Читать книгу Risk Assessment - Georgi Popov - Страница 23

In August 2008, The European Union launched a two‐year health and safety campaign focusing on risk assessment. Their bulletin said:

Risk assessment is the cornerstone of the European approach to prevent occupational accidents and ill health. If the risk assessment process – the start of the health and safety management approach – is not done well or not at all, the appropriate preventive measures are unlikely to be identified or put in place.

This bulletin, although exceptionally important, is no longer available on the Internet as a European Union Bulletin. It is available through “Prevention and Control Strategies – OSHWIKI” at https://oshwiki.eu/wiki/Prevention_and_control_strategies.

This author considers the statement made by the European Union as seminal. Consider its significance and huge implications. It specifically states that risk assessment should be the cornerstone of a safety and health system and that if risk assessment is not done well or not at all, the needed preventive measures are unlikely to be identified or taken.

The Europeans have been leaders in recognizing the importance of risk assessments and promoting their application. For example, employers in the United Kingdom have been required to make risk assessments by law since 1999. Indications of other European involvement follow:

EN ISO 12100‐2010: Safety of Machinery. General principles for design. Risk assessment and risk reduction.

This standard, issued in 2010 by the ISO, has had an interesting history. It combines three previously issued ISO standards and replaces them. Note that “Risk assessment and risk reduction” are included in the title. That is significant as it separates the risk assessment process from the risk reduction process, as is the case in B11.0‐2020. That is not always the case elsewhere.

ISO 12100‐1 was titled Safety of machinery – Basic Concepts, General Principles for Design‐Part 1. It presented general design guidelines and required that risk assessments be made of machinery going into a workplace. ISO 12100‐2 was titled Safety of machinery – Basic concepts, general principles for design – Part 2: Technical principles. Part 2 gave extensive detail on design specifications for the “Safety of machinery.” ISO 14121 was titled Safety of machinery – Principles of risk assessment. It set forth the risk assessment concepts to be applied. EN ISO 12100‐2010 combines these three standards and retains their content.

EN ISO 12100‐2010 is truly an international standard and has had considerable influence worldwide. Its existence implies that a huge majority of countries agree on the principal that hazards should be identified and analyzed and their accompanying risks should be assessed in the design and redesign processes for machinery.

The EN that precedes ISO in the title indicates that the origins of the standard were in the European Community. Several standards that were applicable in the European Community that had titles commencing with the EN designation became ISO standards.

The European Community standards have had considerable influence on manufacturers throughout the world. An example follows. Suppliers of products that are to go into a country that is a member of the European Community are required to place a “CE” mark on the products to indicate that all operable European Community directives have been met. Risk assessment provisions in EN ISO 12100‐2010 are among those requirements.

STD‐882E – 2012. The U.S. Department of Defense Standard Practice for System Safety.

The base document for the Standard Practice for System Safety, MIL‐STD‐882, was issued in 1969. It was a seminal document at that time and has continued to be an important reference.

MIL‐STD 882 has had considerable influence on the development of hazard identification and analysis, risk assessment, risk elimination, and risk control concepts and methods. Much of the wording on risk assessments and hierarchies of control in safety standards and guidelines issued throughout the world relate to what is in the several versions of 882. That is why considerable space is devoted to the standard in this chapter.

Four revisions of 882 have been issued over a span of 50 years. As is said in the Foreword for 882E: “This system safety standard practice identifies the DoD approach for identifying hazards and assessing and mitigating associated risks encountered in the development, test, production, use, and disposal of defense systems.” (p. ii)

The last version of 882 was approved 11 May 2012. It is available, free, at https://www.dau.edu/cop/esoh/DAU%20Sponsored%20Documents/MIL%20STD%20882E%20Final%202012%2005%2011.pdf. This author strongly recommends that safety professionals obtain a copy of this Standard for informative purposes.

MIL‐STD‐882E extends the previous issue – 882D – considerably. For example, the 882D version, including addenda, had 26 numbered pages: the 882E version has 98 numbered pages. It replaces some of what was in 882C that was not included in 882D. In 882E:

 Achieving and maintaining acceptable risk levels dominates.

 Revisions were made in the system safety process that give additional emphasis to hazard analysis and risk assessment.

 The use of a risk assessment matrix is required.

 Noteworthy revisions are made in the design order of preference.

 Appropriate emphasis is given to managing High and Serious risk levels.

 A major section is devoted to software and software assessments.

Excerpts follow, some of which are modified to avoid governmental terminology. Section 4 in 882E is titled General Requirements. It sets forth the “requirements for an acceptable system safety effort.” Section 4.3 outlines the eight elements in the system safety process, as follows:

 Element 1: Document the System Safety Approach.

 Element 2: Identify and Document the Hazards.

 Element 3: Assess and Document Risk.

 Element 4: Identify and Document Risk Mitigation Measures.

 Element 5: Reduce Risk.

 Element 6: Verify, Validate and Document Risk Reduction.

 Element 7: Accept Risk and Document.

 Element 8: Manage Life‐Cycle Risk.

Because of its connotation, the concept outlined for 4.3.4 – Identify and document risk mitigation measures – is duplicated here.

Potential risk mitigation(s) shall be identified, and the expected risk reduction(s) of the alternative(s) shall be estimated and documented in the HTS. The goal should always be to eliminate the hazard if possible. (Emphasis added). When a hazard cannot be eliminated, the associated risk should be reduced to the lowest acceptable level within the constraints of cost, schedule, and performance by applying the system safety design order of precedence. The system safety design order of precedence identifies alternative mitigation approaches and lists them in order of decreasing effectiveness.

1 Eliminate hazards through design selection. Ideally, the hazard should be eliminated by selecting a design or material alternative that removes the hazard altogether.

2 Reduce risk through design alteration. If adopting an alternative design change or material to eliminate the hazard is not feasible, consider design changes that reduce the severity and/or the probability of the mishap potential caused by the hazard(s).

3 Incorporate engineered features or devices. If mitigation of the risk through design alteration is not feasible, reduce the severity or the probability of the mishap potential caused by the hazard(s) using engineered features or devices. In general, engineered features actively interrupt the mishap sequence and devices reduce the risk of a mishap.

4 Provide warning devices. If engineered features and devices are not feasible or do not adequately lower the severity or probability of the mishap potential caused by the hazard, include detection and warning systems to alert personnel to the presence of a hazardous condition or occurrence of a hazardous event.

5 Incorporate signage, procedures, training, and PPE. Where design alternatives, design changes, and engineered features and devices are not feasible and warning devices cannot adequately mitigate the severity or probability of the mishap potential caused by the hazard, incorporate signage, procedures, training, and PPE. Signage includes placards, labels, signs, and other visual graphics. Procedures and training should include appropriate warnings and cautions. Procedures may prescribe the use of PPE. For hazards assigned Catastrophic or Critical mishap severity categories, the use of signage, procedures, training, and PPE as the only risk reduction method should be avoided. 4.3.5 Reduce risk. Mitigation measures are selected.

For emphasis, it is said again that MIL‐STD 882E is an excellent educational and resource document. Its base is hazard identification and analysis and risk assessment.