System Safety
I
ndustry 4.0 (also known as the Fourth Industrial Revolution) is a reality. Railroads, including their partners in the transportation supply chain, are at the beginning of their journey to establishing true end-to-end digital continuity. For example: Industrial Internet of Things (IIoT); Positive Train Control (PTC) and Enhanced Train Control (ETC); and AI (artificial intelligence)-based automation such as expanding autonomous inspection to include predictive analytics for track data. How do we know that these solutions and systems are safe and that there are no lurking issues? How do we know that the integration of multiple components from vendors, partners, and even from within meet safety objectives? How do we know if safety integrity is preserved after a change is made? How do we shift the paradigm where safety moves from a cost center to a valueadded business driver? In Part 1 (October 2020), we made the case for system safety as the necessary discipline for railroads to embed as they move forward in innovating and advancing in the 21st century. In Part 2 (November 2020), we stepped through proven guiding principles, how they can be applied to embedding system safety, and resulting paradigm shifts; all with the goal of improving safety performance and opening up new opportunities for revenue streams. In Part 3, we draw attention to three often neglected or not fully understood aspects of system safety practices. They are integration into the systems engineering lifecycle, designing for safety, and process-based safety performance management. By having these technical aspects in place, a system safety practice can effectively achieve its potential and influence the maturation of the organization’s safety culture. INTEGRATING SYSTEM SAFETY INTO THE SYSTEMS ENGINEERING LIFECYCLE System Safety Engineering is the processes used to prevent accidents by identifying and eliminating or controlling hazards. Hazards are system states or conditions that, together with a particular set of worstcase environment conditions, will lead to unsafe circumstances. We often find that system safety is 20 Railway Age // December 2020
not connected or is in isolation from the systems engineering lifecycle. Safety ends up being handled as postmortem or backward-looking assurance activity. The domino effect kicks-in. Safety-related design flaws are found late and are awfully expensive to fix. Arguments arise on the validity of the design flaws—trying to show they don’t need fixing. When these arguments fall apart, the efforts to deal with safety design flaws are often expensive and the solutions are not highly effective. Redundancy (through processes, materials and software apps) is bolted on, where an optimized design would not have required this. Nowhere near ideal procedural mitigations are imposed on the operators, with the hope of better safety if they are followed. By integrating system safety practices into the systems engineering lifecycle, costs of engineering for safety are considerably reduced, while increasing safety effectiveness and outcomes. Naturally, re-work (a form of waste) is decreased, which in turn compresses project schedules, lowers costs and lowers risks. Figure 1 (p. 22) shows where key system safety elements fit within the systems engineering lifecycle. These elements address the various levels of safety: component failures, subsystem hazards, functional hazards, operating- and support-related hazards, software anomalies, system safety, and system of systems safety. The lifecycle is driven and monitored by business and safety objectives. The system safety practices and deliverables elegantly fit into system development and integration lifecycles (for example, V-model, Disciplined Agile, Dev-Ops). Preparation and approval of a system safety program plan is done at the start of a system safety program and is monitored and managed throughout the life of the program. It is a management document that describes the system safety objectives and program requirements. It provides regulators and managing or contracting agencies a basis of understanding on how the safety hazard management efforts will be integrated into the systems development or system integration process. There are seven components: 1. An Operating and Support Hazard Analysis is performed to identify hazards that may arise during operations of a system and to recommend risk
reduction alternatives or constraints during all phases of tasks or operations to ensure safety-related risks are controlled or eliminated. 2. A Subsystem Hazard Analysis is used to identify design hazards in subsystems of a larger major system. The analysis evaluates functional failures or hazardous functions of the subsystem that may result in accidental loss. 3. A System Hazard Analysis examines the entire system for its state of safety. railwayage.com