1、NOT MEASUREMENT SENSITIVE MIL-STD-882E 11 May 2012 SUPERSEDING MIL-STD-882D 10 February 2000 DEPARTMENT OF DEFENSE STANDARD PRACTICE SYSTEM SAFETY AMSC N/A AREA SAFT Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-STD-882E ii FOREWORD 1. This Sta
2、ndard is approved for use by all Military Departments and Defense Agencies within the Department of Defense (DoD). 2. This system safety standard practice is a key element of Systems Engineering (SE) that provides a standard, generic method for the identification, classification, and mitigation of h
3、azards. 3. DoD is committed to protecting personnel from accidental death, injury, or occupational illness and safeguarding defense systems, infrastructure, and property from accidental destruction, or damage while executing its mission requirements of national defense. Within mission requirements,
4、the DoD will also ensure that the quality of the environment is protected to the maximum extent practical. Integral to these efforts is the use of a system safety approach to identify hazards and manage the associated risks. A key DoD objective is to expand the use of this system safety methodology
5、to integrate risk management into the overall SE process rather than addressing hazards as operational considerations. It should be used not only by system safety professionals, but also by other functional disciplines such as fire protection engineers, occupational health professionals, and environ
6、mental engineers to identify hazards and mitigate risks through the SE process. It is not the intent of this document to make system safety personnel responsible for hazard management in other functional disciplines. However, all functional disciplines using this generic methodology should coordinat
7、e their efforts as part of the overall SE process because mitigation measures optimized for only one discipline may create hazards in other disciplines. 4. This system safety standard practice identifies the DoD approach for identifying hazards and assessing and mitigating associated risks encounter
8、ed in the development, test, production, use, and disposal of defense systems. The approach described herein conforms to Department of Defense Instruction (DoDI) 5000.02. DoDI 5000.02 defines the risk acceptance authorities. 5. This revision incorporates changes to meet Government and industry reque
9、sts to reinstate task descriptions. These tasks may be specified in contract documents. When this Standard is required in a solicitation or contract, but no specific task is identified, only Sections 3 and 4 are mandatory. The definitions in 3.2 and all of Section 4 delineate the minimum mandatory d
10、efinitions and requirements for an acceptable system safety effort for any DoD system. This revision aligns the standard practice with current DoD policy; supports DoD strategic plans and goals; and adjusts the organizational arrangement of information to clarify the basic elements of the system saf
11、ety process, clarify terminology, and define task descriptions to improve hazard management practices. This Standard strengthens integration of other functional disciplines into SE to ultimately improve consistency of hazard management practices across programs. Specific changes include: a. Reintrod
12、uced task descriptions: (1) 100-series tasks Management. (2) 200-series tasks Analysis. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-STD-882E iii (3) 300-series tasks Evaluation. (4) 400-series tasks Verification. b. Emphasized the identificat
13、ion of applicable technical requirements. c. Included additional tasks: (1) Hazardous Materials Management Plan. (2) Functional Hazard Analysis. (3) Systems-of-Systems Hazard Analysis. (4) Environmental Hazard Analysis. d. Applied increased dollar values for losses in severity descriptions. e. Added
14、 “Eliminated” level for probability. f. Added software system safety techniques and practices. g. Updated appendices. 6. Comments, suggestions, or questions on this document should be addressed to Headquarters Air Force Materiel Command/SES (System Safety Office), 4375 Chidlaw Road, Wright-Patterson
15、 Air Force Base, OH 45433-5006 or emailed to afmc.se.mailboxwpafb.af.mil. Since contact information can change, you may want to verify the currency of this address information using the Acquisition Streamlining and Standardization Information System (ASSIST) online database at https:/assist.dla.mil.
16、 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-STD-882E iv CONTENTS PARAGRAPH PAGE FOREWORD ii 1. SCOPE 1 1.1 Scope .1 2. APPLICABLE DOCUMENTS 1 2.1 General 1 2.2 Government documents 1 2.2.1 Specifications, standards, and handbooks .1 2.2.2 Ot
17、her Government documents, drawings, and publications .2 2.3 Order of precedence 2 3. DEFINITIONS 2 3.1 Acronyms 2 3.2 Definitions.4 4. GENERAL REQUIREMENTS 9 4.1 General 9 4.2 System safety requirements 9 4.3 System safety process .9 4.3.1 Document the system safety approach 10 4.3.2 Identify and do
18、cument hazards . 10 4.3.3 Assess and document risk . 10 4.3.4 Identify and document risk mitigation measures 12 4.3.5 Reduce risk 13 4.3.6 Verify, validate, and document risk reduction 13 4.3.7 Accept risk and document . 13 4.3.8 Manage life-cycle risk. 14 4.4. Software contribution to system risk 1
19、4 4.4.1 Software assessments 14 4.4.2 Software safety criticality matrix 16 4.4.3 Assessment of software contribution to risk . 17 5. DETAILED REQUIREMENTS . 18 5.1 Additional information 18 5.2 Tasks . 18 5.3 Task structure 18 6. NOTES 18 6.1 Intended use 18 6.2 Acquisition requirements 18 6.3 Asso
20、ciated Data Item Descriptions (DIDs) . 19 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-STD-882E v CONTENTS PARAGRAPH PAGE 6.4 Subject term (key word) listing. 19 6.5 Changes from previous issue 20 TASK SECTION 100 - MANAGEMENT TASK 101 HAZARD
21、IDENTIFICATION AND MITIGATION EFFORT USING THE SYSTEM SAFETY METHODOLOGY 22 TASK 102 SYSTEM SAFETY PROGRAM PLAN 24 TASK 103 HAZARD MANAGEMENT PLAN 30 TASK 104 SUPPORT OF GOVERNMENT REVIEWS/AUDITS . 36 TASK 105 INTEGRATED PRODUCT TEAM/WORKING GROUP SUPPORT . 37 TASK 106 HAZARD TRACKING SYSTEM . 38 TA
22、SK 107 HAZARD MANAGEMENT PROGRESS REPORT 40 TASK 108 HAZARDOUS MATERIALS MANAGEMENT PLAN 41 TASK SECTION 200 - ANALYSIS TASK 201 PRELIMINARY HAZARD LIST 44 TASK 202 PRELIMINARY HAZARD ANALYSIS 46 TASK 203 SYSTEM REQUIREMENTS HAZARD ANALYSIS 49 TASK 204 SUBSYSTEM HAZARD ANALYSIS 51 TASK 205 SYSTEM HA
23、ZARD ANALYSIS 54 TASK 206 OPERATING AND SUPPORT HAZARD ANALYSIS . 57 TASK 207 HEALTH HAZARD ANALYSIS 60 TASK 208 FUNCTIONAL HAZARD ANALYSIS 68 TASK 209 SYSTEM-OF-SYSTEMS HAZARD ANALYSIS 71 TASK 210 ENVIRONMENTAL HAZARD ANALYSIS . 73 TASK SECTION 300 - EVALUATION TASK 301 SAFETY ASSESSMENT REPORT 78
24、TASK 302 HAZARD MANAGEMENT ASSESSMENT REPORT. 80 TASK 303 TEST AND EVALUATION PARTICIPATION . 82 TASK 304 REVIEW OF ENGINEERING CHANGE PROPOSALS, CHANGE NOTICES, DEFICIENCY REPORTS, MISHAPS, AND REQUESTS FOR DEVIATION/WAIVER . 84 TASK SECTION 400 - VERIFICATION TASK 401 SAFETY VERIFICATION 86 TASK 4
25、02 EXPLOSIVES HAZARD CLASSIFICATION DATA . 88 TASK 403 EXPLOSIVE ORDNANCE DISPOSAL DATA . 89 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-STD-882E vi CONTENTS PARAGRAPH PAGE APPENDIX A GUIDANCE FOR THE SYSTEM SAFETY EFFORT 90 APPENDIX B SOFTWA
26、RE SYSTEM SAFETY ENGINEERING AND ANALYSIS 92 FIGURES PAGE 1. Eight elements of the system safety process 9 B-1. Assessing softwares contribution to risk 95 TABLES PAGE I. Severity categories . 11 II. Probability levels . 11 III. Risk assessment matrix 12 IV. Software control categories 15 V. Softwar
27、e safety criticality matrix . 16 VI. Relationship between SwCI, risk level, LOR tasks, and risk 17 A-I. Task application matrix90 A-II. Example probability levels 91 B-I. Software hazard causal factor risk assessment criteria 96 Provided by IHSNot for ResaleNo reproduction or networking permitted wi
28、thout license from IHS-,-,-MIL-STD-882E 1 1. SCOPE 1.1 Scope. This system safety standard practice identifies the Department of Defense (DoD) Systems Engineering (SE) approach to eliminating hazards, where possible, and minimizing risks where those hazards cannot be eliminated. DoD Instruction (DoDI
29、) 5000.02 defines the risk acceptance authorities. This Standard covers hazards as they apply to systems / products / equipment / infrastructure (including both hardware and software) throughout design, development, test, production, use, and disposal. When this Standard is required in a solicitatio
30、n or contract but no specific task is identified, only Sections 3 and 4 are mandatory. The definitions in 3.2 and all of Section 4 delineate the minimum mandatory definitions and requirements for an acceptable system safety effort for any DoD system. 2. APPLICABLE DOCUMENTS 2.1 General. The document
31、s listed in this section are specified in Sections 3, 4, or 5 of this Standard. This section does not include documents cited in other sections of this Standard or recommended for additional information or as examples. While every effort has been made to ensure the completeness of this list, documen
32、t users are cautioned that they must meet all specified requirements of documents cited in sections 3, 4, or 5 of this standard, whether or not they are listed. 2.2 Government documents. 2.2.1 Specifications, standards, and handbooks. The following specifications, standards, and handbooks form a par
33、t of this document to the extent specified herein. Unless otherwise specified, the issues of these documents are those cited in the solicitation or contract. INTERNATIONAL STANDARDIZATION AGREEMENTS AOP 52 - North Atlantic Treaty Organization (NATO) Allied Ordnance Publication (AOP) 52, Guidance on
34、Software Safety Design and Assessment of Munitions Related Computing Systems (Copies of this document are available online at https:/assist.dla.mil/quicksearch/ or from the Standardization Document Order Desk, 700 Robbins Avenue, Building 4D, Philadelphia, PA 19111-5094.) DEPARTMENT OF DEFENSE HANDB
35、OOKS No Designator - Joint Software Systems Safety Engineering Handbook (Copies of this document are available online at http:/www.system-safety.org/links/) Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-STD-882E 2 2.2.2 Other Government documen
36、ts, drawings, and publications. The following other Government documents, drawings, and publications form a part of this document to the extent specified herein. Unless otherwise specified, the issues of these documents are those cited in the solicitation or contract. DEPARTMENT OF DEFENSE INSTRUCTI
37、ONS DoDI 5000.02 - Operation of the Defense Acquisition System DoDI 6055.07 - Mishap Notification, Investigation, Reporting, and Record Keeping (Copies of these document are available online at http:/www.dtic.mil/whs/directives/) 2.3 Order of precedence. In the event of a conflict between the text o
38、f this document and the references cited herein, the text of this document takes precedence, with the exception of DoDI 5000.02. Nothing in this document supersedes applicable laws and regulations unless a specific exemption has been obtained. 3. DEFINITIONS 3.1 Acronyms. AFOSH Air Force Occupationa
39、l Safety and Health ANSI American National Standards Institute AOP Allied Ordnance Publication AMSC Acquisition Management Systems Control ASSIST Acquisition Streamlining and Standardization Information System ASTM American Society for Testing and Materials AT Autonomous CAS Chemical Abstract Servic
40、e CDR Critical Design Review CFR Code of Federal Regulations COTS Commercial-Off-the-Shelf DAEHCP Department of Defense Ammunition and Explosives Hazard Classification Procedures DID Data Item Description DoD Department of Defense DoDI Department of Defense Instruction DODIC Department of Defense Id
41、entification Code DOT Department of Transportation DT Developmental Testing E3 Electromagnetic Environmental Effects ECP Engineering Change Proposal EHA Environmental Hazard Analysis EMD Engineering and Manufacturing Development EO Executive Order Provided by IHSNot for ResaleNo reproduction or netw
42、orking permitted without license from IHS-,-,-MIL-STD-882E 3 EOD Explosive Ordnance Disposal ESD Electrostatic Discharge ESOH Environment, Safety, and Occupational Health FHA Functional Hazard Analysis FMECA Failure Modes and Effects Criticality Analysis FTA Fault Tree Analysis GFE Government-Furnis
43、hed Equipment GFI Government-Furnished Information GOTS Government-Off-the-Shelf HAZMAT Hazardous Material HERO Hazards of Electromagnetic Radiation to Ordnance HHA Health Hazard Analysis HMAR Hazard Management Assessment Report HMMP Hazardous Materials Management Plan HMP Hazard Management Plan HSI
44、 Human Systems Integration HTS Hazard Tracking System IEEE Institute of Electrical and Electronics Engineers IM Insensitive Munitions IMS Integrated Master Schedule IPT Integrated Product Team ISO International Organization for Standardization IV assess and mitigate associated risks; and track, cont
45、rol, accept, and document risks encountered in the design, development, test, acquisition, use, and disposal of systems, subsystems, equipment, and infrastructure. 3.2.46 System/subsystem specification. The system-level functional and performance requirements, interfaces, adaptation requirements, se
46、curity and privacy requirements, computer resource requirements, design constraints (including software architecture, data standards, and programming language), software support, precedence requirements, and developmental test requirements for a given system. 3.2.47 Systems engineering. The overarch
47、ing process that a program team applies to transition from a stated capability to an operationally effective and suitable system. Systems Engineering involves the application of SE processes across the acquisition life-cycle (adapted to every phase) and is intended to be the integrating mechanism fo
48、r balanced solutions addressing capability needs, design considerations, and constraints. SE also addresses limitations imposed by technology, budget, and schedule. SE processes are applied early in material solution analysis and continuously throughout the total life-cycle. 3.2.48 Target risk. The projected risk level the PM plans to achieve by implementing mitigation measures consistent with the design order of precedence described in 4.3.4. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,
