《MIL-STD-882D.doc》由会员分享,可在线阅读,更多相关《MIL-STD-882D.doc(29页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、NOT MEASUREMENTSENSITIVEDRAFT MILSTD882DDEPARTMENT OF DEFENSESTANDARD PRACTICESYSTEM SAFETYAMSC N/AAREA SAFTFOREWORD1.This standard is approved for use by all Departments and Agencies of the Department of Defense (DoD).2.The DoD is committed to protecting personnel from accidental death, injury, or
2、occupational illness; weapon systems, equipment, material, and facilities from accidental destruction or damage; and the public from death, injury, illness, or property damage as a result of executing its mission of national defense. While meeting mission requirements, the DoD will also ensure to th
3、e maximum extent practicable that the quality of the environment is protected. The DoD has implemented environmental, safety, and health efforts to meet these objectives. Integral to these efforts is the use of a system safety approach to manage the risk of mishaps associated with DoD operations. A
4、key objective of the DoD system safety approach is to ensure that mishap risk identification and mitigation, consistent with mission requirements, are included in technology development and designed into systems, subsystems, equipment, facilities, and their interfaces and operation. The DoD goal is
5、zero mishaps.3.This standard addresses an approach (a standard practice normally identified as system safety) useful in the management of environmental, safety, and health mishap risks encountered in the development, test, production, use, and disposal of systems, subsystems, equipment, and faciliti
6、es. The approach described herein conforms to the acquisition procedures in DoD Regulation 5000.2-R and provides a consistent means of evaluating identified mishap risks. Mishap risk must be identified, evaluated, and mitigated to a level acceptable (as defined by the system user or customer) to the
7、 appropriate authority, and compliant with federal laws and regulations, Executive Orders, treaties, and agreements. Program trade studies associated with mitigating mishap risk must consider total life cycle cost in any decision. Residual mishap risk associated with an individual system must be rep
8、orted to and accepted by appropriate authority. When MILSTD-882 is required in a solicitation or contract and no specific references are included, then only those requirements presented in paragraph 4 are applicable.4. This current revision represents application of the tenets of acquisition reform
9、to the use of system safety in Government procurement. A joint Government and industry integrated process team was formed to oversee the revision. Industry was represented on the integrated process team by the Government Electronic and Information Technology Association (GEIA), G48 committee on syst
10、em safety. The system safety tasks associated with previous versions of this standard have been placed in the Defense Acquisition Deskbook (see 6.8). This standard is no longer the source for any safety-related data item descriptions (DIDs).5.Beneficial comments (recommendations, additions, deletion
11、s) and any pertinent information that may be of use in improving this document should be addressed to: HQ Air Force Materiel Command (SES), 4375 Chidlaw Road, Wright-Patterson AFB, OH 45433-5006, by using the Standardization Document Improvement Proposal (DD Form 1426) appearing at the end of this d
12、ocument or by letter or electronic mail.CONTENTSPARAGRAPHPAGEFOREWORDii1.SCOPE11.1Scope12.APPLICABLE DOCUMENTS13.DEFINITIONS13.1Acronyms used in this standard 13.2 Definitions13.2.1 Acquisition program13.2.2 Developer13.2.3 Hazard13.2.4 Hazardous material13.2.5 Life cycle13.2.6 Mishap23.2.7 Mishap r
13、isk23.2.8 Program manager23.2.9 Residual mishap risk23.2.10 Safety23.2.11 Subsystem23.2.12 System23.2.13 System safety23.2.14 System safety engineering24.GENERAL REQUIREMENTS34.1 Documentation of the system safety approach34.2 Identification of hazards34.3 Assessment of mishap risk34.4 Identificatio
14、n of mishap risk mitigation measures34.5 Reduction of mishap risk to an acceptable level44.6 Verification of mishap risk reduction44.7 Review of hazards and acceptance of residual mishap risk by the appropriate authority44.8 Tracking of hazards and residual mishap risk45. DETAILED REQUIREMENTS46.NOT
15、ES56.1 Intended use56.2 Data requirements56.3 Subject term (key words) listing56.4 Definitions used in this standard66.5 International standardization agreements66.6 Explosive hazard classification and characteristic data66.7 Use of system safety data in certification and other specialized safety ap
16、provals66.8 DoD acquisition practices66.9 Identification of changes6APPENDIXESA Guidance for implementation of system safety efforts7CONCLUDING MATERIAL24TABLESTABLE PAGEA-I. Suggested mishap severity categories17A-II. Suggested mishap probability levels18A-III. Example mishap risk assessment values
17、19A-IV. Example mishap risk categories and mishap risk acceptance levels191. SCOPE1.1Scope. This standard defines a standard practice for conducting system safety.The practice defined herein conforms to the acquisition procedures in DoDRegulation5000.2-R and provides a consistent means of evaluating
18、 identified risks. Mishap risk must be identified, evaluated, and mitigated to a level acceptable (as defined by the system user or customer) to the appropriate authority and compliant with federal laws and regulations, Executive Orders, treaties, and agreements. Program trade studies associated wit
19、h mitigating mishap risk must consider total life cycle cost in any decision. Residual mishap risk associated with an individual system must be reported to and accepted by appropriate authority. When MILSTD882 is required in a solicitation or contract and no specific paragraphs of this standard are
20、identified, then only those requirements presented in paragraph 4 are applicable.2. APPLICABLE DOCUMENTSNo applicable documents are specified in sections 3, 4, and 5 of this standard. This section does not include documents cited in other sections of this standard or recommended for additional infor
21、mation or as examples.3. DEFINITIONS3.1Acronyms used in this standard. The acronyms used in this standard are defined as follows:a.DoDDepartment of Defenseb.ESHEnvironmental, Safety, and Health3.2Definitions. Within this document, the following definitions apply (see 6.4):3.2.1 Acquisition program.
22、A directed, funded effort that is designed to provide a new, improved, or continuing system in response to a validated operational need.3.2.2 Developer. The individual or organization assigned responsibility for a development effort. Developers can be either internal to the government or contractors
23、.3.2.3 Hazard. Any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of equipment or property; or damage to the environment.3.2.4 Hazardous material. Any substance that, due to its chemical, physical, or biological nature, causes safety, public heal
24、th, or environmental concerns that would require an elevated level of effort to manage.3.2.5 Life cycle. All phases of the systems life including research, development, test and evaluation, production, deployment (inventory), operations and support, and disposal.3.2.6 Mishap. An unplanned event or s
25、eries of events resulting in death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.3.2.7 Mishap risk. An expression of the impact and possibility of a mishap in terms of potential mishap severity and probability of occurrence.3.2.8 Program mana
26、ger. A government official who is responsible for managing an acquisition program. Also, a general term of reference to those organizations directed by individual managers, exercising authority over the planning, direction, and control of tasks and associated functions essential for support of desig
27、nated systems. This term will normally be used in lieu of system support manager, weapon program manager, system manager, and project manager when such organizations perform these functions.3.2.9 Residual mishap risk. The remaining mishap risk that exists after all mitigation techniques have been im
28、plemented or exhausted, in accordance with the system safety design order of precedence (see 4.4).3.2.10 Safety. Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.3.2.11 Subsystem. A grouping of
29、items satisfying a logical group of functions within a particular system.3.2.12 System. An integrated composite of people, products, and processes that provide a capability to satisfy a stated need or objective.3.2.13 System safety. The application of engineering and management principles, criteria,
30、 and techniques to achieve acceptable mishap risk, within the constraints of operational effectiveness, time, and cost, throughout all phases of the system life cycle.3.2.14 System safety engineering. An engineering discipline that employs specialized professional knowledge and skills in applying sc
31、ientific and engineering principles, criteria, and techniques to identify and eliminate hazards, in order to reduce the associated mishap risk.4.GENERAL REQUIREMENTS This section defines the system safety requirements that are to be performed throughout the life cycle for any system, new development
32、, upgrade, modification, resolution of deficiencies, or technology development. When properly applied, these requirements are designed to ensure the identification and understanding of all known hazards and their associated risks, and that mishap risk is eliminated or reduced to accepted levels. The
33、 objective of system safety is to achieve acceptable mishap risk through a systematic approach of hazard analysis, risk assessment, and risk management. The requirements of this standard practice shall be applied without tailoring. When MIL-STD-882 is required in a solicitation or contract and no sp
34、ecific references are included, then only the requirements in this section are applicable. System safety requirements consist of the following:4.1 Documentation of the system safety approach. Document the developers and program managers approved system safety engineering approach. This documentation
35、 will:a. Describe the programs implementation of the requirements of this standard, including identification of the hazard analysis and mishap risk assessment processes to be used.b. Include information on how system safety will be integrated into the overall program structure.c. Define how hazards
36、and residual mishap risk are communicated to and accepted by the appropriate risk acceptance authority (see 4.7) and how hazards and residual mishap risk will be tracked (see4.8).4.2 Identification of hazards. Identify hazards through a systematic hazard analysis process encompassing detailed analys
37、is of system hardware and software, the environment (in which the system will exist), and the intended usage or application. Historical hazard and mishap data, including lessons learned from other systems, are considered and used. Identification of hazards is a responsibility of all members of the p
38、rogram. During hazard identification, consideration is given to hazards over the system life cycle.4.3 Assessment of mishap risk. Assess the severity and probability of the mishap risk associated with each identified hazard, i.e., determine the potential impact of the hazard on personnel, facilities
39、, equipment, operations, the public, and the environment, as well as on the system itself.4.4 Identification of mishap risk mitigation measures. Identify potential mishap risk mitigation alternatives and the expected effectiveness of each alternative or method. Mishap risk mitigation is an iterative
40、 process that culminates when the residual mishap risk has been reduced to a level acceptable to the appropriate authority. The system safety design order of precedence for mitigating identified hazards is:a. Eliminate hazards through design selection. If an identified hazard cannot be eliminated, r
41、educe the associated mishap risk to an acceptable level.b. Incorporate safety devices. If the hazard cannot be eliminated, reduce the mishap risk to an acceptable level through the use of protective safety features or devices.c. Provide warning devices. If safety devices do not adequately lower the
42、mishap risk of the hazard, include a detection and warning system to alert personnel to the particular hazard.d. Develop procedures and training. Where it is impractical to eliminate hazards through design selection or to reduce the associated risk to an acceptable level with safety and warning devi
43、ces, incorporate special procedures and training. Procedures may include the use of personal protective equipment.4.5Reduction of mishap risk to an acceptable level. Reduce the mishap risk through a mitigation approach mutually agreed to by both the developer and the program manager. Residual mishap
44、 risk and hazards must be communicated to the associated test effort for verification.4.6 Verification of mishap risk reduction. Verify the mishap risk reduction and mitigation through appropriate analysis, testing, or inspection. Document the determined residual mishap risk. New hazards identified
45、during testing must be reported to the program manager and the developer.4.7Review of hazards and acceptance of residual mishap risk by the appropriate authority. Notify the program manager of identified hazards and residual mishap risk. The program manager must ensure that remaining hazards and res
46、idual mishap risk are reviewed and accepted by the appropriate risk acceptance authority. The appropriate risk acceptance authority must include the system user in the mishap risk review. The appropriate risk acceptance authority must formally acknowledge and document acceptance of hazards and resid
47、ual mishap risk.4.8Tracking of hazards and residual mishap risk. Track hazards, their closure, and residual mishap risk. A tracking system for hazards, their closure, and residual mishap risk must be maintained throughout the system life cycle. The program manager must keep the system user apprised of the hazards and residual mishap risk.5. DETAILED REQUIREMENTSProgram managers must identify in the solicitation and system specification any specific requirements for the system safety engineerin
黑公网安备:91230400333293403D