Element 4 “Identify and document risk mitigation measures” is where risk mitigation(s) is identified, and the expected risk reduction(s) of the alternative(s) shall be estimated and documented in the Hazard Tracking System (HTS). The goal should always be to eliminate the hazard if possible. When a hazard cannot be eliminated, the associated risk should be reduced to the lowest acceptable level within the constraints of cost, schedule, and performance by applying the system safety design order of precedence.

MIL-STD-882E “Standard Practice for System Safety” – Page 12

System Safety Design Order of Precedence
The system safety design order of precedence identifies alternative mitigation approaches and lists them in order of decreasing effectiveness.

1. Eliminate hazards through design selection: Ideally, the hazard should be eliminated by selecting a design or material alternative that removes the hazard altogether.
2. Reduce risk through design alteration: If adopting an alternative design change or material to eliminate the hazard is not feasible, consider design changes that reduce the severity and/or the probability of the mishap potential caused by the hazard(s).
3. Incorporate engineered features or devices: If mitigation of the risk through design alteration is not feasible, reduce the severity or the probability of the mishap potential caused by the hazard(s) using engineered features or devices. In general, engineered features actively interrupt the mishap sequence and devices reduce the risk of a mishap.
4. Provide warning devices: If engineered features and devices are not feasible or do not adequately lower the severity or probability of the mishap potential caused by the hazard, include detection and warning systems to alert personnel to the presence of a hazardous condition or occurrence of a hazardous event. Incorporate signage, procedures, training, and PPE. Where design alternatives, design changes, and engineered features and devices are not feasible and warning devices cannot adequately mitigate the severity or probability of the mishap potential caused by the hazard, incorporate signage, procedures, training, and PPE. Signage includes placards, labels, signs and other visual graphics. Procedures and training should include appropriate warnings and cautions. Procedures may prescribe the use of PPE. For hazards assigned Catastrophic or Critical mishap severity categories, the use of signage, procedures, training, and PPE as the only risk reduction method should be avoided.

– Next Element: Reduce Risk

AcqLinks and References:

• MIL-STD-882E “Standard Practice for System Safety” – 11 May 2012
• Air Force System Safety Handbook – July 2000
• DoD Risk Management Guidebook – Aug 06

Updated: 7/29/2017