ARES Corporation

Hazard Analysis primarily utilizes a top-down approach to safety, as opposed to the bottom-up approach of Failure Analysis.  A Failure Analysis starts at the bottom of a Fault Tree , with failure causes moving up the Fault Tree to examine the consequences of those failures.  Hazard Analysis, on the other hand, starts at the top of the Fault Tree, with the undesired events (i.e. Loss Of Crew and Loss Of Mission) and moves down the Fault Tree to identify the hazardous scenarios that could lead to the those events, and then the Hazard Causes that could lead to those hazardous scenarios.  This approach is, in part, complimentary to a Failure Analysis, as it should identify many of the same failure-based Hazard Causes.  However, because it is not limited to failure based causes, a Hazard Analysis is capable of identifying hazardous situations that would be missed by a Failure Analysis alone.

After the Hazard Causes have been identified and the hazard severities and likelihoods assessed, the next step is to determine a set of Controls to mitigate the hazards.  Hazard Controls typically seek to establish failure tolerance for hazards created by functional systems or design for minimum risk for hazards associated with physical properties.  Controls may be part of the design or operational procedures.  Care must be taken to evaluate any potential new hazards that may be introduced by the addition of Controls and possible incompatibilities between Controls.  In addition to controls, the hazard analyst may identify contingency survival methods and auxiliary detection and warning methods that are not part of the Control Strategy.

Once the Control Strategy is in place, verifications are established for each control.  Verifications usually fall into the categories of test, analysis, inspection, or demonstration.  This is particularly important when Hazard Analysis is used as part of an iterative design process.  The Hazard Analyst must constantly re-evaluate and keep the analysis up to date as the program changes.  The Hazard Analysis should reflect the maturity of the design, and is often completed in phases.  In the final phase, the analyst validates that verification results are as expected and deals with workarounds for any verification failures or weaknesses.

Hazard Analysts must have a good working knowledge of the relevant systems, requirements, operations, procedures, timelines and interfaces; a willingness to ask questions, a close working relationship with engineering and design teams, and (particularly for large, complex programs) an understanding of how their analysis interacts with the hazard analyses of other systems and at different program/project levels.  To aid in the identification of hazards, the Hazard Analyst will utilize a variety of related materials which may include fault-tree analysis, a generic checklist which lists common types of hazards to look for, review of hazard analyses and lessons learned from prior programs/projects, review of related Failure Modes and Effect Analysis, and review of related Preliminary Hazard Analysis and/or Functional Hazard Analysis.

Functional Hazard Analysis is a limited type of Hazard Analysis that goes through the mission timeline, and attempts to identify all the functions that must occur and must not occur for each event in the timeline and the associated hazards.