System Hazard Analysis Builds on PHA as a foundation (expands PHA) Considers system as a whole and identifies how system operation nterfaces and interactions between subsystems interface and interactions between system and operators component failures and normal (correct) behavior could contribute to system hazards Refines high-level safety design constraints Validates conformance of system design to design constraints Traces safety design constraints to individual components (based on functional decomposition and allocation) Hazard Causal Analysis Used to refine the high-level safety constraints into more detailed constraints Requires some type of model (even if only in head of analyst) Almost always involves some type of search through the system design(model) for states or conditions that could lead to system hazards Top-down Bottom-up Forward Backwardc ✙✝✟✚☎✝✟✄☎✛✟✔✓✜✣✢✥✤✟✦ ✠✘☛✟✌✎☛✟✏✑✓✒✂✔✟☛✟✖✁☎✄✎✗✄ System Hazard Analysis Builds on PHA as a foundation (expands PHA) Considers system as a whole and identifies how system operation interfaces and interactions between subsystems interface and interactions between system and operators component failures and normal (correct) behavior could contribute to system hazards. Refines high−level safety design constraints Validates conformance of system design to design constraints Traces safety design constraints to individual components. (based on functional decomposition and allocation) c ✙✝✟✚✎✝✟✄☎✛✟✔✓✜✧✢✥✤✟★ ￾✂✁☎✄☎✆✝✟✞✡✠☞☛✍✌✎☛✟✏✑✓✒✕✔✟☛✟✖✁✎✄☎✗✄ Hazard Causal Analysis Used to refine the high−level safety constraints into more detailed constraints. Requires some type of model (even if only in head of analyst) Almost always involves some type of search through the system design (model) for states or conditions that could lead to system hazards. Top−down Bottom−up Forward Backward