Hazard boilerplates in safety analysis: Aspects of hazard identification using boilerplates and ontologies
In the Specialization Project, we looked at methods of performing safety analysis in the early stages of development based upon the use of boilerplates and ontologies. Based on our work, we suggested two approaches for performing safety analysis: global hazards using can-cause chains and human failure modes. The method of global hazard focus on identifying events in a system that can cause hazards which affects the environment it operates in. The method of human failure modes introduces generic failures for human, in order to identify hazards related to the operator of the system.
We were interested in assessing how good our suggested methods were in identifying hazards during the safety analysis. To do this, we chose to create two research questions to be answered in this thesis:
RQ1: Is it easier to discover possible environment threatening hazards with global hazards and can-cause chains?
RQ2:Is it easier to discover possible operator hazards with human failure modes?
To answer our research questions, we chose perform an experiment with students using the suggested methods for safety analysis of two systems. The experiment gave
us a good illustration of how the procedure would work in a real hazard analysis project.
The results for global hazards with can-cause chains indicate that the method is not in a state where it can be used for safety analysis as of yet. There are still too many ambiguities as too how the chains should be created, and the feedback from the students indicates that it is difficult to learn and use the method. The algorithm needs to be further structured and we must obtain better documentation of how to perform it.
The data from the experiment indicate that human failure modes have proven to be efficient at identifying operator related hazards. The method was given overall favorable feedback from the students, and appeared to identify many of the hazards in the test case. Our hypothesis was that it would be better than the method of system diagrams at identifying operator related hazards. The results from the experiment support this hypothesis.
Place, publisher, year, edition, pages
Institutt for datateknikk og informasjonsvitenskap , 2013. , 108 p.
IdentifiersURN: urn:nbn:no:ntnu:diva-23001Local ID: ntnudaim:9598OAI: oai:DiVA.org:ntnu-23001DiVA: diva2:655635
Stålhane, Tor, Professor