Today’s development and management systems are increasingly complex and, in many cases, hazard analysis is conducted after the design is completed. Traditional safety engineering techniques regard hazard analysis and accident prevention with a reactive approach, focusing on individual and component failures. This does not facilitate an efficient safety process. Including hazard analysis into the engineering and design process enables decision-makers to establish a more effective and cost-efficient system.
The System-Theoretic Process Analysis (STPA) is a contemporary technique that incorporates hazard analysis into the development phase, allowing identified hazards to be eliminated from the beginning. Although STPA incorporates traditional methods of hazard analysis, it was developed to pick up where current methods left off, providing an examination of the entire system rather than simply focusing on individual components respective to accidents. This technique seeks to identify an inadequate control within the design to eliminate it altogether.
The design of complicated systems demands a hazard analysis technique that can adapt to its complexity. Naturally, the complexity increases when humans are factored into the system. The STPA process includes human behavior in its analysis, making the process more dynamic due to human unpredictability. Because it’s often inconsistent, human behavior requires additional analysis to determine the worst-case behavior and incorporate the respective control structure that reduces or eliminates human error. Without including human behavior into the analysis, as well as the interaction between humans and machines, engineering accidents out of the design process will become increasingly difficult.
For example, on the UH-60M Black Hawk, the hydraulic system’s design incorporates the human-machine relationship into the hazard analysis process. There are three independent hydraulic systems and each is capable of providing pressure to the flight controls for system redundancy. Establishing which system is in control is an incremental process of pilot-operated switches and corresponding advisory lights, keeping the crew informed of which system is currently in operation and reducing the risk of a pilot mistakenly turning off the wrong one. Additionally, should one of the systems fail or a pilot turn off the system erroneously, the backup hydraulic pump automatically turns on, providing pressure to the flight controls and illuminating a different colored warning light that informs the crew the backup is operating. Due to the nature of the toggle switches, it is impossible for the pilots to turn off two hydraulic pumps at the same time.
The success of engineering system designs in today’s rapidly advancing world depends on staying proactive and incorporating critical factors such as risk and hazard analysis into the development phase. Regarding humans within the system and the goal to ensure safety, it is critical for the design to include redundancy, incremental control and error tolerance. Ensuring controls are in place to prevent mistakes and misunderstood instructions, as well as inadequate procedures, allows the human operator to not only recognize when an error is made, but also to have enough time to correct it. Without a strong understanding of the benefits provided through this more proactive systems approach, we risk falling behind or becoming stagnant with reactive accident prevention and safety programs that continue to result in preventable mishaps.
Social Sharing