YYYY-MM-DD
Safety Assessment Report (SAR) for XXX
1SUMMARY
2CONCLUSIONS
2.1General
2.2 Personal Injury
2.3Financial Damage
3OBJECTIVES AND SCOPE
4DEFINITIONS, ASSUMPTIONS AND BACKGROUND FOR THE ASSUMPTIONS
4.1Definitions
4.2Assumptions
4.3Background for the assumptions
5SYSTEM IDENTIFICATION
5.1Technical Design
5.2Interfaces to other systems/service units
5.3Field of application/Use environment
6MODES OF OPERATION
6.1General
6.2Modes of Operation
7ANALYSIS METHODS
7.1System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA)
7.2Operating and Support Hazard Analysis (O&SHA)
7.3Environmental Hazard Analysis (EHA)
7.4Risk Assessment
7.5Risk-Reducing Actions
7.6 Risk Log
7.7Requirements Analysis
7.8Hazardous Substances
7.9Interviews
8DESCRIPTION OF RISKS
9PROPOSED SAFETY INSTRUCTIONS
10REFERENCES
10.1References
10.2Interviews
Appendices
RiskLog with the closing of risks...... Appendix 1
Requirements Analysis...... Appendix 2
Hazardous Substances ...... Appendix 3
Revision Information
Date / Version / Issuer / Reviewed / DescriptionYYYY-MM-DD / 1.0 / Final issue
WORD LIST
Abbreviation / ExplanationEHA / Environmental Hazard Analysis
FMV / Swedish Defence Materiel Administration (Försvarets Materielverk)
GFE / Government Furnished Equipment
GFI / Government Furnished Information
MVIF / Maintenance instruction in the Swedish Armed Forces
O&SHA / Operating and Support Hazard Analysis
PHA / Preliminary Hazard Analysis
PHL / Preliminary Hazard List
SAR / Safety Assessment Report
SCA / Safety Compliance Assessment
SHA/SSHA / System Hazard Analysis/Sub System Hazard Analysis
SI / Safety Instructions
SSPP / System Safety Program Plan
1SUMMARY
The supplier XXX has, on behalf of XXX, carried out system safety analyses (SHA/SSHA) on XXX, MXXXX-XXXXXX.
This safety assessment report concerns XXX as a complete unit with necessary accessories. The report does not include XXX.
The analyses have been performed and evaluated in accordance with the requirements in the specification for XXX, annexed to the request for proposal/order XXX and System Safety Program Plan (SSPP) for XXX technical service, edition XXX, dated YYYY-MM-DD.
The task has been to identify, analyze and evaluate potential risks for injury to persons or damage to property or the external environment caused by the system. The work has also included proposals for action and implementation of measures to minimize the probability of hazardous events and limit the consequences if they do occur.
Section 2 Conclusions presents all the remaining risks that are considered to be either “not tolerable” or “limited tolerable”.A more detailed description of each risk and proposals for action as well as an account for measures already implemented are described in section 8Description of risks, their consequences and recommended and already implemented actions.
The safety assessment report provides a consultative basis with proposed actions such as design changes and/or additions or amendments in the relevant publications in order to increase safety for persons, property and the external environment during the life cycle of the system.
The supplier XXX together with XXX has actively been working with system safety issues during the acquisition. The implementation of the proposed actions was verified at XXX, YYYY-MM-DD.
Wording 1:The system safety work identified a total of XXX risks. After implementation of risk-reducing actionsa total of XXX risks remain. Based on the risk levels given in the risk matrix in the contract XXX, the system is estimated to have XXX tolerable risks (T), XXX limited tolerable risks (BT) and XXX not tolerable risks (ET).
Wording 2:The system safety work identified a total of XXX risks. If the proposed risk-reducing actions in this report are implemented a total of XXX risks will remain.Based on the risk levels given in the risk matrix in TTEM XXX the system will have XXX tolerable risks (T), XXX limited tolerable risks (BT) and XXX not tolerable risks (ET).
2CONCLUSIONS
2.1General
System safety is defined as the property of a system not to cause personal injury or damage to property or the external environment. A system is defined as an assembly of supplies, facilities and personnel. The term system generally also includes instructions, regulations etc. for use in training, operation and maintenance in both war, crisis and peace.
To perform a realistic safety assessment, this document is based on the hazardous events that can cause personal injury, environmental damage and/or financial damage (i.e. material damage on your own or third party’s property or the costs associated with environmental remediation) and that may occur both nationally and internationally. The system safety activitiesdo not normally include risks of hostile weapon effects against your own system, personnel or environment.
Hazardous events may occur either as a result of human error, material failure or a combination of these two factors. This document is intended to be a basis to both reduce risks and, in some cases, to exclude the risks altogether.
It is essential that the relevant documentation describes and highlights the remaining risks that cannot, or is not intended to, be avoided by redesigning the system.
Marking, such as handling or warning labels, is sometimes necessary as an additional security measure,e.g. according to current safety legislation. Marking is not recommended as an alternative to possible constructive measures.
2.2 Personal Injury
In accordance with the risk levels in section 7 Analysis methods, the following risks of personal injury are considered not tolerable or limited tolerable after implementation of the proposed risk-reducing actions. FMV has approved the closure and acceptance of the limited tolerable risks of personal injury. We have not been able to remedy the not tolerable risks of personal injury and leave them for further handling.
Risk ID / Risk description / Current risk level(probability A-E for a certain injury class I-IV) / Note
2.3FinancialDamage
In accordance with the risk levels in section 7 Analysis methods, the following risks of damage to your own or third party’s property and environmental damage (expressed in monetary terms, e.g. environmental remediation costs) are considered not tolerable or limited tolerable after implementation of the proposed risk-reducing actions. We have not been able to remedy the not tolerable risks of financial damage and leave them for further handling. The following risks of irreversible environmental damage have been identified. The risks are not tolerable. It is for the Swedish Armed Forces to decide about closure and acceptance of these risks.
Alternatively: No risks for irreversible environmental damage have been identified.
Risk ID / Risk description / Current risk level(probability A-E for a certain injury class I-IV) / Note
3OBJECTIVES AND SCOPE
The objective of the system safety analyses (SHA/SSHA) has been to identify, analyze and evaluate the risks that are considered likely to initiate hazardous events or hazardous conditions, and to propose measures to prevent the identified hazardous events/hazardous conditions or limit the damage if they do occur.
In section 8 Description of risks, their consequences and recommended and already implemented actions, the proposed risk-reducing actions are presented together with each risk, under the heading Proposed actions. Already implemented measures are presented under the heading Implemented actions YYYY-MM-DD. The purpose of the proposed actions is to minimize or eliminate risks of personal injury and damage to property and environment as far as possible.
The following analyses have been conducted:
- System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA)
- Operating and Support Hazard Analysis (O&SHA)
- Environmental Hazard Analysis (EHA)
The safety assessment report should be viewed as a descriptive document for XXX to be able to reduce the probability of a hazardous event and/or limit the consequences if it does occur.
The performed system safety activities have lead to the identification of risks, assessment of probabilities and consequences, proposed actions, implementation of actions and closure of risks. This has been documented according to Appendix 1, Risk Log.
The system safety activities have also included studying the need for directions/instructions and additions to warnings in the existing documentation as well as operating instructions related to supervision in accordance to the system safety requirements.
A list showing which laws and regulations that should apply to XXX and whether these are met with or not has been established.See Appendix 2, Requirements Analysis.
A list of hazardous substances has been established. See Appendix 3, Hazardous substances.
4DEFINITIONS,ASSUMPTIONS AND BACKGROUND FOR THE ASSUMPTIONS
4.1Definitions
The analysis covers XXX regarding design, operation, materiel care and maintenance of XXX in accordance with the Swedish Armed Forces maintenance system (Vård FM).
4.2Assumptions
The following assumptions apply to the analysis:
- The system XXX is assumed to be complete and without any defects before a hazardous event occurs.
- Personnel handling the system are assumed to receive the training necessary to operate and maintain the system XXX in a safe mannerbefore the system is taken into use.
- All preventive maintenance is performed according to the currentmateriel care schedules.
- Maintenance personnel at the various maintenance levels have intimate knowledge of the system XXX and have been trained for the purpose.
- Equipment that is to be connected to the system XXX is not affected by this analysis but is assumed to be adapted to the purpose and comply with applicable electrical safety requirements, system requirements etc.
4.3Background for the assumptions
The assumptions have been made in order to obtain a probability of hazardous events that reflect the actual usage.
If untrained personnel were to operate the system XXX in full, the risks could in many cases be incalculable.
5SYSTEM IDENTIFICATION
5.1Technical Design
A brief description of the system’s fundamental design, function, components, existing subsystems, interfaces between subsystems etc.
5.2Interfacesto other systems/service units
A description of all the technical interfaces to other systems/service units and what support/suppliesare required, e.g. electricity, water, fuel, heating, cooling, pressure etc.
5.3Field of application/Use environment
A description of the field of application for the system includes how the system should be used and in which environments it is intended to be used.
6MODES OF OPERATION
6.1General
During its life cycle the equipment undergoes several different stages, each of which with its special conditions. The product/system utilization has been divided into a number of different modes of operation, as certain risks only occur e.g. at certain sequences or conditions and it can be important that this is made clear in the analysis.Certain risks may occur only during assembly, operation or maintenance etc. The risks’relations to different modes of operation are presented in Appendix 1, Risk Log.
6.2Modes of Operation
6.2.1Transportation
Example:”Transportation of XXX” refers to preparations such as loading and unloading, and driving on roads and in different terrains. No operative activities are in progress in XXX.
6.2.2Setting up and breaking
Example:”Setting up and breaking” refers to the activities after the unit has arrived to the deployment area, including theelements shutdown/arrangement, setting up/breaking of communications etc. andloading for redeployment. At setting up camouflage, grounding and connection of electrical networks as well as establishing connection with other units takes place. Breaking basically includes the same operations as the setting up, but in reverse order.
6.2.3Operative activities
Example: During the operative activities,work is taking place in XXX, which is now set up on a deployment area where reconnaissance has been conducted.
6.2.4Maintenance
Example: ”Maintenance” refers to both preventive and corrective maintenance. Preventive and corrective maintenance include daily and special attendance, basic attendance, actions according to MVIF and repairs.
6.2.5Arrangement/storage
Example:”Arrangement/storage” refers to storage in store XXX or container XXX etc.
6.2.6Disposal
Example: ”Disposal” refers to organized forms and methods in stores supply for the final disposal of materiel systems and their constituent supplies from all or part of the Swedish Armed Forces. Methods include: destruction, dismantling, scrapping, shredding, disassembly, recycling and/or deposition.
7ANALYSIS METHODS
The analyses in this report have been implemented according to the System Safety Program Plan (SSPP) for XXX, Issue XXX, dated YYYY-MM-DD.
The system safety analyses include (e.g. SHA, SSHA, O&SHA and EHA).
7.1System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA)
The purpose of the System Hazard Analysis/Sub System Hazard Analysis (SHA/SSHA) is to evaluate the hazards that exist in the system and subsystems. The operational oriented analyses for XXX and its subsystems form part of the verification of XXX safety. The safety assessment aims to identify hazardous events and assess the operational risks associated with these, primarily for the entire object/materiel system and the interaction between subsystems, the subsystems and its components.
The analysis activities have been to identify potential risks, evaluate them by assessing their impact and probability, and to propose safety-enhancing changes.
7.2Operating and Support Hazard Analysis (O&SHA)
The purpose of the Operating and Support Hazard Analysis (O&SHA) is to assess the hazards in handling and during maintenance. The analysis should also evaluate whether the operation and maintenance procedures are sufficient and appropriate to eliminate, control or reduce the identified defects or hazards.
The analysis activities have involved the identification of health risks and to propose measures to eliminate or reduce these to acceptable levels.
7.3Environmental Hazard Analysis (EHA)
The purpose of the Environmental Hazard Analysis (EHA) is to identify, analyze and evaluate the events that may pose a burden on the environment. The first step in the environmentally oriented analysis is to identify substances that are potentially hazardous to the environment and in what quantity these exist.
The analysis activities have been to survey and evaluate the substances as regardsquantity and impact.
7.4Risk Assessment
All identified risks of injury and financial damage (including environmental damage) are numbered and named. For each risk the probability of a hazardous event and the probability that the assets worthy of protection are exposed to the hazardous event are evaluated. The result of these gives the probability of an accident.
An accident will always have a consequence. However, the outcome of a particular accident may vary. To put it simply, the possible adverse outcomes are broken down by severity into four so-called injury classes.
An assessment/estimation of the likely percentage distribution between these injury classes is performed. The risk of an injury corresponding to a certain injury class is estimated by multiplying the probability of the accident and the percentage of the total outcome of the accident.
The four injury classes (I-IV) of each risk now have an estimated probability. Each of these is arranged under each probabilityclass (A-E) in the current risk matrix. The risk matrix shows the level of tolerance of each injury class within the probability classes.
The risk of an accident is valued after the injury class considered having the strictest tolerance level. For example, the “entire” risk of an accident is considered limited tolerable if the damage corresponding to injury class IV is supposed to occur with a limited tolerable frequency even if the damage corresponding to injury classes I, II and III is supposed to occur with a tolerable frequency and vice versa.
7.4.1Injury classes/Consequences
The following injury classes, probabilities and risk levels for personal injury or financial damage have been used in the assessment and evaluation of the system’s risks before and after the implemented measures. The injury classes, probabilities and risk levels applied during the analysis of the system have been set and specified in FMV Technical specification XXX.
NOTE! The injury classes, probabilities and risk levels presented below are only examples. The request for proposal (RFP) for the materiel system is to determine what applies for the specific materiel system.
Injury classes forpersonal injuries
Injury class / DefinitionI / Death
II / Serious injury
III / Less-serious injury
IV / Negligible injury
Injury classes for financialdamage
Injury class / Definition(own and other’s property damage and remediation costs) / The damage in monetary terms
I / Approximately the same cost as a total system loss / > 105 $(> 100 000)
II / Significant loss / 104 – 105 $(10 000 – 100 000)
III / Limited loss / 103 – 104$(1000 – 10 000)
IV / Slight loss / < 103 $ (< 1000)
7.4.2Accident probability/frequency
The table below defines the probability of an injury/accident occurring for one example of the materiel system during one year of use. (For risks associated with the mode of operation “disposal” the probability that an accident occurs for one example of the materiel system at some point during this phase is evaluated.) The probabilities are divided into the intervals A-E as follows:
Probability class / Description / Probability/frequency(for one example during one year of use)
A / The accident is expected to occur / >10-1
B / The accident is likely to occur / 10-2 – 10-1
C / The accident is likely to occur at some point / 10-3 – 10-2
D / Improbable, but the accident could occur at some point / 10-6 – 10-3
E / Unlikely, the accident could only happen in exceptional circumstances / <10-6
7.4.3Risk Matrix
The risk matrices define the risk levels for an accident’s injury class outcomes in combination with each injury class’ occurrence probability. The levels of risk are highlighted in the risk matrices with:
T / = / TolerableBT / = / Limited tolerable
ET / = / Not tolerable
Example: Risk matrix for personal injuries
Injury class / ProbabilityA / B / C / D / E
I / ET / ET / ET / ET / T
II / ET / ET / ET / BT / T
III / ET / BT / BT / T / T
IV / BT / T / T / T / T
Example: Risk matrix for financial damage
Injury class / ProbabilityA / B / C / D / E
I / ET / ET / ET / BT / T
II / ET / ET / BT / T / T
III / ET / BT / T / T / T
IV / BT / T / T / T / T
7.5Risk-ReducingActions
Actions considered able to reduce/eliminate the risks as described in section 8 are preceded by the heading Proposed actions. This heading lists the actions recommended by the provider. Actions that have already been implemented are presented under the heading Implemented actions, YYYY-MM-DD.