January 02, 2024


Sofema Aviation Services (SAS) www.sassofia.com considers the fundamental elements of the Hazard Analysis Process

Introduction – What is the role of the Hazard Analysis?

Hazard analyses are performed to identify and define hazardous conditions/risks for the purpose of their elimination or control.

Analyses examine the system, subsystems, components, and interrelationships.

Steps in performing a Hazard Analysis:

  • Describe and bound the system.
  • Perform functional analysis if appropriate to the system under study.
  • Develop a preliminary hazard list.
  • Identify contributory hazards, initiators, or any other causes.
  • Establish a hazard control baseline by identifying existing controls when appropriate.
  • Determine potential outcomes, effects, or harm.
  • Perform a risk assessment of the severity of the consequence and the likelihood of occurrence.
  • Rank hazards according to risk.
  • Develop a set of recommendations and requirements to eliminate or control risks.
  • Provide managers, designers, test planners, and other affected decision-makers with the information and data needed to permit effective trade-offs.
  • Conduct hazard tracking and risk resolution of medium and high risks.
  • Demonstrate compliance with given safety-related technical specifications, operational requirements, and design criteria.

What are the basic elements of a Hazard Analysis?

General Comments

  • Identification of a risk is the first step in the risk control process.

o Identifying a risk provides no assurance that it will be eliminated or controlled.

  • The risk must be documented, evaluated (likelihood and severity), and when appropriate, highlighted to those with decision-making authority.
  • Evaluation of risks requires the determination of how frequently a risk occurs and how severe it could be if an accident occurs as a result of the hazards.

o A severe risk that has a realistic possibility of occurring requires action; one that has an extremely remote chance may not require action.
o Similarly, a non-critical accident that has a realistic chance of occurring may not require further study.

  • Frequency may be characterized qualitatively by terms such as “frequent” or “rarely.” It may also be measured quantitatively such as by a probability (e.g., one in a million flight hours).

The evaluation step prioritizes and focuses on the system safety activity and maximizes the return on investment for safety expenditures.

  • The timing of safety analysis and resulting corrective action is critical to minimize the impact on cost and schedule.
  • The later in the life cycle of the equipment that safety modifications are incorporated, the higher the impact on cost and schedule.

A safe design is the end product, not a hazard analysis.

Identification of Hazards: This step involves recognizing the potential hazards associated with a process, activity, or system. The goal is to list all potential hazards without regard to the risk or likelihood of occurrence.

Determination of the Hazard Severity: Once hazards have been identified, the next step is to assess their severity. Severity refers to the potential impact of a hazard if it were to occur. It’s a measure of the worst possible outcome, irrespective of the likelihood of its occurrence.

Assessment of Hazard Probability: This is an estimation of the likelihood that a hazard will actually lead to an accident or incident.

Note: Some hazards may be extremely severe but have a very low chance of actually occurring.

Risk Evaluation: This element involves combining the severity and probability assessments to rank and prioritize the hazards. This helps in decision-making about which hazards need immediate attention and which can be managed later. It provides a basis for developing control measures or preventive strategies to reduce the risk of these hazards.

Resolution or Mitigation

By working closely with the design team, hazards can be eliminated or controlled in the most efficient manner.

  • An inefficient alternate safety analysis approach is when the safety engineer works alone in performing an independent safety analysis and formally reports the results.
  • This approach has several disadvantages.

o Significant risks will be corrected later than the case where the design engineer is alerted to the problem shortly after detection by the safety engineer.
o This requires a more costly fix, leads to program resistance to change, and the potential implementation of a less effective control.
o The published risk may not be as severe as determined by the safety engineer operating in a vacuum, or overcome by subsequent design evolution.

  • Once the risks have been analysed and evaluated, the remaining task of safety engineering is to follow the development and verify that the agreed-upon safety requirements are met by the design or that the risks are controlled to an acceptable level.

What is the Relationship Between Safety and Reliability?

Reliability and system safety analyses complement each other. They can each provide the other more information than obtained individually. Neither rarely can be substituted for the other but, when performed in collaboration, can lead to better and more efficient products.

Two reliability analyses are often compared to hazard analyses.

  • Performance of a Failure Modes and Effects Analysis (FMEA) is the first step in generating the Failure Modes, Effects, and Criticality Analysis (FMECA).
  • An FMECA is generated from an FMEA by adding a criticality figure of merit.

o These analyses are performed for reliability and supportability information.

  • A Hazard Analysis uses a top-down methodology that first identifies risks and then isolates all possible (or probable) causes.
  • An operational system is performed for specific suspect hazards. In the case of the Hazard Analysis, failures, operating procedures, human factors, and transient conditions are included in the list of hazard causes.
  • The FMECA is limited even further in that it only considers hardware failures.

o It may be performed either top-down or bottom-up, usually the latter.
o It is generated by asking questions such as

– If this fails, what is the impact on the system?
– Can I detect it?
– Will it cause anything else to fail?

o If so, the induced failure is called a secondary failure.

Reliability predictions establish either a failure rate for an assembly (or component) or a probability of failure.

  • This quantitative data, at both the component and assembly level, is a major source of data for quantitative reliability analysis. (This understanding is necessary to use it correctly.)

In summary, hazard analyses are first performed in a qualitative manner identifying risks, their causes, and the significance of hazards associated with the risk.

What general procedures should be followed in the performance of a Hazard Analysis?

  • Establish safety requirements baseline and applicable history (i.e., system restraints):
  • Specifications/detailed design requirements
  • Mission requirements (e.g., How is it supposed to operate?)
  • General statutory regulations (e.g., noise abatement)
  • Human factors standardized conventions (e.g., switches “up” or “forward” for on)
  • Accident experience and failure reports
  • Identify general and specific potential accident contributory factors (hazards):

o In the equipment (hardware, software, and human)
o Operational and maintenance environment
o Human-machine interfaces (e.g., procedural steps)
o Operation
o All procedures
o All configurations (e.g., operational and maintenance)

  • Identify risks for each contributory factor (e.g., risks caused by the maintenance environment and the interface hazards). An example would be performing maintenance tasks incompatible with gloves in a very cold environment.
  • Assign severity categories and determine probability levels.

o Risk probability levels may either be assigned qualitatively or quantitatively.
o Risk severity is determined through Hazard Analysis.

  • This reflects, using a qualitative measure, the worst credible accident that may result from the risk.
  • These range from death to negligible effects on personnel and equipment. Evaluating the safety of the system or risk of the hazard(s), quantitatively requires the development of a probability model and the use of Boolean algebra. The latter is used to identify possible states or conditions (and combinations thereof) that may result in accidents. (The model is used to quantify the likelihood of those conditions occurring.)

o Develop corrective actions for critical risks. This may take the form of design or procedural changes.

What Outputs Can Be Expected from a Hazard Analysis?

  • An assessment of the significant safety problems of the program/system
  • A plan for follow-on action such as additional analyses, tests, and training
  • Identification of failure modes that can result in hazards and improper usage
  • Selection of pertinent criteria, requirements, and/or specifications
  • Safety factors for trade-off considerations
  • An evaluation of hazardous designs and the establishment of corrective/preventative action priorities
  • Identification of safety problems in subsystem interfaces
  • Identification of factors leading to accidents
  • A quantitative assessment of how likely hazardous events are to occur with the critical paths of cause
  • A description and ranking of the importance of risks
  • A basis for program-oriented precautions, personnel protection, safety devices, emergency equipment-procedures-training, and safety requirements for facilities, equipment, and environment
  • Evidence of compliance with program safety regulations.

Next Steps

Follow this link to our Library to find & download related documents for Free.

Sofema Aviation Services (www.sassofia.com) offers training to cover CS 25 System Safety Assessments – please see the Type Certification System Safety Assessment – 5 Days course. For additional questions or comments – please email team@sassofia.com


accident, Aircraft Certification, aircraft design, Aircraft Maintenance, Aircraft Reliability, Aviation Compliance Auditing, Aviation Risk, aviation safety, Failure Modes and Effects Analysis (FMEA), Hazard Analysis, Hazards, Human Factors (HF), operational system, Risk Evaluation, safety requirements, SAS blogs