Today, weare talking about another safety analysis approach, HAZOP.HAZOP, Hazard and Operability Analysis, is used as abrainstorming technique to:
Identifypotential hazards in the system. The hazards involved may include both those essentiallyrelevant only to the immediate area of the system and those with a much wider sphereof influence, e.g. some environmental hazards; Identifypotential operability problems with the system and in particular identifying causesof operational disturbances and production deviations likely to lead tononconforming products.
The first time I face this safety analysis approach was whenI was reading the SAE standard J2980. HAZOP is recommended as the hazard analysisapproach when conducting the hazard identification during the concept phase accordingto ISO 26262.
As mentioned in the J2980, HAZOP is an explorative type ofanalysis where applicable guidewords are applied to each of the functions of anitem to postulate malfunctioning behaviors. HAZOP facilitates a structured andsystematic examination of the operation of the item within the vehicle.
There is also a standard to describe the he principles and procedures of HAZOP, the BS IEC 61882. The genericanalysis procedure of HAZOP as defined in the BS IEC 61882 is demonstratedbelow.
It is too complexto follow all the procedure as mentioned above when conducting the hazardanalysis in ISO 26262. If we use the HAZOP just for the hazard identificationduring the hazard analsysis and risk assessment. the definition and preparationprocedures have been done when we performing the item definition or functionalsafety management. Thus, we could understand it like this: HAZOP just use somekey guidewords to guide you identify the malfunction behavior of somefunctionsin the system.To do so, thekey words could be defined like the following tables. 
You could alsodefine your own key words when performing your analysis work. SAE J2980 showedan example for HAZOP application for the steering assist function and brakecontrol function.Following thekey guidewords, the malfunction behavior could be identified in a systematicway. After this, we need examine the malfunction of the system or the functionto check if could lead to a system hazard or not. In this way, the function orsystem hazard could be identified. Reference[1] SAE J2980 2015-05: Considerations for ISO 26262 ASIL HazardClassification [2] BS IEC 61882:Hazard and operability studies(HAZOPstudies) —Application guide
|
