System Safety is the application of engineering and management principles, criteria, and techniques to achieve acceptable risk within the constraints of operational effectiveness and suitability, schedule, and cost throughout the system’s lifecycle. System safety covers the entire spectrum of Environment, Safety, and Occupational Health (ESOH) considerations. It is an integral part of the Systems Engineering (SE) process and specific activities are required throughout the different phases of the acquisition lifecycle.

System Safety Standard (MIL-STD-882E)
The system safety standard practice identifies the DoD approach for identifying hazards and assessing and mitigating associated risks encountered in the development, test, production, use, and disposal of defense systems.

MIL-STD-882E “Standard Practice for System Safety” – 11 May 2012

Handbook: Air Force System Safety Handbook – July 2000

System Safety Process
The system safety process consists of eight (8) elements. These eight elements are detailed in Chapter 4 of MIL-STD-882E and are listed below. [1]

  1. Document the System Safety Approach: The Program Manager (PM) and contractor shall document the system safety approach for managing hazards as an integral part of the Systems Engineering Process.
  2. Identify and Document Hazards:  Hazards are identified through a systematic analysis process that includes system hardware and software, system interfaces (to include human interfaces), and the intended use or application and operational environment. Consider and use mishap data; relevant environmental and occupational health data; user physical characteristics; user knowledge, skills, and abilities; and lessons learned from legacy and similar systems. The hazard identification process shall consider the entire system life-cycle and potential impacts to personnel, infrastructure, defense systems, the public, and the environment.
  3. Assess and Document Risk: The severity category and probability level of the potential mishap(s) for each hazard across all system modes are assessed using the definitions in Tables I and II of MIL-STD-882E.
  4. Identify and Document Risk Mitigation Measures: Potential risk mitigation(s) shall be identified, and the expected risk reduction(s) of the alternative(s) shall be estimated and documented in the Hazard Tracking System (HTS). The goal should always be to eliminate the hazard if possible. When a hazard cannot be eliminated, the associated risk should be reduced to the lowest acceptable level within the constraints of cost, schedule, and performance by applying the system safety design order of precedence. The system safety design order of precedence identifies alternative mitigation approaches and lists them in order of decreasing effectiveness.
  5. Reduce Risk:  Mitigation measures are selected and implemented to achieve an acceptable risk level. Consider and evaluate the cost, feasibility, and effectiveness of candidate mitigation methods as part of the Systems Engineering Process and Integrated Product Team (IPT) processes. Present the current hazards, their associated severity and probability assessments, and status of risk reduction efforts at technical reviews.
  6. Verify, Validate, and Document Risk Reduction: Verify the implementation and validate the effectiveness of all selected risk mitigation measures through appropriate analysis, testing, demonstration, or inspection. Document the verification and validation in the HTS.
  7. Accept Risk and Document:  Before exposing people, equipment, or the environment to known system-related hazards, the risks shall be accepted by the appropriate authority as defined in DoDI 5000.02. The system configuration and associated documentation that supports the formal risk acceptance decision shall be provided to the Government for retention through the life of the system.
  8. Manage Life-Cycle Risk: After the system is fielded, the system program office uses the system safety process to identify hazards and maintain the HTS throughout the system’s life-cycle. This life-cycle effort considers any changes to include, but not limited to, the interfaces, users, hardware and software, mishap data, mission(s) or profile(s), and system health data. Procedures shall be in place to ensure risk management personnel are aware of these changes, e.g., by being part of the configuration control process.

AcqLinks and References:

Updated: 7/29/2017

Print Friendly, PDF & Email