Design for safety: Design strategies to generate safe systems

The Design for Safety is known as the application of principles, criteria and techniques of engineering and management to optimize all aspects of security within the constraints of operational efficiency, time and cost in all phases of the lifecycle of the system.

Or from the point of view of the end application: a planned, disciplined and systematic approach to prevent or reduce accidents or unwanted events throughout the life cycle of a system.

The Design for Safety went on to have a great development in the 50s, especially by the Air Force of the United States after reaching the conclusion that a process based on trial and error and continuous improvement in the design and fabrications planes would never be viable. From this development was born the well - known MIL-STD-882 standard , still in force today.

Basic principles governing design for safety

• Principle 1 . Security begins in the design stages, both in its development and in its reviews. It is essential to establish hazard identification processes that can be controlled by applying changes or improvements to the design. In this regard, it is important to always remember that modifications are more easily accepted during the early stages of design, development, and testing. Indeed, it is easier to change a requirement in DOORS or EXCEL than to have to develop new software. The sooner we analyze our system and the earlier we analyze its security weaknesses, the easier, faster and cheaper your change will be. A situation can never be reached where applying a change to make a secure system is either economically or technically unfeasible due to the lateness of detecting a problem.
• Principle 2 . It is always necessary to start from learning the deficiencies of previous designs to avoid their recurrence. If we do not apply the lessons learned ( lessons learned or REX , return of experience ), our organization will never advance since it will always start from the same starting point.
• Principle 3 . The security requires engineering techniques and management to control hazards in a system. That is, a security program must be planned and implemented so that security analyzes are integrated with other factors that impact management decisions.

The evolution of a system design is a series of trade-offs between competing disciplines to optimize relative contributions. The security competes with other disciplines; it does not cancel them.

Intrinsic safety

The intrinsic safety is one of the fundamental principles of the Design for Safety . It is characterized by being inherent, that is, belonging to the very nature of the product, system or installation. Undoubtedly, intrinsic safety is of all the fundamentals the most recommended in RAMS Engineering since it is a property that is not normally compromised, disabled or affected by the appearance of unwanted or controlled events. Imagine, for example, that we use gravity (or the weight of equipment) as a strategy for safe design. It's obvious but we all know that whatever happens, gravity will never go away or change iá, no matter how much the internal and external circumstances of the system with which I work change.

A system is failsafe if it remains or moves to a safe state in the event of failure. Obtaining new intrinsic safety features or properties typically involves changing the process to eliminate hazards, rather than accepting them and developing additional functions to control them. That is, we must think as designers about excluding potential hazards rather than managing them .

There are 8 golden rules when it comes to design for safety strategy

1. Minimize : reduce the amount of equipment, subsystem sor hazardous materials present at any time and replace them with less hazardous solutions. One of the most important elements to simplify and control are the interfaces between subsystems. Interfaces and state transitions are the source of most problems, crashes, and failures . Rockets are usually crashed into the medium exchange from earth to space. Once in space, your probability of having an accident decreases dramatically. This example highlights the concept of the complexity of interfaces and transitions.

2. Simplify : design systems as simple possible and in which it is easy to analyze and conclude its risks and internal failures. Thes solution to add additional equipment or functions to solve problems is usually a mistake. Additional equipment creates new problems that must also be mitigated.

At this point, what is known as passive safety or active safety comes into play . Passive safety is normally simpler and therefore more favorable than active safety, although, in many cases, active safety is imperative.

Passive safety is normally based on physical principles and tends to be more restrictive in terms of design freedom. In addition, despite their benefits and great benefits, they are not always possible to implement.

Active protection mechanisms are design solutions that typically require devices to monitor one or more process variables to activate a process to mitigate a hazard. Active solutions generally involve a considerable procedural and maintenance component and are therefore often less reliable than passive or intrinsically safe solutions . To achieve the necessary reliability in systems of active safety , it is very common to use the redundancy of systems for balancing security with availability (or productivity) 

Finally, regarding Simplification , we must design systems that are NOT "intellectually unmanageable" , that is, the level of interactions reaches a point where they cannot be planned, understood or anticipated by the work group responsible for it.

3. Error tolerance : equipment and processes can be designed so that they are capable of withstanding potential failures or design deviations. Namely,

4. Limit effects : design and locate the equipment so that the worst possible condition does not create a hazard. Therefore, oversize the equipment so that a situation never appears that puts it at the limit of its operation.

5. Use proven technology and processes : The introduction of new technology introduces new unknowns.

6. Develop "silent" systems : A silent system is one that remains or goes to a state in which it does not affect the other subsystems in case of failure. That is, it avoids or cuts the triggering of errors within a system (the known simile of the snowball that falls down the mountain and gets bigger and bigger).

7. Always analyze the human factor : It is increasingly considered more relevant to make systems easier for humans to control, using incremental control (that is, performing critical steps incrementally rather than in a single step); provide feedback to corroborate the validity of the assumptions and models on which the decisions are made and, thus, allow the adoption of corrective measures before they cause significant damage; decrease pressures in time; Eliminate man-made procedures to meet safety requirements or functions.

Keeping the human factor under control also implies the implementation of exhaustive quality processes in the manufacturing processes. What has been designed, not something different, must come out of our production fall.

8. On-site inspection : In the exploitation phase, apply continuous tests and inspections to ensure that the original design margins are maintained. Therefore, activate preventive maintenance processes that ensure that with the step s of time, the system maintains the original operating conditions.

And finally a philosophy associated with design for safety. Without being very attractive, it is very effective: CONSERVATION

All these design rules share a common denominator.n: in conservatism. Conservative designs will be designed with the objective of ensuring a margin between anticipated operating and accident conditions (covering normal operation, as well as probable incidents and accidents) and equipment failure conditions. Regarding design processes, conservatism advocates incremental product or design change to disruptive change and obviously prefers proven components over novel technologies and implementations. And finally, imperatively, the intensive use of standards and good practices.

As can be reflected, we have just defined the typical conditions of product development in the sectors where design for safety is most applied. The railway sector, without a doubt, is one of them.

At Leedeo Engineering , we are specialists in the development of RAM and Safety projects, giving support at any level required to the tasks of your projects.