chain. SWOT analysis
groups key pieces of information into two main categories:

 Internal factors – The strengths and weaknesses internal to the organization.

 External factors – The opportunities and threats presented by the external environment to the

organization. - Use a PEST or PESTLE analysis to help identify factors

The internal factors may be viewed as strengths or weaknesses depending upon their impact on the
organization's objectives. What may represent strengths with respect to one objective may be
weaknesses for another objective. The factors may include all of the 4P's; as well as personnel,
finance, manufacturing capabilities, and so on. The external factors may include macroeconomic
matters, technological change, legislation, and socio-cultural changes, as well as changes in the
marketplace or competitive position. The results are often presented in the form of a matrix.

SWOT analysis is just one method of categorization and has its own weaknesses. For example, it
may tend to persuade companies to compile lists rather than think about what is actually important
in achieving objectives. It also presents the resulting lists uncritically and without clear prioritization
so that, for example, weak opportunities may appear to balance strong threats.

It is prudent not to eliminate too quickly any candidate SWOT entry. The importance of individual
SWOTs will be revealed by the value of the strategies it generates. A SWOT item that produces
valuable strategies is important. A SWOT item that generates no strategies is not important.

[edit]Use of SWOT analysis

The usefulness of SWOT analysis is not limited to profit-seeking organizations. SWOT analysis may
be used in any decision-making situation when a desired end-state (objective) has been defined.
 Examples include: non-profit organizations, governmental units, and individuals. SWOT analysis
may also be used in pre-crisis planning and preventive crisis management. SWOT analysis may
also be used in creating a recommendation during a viability study/survey.

[edit]SWOT - landscape analysis

The SWOT-landscape systematically deploys the relationships between overall objective and underlying
SWOT-factors and provides an interactive, query-able 3D landscape.

The SWOT-landscape grabs different managerial situations by visualizing and foreseeing the
dynamic performance of comparable objects according to findings by Brendan Kitts, Leif Edvinsson
and Tord Beding (2000).[6]

Changes in relative performance are continually identified. Projects (or other units of
measurements) that could be potential risk or opportunity objects are highlighted.

SWOT-landscape also indicates which underlying strength/weakness factors that have had or likely
will have highest influence in the context of value in use (for ex. capital value fluctuations).

[edit]Corporate planning

As part of the development of strategies and plans to enable the organization to achieve its
objectives, then that organization will use a systematic/rigorous process known as corporate
planning. SWOT alongside PEST/PESTLE can be used as a basis for the analysis of business and
environmental factors.[7]

 Set objectives – defining what the organization is going to do

 Environmental scanning

 Internal appraisals of the organization's SWOT, this needs to include an assessment of the
present situation as well as a portfolio of products/services and an analysis of the
product/service life cycle
 Analysis of existing strategies, this should determine relevance from the results of an
internal/external appraisal. This may include gap analysis which will look at environmental factors

 Strategic Issues defined – key factors in the development of a corporate plan which needs to be
addressed by the organization

 Develop new/revised strategies – revised analysis of strategic issues may mean the objectives
need to change

 Establish critical success factors – the achievement of objectives and strategy implementation

 Preparation of operational, resource, projects plans for strategy implementation

 Monitoring results – mapping against plans, taking corrective action which may mean amending
objectives/strategies.[8]
[edit]Marketing

Main article:  Marketing management

In many competitor analyses, marketers build detailed profiles of each competitor in the
market, focusing especially on their relative competitive strengths and weaknesses using
SWOT analysis. Marketing managers will examine each competitor's cost structure, sources
of profits, resources and competencies, competitive positioning and product differentiation,
degree of vertical integration, historical responses to industry developments, and other
factors.

Marketing management often finds it necessary to invest in research to collect the data
required to perform accurate marketing analysis. Accordingly, management often conducts
market research (alternately marketing research) to obtain this information. Marketers employ
a variety of techniques to conduct market research, but some of the more common include:

 Qualitative marketing research, such as focus groups

 Quantitative marketing research, such as statistical surveys

 Experimental techniques such as test markets

 Observational techniques such as ethnographic (on-site) observation

 Marketing managers may also design and oversee various environmental scanning and
competitive intelligence processes to help identify trends and inform the company's marketing
analysis.

Using SWOT to analyse the market position of a small management consultancy with
specialism in HRM.[8]

Strengths Weaknesses Opportunities Threats

Reputation in Shortage of Well established Large consultancies
marketplace consultants at position with a well operating at a minor
operating level rather defined market niche level
than partner level

Expertise at partner Unable to deal with Identified market for Other small
level in HRM multi-disciplinary consultancy in areas consultancies looking
consultancy assignments because other than HRM to invade the
of size or lack of marketplace
ability

[edit]See also