In Element 2, “Identify and Document Hazards” of the System Safety Process, hazards are identified and recorded in a document. Hazards should be identified through a systematic analysis process that included determining a hazard order of precedent. An order of precedence is a sequential hierarchy of nominal importance of items from Low Risk to High Risk. System safety precedence defines the order to be followed for satisfying system safety requirements and reducing risks.

 

Below is the standard System Safety Precedence in determining the hazard order between Low and High Risk.

 

System Safety Precedence [1]

1. Design for Minimum Hazard: From the first, design to eliminate hazards. If an identified hazard cannot be eliminated, reduce the associated risk to an acceptable level, as defined by the MA, through design selection. Defining minimum risk is not a simple matter. It is not a cookbook process that can be numerically developed without considerable thought. Minimum risk will vary from program to program. (Lowest Risk)
   • Best to design risk out of System
2. Incorporate Safety Devices/Features: If identified hazards cannot be eliminated or their associated risk adequately reduced through design selection, that risk shall be reduced to a level acceptable to the MA through the use of fixed, automatic, or other protective safety design features or devices. Provisions shall be made for periodic functional checks of safety devices when applicable.
   • If can’t design out, design controls in (H/W Devices & S/W Features as Interlocks)
3. Provide Warning Devices: When neither design nor safety devices can effectively eliminate identified hazards or adequately reduce associated risk, the device shall be used to detect the condition and to produce an adequate warning signal to alert personnel of the hazard. Warning signals and their application shall be designed to minimize the probability of incorrect personnel reaction to the signals and shall be standardized within like types of systems.
   • Generate adequate visual or audible warning signal
   • Susceptible to Human Error
4. Develop Procedures and Training: Where it is impractical to eliminate hazards through design selection or adequately reduce the associated risk with safety and warning devices, procedures and training shall be used. However, without a specific waiver, no warning, caution, or another form of written advisory shall be used as the only risk reduction method for Category I or II hazards. Procedures may include the use of personal protective equipment. (Highest Risk)
   • Susceptible to Personnel Turnover
   • Susceptible to Human Error

 

AcqLinks and References:

• MIL-STD-882E “Standard Practice for System Safety” – Chapter 3 – 11 May 2012
• [1] Air Force System Safety Handbook – July 2000

Updated: 6/19/2018