Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 62
62 purpose, scope and any relevant background information. The Existing Standards main body of the report should clearly and concisely outline the design and operational elements reviewed and all potential A number of existing standards for assessing system safety safety concerns noted. All safety concerns identified should are available. The most widely referenced work in the litera- be specific, and a brief description of the potential risk posed ture examined was the Department of Defense Standard Prac- to road users should be included. Safety concerns should be tice for System Safety (MIL-STD-882D) (U.S. Department of organized in a logical format with appropriate headings and Defense, 2000). This document is discussed in the following subheadings to facilitate response from the project team. section. In the FTA's publication Hazard Analysis Guidelines Recommendations for improvements are generally not the for Transit Projects, the FTA recommends conducting hazard responsibility of the safety audit team, although they may sug- identification, assessment, and resolution in conformance gest options; decisions about which remedial measures to take with the latest version of the MIL-STD-882D (10). are the responsibility of the project team because the project Information provided by local LRT staff during the site vis- team has a more comprehensive picture of the competing pri- its indicates that a number of LRT agencies are using the MIL- orities of the project. STD-882D standard to conduct risk analysis. For example, NJT noted that it uses the MIL-STD-882D standard to evaluate the design of any new system before it is built and operated. NJT Conduct Safety Audit Completion Meeting emphasized the need to "design out" hazards at the design After the submission of the safety audit report, it may be stage of a project, emphasizing the role of peer reviews in this beneficial to hold a completion meeting involving key mem- process. In addition, whenever changes are proposed to the bers of the project team and the safety audit team. The pur- existing system, NJT conducts an operation hazard analysis to pose of the completion meeting is to formally present the list possible hazards resulting from the change in operation, findings of the report, clarify any uncertainties, and facilitate along with possible mitigating measures. mutual constructive discussion. The purpose of this meeting should be clearly identified. The safety audit team's objective DoD Standard Practice for System Safety is to improve the overall safety of the project, not to assign (MIL-STD-882D) blame or critique the design. The meeting is also not designed to provide the project team with an opportunity to dispute As mentioned above, the U.S. Department of Defense has the findings of the safety audit. All participants should view published a document entitled Standard Practice for System the meeting as an opportunity to identify the safety concerns Safety (MIL-STD-882D). Two agencies that participated in clearly and identify potential measures to improve safety. the site visits referenced their use of MIL-STD-882D as a basis for their risk management approach. The document provides standardized requirements for developing and Prepare Formal Response by implementing a system safety program. The standard is Project Owner/Design Team designed as a general guideline for use in a wide variety of After reviewing the safety audit report, it is important for contexts and is not focused primarily on transportation the project team to document a formal response to the find- applications. The document provides a standard methodol- ings of the safety audit report. The response should identify ogy for use in the identification of hazards, risk assessment, the actions the project team intends to take for each of the and mitigation of mishap risk through the implementation safety concerns identified. In the case when no action will be of design requirements and management controls. "Mishap taken for a particular safety concern, the response should risk" is defined as "an expression of the impact and possibil- clearly identify the rationale behind the decision. ity of a mishap in terms of potential mishap severity and probability of occurrence." The document recommends a systematic procedure con- Incorporate Safety Audit Findings sisting of the following eight steps, which encompass the into Project entire life cycle of the system: Once the formal response has been submitted to the safety audit team, the project team should proceed to incorporate 1. Documenting of system safety approach; the agreed recommendations into the project. The inclusion 2. Identifying hazards; of improvements involving a significant increase in project 3. Assessing mishap risk; cost or duration may not be feasible. If consensus cannot be 4. Identifying mishap risk mitigation measures; reached regarding a particular issue, the safety audit team 5. Reducing mishap risk to an acceptable level; should document the differences. 6. Verifying mishap risk reduction;