The MIL-STD-882 lexicon of hazard analyses includes the System Hazard Analysis (analysis) which according to the standard is intended to:
“…examines the interfaces between subsystems. In so doing, it must integrate the outputs of the SSHA. It should identify safety problem areas of the total system design including safety critical human errors, and assess total system risk. Emphasis is placed on examining the interactions of the subsystems.”
This sounds reasonable in theory and I’ve certainly seen a number toy examples touted in various text books on what it should look like. But, to be honest, I’ve never really been convinced by such examples, hence this post.
As it happens in Australia, where I live, the Australian rail safety standard (AS.4292) also requires that interfaces be considered as part of any safety management system.
To address this As 4292 requirement for a recent project we ended up looking at the interfaces between a diesel/electric locomotive and an (electrified) rail network for potential ‘interface’ hazards.
Lo and behold we identified that there was a potential for the Dynamic Brake exhaust (vented directly upwards) to heat the catenary during self load tests. If conducted for long enough this could result in the catenary wire necking to failure, with all the high voltage drama that would entail.
Such inadvertent interactions tend to occur more frequently when you’re the integrator of two systems, especially where one such system is not under the control of the system developer or integrator. A was the case in this instance where we were integrating a new piece of rolling stock into an existing rail network.
The identified hazard arose because we were intending to operate a locomotive in an electrified network which was not designed to handle that particular test mode ‘interface’ and we had introduced an unintended interface and hazardous interaction.