This is Mil-Std-882E Sub-System Hazard Analysis (SSHA).
Back to: Task 203.
The 200-series tasks fall into several natural groups. Task 203 address the identification and analysis of safety requirements at multiple levels.
In the video lesson, The Safety Artisan looks at Sub-System Hazard Analysis, or SSHA, which is Task 204 in Mil-Std-882E. We explore Task 204’s aim, description, scope and contracting requirements. We also provide value-adding commentary and explain the issues with SSHA – how to do it well and avoid the pitfalls.
The text from the standard follows:
“SUBSYSTEM HAZARD ANALYSIS
204.1 Purpose. Task 204 is to perform and document a Subsystem Hazard Analysis (SSHA) to verify subsystem compliance with requirements to eliminate hazards or reduce the associated risks; to identify previously unidentified hazards associated with the design of subsystems; and, to recommend actions necessary to eliminate identified hazards or mitigate their associated risks.
204.2 Task description. The contractor shall perform and document an SSHA to identify hazards and mitigation measures in components and equipment. This analysis shall include Commercial-Off-the-Shelf (COTS), Government-Off-the-Shelf (GOTS), Government-Furnished Equipment (GFE), Non-Developmental Items (NDI), and software. Areas to consider include performance, performance degradation, functional failures, timing errors, design errors or defects, and inadvertent functioning. While conducting this analysis, the human shall be considered a component within a subsystem, receiving both inputs and initiating outputs.
204.2.1 At a minimum, the analysis shall:
a. Verify subsystem compliance with requirements to eliminate hazards or reduce the associated risks.
(1) Validate applicable flow-down of design requirements from top-level specifications to detailed design specifications for the subsystem.
(2) Ensure design criteria in the subsystem specifications have been satisfied and that verification and validation of subsystem mitigation measures have been included in test plans and procedures.
b. Identify previously unidentified hazards associated with the design of subsystems.
(1) Ensure implementation of subsystem design requirements and mitigation measures have not introduced any new hazards.
(2) Determine modes of failure, including component failure modes and human errors, single point and common mode failures, the effects when failures occur in subsystem components, and from functional relationships between components and equipment comprising each subsystem. Consider the potential contribution of subsystem hardware and software events (including those developed by other contractors/sources, COTS, GOTS, NDIs, and GFE hardware or software), faults, and occurrences (such as improper timing).
c. Recommend actions necessary to eliminate previously unidentified hazards or mitigate their associated risk. Ensure system-level hazards attributed to the subsystem are analyzed and adequate mitigations of the potential hazards are implemented in the design.
204.2.2 If no specific analysis techniques are directed or if the contractor recommends a different technique than that specified by the Program Manager (PM), the contractor shall obtain PM approval of techniques to be used before performing the analysis.
204.2.3 When software to be used in conjunction with the subsystem is developed under a separate software development effort, the contractor performing the SSHA shall monitor, obtain, and use the output of each phase of the formal software development process in evaluating the software contribution to the SSHA. Hazards identified that require mitigation action by the software developer shall be reported to the PM in order to request appropriate direction be provided to the software developers.
204.2.4 The contractor shall update, as necessary, the SSHA following system design changes, including software design changes.
204.2.5 The contractor shall prepare a report that contains the results from the task described in paragraph 204.2 and includes:
a. System description. This summary describes the physical and functional characteristics of the system, a list of its subsystems, and a detailed description of the subsystem(s) being analyzed, including its boundaries. Reference to more detailed system and subsystem descriptions, including specifications and detailed review documentation, shall be supplied when such documentation is available.
b. Hazard analysis methods and techniques. Provide a description of each method and technique used in conduct of the analysis. Include a description of assumptions made for each analysis and the qualitative or quantitative data used.
c. Hazard analysis results. Contents and formats may vary according to the individual requirements of the program and methods and techniques used. As applicable, analysis results should be captured in the Hazard Tracking System (HTS).
204.3. Details to be specified. The Request for Proposal (RFP) and Statement of Work (SOW) shall include the following, as applicable:
a. Imposition of Task 204. (R)
b. Identification of functional discipline(s) to be addressed by this task. (R)
c. Identification of subsystem(s) to be analyzed.
d. Desired analysis methodologies and technique(s), and any special data elements, format, or data reporting requirements (consider Task 106, Hazard Tracking System).
e. Selected hazards, hazardous areas, or other specific items to be examined or excluded.
f. COTS, GOTS, NDI, and GFE technical data to enable the contractor to accomplish the defined task.
g. Concept of operations.
h. Other specific hazard management requirements, e.g., specific risk definitions and matrix to be used on this program.“
Forward to the next excerpt: Task 205