System Safety is the application of engineering and management principles, criteria, and techniques to achieve acceptable risk within the constraints of operational effectiveness and suitability, schedule, and cost throughout the system’s lifecycle. System safety covers the entire spectrum of Environment, Safety, and Occupational Health (ESOH) considerations. It is an integral part of the Systems Engineering (SE) process and specific activities are required throughout the different phases of the acquisition lifecycle.

Definition: System safety is a specialty within system engineering that supports program risk management that optimizes safety.

System Safety Process

The system safety process consists of eight (8) elements. These eight elements are detailed in Chapter 4 of MIL-STD-882E and are listed below. [1]

1. Element 1: Document the System Safety Approach: The Program Manager (PM) and contractor shall document the system safety approach for managing hazards as an integral part of the Systems Engineering Process.
2. Element 2: Identify and Document Hazards:  Hazards are identified through a systematic analysis process that includes system hardware and software, system interfaces (to include human interfaces), and the intended use or application and operational environment. Consider and use mishap data; relevant environmental and occupational health data; user physical characteristics; user knowledge, skills, and abilities; and lessons learned from legacy and similar systems. The hazard identification process shall consider the entire system life-cycle and potential impacts to personnel, infrastructure, defense systems, the public, and the environment.
3. Element 3: Assess and Document Risk: The severity category and probability level of the potential mishap(s) for each hazard across all system modes are assessed using the definitions in Tables I and II of MIL-STD-882E.
4. Element 4: Identify and Document Risk Mitigation Measures: Potential risk mitigation(s) shall be identified, and the expected risk reduction(s) of the alternative(s) shall be estimated and documented in the Hazard Tracking System (HTS). The goal should always be to eliminate the hazard if possible. When a hazard cannot be eliminated, the associated risk should be reduced to the lowest acceptable level within the constraints of cost, schedule, and performance by applying the system safety design order of precedence. The system safety design order of precedence identifies alternative mitigation approaches and lists them in order of decreasing effectiveness.
5. Element 5: Reduce Risk:  Mitigation measures are selected and implemented to achieve an acceptable risk level. Consider and evaluate the cost, feasibility, and effectiveness of candidate mitigation methods as part of the Systems Engineering Process and Integrated Product Team (IPT) processes. Present the current hazards, their associated severity and probability assessments, and status of risk reduction efforts at technical reviews.
6. Element 6: Verify, Validate, and Document Risk Reduction: Verify the implementation and validate the effectiveness of all selected risk mitigation measures through appropriate analysis, testing, demonstration, or inspection. Document the verification and validation in the HTS.
7. Element 7: Accept Risk and Document:  Before exposing people, equipment, or the environment to known system-related hazards, the risks shall be accepted by the appropriate authority as defined in DoDI 5000.02. The system configuration and associated documentation that supports the formal risk acceptance decision shall be provided to the Government for retention through the life of the system.
8. Element 8: Manage Life-Cycle Risk: After the system is fielded, the system program office uses the system safety process to identify hazards and maintain the HTS throughout the system’s life-cycle. This life-cycle effort considers any changes to include, but not limited to, the interfaces, users, hardware and software, mishap data, mission(s) or profile(s), and system health data. Procedures shall be in place to ensure risk management personnel are aware of these changes, e.g., by being part of the configuration control process.

System Safety Engineering

System Safety Engineering is an engineering discipline that employs specialized knowledge and skills in applying scientific and engineering principles, criteria, and techniques to identify hazards and then to eliminate the hazards or reduce the associated risks when the hazards cannot be eliminated. It defines requirements for design and systems engineering, taking into account the potential risks, Verification and Validation (V&V) of effective mitigation, and residual risk acceptance by certification or approval authorities. It identifies and analyzes behavioral and interface requirements, the design architecture, and the human interface within the context of both systems and systems of systems (SoS).

Software System Safety

Software System Safety is essential to perform system safety engineering tasks on safety-critical systems to reduce safety risk in all aspects of a program. These tasks include software system safety activities involving the design, code, test, independent verification and validation (IV&V), operation and maintenance, and change control functions within the software engineering development and deployment processes.

AcqLinks and References:

• MIL-STD-882E “Standard Practice for System Safety” – 11 May 2012
• Air Force System Safety Handbook – July 2000

Updated: 7/5/2021

Rank: G9