We live in a world comprised of systems. When viewed from an engineering perspective, most aspects of life involve systems. For example, houses are a type of system, automobiles are a type of system, and electrical power grids are another type of system. Commercial aircraft are systems that operate within a larger transportation system that in turn operate in a larger worldwide airspace system. Systems have become a necessity for modern living.

As a result of living in a system-centric world, we also live in a world comprised of hazards and risk. With systems and technology also comes exposure to hazards and potential mishaps. A hazard is a potential condition existing within a system, which when actuated becomes an actual mishap event resulting in damage, loss, injury, and/or deaths. Risk is the probability that a hazard occurs accompanied by the severity of the resulting outcome.

Hazard risk is a metric that predicts the likelihood and severity of a possible mishap. We live with risk, and make risk decisions, on a daily basis. For example, there is the hazard that a traffic light will fail, resulting in the mishap of another auto colliding with your auto. Automobiles, traffic, and traffic lights form a unique system that we use daily and accept the hazard risk potential because the risk is small. There is the danger that the gas furnace in our house will fail and explode, thereby resulting in the mishap of a burned house, or worse. This is another unique system, with known adverse side effects that we choose to live with because the mishap risk is small and the benefits are great. We live in a world comprised of many different systems with many different risks.

Our lives are intertwined within a web of different systems, each of which can affect our safety. Each of these systems has a unique design and a unique set of components. In addition, each of these systems contains inherent hazards that present unique mishap risks. We are always making a tradeoff between accepting the benefits of a system and the mishap risk they present. As we develop and build systems, we should be concerned about eliminating and reducing mishap risk. Some risks are so small that they can easily be accepted, while other risks are so large that they must be dealt with immediately. Risks are akin to the invisible radio signals that fill the air around us, in that some are loud and clear, some very faint, and some are distorted and unclear. Life, as well as safety, is a matter of knowing, understanding, and choosing the risk to accept.

System safety is the formal engineering discipline and process for identifying and controlling hazards, and the risk associated with these hazards. As systems become more complex and more hazardous, more effort is required to understand and manage system mishap risk. Hazard (and mishap) risk can be intentionally reduced and controlled to a small and acceptable level through the system safety process.

The key to system safety and effective risk management is the identification and mitigation of hazards. To successfully control hazards, it is necessary to understand hazards and know how to identify them. The purpose of this book is to better understand hazards and the tools and techniques for identifying them, in order that they can be effectively controlled during the development of a system. The system safety process is sometimes referred to as design for safety (DFS).

Forensic engineering is the detailed investigation of a mishap after it has occurred, performed to determine the specific causes for the mishap in order that corrective action can be applied to prevent reoccurrences. System safety, on the other hand, is a form of preemptive forensic engineering, whereby potential mishaps are identified, evaluated, and controlled before they occur. Potential mishaps and their causal factors are anticipated and identified during the design stage, and then design safety features are incorporated into the design to control the occurrence of the potential mishaps – safety is intentionally designed in and mishaps are effectively designed out. This proactive approach to safety involves hazard analysis, risk assessment, risk mitigation through design, and testing to verify the design results. Potential mishaps are recognized and identified by the hazards that ultimately cause them. System safety is a proactive approach to affecting the future (i.e., preventing mishaps before they occur) by identifying hazards and then eliminating or controlling the risk they present.

Systems are intended to improve our way of life, yet they also contain the inherent capability to spawn many different hazards that present us with mishap risk. It is not that systems are intrinsically bad; it is that systems can go awry, and when they go awry they typically result in mishaps. System safety is about determining how systems can go bad and implementing design safety mitigations to eliminate, correct, or work around safety imperfections in the system.

Murphy's law states that “if anything can go wrong, it will.” This truism illustrates that the unexpected and undesired must be anticipated and controlled in order to prevent mishaps, and this can be achieved only through the system safety process. Hazards and risk often cannot be eliminated; however, hazards and risk can be anticipated and mitigated via safety design features, thereby preventing or reducing the likelihood of mishaps. If system safety is not applied, accidents and loss of life will not be prevented. System users are typically not aware of the actual risk they are exposed to, and without system safety this risk may be much higher than the users realize.

Hazard analysis is the basic key component of the system safety process. Therefore, it is necessary to fully understand the hazard theory and the hazard analysis process in order to develop safe systems.

The primary guidance document for system safety is MIL-STD-882, System Safety Standard Practice. Version E was released on May 11, 2012. This standard has been in existence since 1969; its predecessor MIL-S-38130 was released in 1963.

MIL-STD-882 and its predecessor MIL-S-38130 are the genesis of system safety. The US military, along with US aerospace companies, saw the need for a holistic and proactive “systems” approach for the design, development, test, and manufacture of “safe” systems. Working together, these two groups developed the system safety methodology and discipline. MIL-S-38130 was originally released on September 30, 1963 and replaced by MIL-STD-882 on July 15, 1969. System safety was actually documented as a process prior to any formal documentation of the systems engineering discipline. System safety as a formal discipline was originally developed and promulgated by the military-industrial complex to prevent aircraft and missile mishaps that were costing lives, dollars, and equipment loss. As the effectiveness of the discipline was observed by other industries, it was adopted and applied to these industries and technology fields, such as commercial aircraft, nuclear power, chemical processing, rail transportation, the FAA, and NASA, to name a few.

The ideal objective of system safety is to develop a system free of hazards. However, absolute safety is not possible because complete freedom from all hazardous conditions is not always possible, particularly when dealing with complex inherently hazardous systems, such as weapon systems, nuclear power plants, commercial aircraft, etc.

Since it is generally not possible to eliminate all hazards, the realistic objective becomes that of developing a system with acceptable mishap risk. This is accomplished by identifying potential hazards, assessing their risks, and implementing corrective actions to eliminate or mitigate the identified hazards. This involves a systematic approach to the management of mishap risk. Safety is a basic part of the risk management process.

Hazards will always exist, but their risk can and must be made acceptable. Therefore, safety is a relative term that implies a level of risk that is measurable and acceptable. System safety is not an absolute quantity, but rather an optimized level of mishap risk management that is constrained by cost, time, and operational effectiveness (performance). System safety requires that risk be evaluated and the level of risk accepted or rejected by an appropriate decision authority. Mishap risk management is the basic process of system safety engineering and management functions. System safety is a process of disciplines and controls employed from the initial system design concepts, through detailed design and testing to system disposal at the completion of its useful life (i.e. “cradle to grave” or “womb to tomb”).

The fundamental objective of system safety is to identify, eliminate or control, and document system hazards. System safety encompasses all the ideals of mishap risk management and design for safety; it is a discipline for hazard identification and control to an acceptable level of risk. Safety is a system attribute that must be intentionally designed into a product.

From a historical perspective, it has been learned that a proactive preventive approach to safety during system design and development is much more cost-effective than trying to add safety to a system after the occurrence of an accident or mishap. ...