A hazard analysis is a central repository for information around system hazards, risks, and control measures. This
includes the following categories of information:
-
The nature of the hazard.
What can happen? What faults can lead to the potential accident?
-
The quantification of risk.
How severe? How likely?
-
The timeframe of concern.
How long can the fault be tolerated? How long to detect it? How long to handle it?
-
The control measure.
What design features or procedures will be put into place to address the hazard and/or fault condition?
The table below shows and example of such an analysis for a medical ventilator.
Hazard or Loss
|
Fault
|
Severity (1-10)
|
Likelihood
|
Computed Risk
|
Time Units
|
Tolerance Time
|
Detection Time
|
Control Measure
|
Control Time
|
Hypoventilation
|
Breathing tube disconnect
|
10
|
0.2
|
2
|
minutes
|
5
|
0.5
|
Blood O2 Sensor
|
2
|
Hypoventilation
|
Ventilator timer error
|
10
|
0.2
|
2
|
minutes
|
5
|
0,5
|
Pressure sensor with alarm
|
2
|
Hypoventilation
|
Gas supply failure
|
10
|
0.4
|
4
|
minutes
|
5
|
0.05
|
Gas pressure sensor
|
2
|
Hypoxia
|
Gas mixer failure
|
10
|
0.6
|
6
|
minutes
|
5
|
0.05
|
Aspiratory O2 sensor
|
2
|
Hyperventilation
|
Ventilator timer error
|
8
|
0.1
|
0.8
|
minutes
|
20
|
0.5
|
Blood O2 sensor
|
2
|
Overpressure
|
Pump failure
|
10
|
0.3
|
3
|
ms
|
200
|
10
|
Secondary release value
|
5
|
Overpressure
|
Expiratory tube blockage
|
10
|
0.5
|
5
|
ms
|
200
|
10
|
Secondary release value
|
5
|
The hazard analysis is a key document in safety critical systems and is actively maintained through most of the
development lifecycle. It's initial construction occurs during requirements analysis (although control measures are
most often not specified at this point), all the way through design and test.
|