What is a PHA (Preliminary Hazard Analysis), what is it for and how is it constructed?


Preliminary Hazard Analysis (PHA) is a semi-quantitative analysis performed to identify, early in the design and definition stages of a system, all potential hazards and hazardous events that can cause an accident, classify identified hazardous events according to their severity and identify the required hazard controls and their respective follow-up actions.  

To that is it good for and when should a PHA be used?

The PHA is suitable as an initial risk study at an early stage of a project and its results are used to (i) compare main concepts, to ( ii ) focus on the important risk issues, and as ( iii ) input for analysis of more detailed risks .

It is also used as an initial step in a detailed risk analysis of a system concept or an existing system. Therefore, the purpose of the PHA is then to identify those hazardous events that should be subject to further and more detailed risk analysis .

In PHA is the precursor, in many cases, of the Hazard Log ( Registry Threats ). In addition, the PHA will not discriminate between threats related to security or threats related to availability . Therefore, whether a risk generates, for example, an out of service or a degraded mode , or a security problem , they will be recorded in the PHA .

During the PHA development process, we should above all consider and focus on hazardous components, safety-related interfaces between various elements of the system, including software , environmental restrictions, including operating environments, operating, testing, maintenance procedures, integrated tests, diagnostics and emergency, facilities, installed equipment, support equipment and training, possible malfunction of the system or subsystems.

Building a PHA - Step 1 of 4 - PHA Prerequisites

The first step in starting a PHA development is to establish the PHA team , typically consisting of a leader with skills and experience, a person responsible for recording and filling in the evolutions of the group analysis, and team members, typically a group of 2 6 people, with knowledge of the system being analyzed, the environment in which it operates and the processes that will be affected .

Not surprisingly, the number of team members to participate will depend on the complexity of the system and also on the objectives of the analysis.

The second step is to define and describe the system to be analyzed. That is, be clear about the limits of the system (which parts should be included and which ones should not), have a clear description of the system (including design drawings, process flow diagrams, block diagrams, etc.), operational and environmental conditions to to consider. Continuing with the definition of the system, it is important to be clear about thes inputs, functions that I develop and outputs of the system.

The presentation of the definition of the system should also be , if possible, at the block level, dividing the system into parts that can be managed by the analysts.

Finally, it is important as always to use the feedback from the experience of the organizations . In this way, it is considered a robust and level process, one that is capable of collecting information on risks from previous and similar systems , for example, from accident databases, either its own or external to the organization.

The results of the PHA usually reported by a worksheet of the PHA (or a computer program). Then ,A typical PHA worksheet is shown . Some analyzes may require other columns, but these are the most common.

typical template for developing a PHA
typical template for developing a PHA

Building a PHA - Step 2 of 4 - Hazard Identification

They must be identified with an approach of brainstorming all possible hazards and hazardous events. It is important to consider all parts of the system, operating modes, maintenance operations, security systems, etc. All findings will be recorded. No danger is too insignificant to be recorded. Keep in mind Murphy's law: "If something can go wrong, sooner or later it will."

Using generic hazard lists can also be a good starting point to start enriching your work tables. In the rail sector , for example, we could have the following simplified generic list of hazards:

  1. Collision between two trains in operation
  2. Collision with a train, a part of a train, or another rail vehicle
  3. Collision between a train and a road vehicle
  4. Collision between a train and an elements other than a train or vehicle
  5. Collision between a train and a living beingio (animal or human)
  6. Train derailment (not caused by a collision)
  7. Rollover of a train (not caused by a collision)
  8. Fall of people
  9. Accident as a result of an entrapment
  10. Injury or crushing (except for derailment, overturning, entrapment)
  11. Electrocution
  12. Burn (not from electrocution)
  13. Intoxication of one or more people
  14. Suffocation of one or more people
  15. Aggressions to the environment, catastrophes natural,
  16. Assault on spectrum electromagnetic

Some tips for identifying hazards for readers who have never conducted a PHA before: Examine existing similar systems; Review previous hazard analysis for similar systems; Review hazard standards and checklists; Consider the flow of energy, data, information and decision-making through the system; Consider inherently dangerous materials; Consider the interactions between the components of the system; Review the operating specifications and consider all environmental factors; Consider the man / machine interfaces; Consider changes in the mode of use; Think of a worst-case scenario analysis.

Also comment that the " what if " technique (what happens Yes) is also a good way to generate threats that impact the system.

Preparation of a PHA - Step 3 of 4 - Estimation of consequences and frequency

The risk associated with a hazardous event is a function of the frequency of the event and the severity of its possible consequences . To determine the risk, we must estimate the frequency and severity of each hazardous event.

A dangerous event can have a wide range of consequences, from insignificant to catastrophic . A fire can, for example, go out very quickly and have minor consequences or cause a disaster. In some applications, the severity of a medium consequence of a hazardous event is evaluated. In other applications, we consider several possible consequences, including the worst foreseeable consequence of the hazardous event.

The severity of an event can be classified into fairly broad classes. An example of such a classification is (CENELEC EN 50126 - RAMS Ferroviaria):

When estimating the frequency of an event, we have to take into account what consequences we consider. In some applications, we estimate the frequency of each hazardous event. To be used in risk ranking , this frequency must be related to the severity of an average consequence of each particular hazardous event. In other applications, we consider the specific consequences (eg worst case) of a dangerous event. Then we must estimate how often the dangerous event produces a specific consequence. This may involve a combined assessment, for example, the frequency of the hazardous event, the probability that personnel are present, the probability that personnel will not be able to escape, etc.

This means that for each dangerous event, we may wish to present several consequences with associated frequencies . Consider a hazardous event in which an operator falls from a low-rise work platform. In most cases, the consequence of such a fall will be a minor injury (low severity and fairly high frequency). On very rare occasions, the fall can result in death (high severity and very low frequency). Both consequences must be recorded on the PHA worksheet . In some applications, we may want to display both the frequency of the hazardous event and the frequencies of various consequences. These can be included in separate columns on a PHA worksheet (revised).

The frequency of events can be classified into fairly broad classes. An example of such a classification is:

Preparation of a PHA - Step 4 of 4 - Risk classification and follow-up actions

Risk is stated as a combination of a given event / consequence and a severity of the same event / consequence. This allows the events / consequences to be classified in a risk matrix:

Therefore, As can be seen, we build a table where we locate each of the risks that we have detected based on frequency (columns) and severity (rows). From here the colors speak for yes alone:

  • RED - "H": High risk, not acceptable. More analysis and, above all, actions must be carried out on the system to obtain a better estimate of the risk. If this analysis still shows a medium or unacceptable risk redesign, other changes should be made to reduce criticality.
  • YELLOW - "M": The risk may be acceptable, but redesign or other changes should be considered if reasonably practical. More analysis should be done to get a better estimate of risk. When assessing the need for corrective action, the number of events at this risk level should be taken into account.
  • GREEN - "L": The risk is low and no further action is required to reduce it.

The placement of the RED / GREEN / YELLOW colors in the table is not something to be overlooked due to its complexity. By locating the GREEN and YELLOW colors we are assuming or accepting risks and therefore, their assessment must be of a deep analysis. On many occasions it will or should be our client (who buys the system) who of for good or even design this table, normally applying criteria and systematic acceptance of risks with the three known methods: ALARP, GAME or MEM .

In order for the reader to see the subjectivity or possible variations of the risk acceptance matrix, we present below an example that presents the CENELEC Standard EN 50126 on the Railway RAMS, a correct starting point for railway installations where it is necessary or is resorted to. compliance with the CENELEC EN 50126 standard - Railway Applications - Specification and demonstration of reliability, availability, maintainability and safety:


PHA is a very common activity in risk analysis and management processes. The PHA allows an early assessment of project risks and serves as input to a more elaborate and durable process throughout the entire life cycle in terms of analysis of threats (Hazard Log).

The PHA therefore helps us to ensure that the system is secure from the start. In this regard, it is important to remember that modifications are less expensive and easier to implement in the early stages of design. Therefore, we reduce design time by reducing the number of "surprises".

Leedeo Engineering , your partner to develop your risk management and RAMS Engineering processes. We have extensive experience in the development of projects in the railway, aeronautics, energy and automotive industries.

Are you interested in our articles about RAMS engineering and Technology?

Sign up for our newsletter and we will keep you informed of the publication of new articles.