In development of avionics, a hazard analysis is used to characterize the elements of risk. A hazard analysis is one tool within the discipline of system safety engineering. The results of a hazard analysis will drive the methods used for development of a system, both hardware and software.

Hazards and Risk

---

A hazard is defined in FAA Order 8040.4 as a "Condition, event, or circumstance that could lead to or contribute to an unplanned or undesirable event." Seldom does a single hazard cause an accident. More often, an accident occurs as the result of a sequence of causes. A hazard analysis will consider system state, for example operating environment, as well as failures or malfunctions.

While in some cases safety risk can be eliminated, in most cases a certain degree of safety risk must be accepted. In order to quantify expected accident costs before the fact, the potential consequences of an accident, and the probability of occurrence must be considered. Assessment of risk is made by combining the severity of consequence with the likelihood of occurrence in a matrix. Risks that fall into the "unacceptable" category (e.g., high severity and high probability) must be mitigated by some means to reduce the level of safety risk.

When software is involved in a system, the development of that software is often governed by DO-178B. The severity of consequence identified by the hazard analysis establishes the criticality level of the software. Software criticality levels range from A to E, corresponding to severities of Catastrophic to No Safety Effect.

Severity Definitions

---

• Large reduction in safety margin or functional capability
• Crew physical distress/excessive workload such that operators cannot be relied upon to perform required tasks accurately or completely
• Serious or fatal injury to small number of occupants of aircraft (except operators)
• Fatal injury to ground personnel and/or general public

• Significant reduction in safety margin or functional capability
• Significant increase in operator workload
• Conditions impairing operator efficiency or creating significant discomfort
• Physical distress to occupants of aircraft (except operator)

including injuries

• Major occupational illness and/or major environmental damage, and/or major property damage

• Slight reduction in safety margin or functional capabilities
• Slight increase in workload such as routine flight plan changes
• Some physical discomfort to occupants or aircraft (except operators)
• Minor occupational illness and/or minor environmental damage, and/or minor property damage

Severity	Definition
Catastrophic	Results in multiple fatalities and/or loss of the system
Hazardous	Reduces the capability of the system or the operator ability to cope with adverse conditions to the extent that there would be:
Major	Reduces the capability of the system or the operators to cope with adverse operating conditions to the extent that there would be:
Minor	Does not significantly reduce system safety. Actions required by operators are well within their capabilities. Include:
No Safety Effect	Has no effect on safety

Likelihood of Occurrence

---

• Qualitative: Anticipated to occur one or more times during the entire system/operational life of an item.
• Quantitative: Probability of occurrence per operational hour is greater than $1\; \backslash times\; 10^\{-5\}$

• Qualitative: Unlikely to occur to each item during its total life. May occur several times in the life of an entire system or fleet.
• Quantitative: Probability of occurrence per operational hour is less than $1\; \backslash times\; 10^\{-5\}$, but greater than $1\; \backslash times\; 10^\{-7\}$

• Qualitative: Not anticipated to occur to each item during its total life. May occur a few times in the life of an entire system or fleet.
• Quantitative: Probability of occurrence per operational hour is less than $1\; \backslash times\; 10^\{-7\}$ but greater than $1\; \backslash times\; 10^\{-9\}$

• Qualitative: So unlikely that it is not anticipated to occur during the entire operational life of an entire system or fleet.
• Quantitative: Probability of occurrence per operational hour is less than $1\; \backslash times\; 10^\{-9\}$

Likelihood	Definition
Probable
Remote
Extremely Remote
Extremely Improbable

See also

---

• Safety engineering
• Occupational safety and health
• RTCA DO-178B (Software Considerations in Airborne Systems and Equipment Certification)
• RTCA DO-254 (similar to DO-178B, but for hardware)
• SAE ARP4761 (System safety assessment process)
• SAE ARP4754 (System development process)
• MIL-STD-882 (Standard practice for system safety)

Further reading

---

External links

---

• CFR, Title 29-Labor, Part 1910--Occupational Safety and Health Standards, § 1910.119
  U.S. OSHA regulations regarding "Process safety management of highly hazardous chemicals" (especially Appendix C).
• FAA Order 8040.4 establishes FAA safety risk management policy.
• The FAA publishes a System Safety Handbook that provides a good overview of the system safety process used by the agency.

Avionics | Safety engineering | Occupational safety