CH-4

Preliminary Hazard Analysis, PHA

4.1 Introduction

- The purpose of the PHA is to analyze identified hazards, usually provided

by the preliminary hazard list (PHL), and to
- The intent of the PHA is to affect the design for safety as early as possible in
the development program.
- The PHA also identifies safety critical functions (SCFs) and top-level mishaps
(TLMs) that provide a safety focus during the design process.
- The preliminary hazard analysis (PHA) technique is a safety analysis tool for
identifying hazards, their associated causal factors, effects, level of risk, and
mitigating design measures when detailed design information is not
available.
- The PHA provides a methodology for identifying and collating hazards in the
system and establishing the initial system safety requirements (SSRs) for
design from preliminary and limited design information.
- The PHA normally does not continue beyond the subsystem hazard analysis
(SSHA).
- The PHA methodology is uncomplicated and easily learned.
- The PHA is probably the most commonly performed hazard analysis
technique.
- There are no alternatives to a PHA. A PHL might be done in place of the PHA,
but this is not recommended since the PHL is only a list of hazards and not as
detailed as a PHA and does not provide all of the required information.
- Use of the PHA technique is highly recommended for every program,
regardless of size or cost, to support the goal of identifying and mitigating all
system hazards early in the program.

4.2 Theory

- Figure 5.1 shows an overview of the basic PHA process and summarizes the
important relationships involved in the PHA process.
- The PHA process consists of utilizing both design information and known
hazard information to identify and evaluate hazards and to identify SC factors
that are relevant to design safety.
- The PHA evaluates hazards identified by the PHL analysis in further detail.

1 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

- To perform the PHA analysis, the system safety analyst must have three things;
o Design knowledge,
o Hazard knowledge,
o The PHL.
- Design knowledge means the analyst must possess a basic understanding of
the system design, including a list of major components.
- Hazard knowledge means the analyst needs a basic understanding about
hazards, hazard sources, hazard components (hazard element, initiating
mechanism, and target/threat) and hazards in similar systems.
- Hazard knowledge is primarily derived from hazard checklists and from
lessons learned on the same or similar systems.
- The starting point for the PHA is the PHL collection of identified hazards.
The PHA evaluates these hazards in more detail.
- In addition, the analyst compares the design knowledge and information to
hazard checklists in order to identify previously unforeseen hazards. This
allows the analyst to visualize or postulate possible hazards.
- For example, if the analyst discovers that the system design will be using jet
fuel, he then compares jet fuel to a hazard checklist. From the hazard checklist
it will be obvious that jet fuel is a hazardous element, and that a jet fuel
fire/explosion is a potential mishap with many different ignition sources
presenting many different hazards.
- Output from the PHA includes identified and suspected hazards, hazard causal
factors, the resulting mishap effect, mishap risk, SCFs, and TLMs.
- PHA output also includes design methods and System Safety Requirement
SSRs established to eliminate and/or mitigate identified hazards.

2 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

4.3 Methodology

- The PHA methodology is shown in Figure 5.2.

- This process uses design and hazard information to stimulate hazard and
causal factor identification.
- The PHA analysis begins with hazards identified from the PHL.
- The next step is to once again employ the use of hazard checklists (as done in
the PHL analysis) and undesired mishap checklists.
- The basic inputs for the PHA include;
o The functional flow diagram,
o The reliability block diagram,
o Indentured equipment list,
o system design,
o PHL hazards,
o Hazard checklists,
o Mishap checklists.

The first three of these are derived from the system design by the various
system design organizations.

3 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

  Typical hazard checklists include:
1. Energy sources,
2. Hazardous functions,
3. Hazardous operations,
4. Hazardous components,
5. Hazardous materials,
6. Lessons learned from similar type systems,
7. Undesired mishaps,
8. Failure mode and failure state considerations

Table 5.1 lists and describes the basic steps of the PHA process. This process
involves analyzing PHL-identified hazards in more detail.

4 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

 When performing a PHA, the following factors should be considered, as a
minimum:
1. Hazardous components (e.g., energy sources, fuels, propellants, explosives,
pressure systems, etc.)
2. Subsystem interfaces (e.g., signals, voltages, timing, human interaction,
hardware, etc.)
3. System compatibility constraints (e.g., material compatibility, electromagnetic
interference, transient current, ionizing radiation, etc.)
4. Environmental constraints (e.g., drop, shock, extreme temperatures, noise and
health hazards, fire, electrostatic discharge, lightning, X-ray, electromagnetic
radiation, laser radiation, etc.)
5. Undesired states (e.g., inadvertent activation, fire/explosive initiation and
propagation, failure to safe, etc.)
6. Malfunctions to the system, subsystems, or computing system.
7. Software errors (e.g., programming errors, programming omissions, logic
errors, etc.)
8. Operating, test, maintenance, and emergency procedures.
9. Human error (e.g., operator functions, tasks, requirements, etc.).
10. Crash and survival safety (e.g., egress, rescue, salvage, etc.)
11. Life-cycle support (e.g., demilitarization/disposal, EOD, surveillance,
handling, transportation, storage, etc.)
12. Facilities, support equipment, and training.

5 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

13. Safety equipment and safeguards (e.g., interlocks, system redundancy, failsafe
design considerations, subsystem protection, fire suppression systems,
personal protective equipment, warning labels, etc.)
14. Protective clothing, equipment, or devices.
15. Training and certification pertaining to safe operation and maintenance of the
system.
16. System phases (test, manufacture, operations, maintenance, transportation,
storage, disposal, etc.)

2.4 Worksheet
It is desirable to perform the PHA using a specialized worksheet. Figure 5.3
shows the columnar format PHA worksheet recommended for SSP usage. This
particular worksheet format has proven to be useful and effective in many
applications and it provides all of the information necessary from a PHA.

The following instructions describe the information required under each

column entry of the PHA worksheet:
1. System: This entry identifies the system under analysis.
2. Subsystem/ Function: This entry identifies the subsystem or function under
analysis.
3. Analyst: This entry identifies the name of the PHA analyst.
4. Date: This entry identifies the date of the analysis.

6 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

5. Hazard Number: This column identifies the number assigned to the identified
hazard in the PHA (e.g., PHA-1, PHA-2, etc.). This is for future reference to
the particular hazard source and may be used, for example, in the hazard action
record (HAR) and the hazard tracking system (HTS).
6. Hazard: This column identifies the specific hazard being postulated and
evaluated. (Remember: Document all hazard considerations, even if they are
later proven to be nonhazardous.)
7. Causes: This column identifies conditions, events, or faults that could cause
the hazard to exist and the events that can trigger the hazardous elements to
become a mishap or accident.
8. Effects: This column identifies the effects and consequences of the hazard,
should it occur. Generally, the worst-case result is the stated effect. The effect
ultimately identifies and describes the potential mishap involved.
9. Mode: This entry identifies the system mode(s) of operation, or operational
phases, where the identified hazard is of concern.
10. Initial Mishap Risk Index (IMRI): This column provides a qualitative
measure of mishap risk significance for the potential effect of the identified
hazard, given that no mitigation techniques are applied to the hazard. Risk
measures are a combination of mishap severity and probability, and the
recommended values from MIL-STD-882 are shown below.

Severity Probability
I. Catastrophic A. Frequent
II. Critical B. Probable
III. Marginal C. Occasional
IV. Negligible D. Remote
E. Improbable

11. Recommended: Action This column establishes recommended preventive

measures to eliminate or mitigate the identified hazards. Recommendations
generally take the form of guideline safety requirements from existing sources
or a proposed mitigation method that is eventually translated into a new
derived SSR intended to mitigate the hazard. SSRs are generated after
coordination with the design and requirements organizations. Hazard
mitigation methods should follow the preferred order of precedence established
in MIL-STD-882 for invoking or developing safety requirements, which are
shown below.

7 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

Order of Precedence
1. Eliminate hazard through design selection.
2. Incorporate safety devices.
3. Provide warning devices.
4. Develop procedures and training.

12. Final Mishap Risk Index (FMRI): This column provides a qualitative
measure of mishap risk for the potential effect of the identified hazard, given
that mitigation techniques and safety requirements are applied to the hazard.
The same risk matrix table used to evaluate column 10 is also used here.
13. Comments: This column provides a place to record useful information
regarding the hazard or the analysis process that are not noted elsewhere. This
column can be used to record the final SSR number for the developed SSR,
which will later be used for traceability.
14. Status: This column states the current status of the hazard, as being either
open or closed.

 Hazard control hierarchy

PtD: Prevention through Design

PPE: Personal Preventing Equipment.

8 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha

9 CH-4 Industrial Safety Management (M.Sc. Course) Dr. Talib K. Murtadha