Документ взят из кэша поисковой машины. Адрес оригинального документа : http://www.mrao.cam.ac.uk/projects/OAS/pmwiki/uploads/MROIDelayLine.RiskAndHazardAssessment/Risk_and_Hazard_Assessment.pdf Дата изменения: Mon Jun 25 19:07:07 2007 Дата индексирования: Sat Mar 1 04:24:38 2014 Кодировка: Поисковые слова: total solar eclipse

Delay Line Risk and Hazard Management
Martin Fisher ­ March 2007-03-26

Risks & Hazards
Risks are generally those issues or incidences that may affect the project whereas hazards affect people or equipment during the project and particularly during the service life. Some risks get referred to the hazard category where appropriate.

Risk Assessment
Risk can be classified as Management or Technical. There is a set of risks in each of these categories that apply to this project but it is too late and probably not worthwhile identifying all of them. Some technical risks could be identified though, specifically where the delivery of the first production trolley and the design and drawing set are concerned.

Potential Risk to project - Severity:
Level Designation Insignificant/Minor Low Grading 1 Medium Moderate Grading 2 Definition No injury, low ё loss, minor loss of reputation. Injuries need medical attention, significant ё loss, significant loss of reputation. Extensive injury, large ё loss, severe loss of reputation Potential loss of life, significant ё loss Implications Minor changes to functionality requiring remedial action or minor delay to the schedule. Some functionality is Compromised, requiring changes to the science specification or some delay in the schedule. Major risk of project failure to meet requirements or significant delay to schedule. Some impact on value Catastrophic risk to project. Will mean that the project will face failure or very significant delay to schedule and great overspend.

Major Problem High Grading 3 Catastrophe Very High Grading 5

Possible quantifications
Risk Monetary Overspend Up to ё50k Low ё50k-ё100k Medium ё100k-ё250k High Very High ё250k+ Work Package Slip 2-3 months 4-5 months 6-12 months 12 months+ Critical Path Slip N/a 1 month 2 months 3 months


Probability of occurring
Level Low Grading 1 Medium Grading 2 High Grading 3 Very High Grading 4 Designation Rare Possible Likely Almost Certain Definition Occur in exceptional circumstances Might Occur Quite likely to occur Will almost certainly occur Example

Risk exposure Matrix
Probability Very High Grading 4 High Grading 3 Medium Grading 2 Low Grading 1 Severity 4 3 2 1 8 6 4 2 12 9 6 3 20 15 10 5

Low Medium High Very High Grading 1 Grading 2 Grading 3 Grading 5

Impact:
Risk exposure < 3 Insignificant 3-4 Low 5-8 Medium >8 High

Corrective Measures:
Removal - where risks are eliminated from the project and no longer pose a threat Reduction - by taking certain actions immediately, management can reduce risks Avoidance - risks can be anticipated by taking contingency action should they occur. Transfer - risks can be passed to other parties; unfortunately this does not reduce the risk it just causes someone else a problem! Acceptance - where the potential benefits of taking the risk outweigh the costs


Hazard Assessment
The ALARP (As Low As Reasonably Practicable) principle will form the basis for safety and Hazard management. A generally accepted definition of ALARP, can be summarised thus: The principle that safety risks should be reduced to a level which is as low as reasonably practicable is the primary objective of the Safety Management System. It means that not only must risks be reduced to a tolerable level, but a further reduction must be achieved, provided that the penalties, in terms of cost, time and effort, are not disproportionate to the improvements gained.


Definitions

Notes:
1) System Loss: the system cannot be recovered at `reasonable' costs (costs >ё250k) 2) Severe Injury: partial permanent disability of human beings 3) Major System Damage; the system can be recovered (for cost of ё100k - ё250k) but extensive industrial support is necessary and/or the system is out of operation for more than 3 weeks. 4) Minor System Damage: the system can be repaired (for cost of ё50k - ё100k) without support from industry and/or the system is less than 3 weeks out of operation

1-2 Tolerable (Alarp Level D). 3 Tolerable subject to review (Alarp Level C). 4-9 Undesirable. Only accepted if risk reduction is impracticable (Alarp Level B) 10-25 Unacceptable. Mitigating action essential (Alarp Level A)


Risk/Hazard Log
Raising a risk or hazard issue should be done by email to the MROI team and contain the following information (note that the risk or hazard definitions and weightings should be used as appropriate) Date raised: Location/system/subsystem: Who identified it: Type (RISK/HAZARD): Hazard target (Hardware/personnel/environment): Description of Risk or Hazard: Potential consequences: Identifier's evaluation: For RISK For HAZARD Mitigating Action: Severity (1,2,3 or 5); Severity (1,3, 4 or 5); Probability (1 to 4): Probability (1 to 5):

The team should then discuss the issue and agree or otherwise to have it entered in the hazard log. If mitigation is required then someone should be allocated that task. The aim is to have all the hazards identified and mitigated by the FDR. MF will keep the hazard log up to date and will input anything new to the weekly meeting at the appropriate section. An example of the Hazard Log with some suggested items is shown on the next page.


Delay Line Risk and Hazard Management Hazard Log
Hazard Title Catastrophic Re-pressurisation of delay line through window failure. Maximum Likely-hood Earthquake (MLE). Maximum Likely-hood Earthquake (MLE). Accidental side-loading of a pipe line. Pipeline collapse during erection. Accumulation of static charge on trolley. Dropping trolley during handling. Consequences Sudden air inrush causes trolley to accelerate towards far end of delay line. Potential impact at high speed causing severe damage to trolley and possible failure of pipe end-plate Weakening of pipe support system leading to pipeline collapse and potential sudden vacuum failure Failure of pipeline axial restraint leading to large axial pipe motion and potential damage to metrology system Due to vehicle collision. Due to handing of delay line pipe Damage to pipe and supports. Personal injury Corona discharge Shock hazard when removing trolley from pipe Dropping trolley will damage flexures and could potentially break primary mirror and deform trolley shell irretrievably. Likelyhood 2 Effect 5 Score 10 Mitigation Automatic but passive closure of window. Restricted access to area at far end of delay line during operations. Design pipe supports to survive MLE. Design axial pipe restraint to endure MLE and limit movement of pipe. Prevent vehicle access. Design pipe supports to withstand maximum side load under handling activities. Installation procedures Prevent charge build-up Handling procedure Special purpose handling equipment and procedures

2 2 2 3 3 3 5 5 3

5 4 3 3 4 5 3 3 4

10 8 6 9 12 15 15 15 12