Professional Documents
Culture Documents
5.8 Preliminary
System Safety
Assessment
Procedure
Version 1.0
Contents
1 INTRODUCTION ................................................................................................. 3
2 PROCEDURE ........................................................................................................ 3
2.1 Overview ......................................................................................................... 3
2.2 Procedure Inputs .............................................................................................. 5
2.3 Procedure Initiation ......................................................................................... 5
2.4 Procedure Steps ............................................................................................... 5
2.4.1 PSSA Planning ......................................................................................... 5
2.4.2 PSSA Execution and Reporting ............................................................... 5
2.4.3 PSSA Verification & Validation .............................................................. 7
2.5 Procedure Outputs ........................................................................................... 7
3 ROLES ................................................................................................................... 7
4 COMPETENCIES ................................................................................................. 8
5 APPLICABILITY .................................................................................................. 8
6 REFERENCES ...................................................................................................... 8
Approvals ....................................................................................................................... 9
CHANGE RECORD ...................................................................................................... 9
1 INTRODUCTION
The purpose of this document is to define the instructions for analyzing the design of
an ATM system to determine whether it has the potential to meet its Safety
Objectives.
2 PROCEDURE
2.1 Overview
The objective of this Safety Procedure is to determine the extent to which a system or
change meets its Safety Objectives by analysis of design information. This allows any
unacceptable risks inherent in the system design to be identified and quantified prior
to the implementation of the system, so that the system design can be modified to
render the risks tolerable.
The Safety Objectives arise from a Functional Hazard Assessment (FHA) [1] and are
based on abstract system functions, such as Surveillance, Tactical Conflict Detection,
etc.. In PSSA, the abstract system functions are mapped onto the corresponding
elements of the system design, and the failure characteristics of the system elements
are then analyzed to determine whether the Safety Objectives are likely to be met. In
the event that the Safety Objectives are not met, PSSA reveals the system elements
that are causing the problem so that a different design solution can be sought. The
main purpose of the process is to devise Safety Requirements for the system
elements which, if satisfied during system implementation, will ensure that the Safety
Objectives are met.
Following system implementation, the satisfaction of the Safety Requirements and
Safety Objectives is demonstrated via System Safety Assessment (SSA) [2].
PSSA may reveal that the system or change far exceeds its Safety Objectives, thus
indicating that the design is too conservative from the safety viewpoint. Conversely, it
may reveal that there is no practicable design solution to the Safety Objectives. In
such a case the Safety Objectives will need to be revisited, or the SSA be relied upon
to furnish operational evidence of safety, if the system or change is not to be curtailed
at the design stage.
Since PSSA is conducted on a design representation of the system, rather than an
abstract functional model as used by FHA, it may reveal new hazards which were not
foreseeable during FHA. These hazards are then analyzed by PSSA to produce
additional Safety Requirements which supplement those derived from the original
Safety Objectives.
PSSA comprises the following main steps:
PSSA Planning
PSSA Execution and Reporting
PSSA Verification & Validation
System Design
Description and other Map system functions
inputs to system elemetns
Compute probabilities
of casual failure modes
No
All Safety
Objectives
considered?
Yes
No
All system
elements
considered?
Yes
Formulate Safety
Requirements
Validate/Record
assumptions
PSSA V&V
Final PSSAR
PSSA Verification &
Validation 2.4.3
3 ROLES
3.1 The role of the user referred to in sections 2.4.1, 2.4.3, and 4 shall be fulfilled by the
persons defined in Table 2:
PSSA Application User
New system Project Manager
Operations -Project or change Project Manager
Systems - Project or change Project manager
Change to existing equipment Change Manager
Table 2 Applicable Users
The user may delegate his responsibilities for the execution of the three PSSA steps
to a safety expert, in case such expert is assigned to the project.
4 COMPETENCIES
4.1 The user, or the PSSA leader if different, shall have completed a course of instruction
in the use of this Safety Procedure.
4.2 The user, or the PSSA leader if different, shall have completed a course of instruction
in safety analysis/assessment techniques and methods.
4.3 The user, and the leader of the PSSA if different, shall have demonstrable knowledge
of ATM systems design, operation, and maintenance.
5 APPLICABILITY
5.1 This Safety Procedure shall be applied to systems comprising any combination of
people, procedure, and equipment elements.
5.2 This Safety Procedure shall be applied to additions, modifications, replacements, and
removals of existing systems or system components.
5.3 The use of this Safety Procedure for projects is mandatory unless otherwise specified
in a PMP or SMP and endorsed by the Safety Manager.
5.4 This Safety Procedure is applicable to the ATM services provision at M-NAV facilities.
6 REFERENCES
[1] M-NAV, Functional Hazard Assessment Procedure,
[2] M-NAV, System Safety Assessment Procedure,
[3] M-NAV, Preliminary System Safety Assessment Report Template
[4] EUROCONTROL, Review of techniques to support the EATMP Safety
Assessment Methodology
Approvals
Position / Name Signature Date
DPS Expert
Prepared:
Aleksandar Palchevski
Executive Director -
Accepted: Operations
Toni Prgomet
Executive Director –
Accepted: Systems
Živko Poposki
Safety Manager
Endorsed:
Fahrudin Hamidi
Chairman of
Authorized: Management Board
Živko Poposki
CHANGE RECORD
Edition – Revision Revision date Pages/Sections Remarks
affected
Version 1.0 15/12/2009