guidance for integrated project teams for use in ... · document reference stg/181/1/9/1 version...

Document reference STG/181/1/9/1 Version 1.0 dated 1 June, 2004

Guidance for Integrated ProjectTeams for Use in Contracting

for Independent Safety Auditor(ISA) Services

This guidance has been issued by the Safety Management Offices Group having been developedwith assistance from Adelard

of 75

Version 1.0 dated 1 June, 2004

of 75


Contents

1 Introduction ............................................................................................................................... 5

2 Glossary..................................................................................................................................... 5

3 Bibliography.............................................................................................................................. 6

4 Basis for the ISA role ................................................................................................................ 74.1 MoD policy and practice ........................................................................................... 74.2 ISA scopes of work ................................................................................................... 8

5 Definitions............................................................................................................................... 105.1 Independent ............................................................................................................. 10

5.1.1 Definition ................................................................................................ 105.1.2 Interpretation........................................................................................... 105.1.3 Illustrations.............................................................................................. 11

5.2 Safety Audit ............................................................................................................ 115.2.1 Definition ................................................................................................ 115.2.2 Interpretation........................................................................................... 115.2.3 Illustrations.............................................................................................. 12

5.3 Safety advice ........................................................................................................... 135.3.1 Definition ................................................................................................ 135.3.2 Interpretation........................................................................................... 135.3.3 Illustrations.............................................................................................. 13

6 Relationships with other organisations ................................................................................... 146.1 The IPT ................................................................................................................... 156.2 The contractor ......................................................................................................... 156.3 The Operating Authority ......................................................................................... 166.4 Safety Management Offices .................................................................................... 166.5 Regulatory/certification bodies ............................................................................... 176.6 Design Authority..................................................................................................... 17

7 Selection of ISAs..................................................................................................................... 187.1 Independence........................................................................................................... 187.2 Competence............................................................................................................. 187.3 Project complexity .................................................................................................. 187.4 Safety risk ............................................................................................................... 197.5 Lifecycle phase........................................................................................................ 19

8 Expertise and competence....................................................................................................... 208.1 Competence criteria ................................................................................................ 20

8.1.1 Technical competence............................................................................. 208.1.2 Auditing competence .............................................................................. 218.1.3 Behavioural competence ......................................................................... 22

8.2 Assessment of competence...................................................................................... 22

9 Scopes of work........................................................................................................................ 239.1 General ISA documentation .................................................................................... 239.2 Scopes of work by lifecycle phase .......................................................................... 25

of 75


9.2.1 Concept phase ......................................................................................... 289.2.2 Assessment phase.................................................................................... 319.2.3 Demonstration phase............................................................................... 389.2.4 Manufacturing phase............................................................................... 459.2.5 In-service phase....................................................................................... 519.2.6 Disposal phase......................................................................................... 54

9.3 Legacy systems ....................................................................................................... 569.4 Variation with maturity of contractor’s combined SEMS....................................... 639.5 Variation with safety integrity requirements........................................................... 639.6 Other procurement models ...................................................................................... 64

Appendix A Safety argument over the lifecycle ......................................................................... 69

Figure

Figure 1: Typical ISA organisational interfaces.......................................................................... 14

Table

Table 1: Summary of ISA activities through the lifecycle .......................................................... 25

of 75


1 Introduction

1) This document provides guidance for IPTs on contracting for Independent Safety Audit(ISA) services. It has been issued by the Safety Management Offices Group.

2) The document contains guidance on the ISA role, how to select ISAs, and the scopes ofwork for ISAs at different lifecycle phases.

3) The document is guidance for an IPT that can be used in part or additional work items canbe added. Some or all of the activities may be appropriate depending on the system complexityand the information that the IPT may require in order to assure themselves of the validity of asafety argument.

2 Glossary

1) See Def Stan 00-56/3 for a complete set of relevant definitions.

ADRP Airworthiness, Design Requirements and Procedures

ALARP As Low As Reasonably Practicable. HSE’s interpretation of therequirement in the Health and Safety at Work Act that risks are to bereduced “so far as is reasonably practicable”.

BCS British Computer Society

CASS Conformity Assessment of Safety-related Systems

CLS Contractor Logistic Support

COTS Commercial off-the-shelf

DOSG Defence Ordnance Safety Group

DRACAS Data Recording and Corrective Action System

Duty Holder The person responsible for safe operation of a system. Normally the IPTLeader.

EMS Environmental Management System

FRACAS Fault Recording and Corrective Action System

Hazops Hazard and Operability Study

HCI Human Computer Interface

IEE Institute of Electrical Engineers

ISA Independent Safety Auditor

LSSO Land Systems Safety Office

Occupational safety Safety associated with physical or inherent hazards, such as weight,sharp corners or electric shock.

OHHA Occupational Health Hazard Analysis

OME Ordnance, Munitions and Explosives

of 75


OSHA Operating and Support Hazard Analysis

PFI Private Finance Initiative

PHA Preliminary Hazard Analysis

PHL Preliminary Hazard Listing

Physical safety Safety associated with inherent hazards of a system such as electricshock, radiation, weight, sharp corners, etc. Sometimes known asoccupational safety.

PPP Public Private Partnership

QMS Quality Management System

Safe Risk has been reduced to a level that is broadly acceptable, or tolerableand ALARP, and relevant prescriptive safety requirements have beenmet, for a system in a given application in a given operatingenvironment.

Safety argument A logically stated and rigorously demonstrated reason why the system issafe.

Safety Audit A systematic and independent examination to determine whether safetyactivities comply with planned arrangements, are implementedeffectively and are suitable to achieve objectives; and whether relatedoutputs are correct, valid and fit for purpose. See also Section 5.2.

Safety case A structured argument, supported by a body of evidence, that provides acompelling, comprehensible and valid case that a system is safe for agiven application in a given operating environment.

SEMS Combined Safety and Environmental Management System

SMO Safety Management Office

SMP Safety Management Plan

SMS Safety Management System

SOW Statement of Work

SRD System Requirements Document

SSMO Ship Safety Management Office

URD User Requirements Document

3 Bibliography

[1] Safety, Competency and Commitment: Competency Guidelines for Safety-Related SystemPractitioners, IEE, 1999. ISBN 0 85296 787 X.

of 75


4 Basis for the ISA role

1) Any equipment contracts that will require ISA input on behalf of the MoD will includeappropriate contract clauses and conditions. To enable the ISA role to be undertaken it isessential that the following clause is included: “The Contractor shall provide access torecords, including sub-contractor records, for contract purposes, to enable the MoDappointed Independent Safety Auditor to carry out safety audits and other assessmentactivities to meet MoD safety requirements.” It is strongly recommended that the advice ofCommercial Officers is sought as appropriate.

2) Where an IPT contracts for the provision of ISA services any contract will requireappropriate contract clauses and conditions to be included to take account of reportingrequirements and dispute resolution procedures between the ISA, Duty Holder and theContractor. The requirement for the ISA to sign documents produced by the contractor toindicate that they have been reviewed or endorsed by the ISA should also be considered.

4.1 MoD policy and practice

1) This section describes the basis for the ISA role in MoD policy and practice.

2) The MoD is a self-regulating organisation with regard to safety where it has been grantedspecific exemptions, disapplications or derogations from legislation, international treaties orprotocols. This leads to a potential conflict of interest between the need to deliver new andenhanced capability to time and budget, and the obligation under the Health and Safety at WorkAct and the Secretary of State’s safety policy to reduce safety risks so far as is reasonablypracticable.

3) The ISA role is founded on MoD safety policy that introduces independence into safetyregulation by requiring or recommending the IPT (formally the “Duty Holder”, normally theIPT Leader) to seek an ISA’s opinion on the quality of the safety case for new or modifiedequipment. This independence is of benefit to both the IPT and the contractor and helps toachieve safety certification and compliance with legal requirements.

• In the maritime sector, JSP 430 requires an IPTL to authorise the safety case on thebasis of an endorsement from an independent safety audit of the Safety Case. Beforeauthorisation, the IPT must ensure the satisfactory resolution of any deficiencies orobservations raised through their Safety Committee and ISA.

• In the land sector, JSP 454 currently states, “As part of the IPT’s assurancearrangements, it is strongly recommended that an Independent Safety Auditor beappointed by the IPTL at the outset of the project in consultation with the safetycommittee, to undertake the following tasks of: providing independent assessmentand validation of Safety Case work; providing professional support and advice to thesafety committee and IPTL.”

• In the airworthiness sector, JSP 553 currently states, “The appointment of an ISA isrequired by Def Stan 00-56 for systems in the higher risk classes and is desirable inother cases if the aircraft, its systems or equipment are novel, complex or high risk.The ISA can also provide general safety advice to the IPT, the industrial Designerand other organisations.”

of 75


• In the ordnance sector, JSP 520 provides for independence through the review byDOSG and through the OME Safety Advisor assigned to the IPT to provide adviceand support. However, overall system safety will normally be covered by JSP 430,JSP 454 or JSP 553 and an ISA will be needed as described above. Also, JSP 520does provide for other independent technical experts on the OME Safety ReviewPanel, and the ISA can usefully provide independent audit and advice in areas such asoccupational safety.

4) The ISA has no executive authority and the IPT accepts full responsibility for safety. TheIPT may overrule an ISA’s recommendations but in such cases a robust justification for thedecision should be recorded.

5) The ISA role has two other aspects that flow from the need to form an expert, professionalopinion:

• The ISA plays an important part in advising the contractor and the IPT on aframework of appropriate standards and good practice. This is of increasingimportance in the light of the current trend in defence and civil sectors to “goal-based”, as opposed to prescriptive, regulation. A goal-based approach has theadvantage that it makes innovation easier, but it does not provide the same degree ofcertainty as prescriptive regulation. Safety advice is described in more detail inSection 5.3 below.

• According to the SMO’s policy, the ISA may assist the SMO to discharge itsresponsibilities for monitoring effective safety and environmental management bycontractors and IPTs, and for the provision of advice and guidance on safetymanagement. The organisational interface with the SMOs is elaborated in Section 6.4below.

4.2 ISA scopes of work

1) Typically the ISA caries out document reviews, audits against planned arrangements, andadditional analyses. The functions carried out by the ISA are elaborated in Section 5 and thedetailed scopes of work in Section 9.

2) In developing the scopes of work, the IPT should bear in mind the following.

3) The IPT shall arrange to preserve the ISA’s independence and enable them to carry out theirduties effectively. An authorised ISA has the right and duty to raise significant concerns directlywith the IPT or contractor, even when outside their agreed scope of work or TOR and shouldraise unresolved concerns with appropriate Authorities and the relevant SMO.

4) The ISA should be given reasonable resources to carry out the tasks. The cost of employingan ISA should be commensurate with the risk associated with the project. A lack of resources isa poor justification for placing limits on the scope of ISA work or level of involvement of theISA. Experience shows the costs of correcting a deficiency attributed to inadequate Safety Auditsignificantly outweigh any savings made.

5) It is possible that the ISA and the contractor will become deadlocked over some aspect ofthe safety argument, and the IPT will wish to seek another opinion. The relevant SMO may beable to provide informal assistance and advice on the way forward (although the IPT remains

of 75


responsible for deciding the way ahead). Also, if the ISA has significant concerns that they donot believe are being adequately addressed, the relevant SMO may be approached forassistance. In these cases the SMO might be asked to co-operate in a process similar to thefollowing:

a. The ISA and the party (IPT or contractor) with whom they disagree should eachproduce a report setting out their position of the disputed area of the safety argument.These reports should be exchanged and also copied to the SMO. The SMO shouldalso be provided with other relevant documents, such as the safety management planand appropriate elements of the safety case.

b. Having read each other’s reports, the ISA and the other party should write an agreedjoint report setting out the precise areas of agreement and disagreement. This shouldbe sent to the SMO.

c. The IPT should arrange an arbitration hearing. Generally this will take a half-day butmight be longer for a complex dispute. The hearing should be chaired by a member ofthe SMO. The ISA and the other party should each present their point of view, whichmay be followed by a general discussion of the issues.

d. Following the hearing, the ISA and the other party should each write a finalsubmission, which should be exchanged and also sent to the SMO.

e. The SMO will consider the reports and points raised at the hearing, and providewritten advice with respect to the issues outstanding.

of 75


5 Definitions

1) Def Stan 00-56/3 defines Independent Safety Auditor as an individual or team, from anindependent organisation, that undertakes audits and other assessment activities to provideassurance that safety activities comply with planned arrangements, are implemented effectivelyand are suitable to achieve objectives; and whether related outputs are correct, valid and fit forpurpose.

2) This section of the guide expands on this definition by considering the meaning ofindependent, safety audit and safety advice. Each definition is followed by an interpretationcovering any areas of difficulty, and one or more illustrations of the application of thedefinition.

5.1 Independent

5.1.1 Definition

1) Able to provide an expert, professional opinion without vulnerability to commercial, projector other pressure.

5.1.2 Interpretation

1) Informally, the ISA needs to be sufficiently independent that they are sheltered as far aspracticable from pressure to modify their opinion.

2) It is highly desirable for the ISA to be from an organisation totally separate from thecontractor. Where it is not possible to achieve total separation, the IPT should justify theacceptability of the arrangements that they authorise. Arrangements that may give sufficientindependence include the use of companies in the same group as the contractor, but otherwiseindependent, or organisations or departments in the contractor’s firm that are independent toboard level.

3) Contractors may raise commercial or security objections to other companies having accessto their proprietary information. These can normally be overcome by selecting the ISA from anorganisation that does not compete with the contractor, and putting a non-disclosure agreementin place. Even in very specialised areas, it does not follow that anyone competent to carry out aSafety Audit must be a competitor, since competent personnel are likely to be available whohave retired from or left the contractor or a competitor, or who have worked in the same area forMoD. Also, most of the skills that an ISA should have are generic, and the expertise requiredoften does not need to be so domain or technology specific to require a (current or former)competitor.

4) Some contractors may have an in-house safety organisation. Although these organisationsmay be able to provide scrutiny of the contractor’s organisation, they will often be unable toprovide scrutiny of the activities of the IPT or other parties. In addition, they are highly unlikelyto be involved pre-contract due to their lack of commercial independence from the organisationstendering for work. However, in-house organisations may be able to support the work of theISA, which may lead to a reduced need for Safety Audits. This also applies to safety auditingcarried out in-house, or more general auditing to assess conformance with standards such asISO 9001.

of 75


5) The ISA may give general advice to the IPT and the contractor, but will compromise theirindependence if they contribute to the specific safety case: see also Section 5.3.

6) In order not to undermine the ISA’s independent opinion, the IPT should give the ISAsubstantial freedom to conduct the Safety Audit as they judge to be appropriate.

7) The need for independence does not mean that every project in an IPT and everysubcontractor has to have a separate ISA; reference to the requirements of domain specific JSPsshould be made however. A single or small number of ISAs will give a more consistentapproach and will acquire domain-specific knowledge more quickly. Of course the ISA or ISAsshould be independent with respect to all the organisations that they audit, as defined above.

5.1.3 Illustrations

• A major defence contractor asserts that a MoD-appointed ISA is unnecessarybecause it has an in-house safety section with specialist domain knowledge. An ISAshould still be appointed, but their terms of reference should include co-operationwith the safety section to reduce duplication of effort and “audit fatigue”, and also themaking of judgements about the work of the in-house organisation. The ISA shouldbe competent in the domain (see Section 8) although they may not have the samelevel of depth of specialist knowledge as the in-house safety section.

• A contractor resists appointment of an ISA from a competitor because it is notprepared to make proprietary information available. This is a legitimate concern.Even if a non-disclosure agreement is signed, it is impossible to remove theinformation held in the ISA’s head and it might be divulged unwittingly or underpressure from peers. The IPT should negotiate a mutually acceptable ISA from anorganisation that does not compete with the contractor, even though it may then bemore difficult to find an ISA with appropriate domain experience. See also Section 4.

5.2 Safety Audit

5.2.1 Definition

1) Safety Audit is defined in Def Stan 00-56/3 as a systematic and independent examination todetermine whether safety activities comply with planned arrangements, are implementedeffectively and are suitable to achieve objectives; and whether related outputs are correct, validand fit for purpose.


1) Safety Audit consists of the activities that enable an expert, professional, independentopinion to be reached on the safety of the system.

2) The safety case is based on a safety argument. Appendix A shows typical safety argumentsthrough the procurement lifecycle. Typically the overall, top-level argument is that:

of 75


The system is safe to use to provide the defined capability because:The meaning of “safe” is defined and correctly captured in the safetyrequirements.The system meets the safety requirements.Safety will be maintained over the system’s lifetime through a culture of safeworking and safety management by the contractor and MoD organisations.The assumptions and prerequisites on which the safety case depends are valid.

3) Safety Audit involves examining each of the components of this safety argument andforming an opinion as to whether it is complete and correct. Safety Audit is targeted at both thecontractor and the IPT. Typically, the ISA will form their opinion on the basis of the following:

• Targeted document reviews.

• Independent assessment and analysis. The ISA may utilise techniques such as diverseanalysis, witnessing, interviewing, traceability checks, vertical slices1 and inspection.

• Audits of safety and development processes. These “traditional” audits check forconformance to relevant policy, standards, the SMS or where appropriate thecombined SEMS, and the safety management plans.

4) Note that Safety Audit consists of considerably more than “traditional” auditing, and in factsuch auditing makes up a fairly small proportion of the ISA’s activities. More detailed scopes ofwork are given in Section 9 below.

5) Note that within the airworthiness sector, the assessment function and the audit and advicefunction are often carried out by different individuals or organisations.

5.2.3 Illustrations

• An ISA Report consists of a detailed audit showing compliance to the requirements ofDef Stan 00-56. This is not sufficient to provide an expert, professional opinion to theIPT. Underlying the ISA role is the fact that safety is fundamentally a property of thesystem, not the process used to develop it. An audit showing simple compliance (i.e.that a process has been carried out) is insufficient and a judgement of theeffectiveness of the process, and how it affects the safety of the system, is alsorequired.

• A contractor refuses to co-operate with the ISA over the provision of data to supportfailure rate claims, on the grounds that analysis of such data is not an audit function.This is not acceptable if the ISA judges the data to be an essential component of thesafety argument. If agreement cannot be reached, the IPT should intervene to obtainthe data.

1 Vertical slice analysis traces the mitigation of a hazard throughout the system lifecycle.

of 75


5.3 Safety advice

5.3.1 Definition

1) General advice on the acceptability of a proposed safety argument, which facilitates theIPT’s or contractor’s decision-making.


1) In order to maintain their independence, the ISA cannot give specific advice or contributedirectly to the safety argument. However, it is legitimate, and helpful in reducing project riskfrom safety matters, for the ISA to give general advice that leads to timely production of asatisfactory safety case. General advice is that which would be given to any broadly similarproject, and corresponds to the assessment guides produced by the statutory regulators (e.g. theHSE’s Approved Codes of Practice and the series of Assessment Guides from the NuclearInstallations Inspectorate). General advice may cover the selection of suitable analysistechniques, the structure of safety arguments and the making of tolerability claims.

2) It is also legitimate for the ISA to provide advice on specific technology, and theconsequences of technology choices, providing that the advice is that which would be given inany broadly similar case.

5.3.3 Illustrations

• The ISA has criticised the contractor’s calculation of numerical tolerability criteria,and the contractor asks the ISA to change it to a form that they would findacceptable. The ISA should not do this, as they would then take ownership of part ofthe safety argument. However, they can illustrate how such a calculation should beperformed, by analogy with other, similar projects. It is also legitimate for them tohelp to derive policy and guidance on safety arguments for classes of systems inassociation with the SMOs (see also Section 6.4).

• A cluster IPT is responsible for several interconnected systems, and asks the ISA forone system to write a safety case for another. This is permissible provided that thescope of the two safety cases is clearly defined and does not overlap. The IPT shouldengage a second ISA to provide an independent opinion on the safety case for theother system.

• In accordance with JSP 454, a small IPT asks the ISA to advise and assist in theestablishment and development of the Safety Management System and Safety Case, inlieu of a dedicated Safety Officer. This is permissible provided that the advice andassistance is general and facilitates the IPT’s own development of the SMS andSafety Case, rather than influencing their development directly.

of 75


6 Relationships with other organisations

1) This section describes the organisational interfaces between the ISA and other organisationsconcerned with defence safety. The typical interfaces are illustrated in Figure 1 and discussedbelow. Not all the information flows shown apply to all sectors (for example, only the LSSOcurrently offers an arbitration service). The ISA tasks related to these interfaces are expanded inSection 9 below.

2) The formal communication route between the ISA and the contractor and the OperatingAuthority will be defined in the MoD/ISA contract, and will normally be through the IPT asshown. In practice, however, it is usual for the ISA to communicate directly with these bodies,although the IPT should be kept informed of all discussions and given copies of all writtencommunications.

3) JSPs 430, 454 and 553 include the ISA in the membership of relevant safety committees inaccordance with Def Stan 00-56/3, and all the organisations shown in the figure will berepresented on one or other of these. The meetings of these bodies provide an important meansof liaison between the ISA and the other safety organisations.

Figure 1: Typical ISA organisational interfaces

ISA

Safety Office

Contract

Duty H

older’ssafety

documentation

ISA Reports &

papers

ISA advice

Safetyqueries

Progress reports

Contractor

Safetyqueries

ISAadvice

Information& access

ISA Reports

Arbitrationfindings

ISA Reports

Policy & guidance input

Policy & guidanceadvice

Arbitration reports

Informal briefs

OperatingAuthority (inc.service safety

body)

Safetyqueries

ISA advice

ISA Reports& papers Document reviews


Policy &guidance input

IPT

Regulatory/certification

bodies

ISA Reports& papers

Responses toqueries

Queries

ISA

Safety Office

Contract

Duty H

older’ssafety

documentation

ISA Reports &

papers

ISA advice

Safetyqueries

Progress reports

Contractor

Safetyqueries

ISAadvice

Information& access

ISA Reports

Arbitrationfindings

ISA Reports



Arbitration reports

Informal briefs


body)

Safetyqueries

ISA advice




IPT


bodies

ISA Reports& papers

Responses toqueries

Queries

ISA

Safety Office

Contract

Duty H

older’ssafety

documentation

ISA Reports &

papers

ISA advice

Safetyqueries

Progress reports

Contractor

Safetyqueries

ISAadvice

Information& access

ISA Reports

Arbitrationfindings

ISA Reports



Arbitration reports

Informal briefs


body)

Safetyqueries

ISA advice




IPT


bodies

ISA Reports& papers

Responses toqueries

Queries

of 75


6.1 The IPT

1) Where the IPT directly contracts the ISA, they must respect their independence. Therelationship is similar to contracting an auditor in other areas, such as quality management oraccountancy. An authorised ISA has the right and duty to raise significant concerns directlywith the IPT or contractor, even when outside their agreed scopes of work or terms of reference,and should raise unresolved concerns with the appropriate Authorities and SMO.

2) In the majority of cases, the IPT contracts the ISA on the project. However, the IPT maydirect the contractor to contract the ISA instead. In that case the contractor should employ anISA who is acceptable to the IPT in terms of competence and scope of work as defined in thisguide.

3) The ISA interacts with the IPT as follows:

• Contractually. The ISA contracted by the IPT has to provide value for money and anIPT should monitor ISA performance against the contract accordingly. Selectioncriteria for ISAs are given in Section 7 below.

• Through audits. The ISA audits the IPT’s safety management system and safetyrecords since this forms part of the overall safety argument (see Section 5.2).

• Through the ISA Report. The ISA Reports (and supporting review, analysis and auditrecords) provide the IPT with the independent opinion that they require under MoDsafety policy. This covers safety documents and analysis produced by both thecontractor and the IPT (e.g. as part of requirements definition prior to tendering forthe system).

• By providing advice. The ISA may provide independent, general advice on safetymatters to the IPT (see Section 5.3).

4) The role of the ISA is basically the same for both single-project and cluster IPTs.Experience shows that ISA work for cluster IPTs is project-based and so there is little differencein practice. It is permissible for ISA personnel to give specific advice for some projects whilecarrying out independent safety audit in others; see Section 5.2 and Section 5.3.

6.2 The contractor

1) Where the ISA is contracted by the contractor, the interface will include contractual matters.

2) The contractor’s relationship with the ISA is set out in Def Stan 00-56. Where the ISA iscontracted by the IPT, the ISA should be acceptable to the contractor in terms of competenceand scopes of work. They should also be able to safeguard the contractor’s IPR and confidentialinformation (see Section 5.1.2).

3) The contractor receives from the ISA:

• Reports, including the ISA Report, on reviews, audits and analyses carried out by theISA as part of the Safety Audit function (see Section 5.2).

of 75


• General advice on safety matters (see Section 5.3).

4) The ISA receives from the contractor:

• Access to the information needed to form an independent opinion, including safetycase reports.

• The contractor’s response to ISA reviews and reports. (See also Section 4 para 1.)

6.3 The Operating Authority

1) There may be discussions between the Operating Authority and the ISA over safety issues.Typically communication originates in safety committees, but may also occur if the OperatingAuthority raises a safety concern directly to the IPT.

2) In addition, the Operating Authority may have its own safety body, which may liaise withthe ISA as follows. The Operating Authority’s safety body receives from the ISA:

• Reports, including the ISA Report, on reviews, audits and analyses carried out by theISA as part of the Safety Audit function (see Section 5.2).

• Assistance over safety issues, if requested.

3) The ISA receives from the Operating Authority’s safety body:

• Document reviews.

• Requests for assistance on safety issues.

4) In the air sector, the ISA’s organisational interface is with the Release to Service Authorityrather than the Operating Authority.

6.4 Safety Management Offices

1) The ISA interacts with the relevant SMO in several ways:

• Through the ISA report. Some SMOs may require copies of formal ISA Reports. TheISA Reports show that the IPT has received an independent opinion on the quality ofthe safety case. The reports should also address compliance to safety andenvironmental management policy, both by the contractor and the IPT.

• By receiving advice. The relevant SMO may be able to provide advice on difficultsafety issues and areas of policy uncertainty.

• Over the development of policy and generic advice. The ISA may encounter safetyissues that are not covered by existing policy or guidance. Examples include thedevelopment of safety targets for novel situations. They should liaise with therelevant SMO over such issues and if requested assist the SMO in the formation of

of 75


relevant policy and guidance. They should also copy the SMO any advice they giveto the IPT concerning such issues.

• Through the need for arbitration. It is possible that the ISA and the IPT or thecontractor will become deadlocked over some aspect of the safety argument. In theLand sector, the LSSO already offers to provide informal arbitration and advice onthe way forward. The ISA (together with the IPT or contractor) should provide areport on the areas of agreement and disagreement, on which the SMO can base itsadvice.

• Through informal communication. Especially in complex projects, it is helpful if theISA informally briefs the relevant SMO from time to time on project safety progressand any areas of difficulty or disagreement.

6.5 Regulatory/certification bodies

1) In a sector where there is a formal regulation or certification regime, the ISA may interfacewith the regulator or certification body by means of the ISA Report and response to questions.An example is the Naval Authority or the Naval Nuclear Regulatory Panel in the maritimedomain.

6.6 Design Authority

1) Generally, the Design Authority will be either the contractor or the IPT. However theDesign Authority may be another organisation. (This case is not shown on the diagram.) In thiscase, the IPT will need to obtain agreement from the Design Authority to provide access for theISA and generally to co-operate with them.

2) The Design Authority receives from the ISA:

• Reports, including the ISA Report, on reviews, audits and analyses carried out by theISA as part of the Safety Audit function covering the contractor and the DesignAuthority (see Section 5.2).

• General advice on safety matters (see Section 5.3).

3) The ISA receives from the Design Authority:

• Access to the information needed to form an independent opinion, including safetycase reports. (See also Section 4 para 1.)

• The Design Authority’s response to ISA reviews and reports.

of 75


7 Selection of ISAs

1) This section considers the criteria that the IPT should apply when choosing an ISA or ISAteam. The criteria cover personal (or team) attributes of independence (Section 7.1) andcompetence (Section 7.2), and project attributes of complexity (Section 7.3), risk (Section 7.4)and lifecycle phase (Section 7.5). Expertise and competence is discussed further in Section 8.

2) It is preferable to employ an ISA team for most projects. The team enables effective peerreview of the assessment’s outputs and can provide specialist expertise in areas such as humanfactors and software reliability modelling. It also has the practical advantage that it is easier tocover for normal staff absence and attend concurrent meetings. The guidance for the projectcriteria explains the circumstances when an individual may be sufficient.

3) Even when an ISA team is employed, the ISA team leader and preferably all the teammembers should be individually identified.

7.1 Independence

1) The ISA should be independent as defined in Section 5.1.

7.2 Competence

1) The ISA should be competent in Safety Audit skills in the project domain, includingknowledge of the safety policy for the domain. This is discussed in detail in Section 8.

7.3 Project complexity

1) Project complexity can take several forms, including:

• technical complexity. In this case the safety argument is likely to be complex, withseveral types of evidence for many of the safety claims, especially in the area ofsafety of data and commands. Appendix A illustrates the main elements of a complexsafety argument. The ISA should have a higher level of competence including proventechnical skills applying to any technically difficult safety issues (see alsoSection 8.1.1).

• problems with safety evidence. The Safety Audit will require more effort if there areproblems with the safety evidence, such as a lack of historical evidence for safety oflegacy equipment, or if the historical evidence shows that the system does not meetits safety requirements.

• large project scale. For large-scale projects involving “systems-of-systems”, thesafety argument will involve evidence provided by safety cases for systemshierarchies aggregating up to macro platform or super-system level. The ISA shouldhave proven experience in Safety Audit of interrelated safety cases and the safetyissues that arise due to the interactions between systems, including interfacing toISAs for other equipment.

of 75


Conversely, for small-scale projects, where the amount of concurrent work andnumber of meetings is reduced, it may be sufficient to employ a competent individualas ISA, rather than a team.

• PFI or foreign acquisition. In this case, the ISA needs to be able to interpret thesafety standards that have been applied to the development of the system in the lightof MoD policy and UK regulatory requirements.

7.4 Safety risk

1) One of the roles of the ISA is to reduce uncertainty in the validity of the safety argument byproviding an authoritative second opinion. For low risk systems, the safety argument will besimpler, quicker and easier to assess, and because of the amount of mitigation, the likelihood offielding an unsafe system is low. Therefore for systems where the risk is low compared to theday to day risks an individual faces, the IPT could consider:

• the use of an individual ISA rather than an ISA team

• less specific experience as an ISA or in the application domain

7.5 Lifecycle phase

1) The major safety effort is typically during the assessment, demonstration and manufactureacquisition phases. During the other phases less safety work is likely to be needed, and hencethe ISA team can be reduced in size.

2) If the equipment is near the end of its service life, a much simpler safety argument is likelyto be appropriate, centring on maintaining the current level of safety, and on issues of disposal.Safety criteria will be informed by the relatively short “time at risk”, and design changes, if any,are likely to be of low risk. In this case, a limited Safety Audit by an individual is likely to besufficient.

3) Detailed scopes of work for each lifecycle phase are given in Section 9.

of 75


8 Expertise and competence

1) It is obviously of the utmost importance that the ISA should be suitably qualified andexperienced. This section describes competence criteria for ISAs, and presents guidance onassessment against the criteria. Where the Safety Audit is carried out by a team, the team as awhole should provide the necessary level of competence.

8.1 Competence criteria

1) There are three types of competence required to assess the suitability of an ISA:

• technical competence—safety and technical knowledge (of the application area andtechnology) required to support the activities of a Safety Audit (this is described inSection 8.1.1)

• auditing competence—skills necessary to perform the Safety Audit, i.e. to performthe activities that enable an expert, professional opinion to be reached on the safety ofthe system, as defined in Section 5.2 above (this is described in Section 8.1.2)

• behavioural competence—qualities and attributes of behaviour and character neededto successfully perform the task (this is described in Section 8.1.3)

8.1.1 Technical competence

1) Technical competence covers the knowledge and experience needed to underpin theactivities of the ISA. This has two aspects:

• Technical competence in Safety Audit independent of the specific application domainand technology used.

• Technical competence in the application domain, where an understanding of thespecific technologies used and the context of their use extends the ability tosuccessfully audit the safety of the system.

2) Technical competence in Safety Audit includes:

• Knowledge and experience of the legal and safety regulatory framework.

• Understanding of the principles and concepts of safety management, e.g. ALARP,hazards, risk and safety requirements.

• Knowledge and experience of techniques and methods to determine and analysesafety issues of importance and to make a judgement on the safety of a system.Examples of such knowledge include safety analysis techniques such as Hazops andFault Tree Analysis, and the ability to estimate the necessary resources to performsuch analyses and to judge the scope and depth of analyses carried out.

of 75


• Knowledge and experience of specific standards, guidelines or codes of practicerelevant for the project, e.g. Def Stan 00-56 and the applicable safety managementJSPs.

3) Technical competence in the application domain includes:

• Safety engineering knowledge and experience appropriate to the application area andtechnology, including safety practices appropriate to the organisation and applicationarea.

• Engineering knowledge and experience appropriate to the application area (e.g. airtraffic control) and technology (e.g. digital network communication).

• Experience of other systems engineering disciplines including human factorsintegration, integrated logistic support and availability, reliability and maintainabilitywould also be advantageous.

4) In the ship sector, demonstration of technical competence requires that all key members ofthe ISA’s team should possess or be working toward an SSMO training certificate.

8.1.2 Auditing competence

1) As discussed in Section 8.1.1, technical competence underpins the knowledge needed tocarry out a Safety Audit, independently of the specific activities being performed. By contrast,auditing competence considers the specific activities performed as part of a Safety Audit (thatis, document review, process audits and independent analyses). This includes the ability to:

• determine the scope and objectives of the Safety Audit

• develop and maintain a plan for the activities that comprise a Safety Audit

• collect and analyse objective evidence to support a judgement about the safety of thesystem. This may include: a) interviewing personnel at all levels; b) examining andreviewing documents; c) observing activities

• verify the accuracy of information gathered in interviews by observation,measurements and records analyses

• identify, record and investigate clues suggesting possible problems

• carry out formal process audits against relevant standards, plans, etc.

• make a judgement on the safety of a system

• document findings including producing formal ISA Reports

• verify that any actions necessary to address the results of the Safety Audit activitiesare appropriately completed

of 75


8.1.3 Behavioural competence

1) Behavioural competence describes the attributes of conduct and character needed to performthe role of ISA with efficacy. These include:

• interpersonal skills

• competence in communicating at all levels of the organisation

• interviewing skills

• reporting and presentation skills

• integrity and trustworthiness

8.2 Assessment of competence

1) The assessment of competence of ISAs should be in terms of the criteria described inSection 8.1. Where a project requires a team approach, it is the balance of skills that isimportant, and the team leader should demonstrate the ability properly to manage and co-ordinate the team. Individual team members should provide the in-depth knowledge that isrequired.

2) The IPT should ask potential ISAs for evidence of competence, supported by verifiableexamples, as part of their proposal when bidding for an ISA role. Typically, evidence todemonstrate the competencies is based on training, qualifications and experience. Proven abilityis likely to provide the best indicator; and appropriate references to that effect should beobtained wherever possible.

3) Potential ISAs may present evidence of competence of three types, according to who doesthe assessment:

• Self-assessment, i.e. the ISA presents evidence to demonstrate the competencies aspart of their proposal. This will have to be assessed by the IPT on a case-by-casebasis.

• Organisational assessment, i.e. the ISA is assessed by their organisation according toa scheme such as the IEE/BCS Competency Guidelines for Safety-Related SystemPractitioners [1] or the Network Rail ISA Accreditation Scheme. The IPT should askfor any third-party audit of the scheme, which might be an ISO 9001 audit in the caseof the IEE/BCS scheme, or Network Rail’s audit in the case of their scheme.

• Assessment by a third-party independent organisation that designs a scheme andindependently assesses the ISA. Currently the only third-party scheme in the UK isthe CASS (Conformity Assessment of Safety-related Systems) scheme, and there arevery few registrants under the scheme.

of 75


9 Scopes of work

1) This section sets out scopes of work for ISA services. The Safety Audit aspect of the ISArole is defined in Section 5.2 and the generic Safety Advice aspect is defined in Section 5.3. Theorganisational interfaces with other organisation are described in Section 6.

2) The ISA produces a number of documents during the course of the Safety Audit, and theseare listed in Section 9.1.

3) Detailed scopes of work covering the CADMID lifecycle phases are tabulated inSection 9.2. The scopes of work cover both safety and environmental protection. Where thetable entries refer to the environment in which the system operates, the term “operatingenvironment” is used.

4) The particular issues relating to legacy systems are described in Section 9.3.

5) Section 9.4 describes how the ISA work items change with the maturity of the contractor’scombined SEMS, Section 9.5 addresses the variation with safety integrity requirements, andSection 9.6 discusses the impact of other procurement models.

9.1 General ISA documentation

1) Irrespective of the lifecycle phase, the ISA should produce the following documents:

Deliverable Comment

ISA Plan This should cover: the scope of the ISA work; aprogramme of work related to major project milestones;management and control including ISA staff competency;the strategy for the audit; and discussion of any specialissues. It should be updated at reasonable intervals, forexample at the start of a new project phase.

Progress reports Reports summarising progress against the ISA Plan ascontracted. These will be produced according to thedemands of the project but may, typically, be on aquarterly basis.

of 75


Deliverable Comment

ISA Reports These should be produced prior to major programmemilestones, such as the start of trials and acceptance intoservice. Normally they will follow a new version of thesafety case. They should typically contain: an assessmentof the safety argument; a short summary of the ISA’sactivities since the previous report; references to thedocuments produced; references to the documentsexamined; a discussion of any particular safety issues;and conclusions and recommendations on the safety ofthe activities covered by the safety case. Reference to therequirements of domain-specific JSPs should be made.

In some sectors (e.g. the ship sector), the ISA Report isincluded within the Safety Case Report.

In the air sector, the ISA Report is a customer report thatinforms Release to Service and provides crew advice.

Document reviews The ISA’s reviews of safety documents should bereported.

Audit reports Safety audits should be documented.

Analysis reports Any analyses carried out by the ISA should bedocumented.

Papers giving advice Advice should always be generic (see Section 5.3).Advice may be given verbally, but substantive adviceshould be documented in written papers.

2) According to the sector, the ISA may be asked to sign documents produced by thecontractor to indicate that they have been reviewed or endorsed by the ISA. The relevant safetymanagement JSP will provide details. The contract with the ISA should make it clear if this isrequired.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2

Sco

pes o

f wor

k by

life

cycl

e ph

ase

1)

This

sect

ion

of th

e gu

idan

ce se

ts o

ut g

ener

ic sc

opes

of w

ork

for I

SA se

rvic

es a

ccor

ding

to th

e ph

ase

in th

e C

AD

MID

life

cycl

e. L

ifecy

cle

phas

e is

the

mai

n pa

ram

eter

aff

ectin

g th

e sc

opes

of w

ork.

Indi

vidu

al p

roje

cts m

ay o

f cou

rse

depa

rt fr

om th

e st

rict d

efin

ition

of t

hese

pha

ses,

in w

hich

cas

e th

eIS

A sc

opes

shou

ld b

e ad

just

ed a

ccor

ding

to th

e sa

fety

cas

es to

be

prod

uced

.

2)

The

activ

ities

that

the

ISA

will

und

erta

ke a

t eac

h ph

ase

are

brie

fly su

mm

aris

ed in

Tab

le 1

.

Con

cept

Ass

essm

ent

Dem

onst

ratio

nM

anuf

actu

ring

In-s

ervi

ceD

ispo

sal

Ass

ess s

afet

y an

den

viro

nmen

tal

requ

irem

ents

incl

udin

g in

itial

safe

ty c

ase

Ass

ist w

ith S

OW

Aud

it IP

T’s S

MS

orco

mbi

ned

SEM

S

Atte

nd sa

fety

com

mitt

ees

Ass

ess s

afet

y an

den

viro

nmen

tal

requ

irem

ents

incl

udin

gin

itial

safe

ty c

ase

Ass

ess t

ende

rre

spon

ses f

or sa

fety

Aud

it co

ntra

ctor

(s)

Aud

it IP

T’s S

MS

orco

mbi

ned

SEM

S

Atte

nd sa

fety

com

mitt

ees

Ass

ess c

hang

es to

safe

ty a

nden

viro

nmen

tal

requ

irem

ents

Ass

ess &

aud

itco

ntra

ctor

’s sa

fety

wor

k in

clud

ing

safe

tyca

se

Ass

ess t

ende

rre

spon

ses f

or sa

fety

Aud

it IP

T’s S

MS

orco

mbi

ned

SEM

S

Atte

nd sa

fety

com

mitt

ees

Ass

ess c

hang

es to

safe

ty a

nden

viro

nmen

tal

requ

irem

ents

Ass

ess &

aud

itco

ntra

ctor

’s sa

fety

wor

k in

clud

ing

safe

tyca

se

Ass

ess i

n-se

rvic

esa

fety

cas

e

Aud

it IP

T’s/

Ope

ratin

gA

utho

rity’

s SM

S or

com

bine

d SE

MS

Atte

nd sa

fety

com

mitt

ees

Ass

ess c

hang

es to

safe

ty a

nden

viro

nmen

tal

legi

slat

ion

Mon

itor i

n-se

rvic

epe

rfor

man

ce

Ass

ess i

n-se

rvic

esa

fety

cas

e or

lega

cysa

fety

app

rais

al

Aud

it IP

T’s/

Ope

ratin

gA

utho

rity’

s SM

S or

com

bine

d SE

MS

Atte

nd sa

fety

com

mitt

ees

Ass

ess d

ispo

sal s

afet

yca

se

Ass

ist w

ithco

mpe

titio

n fo

rdi

spos

al

Ass

ess &

aud

itdi

spos

al c

ontra

ctor

’ssa

fety

wor

k in

clud

ing

safe

ty c

ase

Aud

it IP

T’s S

MS

orco

mbi

ned

SEM

S fo

rdi

spos

al

Atte

nd sa

fety

com

mitt

ees

Tab

le 1

: Sum

mar

y of

ISA

act

iviti

es th

roug

h th

e lif

ecyc

le

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

3)

In th

e se

ctio

ns b

elow

, eac

h lif

ecyc

le p

hase

is a

ddre

ssed

in a

self-

cont

aine

d su

bsec

tion

tabu

latin

g th

e sa

fety

evi

denc

e, th

e re

late

d IS

A w

ork

item

, the

outp

uts p

rodu

ced

by th

e IS

A, a

nd th

e cu

stom

er o

r ben

efic

iary

for t

he o

utpu

ts. T

he ta

bles

are

div

ided

by

safe

ty c

laim

, and

list

the

evid

ence

that

shou

ld b

epr

ovid

ed b

y th

e co

ntra

ctor

or I

PT to

supp

ort e

ach

clai

m. T

he sa

fety

cla

ims f

or e

ach

phas

e ar

e ill

ustra

ted

in A

ppen

dix

A. N

ote

that

the

fact

that

sepa

rate

safe

ty c

laim

s and

evi

denc

e ar

e sh

own

in th

e ta

bles

doe

s not

mea

n th

at se

para

te d

ocum

ents

are

nec

essa

rily

prod

uced

for e

ach.

4)

Cle

arly

the

ISA

’s w

ork

incr

ease

s in

prop

ortio

n to

the

risk

and

com

plex

ity o

f the

syst

em. T

his i

s bas

ical

ly b

ecau

se th

e sa

fety

arg

umen

t is m

ore

exte

nsiv

e an

d de

taile

d fo

r hig

h ris

k or

hig

h co

mpl

exity

syst

ems.

Bro

adly

spea

king

, the

leve

l of S

afet

y A

udit

will

var

y as

follo

ws:

• A

safe

ty a

rgum

ent o

f the

com

plex

ity il

lust

rate

d in

App

endi

x A

will

requ

ire c

ompr

ehen

sive

inde

pend

ent S

afet

y A

udit

by a

n IS

A te

am,

parti

cula

rly th

roug

h th

e as

sess

men

t, de

mon

stra

tion

and

man

ufac

ture

pha

ses.

• A

sim

pler

safe

ty a

rgum

ent i

s lik

ely

to b

e su

ffic

ient

if, f

or e

xam

ple,

the

safe

ty re

quire

men

ts a

re e

ntire

ly c

odifi

ed in

stan

dard

s suc

h as

the

Dis

play

Scr

een

Reg

ulat

ions

or t

he IE

E W

iring

Reg

ulat

ions

. The

re w

ill th

en b

e no

func

tiona

l saf

ety

aspe

cts t

o th

e sa

fety

arg

umen

t and

the

occu

patio

nal s

afet

y as

pect

s will

sim

ply

invo

lve

show

ing

com

plia

nce

to th

e ap

plic

able

stan

dard

s. Th

e A

LAR

P ar

gum

ent w

ill b

e co

nfor

man

ceto

goo

d pr

actic

e. T

he re

duce

d sa

fety

arg

umen

t tha

t app

lies i

n th

is c

ase

mea

ns th

at a

hig

her-

leve

l Saf

ety

Aud

it by

an

indi

vidu

al is

like

ly to

be

suff

icie

nt.

• If

the

cont

ract

or’s

safe

ty w

ork

is p

oor,

or if

they

hav

e an

imm

atur

e co

mbi

ned

SEM

S, p

ropo

rtion

atel

y m

ore

wor

k w

ill b

e re

quire

d fo

r a g

iven

safe

ty a

rgum

ent,

as d

escr

ibed

in S

ectio

n 9.

4.

• If

the

syst

em is

hig

hly

safe

ty-r

elat

ed o

r saf

ety-

criti

cal,

deep

er in

depe

nden

t ana

lysi

s will

be

requ

ired,

as d

escr

ibed

in S

ectio

n 9.

5.

• Fo

r lar

ge p

roje

cts,

subs

yste

ms w

ill o

ften

have

thei

r ow

n sa

fety

cas

es. T

he o

vera

ll sa

fety

arg

umen

t will

be

sim

ilar t

o a

smal

ler p

roje

ct, b

ut w

illne

ed to

be

asse

mbl

ed fr

om th

e se

ctio

ns o

f the

arg

umen

t in

the

subs

idia

ry c

ases

. Thi

s may

requ

ire e

xtra

gui

danc

e an

d re

view

cyc

les b

y th

eIS

A, a

nd in

terf

acin

g w

ith IS

As f

or su

per-

syst

em o

r sub

syst

em IP

Ts.

• So

me

of th

e Sa

fety

Aud

it fu

nctio

ns c

an b

e co

vere

d by

oth

er o

rgan

isat

ions

. The

way

that

in-h

ouse

org

anis

atio

ns m

ay b

e ab

le to

supp

ort t

hew

ork

of th

e IS

A, l

eadi

ng to

a re

duce

d ne

ed fo

r Saf

ety

Aud

its, i

s des

crib

ed in

Sec

tion

5.1.

2. S

omet

imes

, an

MoD

qua

lity

assu

ranc

ere

pres

enta

tive

is a

ssig

ned

to a

con

tract

or, a

nd th

ey m

ay b

e ab

le to

liai

se w

ith th

e IS

A to

car

ry o

ut so

me

of th

e “t

radi

tiona

l” a

udit

func

tions

.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Espe

cial

ly o

n la

rge

proj

ects

, the

IPT

may

rece

ive

supp

ort f

rom

oth

er o

rgan

isat

ions

and

con

tract

ors i

n th

e sa

fety

are

a (e

.g. t

o w

itnes

s tes

ts),

inw

hich

cas

e th

e IS

A m

ay re

ason

ably

dec

ide

to re

ly o

n th

e co

nclu

sion

s of t

hese

oth

er o

rgan

isat

ions

rath

er th

an fo

rm a

n op

inio

n di

rect

ly.

5)

Som

e w

ork

item

s (e.

g. a

udit

of sa

fety

requ

irem

ents

ana

lysi

s pro

cess

) are

show

n at

eac

h ph

ase

at w

hich

they

mig

ht b

e ca

rrie

d ou

t. In

pra

ctic

e, th

eIS

A m

ight

cho

ose

not t

o ca

rry

out c

erta

in w

ork

item

s at e

very

pha

se if

few

pro

blem

s had

bee

n fo

und

at p

revi

ous p

hase

s. Th

e ra

tiona

le fo

r the

wor

kite

ms t

o be

und

erta

ken

shou

ld b

e re

cord

ed in

the

ISA

Pla

n fo

r the

pha

se.

6)

Whe

re IS

A o

utpu

ts (e

.g. t

he IS

A R

epor

t) ar

e sh

own

as su

pplie

d to

org

anis

atio

ns a

part

from

the

IPT

and

the

rele

vant

SM

O (e

.g. t

o te

nder

ers o

r the

Ope

ratin

g A

utho

rity)

, it i

s im

plic

it th

at th

ey w

ill b

e su

pplie

d vi

a th

e IP

T.

7)

Ther

e m

ay b

e do

mai

n sp

ecifi

c va

riatio

ns in

the

prec

ise

info

rmat

ion

and

evid

ence

that

may

be

prov

ided

at e

ach

phas

e, b

ut th

e in

form

atio

n in

the

tabl

es p

rovi

des a

reas

onab

le su

mm

ary

of w

hat t

he re

latio

nshi

p is

bet

wee

n th

e IP

T an

d th

e IS

A.

8)

A ta

ble

is a

lso

prov

ided

of t

he o

rgan

isat

ions

to w

hich

the

ISA

shou

ld in

terf

ace

at e

ach

lifec

ycle

pha

se.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2.

1 C

once

pt p

hase

1)

At t

his p

hase

, the

safe

ty re

quire

men

ts a

re d

evel

oped

in c

onju

nctio

n w

ith C

usto

mer

1, a

s par

t of t

he b

usin

ess c

ase

for I

nitia

l Gat

e. S

afet

y sh

ould

be

addr

esse

d in

the

draf

ting

of th

e U

RD

. The

safe

ty c

omm

ittee

will

typi

cally

be

set u

p at

this

pha

se.

2)

As i

llust

rate

d in

App

endi

x A

, the

ISA

act

iviti

es a

t thi

s pha

se p

rinci

pally

cov

er th

e de

finiti

on o

f the

safe

ty re

quire

men

ts, c

onfir

mat

ion

that

the

safe

tyre

quire

men

ts a

re a

chie

vabl

e, a

nd th

eir f

low

into

the

UR

D. T

he sc

ope

of w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Saf

ety

and

envi

ronm

enta

l req

uire

men

ts c

orre

ctly

cap

ture

d an

d va

lidat

ed

Safe

ty a

nd e

nviro

nmen

tal r

equi

rem

ents

anal

ysis

(e.g

. PH

L, P

HA

)C

heck

ana

lysi

s.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, a

chie

vabi

lity,

con

form

ance

to st

anda

rds a

ndle

gisl

atio

n.

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT

Safe

ty a

nd e

nviro

nmen

tal t

oler

abili

tycr

iteria

Che

ck a

naly

sis.

Rev

iew

repo

rt fo

r con

form

ance

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Che

ck fo

r agr

eem

ent w

ith c

riter

iafr

om si

mila

r pro

ject

s.

Doc

umen

ted

revi

ew.

IPT

Syst

em a

nd o

pera

ting

envi

ronm

ent

desc

riptio

nC

heck

des

crip

tion

is su

ffic

ient

ly c

ompr

ehen

sive

for t

here

ader

to u

nder

stan

d th

e sa

fety

arg

umen

t.In

clud

ed in

abo

ve re

view

s.IP

T

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Con

tract

ual s

afet

y an

d en

viro

nmen

tal

requ

irem

ents

(ini

tial s

afet

y ca

se, s

afet

yca

se re

port

and

UR

D).

Rev

iew

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

achi

evab

ility

, con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Che

ck th

at e

vide

nce

likel

y to

be

need

ed fo

r sub

sequ

ent

safe

ty a

rgum

ents

is c

ontra

cted

for.

Doc

umen

ted

revi

ew.

IPT

Safe

ty c

laim

: IPT

’s sa

fety

man

agem

ent i

s ade

quat

e

IPT’

s com

bine

d SE

MS

incl

udin

g Sa

fety

Man

agem

ent P

lan

for c

once

pt p

hase

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT

MoD

’s sa

fety

org

anis

atio

nA

ttend

safe

ty c

omm

ittee

to d

iscu

ss sa

fety

pro

gres

s, ra

ise

and

disc

uss s

afet

y is

sues

, com

men

t on

safe

ty c

ase

and

supp

ortin

g do

cum

ents

and

ana

lyse

s, ag

ree

tole

rabi

lity

ofris

ks.

—Sa

fety

com

mitt

ee m

embe

rs

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2.

2 A

sses

smen

t pha

se

1)

The

safe

ty re

quire

men

ts a

re fu

rther

dev

elop

ed a

t thi

s pha

se. S

afet

y sh

ould

be

addr

esse

d in

the

draf

ting

of th

e SR

D.

2)

Som

e pr

ogra

mm

es c

omm

ence

wor

k as

soci

ated

with

the

Dem

onst

ratio

n Ph

ase

in th

is p

hase

, and

ther

efor

e be

gin

to e

xpan

d th

e sa

fety

cas

e to

cov

erth

ose

activ

ities

.

3)

As i

llust

rate

d in

App

endi

x A

, the

ISA

act

iviti

es c

ontin

ue to

cov

er th

e de

finiti

on o

f the

safe

ty re

quire

men

ts. T

he IS

A c

an h

ave

a va

luab

le ro

le in

asse

ssin

g th

e te

nder

s for

safe

ty, p

artic

ular

ly th

e pr

opos

ed sa

fety

arg

umen

t for

the

safe

ty c

ase

in th

e D

evel

opm

ent P

hase

. Fol

low

ing

sele

ctio

n of

the

cont

ract

or o

r con

tract

ors,

the

ISA

will

ass

ess t

heir

wor

k fo

r saf

ety

durin

g th

e as

sess

men

t pha

se.

4)

See

Sect

ion

9.5

for a

dditi

onal

item

s tha

t may

be

requ

ired

for h

igh

safe

ty in

tegr

ity sy

stem

s.

5)

The

scop

e of

the

ISA

’s w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Gen

eral

item

s (re

ferr

ing

to a

ny/a

ll in

divi

dual

cla

ims)

Initi

al (C

once

pt) s

afet

y ca

se re

port

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Doc

umen

ted

revi

ew.

IPT

Safe

ty c

ase

repo

rt fo

r Ass

essm

ent P

hase

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Sam

ples

of e

vide

nce

Div

erse

ana

lysi

s, w

itnes

sing

, int

ervi

ewin

g, tr

acea

bilit

ych

ecks

, ver

tical

slic

es a

nd in

spec

tion

at th

e di

scre

tion

ofth

e IS

A.

Res

ults

doc

umen

ted

inw

orki

ng p

aper

s or I

SAR

epor

t

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Saf

ety

and

envi

ronm

enta

l req

uire

men

ts c

orre

ctly

cap

ture

d an

d va

lidat

ed

Safe

ty a

nd e

nviro

nmen

tal r

equi

rem

ents

anal

ysis

(e.g

. PH

L, P

HA

)C

heck

ana

lysi

s.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT

Safe

ty a

nd e

nviro

nmen

tal t

oler

abili

tycr

iteria

Che

ck a

naly

sis.

Rev

iew

repo

rt fo

r con

form

ance

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Che

ck fo

r agr

eem

ent w

ith c

riter

iafr

om si

mila

r pro

ject

s.

Doc

umen

ted

revi

ew.

IPT

Syst

em a

nd o

pera

ting

envi

ronm

ent

desc

riptio

nC

heck

des

crip

tion

is su

ffic

ient

ly c

ompr

ehen

sive

for t

here

ader

to u

nder

stan

d th

e sa

fety

arg

umen

t.In

clud

ed in

abo

ve re

view

s.IP

T

Con

tract

ual s

afet

y an

d en

viro

nmen

tal

requ

irem

ents

(SR

D).

Rev

iew

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

conf

orm

ance

to st

anda

rds a

nd le

gisl

atio

n.

Che

ck th

at e

vide

nce

likel

y to

be

need

ed fo

r sub

sequ

ent

safe

ty a

rgum

ents

is c

ontra

cted

for.

Doc

umen

ted

revi

ewIP

T

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Equ

ipm

ent m

eets

safe

ty a

nd e

nvir

onm

enta

l req

uire

men

ts

Tend

erer

s’ sa

fety

subm

issi

ons

Rev

iew

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

conf

orm

ance

to st

anda

rds a

nd le

gisl

atio

n.

Che

ck to

lera

bilit

y cr

iteria

for c

onfo

rman

ce to

stan

dard

san

d sa

fety

man

agem

ent p

lan.

Che

ck fo

r agr

eem

ent w

ithcr

iteria

from

sim

ilar p

roje

cts.

Che

ck a

naly

sis.

Che

ck th

at e

vide

nce

is li

kely

to b

e fo

rthco

min

g (e

.g. i

nth

e lig

ht o

f sof

twar

e de

velo

pmen

t pla

n).

Iden

tify

any

area

s of p

roje

ct ri

sk fr

om sa

fety

.

Doc

umen

ted

tend

eras

sess

men

ts.

IPT

Safe

ty a

naly

sis a

dequ

ate

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

per

sonn

el c

ompe

tenc

e.

Doc

umen

ted

tend

eras

sess

men

ts a

nd a

udit

repo

rts.

IPT,

con

tract

or

ALA

RP

asse

ssm

ent

Che

ck a

rgum

ents

for c

ompl

ianc

e w

ith re

leva

nt st

anda

rds

and

HSE

gui

danc

e.In

clud

ed in

doc

umen

tre

view

s or I

SA R

epor

t.IP

T, c

ontra

ctor

, SM

O (I

SAR

epor

t onl

y) w

here

appl

icab

le

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

occ

upat

iona

l saf

ety

requ

irem

ents

Occ

upat

iona

l des

ign

stan

dard

sC

heck

for c

ompl

eten

ess a

nd a

pplic

abili

ty.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Incl

uded

in d

ocum

ent

revi

ews o

r ISA

Rep

ort.

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

OH

HA

and

OSH

A (i

f phy

sica

l des

ign

and

user

/mai

ntai

ner m

anua

ls su

ffic

ient

lyad

vanc

ed a

t thi

s pha

se)

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it pr

oces

s for

com

plia

nce

to le

gisl

atio

n, st

anda

rds

and

safe

ty m

anag

emen

t pla

n.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Subc

laim

: Equ

ipm

ent m

eets

env

iron

men

tal r

equi

rem

ents

Envi

ronm

enta

l im

pact

ana

lysi

sR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent a

nd/o

r env

ironm

enta

l pla

n.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

safe

ty re

quir

emen

ts fo

r dat

a an

d co

mm

ands

Har

dwar

e sa

fety

ana

lyse

sC

heck

ana

lyse

s for

app

licab

ility

and

cor

rect

ness

.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ym

odel

ling.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Softw

are

safe

ty a

naly

ses

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ygr

owth

mod

ellin

g.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

Hum

an fa

ctor

s ana

lyse

sA

udit

hum

an fa

ctor

s wor

ksho

ps e

tc. t

o ch

eck

cond

ucte

din

acc

orda

nce

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Poss

ibly

car

ry o

ut d

iver

se a

naly

sis o

f HC

I for

safe

ty.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

CO

TS it

ems

Rev

iew

CO

TS sa

fety

just

ifica

tion.

Con

side

r fea

sibi

lity

and

suff

icie

ncy

of p

ropo

sals

for

CO

TS a

ssur

ance

.

Poss

ibly

car

ry o

ut re

liabi

lity

anal

ysis

.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

is.

IPT,

con

tract

or

Safe

ty c

laim

: IPT

’s sa

fety

man

agem

ent i

s ade

quat

e

IPT’

s com

bine

d SE

MS,

incl

udin

g Sa

fety

Man

agem

ent (

and

Envi

ronm

enta

lM

anag

emen

t ) P

lan

for a

sses

smen

t pha

se

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT

MoD

’s sa

fety

org

anis

atio

nA

ttend

safe

ty c

omm

ittee

to d

iscu

ss sa

fety

pro

gres

s, ra

ise

and

disc

uss s

afet

y is

sues

, com

men

t on

safe

ty c

ase

and

supp

ortin

g do

cum

ents

and

ana

lyse

s, ag

ree

tole

rabi

lity

ofris

ks.

—Sa

fety

com

mitt

ee m

embe

rs

Safe

ty c

laim

: Con

trac

tor’

s saf

ety

man

agem

ent i

s ade

quat

e

Tend

erer

s’ c

ombi

ned

SEM

SR

evie

w fo

r con

form

ance

to st

anda

rds.

Tend

er a

sses

smen

t.IP

T, te

nder

er

Sele

cted

con

tract

ors

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

Tend

erer

sR

espo

nd to

tend

er q

uerie

s and

form

ulat

e su

pple

men

tary

ques

tions

as n

eces

sary

.

Sele

cted

con

tract

or o

r con

tract

ors

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.2.

Des

ign

Aut

horit

y (w

hen

not I

PT o

rco

ntra

ctor

)In

terf

ace

as d

escr

ibed

in S

ectio

n 6.

6.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2.

3 D

emon

stra

tion

phas

e

1)

Gen

eral

ly th

e pr

ime

cont

ract

or w

ill b

e se

lect

ed d

urin

g th

is p

hase

, and

dev

elop

men

t wor

k w

ill c

omm

ence

. The

ISA

can

hav

e a

valu

able

role

inas

sess

ing

the

tend

ers f

or sa

fety

, par

ticul

arly

the

prop

osed

safe

ty a

rgum

ent f

or th

e sa

fety

cas

e. F

ollo

win

g se

lect

ion

of th

e pr

ime

cont

ract

or, t

he IS

A w

illas

sess

thei

r wor

k fo

r saf

ety

durin

g th

e de

mon

stra

tion

and

man

ufac

ture

pha

ses.

2)

At t

his p

hase

, the

safe

ty re

quire

men

ts w

ill b

e flo

wed

to su

bsys

tem

s and

com

pone

nts,

and

deriv

ed sa

fety

requ

irem

ents

iden

tifie

d.

3)

See

Sect

ion

9.5

for a

dditi

onal

item

s tha

t may

be

requ

ired

for h

igh

safe

ty in

tegr

ity sy

stem

s.

4)

The

scop

e of

the

ISA

’s w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Gen

eral

item

s (re

ferr

ing

to a

ny/a

ll in

divi

dual

cla

ims)

Safe

ty c

ase

repo

rtR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.D

ocum

ente

d re

view

.IP

T, c

ontra

ctor

Sam

ples

of e

vide

nce

Div

erse

ana

lysi

s, w

itnes

sing

, int

ervi

ewin

g, tr

acea

bilit

ych

ecks

, ver

tical

slic

es a

nd in

spec

tion

at th

e di

scre

tion

ofth

e IS

A.

Res

ults

doc

umen

ted

inw

orki

ng p

aper

s or I

SAR

epor

t

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Saf

ety

and

envi

ronm

enta

l req

uire

men

ts c

orre

ctly

cap

ture

d an

d va

lidat

ed

Safe

ty a

nd e

nviro

nmen

tal r

equi

rem

ents

anal

ysis

Rev

iew

cha

nges

and

der

ived

requ

irem

ents

for

corr

ectn

ess,

com

plet

enes

s, co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Che

ck a

naly

sis.

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Safe

ty a

nd e

nviro

nmen

tal t

oler

abili

tycr

iteria

Rev

iew

cha

nges

and

flow

to su

bsys

tem

s for

conf

orm

ance

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Che

ck fo

r agr

eem

ent w

ith c

riter

ia fr

om si

mila

r pro

ject

s.

Che

ck a

naly

sis.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Syst

em a

nd o

pera

ting

envi

ronm

ent

desc

riptio

nC

heck

des

crip

tion

is su

ffic

ient

ly c

ompr

ehen

sive

for t

here

ader

to u

nder

stan

d th

e sa

fety

arg

umen

t.In

clud

ed in

abo

ve re

view

s.IP

T, c

ontra

ctor

Con

tract

ual s

afet

y an

d en

viro

nmen

tal

requ

irem

ents

(SR

D).

Rev

iew

cha

nges

and

der

ived

requ

irem

ents

for

corr

ectn

ess,

com

plet

enes

s, co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Che

ck th

at e

vide

nce

likel

y to

be

need

ed fo

r sub

sequ

ent

safe

ty a

rgum

ents

is c

ontra

cted

for.

Doc

umen

ted

revi

ewIP

T, c

ontra

ctor

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Equ

ipm

ent m

eets

safe

ty a

nd e

nvir

onm

enta

l req

uire

men

ts

Tend

erer

s’ sa

fety

subm

issi

ons

Rev

iew

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

conf

orm

ance

to st

anda

rds a

nd le

gisl

atio

n.

Che

ck to

lera

bilit

y cr

iteria

for c

onfo

rman

ce to

stan

dard

san

d sa

fety

man

agem

ent p

lan.

Che

ck fo

r agr

eem

ent w

ithcr

iteria

from

sim

ilar p

roje

cts.

Che

ck a

naly

sis.

Che

ck th

at e

vide

nce

likel

y to

be

forth

com

ing

(e.g

. in

the

light

of s

oftw

are

deve

lopm

ent p

lan)

.

Iden

tify

any

area

s of p

roje

ct ri

sk fr

om sa

fety

.

Doc

umen

ted

tend

eras

sess

men

ts.

IPT

Safe

ty a

naly

sis a

dequ

ate

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

per

sonn

el c

ompe

tenc

e.

Doc

umen

ted

tend

eras

sess

men

ts a

nd a

udit

repo

rts.

IPT,

con

tract

or

ALA

RP

asse

ssm

ent

Che

ck a

rgum

ents

for c

ompl

ianc

e w

ith re

leva

nt st

anda

rds

and

HSE

gui

danc

e.In

clud

ed in

doc

umen

tre

view

s or I

SA R

epor

t.IP

T, c

ontra

ctor

, SM

O (I

SAR

epor

t onl

y) w

here

appl

icab

le

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

occ

upat

iona

l saf

ety

requ

irem

ents

Occ

upat

iona

l des

ign

stan

dard

sC

heck

for c

ompl

eten

ess a

nd a

pplic

abili

ty.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Incl

uded

in d

ocum

ent

revi

ews o

r ISA

Rep

ort.

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

OH

HA

and

OSH

AR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Aud

it pr

oces

s for

com

plia

nce

to le

gisl

atio

n, st

anda

rds

and

safe

ty m

anag

emen

t pla

n.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Subc

laim

: Equ

ipm

ent m

eets

env

iron

men

tal r

equi

rem

ents

Envi

ronm

enta

l im

pact

ana

lysi

sR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent a

nd/o

r env

ironm

enta

l man

agem

ent p

lan.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

safe

ty re

quir

emen

ts fo

r dat

a an

d co

mm

ands

Har

dwar

e sa

fety

ana

lyse

sC

heck

ana

lyse

s for

app

licab

ility

and

cor

rect

ness

.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ym

odel

ling.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Softw

are

safe

ty a

naly

ses

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ygr

owth

mod

ellin

g.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

Hum

an fa

ctor

s ana

lyse

sA

udit

hum

an fa

ctor

s wor

ksho

ps e

tc. t

o ch

eck

cond

ucte

din

acc

orda

nce

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Poss

ibly

car

ry o

ut d

iver

se a

naly

sis o

f HC

I for

safe

ty.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

CO

TS it

ems

Con

side

r fea

sibi

lity

and

suff

icie

ncy

of p

ropo

sals

for

CO

TS a

ssur

ance

.

Rev

iew

CO

TS sa

fety

just

ifica

tion.

Poss

ibly

car

ry o

ut re

liabi

lity

anal

ysis

.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n C

OTS

issu

es a

nd d

iver

se a

naly

sis.

IPT,

con

tract

or

Safe

ty c

laim

: IPT

’s sa

fety

man

agem

ent i

s ade

quat

e

IPT’

s Saf

ety

Man

agem

ent S

yste

m,

incl

udin

g Sa

fety

Man

agem

ent P

lan

for

dem

onst

ratio

n ph

ase

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT

MoD

’s sa

fety

org

anis

atio

nA

ttend

safe

ty c

omm

ittee

to d

iscu

ss sa

fety

pro

gres

s, ra

ise

and

disc

uss s

afet

y is

sues

, com

men

t on

safe

ty c

ase

and

supp

ortin

g do

cum

ents

and

ana

lyse

s, ag

ree

tole

rabi

lity

ofris

ks.

—Sa

fety

com

mitt

ee m

embe

rs

Safe

ty c

laim

: Con

trac

tor’

s saf

ety

man

agem

ent i

s ade

quat

e

Tend

erer

s’ c

ombi

ned

SEM

SR

evie

w fo

r con

form

ance

to st

anda

rds.

Tend

er a

sses

smen

t.IP

T, te

nder

er

Con

tract

or’s

com

bine

d SE

MS

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT,

con

tract

or

Con

tract

or’s

safe

ty o

rgan

isat

ion

Atte

nd sa

fety

com

mitt

ees t

o di

scus

s saf

ety

prog

ress

,ra

ise

and

disc

uss s

afet

y is

sues

, com

men

t on

safe

ty c

ase

and

supp

ortin

g do

cum

ents

and

ana

lyse

s, ag

ree

tole

rabi

lity

of ri

sks.

—Sa

fety

com

mitt

ee m

embe

rs

Con

tract

or’s

safe

ty m

anag

emen

t pla

nR

evie

w fo

r con

form

ance

to st

anda

rds.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

Sele

cted

prim

e co

ntra

ctor

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.2.

Des

ign

Aut

horit

y (w

hen

not I

PT o

rco

ntra

ctor

)In

terf

ace

as d

escr

ibed

in S

ectio

n 6.

6.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2.

4 M

anuf

actu

ring

pha

se

1)

In th

is p

hase

, sys

tem

dev

elop

men

t and

pro

duct

ion

is c

ompl

eted

and

acc

epta

nce

take

s pla

ce. T

he sa

fety

cas

e is

exp

ande

d by

dev

elop

ing

oper

atin

gas

pect

s.

2)

The

ISA

act

iviti

es a

re sh

own

in A

ppen

dix

A. T

he w

ork

conc

entra

tes o

n th

e de

taile

d sa

fety

arg

umen

t tha

t the

syst

em m

eets

its s

afet

y re

quire

men

ts.

3)

In th

e ai

r sec

tor,

the

ISA

’s o

rgan

isat

iona

l int

erfa

ce is

with

the

Rel

ease

to S

ervi

ce A

utho

rity

rath

er th

an th

e O

pera

ting

Aut

horit

y.

4)

See

Sect

ion

9.5

for a

dditi

onal

item

s tha

t may

be

requ

ired

for h

igh

safe

ty in

tegr

ity sy

stem

s.

5)

The

scop

e of

the

ISA

’s w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Gen

eral

item

s (re

ferr

ing

to a

ny/a

ll in

divi

dual

cla

ims)

Safe

ty c

ase

repo

rtR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.D

ocum

ente

d re

view

.IP

T, c

ontra

ctor

Safe

ty c

ase

repo

rt fo

r ope

ratio

n (o

r In-

serv

ice

Phas

e)R

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Che

ck a

dequ

acy

and

cove

rage

of S

OPs

and

trai

ning

.

Doc

umen

ted

revi

ew.

IPT,

Ope

ratin

g A

utho

rity

Sam

ples

of e

vide

nce

Div

erse

ana

lysi

s, w

itnes

sing

, int

ervi

ewin

g, tr

acea

bilit

ych

ecks

, ver

tical

slic

es a

nd in

spec

tion

at th

e di

scre

tion

ofth

e IS

A.

Res

ults

doc

umen

ted

inw

orki

ng p

aper

s or I

SAR

epor

t

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Saf

ety

and

envi

ronm

enta

l req

uire

men

ts c

orre

ctly

cap

ture

d an

d va

lidat

ed

Safe

ty a

nd e

nviro

nmen

tal r

equi

rem

ents

anal

ysis

Rev

iew

cha

nges

and

der

ived

requ

irem

ents

for

corr

ectn

ess,

com

plet

enes

s, co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Che

ck a

naly

sis.

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Safe

ty a

nd e

nviro

nmen

tal t

oler

abili

tycr

iteria

Rev

iew

cha

nges

and

flow

to su

bsys

tem

s for

conf

orm

ance

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Che

ck fo

r agr

eem

ent w

ith c

riter

ia fr

om si

mila

r pro

ject

s.

Che

ck a

naly

sis.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Syst

em a

nd o

pera

ting

envi

ronm

ent

desc

riptio

nC

heck

any

cha

nges

to d

escr

iptio

n.In

clud

ed in

abo

ve re

view

s.IP

T, c

ontra

ctor

Con

tract

ual s

afet

y an

d en

viro

nmen

tal

requ

irem

ents

(SR

D).

Rev

iew

cha

nges

and

der

ived

requ

irem

ents

for

corr

ectn

ess,

com

plet

enes

s, co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Che

ck th

at e

vide

nce

likel

y to

be

need

ed fo

r sub

sequ

ent

safe

ty a

rgum

ents

is c

ontra

cted

for.

Doc

umen

ted

revi

ewIP

T, c

ontra

ctor

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Equ

ipm

ent m

eets

safe

ty a

nd e

nvir

onm

enta

l req

uire

men

ts

Safe

ty a

naly

sis a

dequ

ate

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

per

sonn

el c

ompe

tenc

e.

Doc

umen

ted

tend

eras

sess

men

ts a

nd a

udit

repo

rts.

IPT,

con

tract

or

ALA

RP

asse

ssm

ent

Che

ck a

rgum

ents

for c

ompl

ianc

e w

ith re

leva

nt st

anda

rds

and

HSE

gui

danc

e.In

clud

ed in

doc

umen

tre

view

s or I

SA R

epor

t.IP

T, c

ontra

ctor

, SM

O (I

SAR

epor

t onl

y) w

here

appl

icab

le

Subc

laim

: Equ

ipm

ent m

eets

occ

upat

iona

l saf

ety

requ

irem

ents

Occ

upat

iona

l des

ign

stan

dard

sC

heck

for c

ompl

eten

ess a

nd a

pplic

abili

ty.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Incl

uded

in d

ocum

ent

revi

ews o

r ISA

Rep

ort.

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

OH

HA

and

OSH

AR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Aud

it pr

oces

s for

com

plia

nce

to le

gisl

atio

n, st

anda

rds

and

safe

ty m

anag

emen

t pla

n.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

env

iron

men

tal r

equi

rem

ents

Envi

ronm

enta

l im

pact

ana

lysi

sR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent a

nd/o

r env

ironm

enta

l pla

n.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Subc

laim

: Equ

ipm

ent m

eets

safe

ty re

quir

emen

ts fo

r dat

a an

d co

mm

ands

Har

dwar

e sa

fety

ana

lyse

sC

heck

ana

lyse

s for

app

licab

ility

and

cor

rect

ness

.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ym

odel

ling.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

Softw

are

safe

ty a

naly

ses

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Aud

it fo

r com

plia

nce

to le

gisl

atio

n, st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ygr

owth

mod

ellin

g.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Hum

an fa

ctor

s ana

lyse

sA

udit

hum

an fa

ctor

s wor

ksho

ps e

tc. t

o ch

eck

cond

ucte

din

acc

orda

nce

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Poss

ibly

car

ry o

ut d

iver

se a

naly

sis o

f HC

I for

safe

ty.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

CO

TS it

ems

Con

side

r fea

sibi

lity

and

suff

icie

ncy

of p

ropo

sals

for

CO

TS a

ssur

ance

.

Rev

iew

CO

TS sa

fety

just

ifica

tion.

Poss

ibly

car

ry o

ut re

liabi

lity

anal

ysis

.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n C

OTS

issu

es a

nd d

iver

se a

naly

sis.

IPT,

con

tract

or

Safe

ty c

laim

: IPT

’s a

nd O

pera

ting

Aut

hori

ty’s

safe

ty m

anag

emen

t is a

dequ

ate

IPT’

s Saf

ety

Man

agem

ent S

yste

m,

incl

udin

g Sa

fety

Man

agem

ent P

lan

for

Man

ufac

turin

g Ph

ase

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port

IPT

MoD

’s sa

fety

org

anis

atio

nA

ttend

safe

ty c

omm

ittee

to d

iscu

ss sa

fety

pro

gres

s, ra

ise

and

disc

uss s

afet

y is

sues

, com

men

t on

safe

ty c

ase

and

supp

ortin

g do

cum

ents

and

ana

lyse

s, ag

ree

tole

rabi

lity

ofris

ks.

—Sa

fety

com

mitt

ee m

embe

rs

Safe

ty c

laim

: Con

trac

tor’

s saf

ety

man

agem

ent i

s ade

quat

e

Con

tract

or’s

com

bine

d SE

MS

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Con

tract

or’s

safe

ty o

rgan

isat

ion

Atte

nd sa

fety

com

mitt

ees t

o di

scus

s saf

ety

prog

ress

,ra

ise

and

disc

uss s

afet

y is

sues

, com

men

t on

safe

ty c

ase

and

supp

ortin

g do

cum

ents

and

ana

lyse

s, ag

ree

tole

rabi

lity

of ri

sks.

—Sa

fety

com

mitt

ee m

embe

rs

Con

tract

or’s

safe

ty m

anag

emen

t pla

nR

evie

w c

hang

es fo

r con

form

ance

to st

anda

rds.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

Sele

cted

prim

e co

ntra

ctor

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.2.

Des

ign

Aut

horit

y (w

hen

not I

PT o

rco

ntra

ctor

)In

terf

ace

as d

escr

ibed

in S

ectio

n 6.

6.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2.

5 In

-ser

vice

pha

se

1)

In th

is p

hase

, the

IPT

mai

ntai

ns th

e le

vels

of p

erfo

rman

ce a

gree

d w

ith it

s cus

tom

ers a

nd c

arrie

s out

app

rove

d up

grad

es o

r im

prov

emen

ts, r

efits

or

acqu

isiti

on in

crem

ents

. The

ISA

may

be

cont

ract

ed in

a st

and-

by ro

le o

n a

limit

of li

abili

ty c

ontra

ct, o

r eng

aged

onl

y w

hen

a sa

fety

issu

e em

erge

s. Th

eIS

A’s

role

is to

mon

itor i

n-se

rvic

e pe

rfor

man

ce to

see

if th

e sy

stem

mee

ts it

s saf

ety

requ

irem

ents

, and

to id

entif

y w

eakn

esse

s in

the

prec

edin

g w

ork

that

only

bec

ome

appa

rent

in se

rvic

e.

2)

Furth

er d

evel

opm

ent w

ork

or a

cha

nge

of ro

le w

ill in

volv

e ch

ange

s to

the

safe

ty a

rgum

ent,

whi

ch w

ill re

quire

ISA

act

ion

as d

escr

ibed

for t

hepr

evio

us p

hase

s.

3)

Safe

ty a

nd e

nviro

nmen

tal r

equi

rem

ents

may

cha

nge

in-s

ervi

ce d

ue to

cha

nges

to th

e sy

stem

, its

role

, leg

isla

tion,

pol

icy,

etc

.

4)

Dep

endi

ng o

n th

e se

ctor

, the

IPT

may

not

be

able

to c

ontra

ct fo

r Saf

ety

Aud

it of

the

Ope

ratin

g A

utho

rity’

s com

bine

d SE

MS.

In th

at c

ase,

the

ISA

’sin

terf

ace

with

the

Ope

ratin

g A

utho

rity

and

DR

AC

AS/

FRA

CA

S da

ta w

ill b

e th

roug

h th

e in

-ser

vice

safe

ty c

omm

ittee

.

5)

In th

e ai

r sec

tor,

the

ISA

’s o

rgan

isat

iona

l int

erfa

ce is

with

the

Rel

ease

to S

ervi

ce A

utho

rity

rath

er th

an th

e O

pera

ting

Aut

horit

y.

6)

The

scop

e of

the

ISA

’s w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Gen

eral

item

s (re

ferr

ing

to a

ny/a

ll in

divi

dual

cla

ims)

Safe

ty c

ase

repo

rt fo

r ope

ratio

n (o

r In-

serv

ice

Phas

e)R

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.

Che

ck a

dequ

acy

and

cove

rage

of S

OPs

and

trai

ning

.

Doc

umen

ted

revi

ew.

IPT,

Ope

ratin

g A

utho

rity,

CLS

con

tract

or (i

fap

plic

able

)

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Saf

ety

and

envi

ronm

enta

l req

uire

men

ts c

orre

ctly

cap

ture

d an

d va

lidat

ed

Con

tract

ual s

afet

y an

d en

viro

nmen

tal

requ

irem

ents

.R

evie

w th

e lig

ht o

f new

or r

evis

ed le

gisl

atio

n,“g

rand

fath

er ri

ghts

”.D

ocum

ente

d re

view

.IP

T, O

pera

ting

Aut

horit

y,C

LS c

ontra

ctor

(if

appl

icab

le)

Safe

ty c

laim

: IPT

’s sa

fety

man

agem

ent i

s ade

quat

e

IPT’

s Saf

ety

Man

agem

ent S

yste

m,

incl

udin

g Sa

fety

Man

agem

ent P

lan

for I

n-se

rvic

e Ph

ase

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT

MoD

’s in

-ser

vice

safe

ty o

rgan

isat

ion

Atte

nd sa

fety

com

mitt

ee to

dis

cuss

in-s

ervi

ce sa

fety

issu

es fr

om D

RA

CA

S, ra

ise

and

disc

uss s

afet

y is

sues

,co

mm

ent o

n up

date

s to

safe

ty c

ase

and

supp

ortin

gdo

cum

ents

and

ana

lyse

s, ag

ree

cont

inue

d to

lera

bilit

y of

risks

.

—Sa

fety

com

mitt

ee m

embe

rs

Safe

ty c

laim

: Ope

ratin

g A

utho

rity

’s sa

fety

man

agem

ent i

s ade

quat

e

DR

AC

AS/

FRA

CA

SR

evie

w d

ata.

Aud

it pr

oces

s for

con

form

ance

to st

anda

rds.

Mon

itor c

orre

ctiv

e ac

tion.

Aud

it re

port.

IPT,

Ope

ratin

g A

utho

rity,

CLS

con

tract

or (i

fap

plic

able

)

Safe

ty c

laim

: CLS

con

trac

tor’

s saf

ety

man

agem

ent i

s ade

quat

e (w

here

app

oint

ed)

Con

tract

or’s

com

bine

d SE

MS

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT,

CLS

con

tract

or

Con

tract

or’s

safe

ty m

anag

emen

t pla

nR

evie

w fo

r con

form

ance

to st

anda

rds.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

If u

pgra

des o

r im

prov

emen

ts, r

efits

or

acqu

isiti

on in

crem

ents

ISA

wor

k ite

m

Safe

ty a

rgum

ent c

hang

esA

s for

pre

cedi

ng p

hase

s.

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

CLS

con

tract

or (i

f app

licab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.2.

Des

ign

Aut

horit

y (w

hen

not I

PT o

rco

ntra

ctor

)In

terf

ace

as d

escr

ibed

in S

ectio

n 6.

6.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.2.

6 D

ispo

sal p

hase

1)

Plan

ned

disp

osal

invo

lves

the

effic

ient

, eff

ectiv

e an

d sa

fe d

ispo

sal o

f the

syst

em. D

ispo

sal s

houl

d co

nsid

er b

oth

end-

of-li

fe a

nd p

ost-a

ccid

ent c

ases

.B

oth

shou

ld b

e ad

dres

sed

by th

e or

igin

al p

lans

but

, whe

re th

ese

wer

e pr

oduc

ed so

me

time

prev

ious

ly, t

hey

shou

ld b

e re

view

ed fo

r ade

quac

y pr

ior t

odi

spos

al o

r per

iodi

cally

as a

ppro

pria

te. W

here

dis

posa

l is s

impl

e an

d th

ere

are

no c

hang

es to

the

appl

icab

le le

gisl

atio

n, it

may

not

be

nece

ssar

y to

empl

oy a

n IS

A.

2)

The

scop

e of

the

ISA

’s w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

ase

repo

rt fo

r dis

posa

lR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.D

ocum

ente

d re

view

.IP

T, O

pera

ting

Aut

horit

y,di

spos

al/C

LS c

ontra

ctor

(if

appl

icab

le)

Safe

ty c

laim

: Dis

posa

l is s

afe

IPT’

s Saf

ety

Man

agem

ent S

yste

m, i

nc.

Safe

ty M

anag

emen

t Pla

n fo

r dis

posa

lph

ase

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT

Dis

posa

l fol

low

s pla

nIf

com

petit

ion

for d

ispo

sal,

revi

ew S

OW

and

tend

erre

spon

ses.

Rev

iew

dis

posa

l saf

ety

case

.

Aud

it di

spos

al c

ontra

ctor

’s S

MS.

Doc

umen

ted

revi

ew.

IPT,

Ope

ratin

g A

utho

rity,

disp

osal

/CLS

con

tract

or (i

fap

plic

able

)

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

Dis

posa

l/CLS

con

tract

or (i

f app

licab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.2.

Des

ign

Aut

horit

y (w

hen

not I

PT o

rco

ntra

ctor

)In

terf

ace

as d

escr

ibed

in S

ectio

n 6.

6.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.3

Leg

acy

syst

ems

1)

This

sect

ion

cons

ider

s the

ISA

role

for l

egac

y sy

stem

s, an

d sp

ecifi

cally

whe

re a

retro

spec

tive

safe

ty a

ppra

isal

is to

be

carr

ied

out b

y a

cont

ract

or.

2)

The

scop

e of

the

ISA

’s w

ork

is a

s fol

low

s:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Gen

eral

item

s (re

ferr

ing

to a

ny/a

ll in

divi

dual

cla

ims)

Ret

rosp

ectiv

e sa

fety

app

rais

al/ s

afet

y ca

seR

evie

w c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

conf

orm

ance

to st

anda

rds a

nd le

gisl

atio

n. C

heck

that

repo

rt is

pro

porti

onat

e to

risk

from

syst

em a

nd re

mai

ning

time

in se

rvic

e.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Sam

ples

of e

vide

nce

Div

erse

ana

lysi

s, w

itnes

sing

, int

ervi

ewin

g, tr

acea

bilit

ych

ecks

, ver

tical

slic

es a

nd in

spec

tion

at th

e di

scre

tion

ofth

e IS

A.

Res

ults

doc

umen

ted

inw

orki

ng p

aper

s or I

SAR

epor

t

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Saf

ety

and

envi

ronm

enta

l req

uire

men

ts c

orre

ctly

cap

ture

d an

d va

lidat

ed

Safe

ty a

nd e

nviro

nmen

tal r

equi

rem

ents

anal

ysis

Rev

iew

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy

and

conf

orm

ance

to st

anda

rds.

Rev

iew

aga

inst

app

licab

le le

gisl

atio

n be

arin

g in

min

dtim

e of

intro

duct

ion

into

serv

ice.

Che

ck a

naly

sis.

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Safe

ty a

nd e

nviro

nmen

tal t

oler

abili

tycr

iteria

Rev

iew

for c

onfo

rman

ce to

stan

dard

s and

safe

tym

anag

emen

t pla

n. C

heck

for a

gree

men

t with

crit

eria

from

sim

ilar p

roje

cts.

Con

side

r app

licat

ion

of“g

rand

fath

er ri

ghts

” fo

r equ

ipm

ent i

n se

rvic

e fo

r sev

eral

year

s or m

ore.

Che

ck if

“tim

e at

risk

” is

pro

perly

cons

ider

ed.

Che

ck a

naly

sis.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Syst

em a

nd o

pera

ting

envi

ronm

ent

desc

riptio

nC

heck

des

crip

tion

is su

ffic

ient

ly c

ompr

ehen

sive

for t

here

ader

to u

nder

stan

d th

e sa

fety

arg

umen

t.In

clud

ed in

abo

ve re

view

s.IP

T, c

ontra

ctor

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Equ

ipm

ent m

eets

safe

ty a

nd e

nvir

onm

enta

l req

uire

men

ts

Safe

ty a

naly

sis a

dequ

ate

Aud

it an

alys

is p

roce

ss fo

r con

form

ance

to st

anda

rds a

ndsa

fety

man

agem

ent p

lan.

Atte

nd a

naly

sis m

eetin

gs to

che

ck c

ondu

cted

inac

cord

ance

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

per

sonn

el c

ompe

tenc

e.

Doc

umen

ted

audi

t rep

orts

.IP

T, c

ontra

ctor

ALA

RP

asse

ssm

ent

Che

ck a

rgum

ents

for c

ompl

ianc

e w

ith re

leva

nt st

anda

rds

and

HSE

gui

danc

e.In

clud

ed in

doc

umen

tre

view

s or I

SA R

epor

t.IP

T, c

ontra

ctor

, SM

O (I

SAR

epor

t onl

y) w

here

appl

icab

le

Subc

laim

: Equ

ipm

ent m

eets

occ

upat

iona

l saf

ety

requ

irem

ents

Occ

upat

iona

l des

ign

stan

dard

sC

heck

for c

ompl

eten

ess a

nd a

pplic

abili

ty.

Aud

it fo

r com

plia

nce

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Rev

iew

aga

inst

app

licab

le le

gisl

atio

n be

arin

g in

min

dtim

e of

intro

duct

ion

into

serv

ice.

Incl

uded

in d

ocum

ent

revi

ews o

r ISA

Rep

ort.

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

OH

HA

and

OSH

AR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy

and

conf

orm

ance

to st

anda

rds.

Rev

iew

aga

inst

app

licab

le le

gisl

atio

n be

arin

g in

min

dtim

e of

intro

duct

ion

into

serv

ice.

Aud

it ag

ains

t sta

ndar

ds a

nd sa

fety

man

agem

ent p

lan.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

env

iron

men

tal r

equi

rem

ents

Envi

ronm

enta

l im

pact

ana

lysi

sR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy

and

conf

orm

ance

to st

anda

rds.

Rev

iew

aga

inst

app

licab

le le

gisl

atio

n be

arin

g in

min

dtim

e of

intro

duct

ion

into

serv

ice.

Aud

it fo

r com

plia

nce

to st

anda

rds a

nd sa

fety

and

/or

envi

ronm

enta

l man

agem

ent p

lan.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Subc

laim

: Equ

ipm

ent m

eets

safe

ty re

quir

emen

ts fo

r dat

a an

d co

mm

ands

Har

dwar

e sa

fety

ana

lyse

sR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy

and

conf

orm

ance

to st

anda

rds.

Aud

it fo

r com

plia

nce

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ym

odel

ling.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Softw

are

safe

ty a

naly

ses

Aud

it fo

r com

plia

nce

to st

anda

rds a

nd sa

fety

man

agem

ent p

lan.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s, co

nsis

tenc

yan

d co

nfor

man

ce to

stan

dard

s.

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ygr

owth

mod

ellin

g.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

Hum

an fa

ctor

s ana

lyse

sR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy

and

conf

orm

ance

to st

anda

rds.

Rev

iew

aga

inst

app

licab

le le

gisl

atio

n be

arin

g in

min

dtim

e of

intro

duct

ion

into

serv

ice.

Poss

ibly

car

ry o

ut d

iver

se a

naly

sis o

f HC

I for

safe

ty.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

CO

TS it

ems

Rev

iew

CO

TS sa

fety

just

ifica

tion.

Poss

ibly

car

ry o

ut re

liabi

lity

anal

ysis

.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n C

OTS

issu

es a

nd d

iver

se a

naly

sis.

IPT,

con

tract

or

Safe

ty c

laim

: IPT

’s sa

fety

man

agem

ent i

s ade

quat

e

IPT’

s Saf

ety

Man

agem

ent S

yste

m, i

nc.

Safe

ty M

anag

emen

t Pla

n fo

r in-

serv

ice

phas

e

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

MoD

’s sa

fety

org

anis

atio

nA

ttend

safe

ty c

omm

ittee

to d

iscu

ss in

-ser

vice

safe

tyis

sues

from

DR

AC

AS,

rais

e an

d di

scus

s saf

ety

issu

es,

com

men

t on

upda

tes t

o sa

fety

cas

e an

d su

ppor

ting

docu

men

ts a

nd a

naly

ses,

agre

e co

ntin

ued

tole

rabi

lity

ofris

ks.

—Sa

fety

com

mitt

ee m

embe

rs

Safe

ty c

laim

: Con

trac

tor’

s saf

ety

man

agem

ent i

s ade

quat

e

Con

tract

or’s

com

bine

d SE

MS

Aud

it fo

r con

form

ance

to st

anda

rds.

Aud

it re

port.

IPT,

con

tract

or

Con

tract

or’s

safe

ty m

anag

emen

t pla

nR

evie

w fo

r con

form

ance

to st

anda

rds.

Doc

umen

ted

revi

ew.

IPT,

con

tract

or

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

IPT

Prod

uce

plan

s and

repo

rts li

sted

in S

ectio

n 9.

1.

Supp

ly g

ener

ic a

dvic

e.

Atte

nd a

d-ho

c m

eetin

gs a

nd re

spon

d to

gen

eral

que

ries.

Con

tract

orIn

terf

ace

as d

escr

ibed

in S

ectio

n 6.

2.

Des

ign

Aut

horit

y (w

hen

not I

PT o

rco

ntra

ctor

)In

terf

ace

as d

escr

ibed

in S

ectio

n 6.

6.

Cus

tom

er o

rgan

isat

ions

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.3.

SMO

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.4.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Org

anis

atio

nal i

nter

face

sIS

A w

ork

item

Reg

ulat

ory/

certi

ficat

ion

bodi

es (w

here

appl

icab

le)

Inte

rfac

e as

des

crib

ed in

Sec

tion

6.5.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

9.4

Var

iatio

n w

ith m

atur

ity o

f con

trac

tor’

s com

bine

d SE

MS

1)

The

maj

or e

ffec

t of a

n im

mat

ure

cont

ract

or’s

com

bine

d SE

MS

or p

oor s

afet

y cu

lture

is th

at th

e IS

A w

ork

item

s lis

ted

abov

e w

ill ta

ke lo

nger

toco

mpl

ete,

rath

er th

an th

at n

ew w

ork

item

s will

be

requ

ired.

Are

as th

at h

ave

been

foun

d to

be

gene

rally

pro

blem

atic

are

:

• Th

e sa

fety

arg

umen

t is i

mpl

icit

rath

er th

an e

xplic

it, a

nd p

oorly

stru

ctur

ed. T

he IS

A th

en h

as to

par

ticip

ate

in m

ore

docu

men

t rev

iew

cyc

les,

espe

cial

ly fo

r the

safe

ty c

ase

repo

rt, a

nd a

lso

has t

o pr

ovid

e ge

neric

gui

danc

e on

app

licab

le st

anda

rds a

nd a

ccep

tabl

e sa

fety

arg

umen

ts.

• To

lera

bilit

y of

risk

is in

cons

iste

nt w

ith c

ompa

rabl

e pr

ojec

ts. T

his i

nvol

ves t

he IS

A in

add

ition

al w

ork

nego

tiatin

g ch

ange

s in

the

tole

rabi

lity

crite

ria.

• Te

chni

cal a

spec

ts o

f the

safe

ty a

naly

sis a

re p

oorly

don

e. P

artic

ular

pro

blem

s are

con

fusi

on b

etw

een

haza

rds a

nd a

ccid

ents

, jud

gem

ents

of

ALA

RP,

and

com

plet

enes

s of h

azar

d an

alys

is. T

his i

nvol

ves t

he IS

A in

mor

e do

cum

ent r

evie

w c

ycle

s and

det

aile

d an

alys

is o

f iss

ues s

uch

asso

ftwar

e re

liabi

lity.

9.5

Var

iatio

n w

ith sa

fety

inte

grity

requ

irem

ents

1)

The

ISA

role

will

be

prop

ortio

nate

ly m

ore

exte

nsiv

e fo

r hig

h sa

fety

inte

grity

syst

ems.

This

is b

ecau

se th

e sa

fety

arg

umen

t will

be

mor

e in

volv

ed,

with

eac

h cl

aim

typi

cally

bei

ng su

ppor

ted

by se

vera

l div

erse

form

s of e

vide

nce.

For

exa

mpl

e, v

ery

high

inte

grity

avi

onic

s sof

twar

e w

ould

nor

mal

lyha

ve it

s saf

ety

clai

m fo

r cor

rect

ness

of d

ata

and

com

man

ds su

ppor

ted

by a

naly

sis,

exte

nsiv

e te

stin

g an

d pr

oces

s evi

denc

e. O

n th

e ot

her h

and,

a lo

win

tegr

ity c

omm

and

and

cont

rol s

yste

m m

ight

rely

on

a sm

alle

r am

ount

of t

estin

g pl

us p

roce

ss e

vide

nce.

2)

The

ISA

wor

k ite

ms c

anno

t be

accu

rate

ly sc

oped

unt

il th

e sa

fety

arg

umen

t is c

lear

and

ther

efor

e it

is h

ighl

y de

sira

ble

for t

ende

rers

’ saf

ety

subm

issi

ons t

o in

clud

e an

out

line

of th

e sa

fety

arg

umen

t.

3)

Add

ition

al IS

A w

ork

item

s for

hig

h sa

fety

inte

grity

syst

ems t

ypic

ally

incl

ude:

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

safe

ty re

quir

emen

ts fo

r dat

a an

d co

mm

ands

Softw

are

stat

ic a

naly

sis o

r pro

ofTe

chni

cal r

evie

w.

Poss

ibly

sele

cted

div

erse

ana

lyse

s.

Doc

umen

ted

revi

ew/

wor

king

pap

er.

IPT,

con

tract

or

Aut

omat

ed te

stin

gTe

chni

cal r

evie

w o

f tes

t rep

ort.

Che

ck c

over

age

and

real

ism

.

Doc

umen

ted

revi

ew/

wor

king

pap

er.

IPT,

con

tract

or

Hig

h qu

ality

dev

elop

men

t pro

cess

Aud

it fo

r con

form

ance

to st

anda

rds.

Che

ck e

vide

nce

for e

ffec

tiven

ess.

Doc

umen

ted

revi

ew/

wor

king

pap

er.

IPT,

con

tract

or

Faul

t tol

eran

t or f

ail s

afe

desi

gnTe

chni

cal r

evie

w o

f des

ign

desc

riptio

n.

Che

ck e

vide

nce

for e

ffec

tiven

ess a

nd c

over

age.

Doc

umen

ted

revi

ew/

wor

king

pap

er.

IPT,

con

tract

or

Safe

ty m

onito

r pro

vide

d fo

r CO

TS it

ems

Ana

lyse

for c

over

age

of fa

ilure

mod

es.

Doc

umen

ted

revi

ew/

wor

king

pap

er.

IPT,

con

tract

or

Har

dwar

e m

anuf

actu

ring

proc

ess

Aud

it fo

r cor

resp

onde

nce

betw

een

hard

war

e ite

ms a

ndde

sign

.D

ocum

ente

d re

view

/w

orki

ng p

aper

.IP

T, c

ontra

ctor

9.6

Oth

er p

rocu

rem

ent m

odel

s

1)

The

basi

c sa

fety

arg

umen

t illu

stra

ted

in A

ppen

dix

A is

the

sam

e fo

r all

proc

urem

ent m

odel

s. H

owev

er, t

he e

vide

nce

is li

kely

to b

e di

ffer

ent f

orot

her p

rocu

rem

ent m

odel

s suc

h as

fore

ign

proc

urem

ent,

espe

cial

ly w

here

it su

ppor

ts th

e sa

fety

arg

umen

t for

dev

elop

men

t. A

lso,

for s

uch

proc

urem

ents

,

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

it m

ay n

ot b

e po

ssib

le to

neg

otia

te th

e sa

me

degr

ee o

f ISA

acc

ess a

s for

a b

espo

ke d

evel

opm

ent.

The

safe

ty c

ase

for t

he sy

stem

shou

ld e

xpla

in h

ow th

edi

ffer

ent t

ypes

of e

vide

nce

adeq

uate

ly su

ppor

t the

safe

ty c

laim

s.

2)

Poss

ible

pro

cure

men

t mod

els a

re:

• Fo

reig

n pr

ocur

emen

t—Th

e em

phas

is w

ill b

e on

issu

es o

f tra

nsla

tion

of th

e sa

fety

arg

umen

t to

the

UK

regi

me.

• Jo

int p

rocu

rem

ent—

Ther

e w

ill b

e in

tera

ctio

ns w

ith th

e ot

her p

rocu

ring

auth

oriti

es w

ho m

ay h

ave

thei

r ow

n pa

rticu

lar c

once

rns,

in o

rder

topl

ace

a si

ngle

set o

f dem

ands

on

the

cont

ract

or. T

his m

ay st

art a

t an

early

pha

se: “

safe

ty re

quire

men

ts c

aptu

red

and

valid

ated

”.

• PP

P/PF

I—Th

e sa

fety

arg

umen

t is b

asic

ally

una

ffec

ted

in th

is ty

pe o

f pro

cure

men

t. If

a sy

stem

is b

eing

pro

cure

d, th

e co

ntra

ctor

dev

elop

s the

syst

em a

nd th

en le

ases

it to

the

Cus

tom

er ra

ther

than

tran

sfer

ring

it ou

trigh

t, bu

t the

con

tract

or sh

ould

pro

vide

a sa

fety

cas

e as

in th

e ba

sic

proc

urem

ent m

odel

. If a

serv

ice

(e.g

. tra

inin

g) is

bei

ng p

rovi

ded,

the

cont

ract

or sh

ould

pro

duce

a sa

fety

cas

e co

verin

g bu

ildin

gs, e

quip

men

tan

d pr

oced

ures

; dep

endi

ng o

n th

e sp

ecifi

c si

tuat

ion,

this

may

be

the

sam

e as

for a

bas

ic p

rocu

rem

ent o

r for

a le

gacy

syst

em.

• O

ff-th

e-sh

elf-

syst

ems—

This

is a

n ex

trem

e ex

ampl

e of

CO

TS c

ompo

nent

s.

3)

In th

ese

othe

r pro

cure

men

t mod

els,

the

ISA

wor

k ite

ms f

or d

evel

opm

ent m

ay in

clud

e th

e fo

llow

ing:

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Gen

eral

item

s (re

ferr

ing

to a

ny/a

ll in

divi

dual

cla

ims)

Safe

ty c

ase

repo

rtR

evie

w re

port

for c

orre

ctne

ss, c

ompl

eten

ess,

cons

iste

ncy,

con

form

ance

to st

anda

rds a

nd le

gisl

atio

n.D

ocum

ente

d re

view

.IP

T, c

ontra

ctor

Sam

ples

of e

vide

nce

Div

erse

ana

lysi

s, w

itnes

sing

, int

ervi

ewin

g, tr

acea

bilit

ych

ecks

, ver

tical

slic

es a

nd in

spec

tion

at th

e di

scre

tion

ofth

e IS

A, b

ut li

mite

d by

the

cont

ract

ual a

rran

gem

ents

for

acce

ss.

Res

ults

doc

umen

ted

inw

orki

ng p

aper

s or I

SAR

epor

t

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Safe

ty c

laim

: Equ

ipm

ent m

eets

safe

ty a

nd e

nvir

onm

enta

l req

uire

men

ts

Safe

ty a

naly

sis a

dequ

ate

Rev

iew

of d

evel

opm

ent s

tand

ards

for c

ompl

ianc

e w

ithU

K, E

urop

ean

and

inte

rnat

iona

l reg

ulat

ions

app

licab

le in

the

UK

. Rev

iew

any

act

iviti

es u

nder

take

n to

mak

e up

shor

tfalls

.

Rev

iew

per

sonn

el c

ompe

tenc

e.

Doc

umen

ted

repo

rts.

IPT,

con

tract

or

ALA

RP

asse

ssm

ent

Che

ck a

rgum

ents

for c

ompl

ianc

e w

ith re

leva

nt st

anda

rds

and

HSE

gui

danc

e.In

clud

ed in

doc

umen

tre

view

s or I

SA R

epor

t.IP

T, c

ontra

ctor

, SM

O (I

SAR

epor

t onl

y) w

here

appl

icab

le

Subc

laim

: Equ

ipm

ent m

eets

occ

upat

iona

l saf

ety

requ

irem

ents

Occ

upat

iona

l des

ign

stan

dard

sR

evie

w o

f des

ign

stan

dard

s for

com

plia

nce

with

UK

,Eu

rope

an a

nd in

tern

atio

nal r

egul

atio

ns a

pplic

able

in th

eU

K. R

evie

w a

ny a

ctiv

ities

und

erta

ken

to m

ake

upsh

ortfa

lls.

Incl

uded

in d

ocum

ent

revi

ews o

r ISA

Rep

ort.

IPT,

con

tract

or, S

MO

(ISA

Rep

ort o

nly)

whe

reap

plic

able

OH

HA

and

OSH

AR

evie

w fo

r com

plia

nce

with

UK

, Eur

opea

n an

din

tern

atio

nal r

egul

atio

ns a

pplic

able

in th

e U

K. R

evie

wan

y ac

tiviti

es u

nder

take

n to

mak

e up

shor

tfalls

. Rev

iew

activ

ities

to m

ake

up sh

ortfa

lls.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Subc

laim

: Equ

ipm

ent m

eets

env

iron

men

tal r

equi

rem

ents

Envi

ronm

enta

l im

pact

ana

lysi

sR

evie

w o

f env

ironm

enta

l sta

ndar

ds fo

r com

plia

nce

with

UK

, Eur

opea

n an

d in

tern

atio

nal r

egul

atio

ns a

pplic

able

inth

e U

K. R

evie

w a

ny a

ctiv

ities

und

erta

ken

to m

ake

upsh

ortfa

lls. R

evie

w a

ctiv

ities

to m

ake

up sh

ortfa

lls.

Rev

iew

repo

rt.

Doc

umen

ted

revi

ew.

Aud

it re

port.

IPT,

con

tract

or

Subc

laim

: Equ

ipm

ent m

eets

safe

ty re

quir

emen

ts fo

r dat

a an

d co

mm

ands

Har

dwar

e sa

fety

ana

lyse

sR

evie

w h

ardw

are

deve

lopm

ent p

lans

and

stan

dard

sag

ains

t UK

, Eur

opea

n an

d in

tern

atio

nal r

egul

atio

nsap

plic

able

in th

e U

K. R

evie

w a

ny a

ctiv

ities

und

erta

ken

to m

ake

up sh

ortfa

lls.

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ym

odel

ling,

CO

TS h

ardw

are

relia

bilit

y.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

Softw

are

safe

ty a

naly

ses

Rev

iew

softw

are

deve

lopm

ent p

lans

and

stan

dard

sag

ains

t UK

, Eur

opea

n an

d in

tern

atio

nal r

egul

atio

nsap

plic

able

in th

e U

K. R

evie

w a

ny a

ctiv

ities

und

erta

ken

to m

ake

up sh

ortfa

lls.

Che

ck a

naly

ses f

or a

pplic

abili

ty a

nd c

orre

ctne

ss.

Poss

ibly

car

ry o

ut d

iver

se a

naly

ses,

e.g.

relia

bilit

ygr

owth

mod

ellin

g, C

OTS

softw

are

relia

bilit

y.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Safe

ty e

vide

nce

ISA

wor

k ite

mIS

A o

utpu

t/del

iver

able

Cus

tom

er/b

enef

icia

ry

Hum

an fa

ctor

s ana

lyse

sA

udit

hum

an fa

ctor

s wor

ksho

ps e

tc. t

o ch

eck

cond

ucte

din

acc

orda

nce

with

stan

dard

s and

goo

d pr

actic

e.

Rev

iew

repo

rt fo

r cor

rect

ness

, com

plet

enes

s,co

nsis

tenc

y, c

onfo

rman

ce to

stan

dard

s and

legi

slat

ion.

Poss

ibly

car

ry o

ut d

iver

se a

naly

sis o

f HC

I for

safe

ty.

Doc

umen

ted

revi

ew.

Aud

it re

port.

Wor

king

pap

ers o

n di

vers

ean

alys

es.

IPT,

con

tract

or

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

App

endi

x A

Saf

ety

argu

men

t ove

r th

e lif

ecyc

le

1)

The

diag

ram

s on

the

follo

win

g pa

ges i

llust

rate

a ty

pica

l, co

mpl

ex sa

fety

arg

umen

t in

term

s of s

afet

y cl

aim

s (bl

ue o

vals

) and

evi

denc

e (p

urpl

ere

ctan

gles

). Fo

r “sy

stem

s of s

yste

ms”

, som

e of

the

evid

ence

will

be

cont

aine

d in

subs

idia

ry sa

fety

cas

es.

2)

The

Dis

posa

l Pha

se is

om

itted

for c

larit

y. It

is b

est t

reat

ed a

s a sm

all s

epar

ate

proj

ect,

build

ing

on th

e di

spos

al a

spec

ts o

f mai

n sa

fety

cas

e.

3)

The

term

SEM

S is

use

d in

the

diag

ram

s to

refe

r to

the

rele

vant

Saf

ety

Man

agem

ent a

nd E

nviro

nmen

tal M

anag

emen

t Sys

tem

s or w

here

app

ropr

iate

the

com

bine

d SE

MS.

4)

The

dia

gram

is r

epea

ted

for

each

life

cycl

e ph

ase

with

the

sect

ions

that

req

uire

ISA

ass

essm

ent s

hade

d. T

he d

iagr

am fo

r th

e In

-ser

vice

phas

e do

es n

ot c

over

new

dev

elop

men

t wor

k; th

e IS

A a

ctiv

ities

in th

at in

stan

ce a

re sh

own

in th

e M

anuf

actu

re P

hase

dia

gram

.

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Occ

upational

des

ign s

tandar

ds

Con

trol so

ftw

are

safe

ty a

naly

sis

Saf

ety

soft

ware

analy

sis

Pre

requis

ites

Equip

men

tm

eets

occ

upational

safe

tyre

quir

emen

ts

Hum

an f

act

ors

are

addre

ssed

Har

dw

are

is

safe

Des

ign f

or

occ

upational

safe

ty

The

equip

men

t is

adeq

uate

ly s

afe

and o

fadeq

uate

ly low

danger

to t

he

envi

ronm

ent,

in t

he

oper

ating c

onte

xtdef

ined

by

the

ass

um

ptions

and if

the

pre

requis

ites

are

met

, to

pro

vide

the

def

ined

cap

abili

ty

Sys

tem

&en

viro

nm

ent

des

crip

tion

Saf

ety

&en

viro

nm

enta

lcr

iter

ia

Saf

ety

&en

viro

nm

enta

lre

quir

emen

tsanaly

sis

Con

tract

ual

safe

ty &

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

safe

ty &

envi

ronm

enta

l re

quir

emen

ts

Envi

ronm

enta

lim

pac

t an

alys

is

Saf

ety

& e

nvi

ronm

enta

lre

quir

emen

ts c

orre

ctly

captu

red a

nd v

alid

ate

d

Equip

men

tm

eets

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

dat

a &

com

mand

requir

emen

ts

Con

tract

or's

SEM

Sis

adeq

uate

Saf

ety

analy

sis

adeq

uate

Hum

an f

act

ors

analy

sis

Har

dw

are

safe

tyanaly

sis

Appro

pri

ate

SEM

S a

nd

culture

of

safe

wor

king a

rein

pla

ce

IPT's

SEM

SC

ontr

act

or's

SEM

SIn

dep

enden

tSaf

ety

Audit

IPT's

SEM

Sis

adeq

uat

e

Oper

ating A

uth

ority'

sSEM

Sis

adeq

uat

e

FRAC

AS

Ass

um

ptions

ALA

RP

ass

essm

ent

Occ

upational

safe

ty a

naly

sis

Sof

tware

is

safe

Con

cept

pha

se

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Occ

upat

ional

des

ign s

tandard

sC

ontr

ol so

ftw

are

safe

ty a

nal

ysis

Saf

ety

soft

ware

analy

sis

Pre

requis

ites

Equip

men

tm

eets

occ

upational

safe

tyre

quir

emen

ts

Hum

an f

act

ors

are

addre

ssed

Har

dw

are

is

safe

Des

ign f

or

occ

upational

safe

ty

The

equip

men

t is

adeq

uate

ly s

afe

and o

fadeq

uat

ely

low

danger

to t

he

envi

ronm

ent,

in t

he

oper

ating c

onte

xtdef

ined

by

the

ass

um

ptions

and if

the

pre

requis

ites

are

met

, to

pro

vide

the

def

ined

cap

abili

ty

Sys

tem

&en

viro

nm

ent

des

crip

tion

Saf

ety

&en

viro

nm

enta

lcr

iter

ia

Saf

ety

&en

viro

nm

enta

lre

quir

emen

tsanaly

sis

Con

tract

ual

safe

ty &

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

saf

ety

&en

viro

nm

enta

l re

quir

emen

ts

Envi

ronm

enta

lim

pac

t an

alys

is

Saf

ety

& e

nvi

ronm

enta

lre

quir

emen

ts c

orr

ectly

captu

red a

nd v

alid

ate

d

Equip

men

tm

eets

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

dat

a &

com

mand

requir

emen

ts

Con

tract

or's

SEM

Sis

adeq

uat

e

Saf

ety

analy

sis

adeq

uat

e

Hum

an f

act

ors

analy

sis

Har

dw

are

safe

tyanaly

sis

Appro

pri

ate

SEM

S a

nd

culture

of

safe

wor

king a

rein

pla

ce

IPT's

SEM

SC

ontr

act

or's

SEM

SIn

dep

enden

tSaf

ety

Audit

IPT's

SEM

Sis

adeq

uat

e

Oper

ating A

uth

ority'

sSEM

Sis

adeq

uat

e

FRAC

AS

Ass

um

ption

s

ALA

RP

ass

essm

ent

Occ

upat

ional

safe

ty a

nal

ysis

Sof

tware

is

safe

Ass

essm

ent p

hase

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Occ

upat

ional

des

ign s

tandard

sC

ontr

ol so

ftw

are

safe

ty a

nal

ysis

Saf

ety

soft

ware

analy

sis

Pre

requis

ites

Equip

men

tm

eets

occ

upational

safe

tyre

quir

emen

ts

Hum

an f

act

ors

are

addre

ssed

Har

dw

are

is

safe

Des

ign f

or

occ

upational

safe

ty

The

equip

men

t is

adeq

uate

ly s

afe

and o

fadeq

uat

ely

low

danger

to t

he

envi

ronm

ent,

in t

he

oper

ating c

onte

xtdef

ined

by

the

ass

um

ptions

and if

the

pre

requis

ites

are

met

, to

pro

vide

the

def

ined

cap

abili

ty

Sys

tem

&en

viro

nm

ent

des

crip

tion

Saf

ety

&en

viro

nm

enta

lcr

iter

ia

Saf

ety

&en

viro

nm

enta

lre

quir

emen

tsanaly

sis

Con

tract

ual

safe

ty &

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

saf

ety

&en

viro

nm

enta

l re

quir

emen

ts

Envi

ronm

enta

lim

pac

t an

alys

is

Saf

ety

& e

nvi

ronm

enta

lre

quir

emen

ts c

orr

ectly

captu

red a

nd v

alid

ate

d

Equip

men

tm

eets

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

dat

a &

com

mand

requir

emen

ts

Con

tract

or's

SEM

Sis

adeq

uat

e

Saf

ety

analy

sis

adeq

uat

e

Hum

an f

act

ors

analy

sis

Har

dw

are

safe

tyanaly

sis

Appro

pri

ate

SEM

S a

nd

culture

of

safe

wor

king a

rein

pla

ce

IPT's

SEM

SC

ontr

act

or's

SEM

SIn

dep

enden

tSaf

ety

Audit

IPT's

SEM

Sis

adeq

uat

e

Oper

ating A

uth

ority'

sSEM

Sis

adeq

uat

e

FRAC

AS

Ass

um

ption

s

ALA

RP

ass

essm

ent

Occ

upat

ional

safe

ty a

nal

ysis

Sof

tware

is

safe

Dem

onst

ratio

n ph

ase

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Occ

upat

ional

des

ign s

tandar

ds

Con

trol so

ftw

are

safe

ty a

naly

sis

Saf

ety

soft

ware

analy

sis

Pre

requis

ites

Equip

men

tm

eets

occ

upational

safe

tyre

quir

emen

ts

Hum

an f

act

ors

are

addre

ssed

Har

dw

are

is

safe

Des

ign f

or

occ

upational

safe

ty

The

equip

men

t is

adeq

uate

ly s

afe

and o

fadeq

uat

ely

low

danger

to t

he

envi

ronm

ent,

in t

he

oper

ating c

onte

xtdef

ined

by

the

ass

um

ptions

and if

the

pre

requis

ites

are

met

, to

pro

vide

the

def

ined

cap

abili

ty

Sys

tem

&en

viro

nm

ent

des

crip

tion

Saf

ety

&en

viro

nm

enta

lcr

iter

ia

Saf

ety

&en

viro

nm

enta

lre

quir

emen

tsanaly

sis

Con

tract

ual

safe

ty &

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

safe

ty &

envi

ronm

enta

l re

quir

emen

ts

Envi

ronm

enta

lim

pac

t an

alys

is

Saf

ety

& e

nvi

ronm

enta

lre

quir

emen

ts c

orre

ctly

captu

red a

nd v

alid

ate

d

Equip

men

tm

eets

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

dat

a &

com

mand

requir

emen

ts

Con

tract

or's

SEM

Sis

adeq

uat

e

Saf

ety

analy

sis

adeq

uat

e

Hum

an f

act

ors

analy

sis

Har

dw

are

safe

tyanaly

sis

Appro

pri

ate

SEM

S a

nd

culture

of

safe

wor

king a

rein

pla

ce

IPT's

SEM

SC

ontr

act

or's

SEM

SIn

dep

enden

tSaf

ety

Audit

IPT's

SEM

Sis

adeq

uat

e

Oper

ating A

uth

ority'

sSEM

Sis

adeq

uat

e

FRAC

AS

Ass

um

ptions

ALA

RP

ass

essm

ent

Occ

upat

ional

safe

ty a

naly

sis

Sof

tware

is

safe

Man

ufac

ture

pha

se

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

Occ

upat

ional

des

ign s

tandar

ds

Con

trol so

ftw

are

safe

ty a

naly

sis

Saf

ety

soft

ware

analy

sis

Pre

requis

ites

Equip

men

tm

eets

occ

upational

safe

tyre

quir

emen

ts

Hum

an f

act

ors

are

addre

ssed

Har

dw

are

is

safe

Des

ign f

or

occ

upational

safe

ty

The

equip

men

t is

adeq

uate

ly s

afe

and o

fadeq

uat

ely

low

danger

to t

he

envi

ronm

ent,

in t

he

oper

ating c

onte

xtdef

ined

by

the

ass

um

ptions

and if

the

pre

requis

ites

are

met

, to

pro

vide

the

def

ined

cap

abili

ty

Sys

tem

&en

viro

nm

ent

des

crip

tion

Saf

ety

&en

viro

nm

enta

lcr

iter

ia

Saf

ety

&en

viro

nm

enta

lre

quir

emen

tsanaly

sis

Con

tract

ual

safe

ty &

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

safe

ty &

envi

ronm

enta

l re

quir

emen

ts

Envi

ronm

enta

lim

pac

t an

alys

is

Saf

ety

& e

nvi

ronm

enta

lre

quir

emen

ts c

orre

ctly

captu

red a

nd v

alid

ate

d

Equip

men

tm

eets

envi

ronm

enta

lre

quir

emen

ts

Equip

men

t m

eets

dat

a &

com

mand

requir

emen

ts

Con

tract

or's

SEM

Sis

adeq

uat

e

Saf

ety

analy

sis

adeq

uat

e

Hum

an f

act

ors

analy

sis

Har

dw

are

safe

tyanaly

sis

Appro

pri

ate

SEM

S a

nd

culture

of

safe

wor

king a

rein

pla

ce

IPT's

SEM

SC

ontr

act

or's

SEM

SIn

dep

enden

tSaf

ety

Audit

IPT's

SEM

Sis

adeq

uat

e

Oper

ating A

uth

ority'

sSEM

Sis

adeq

uat

e

FRAC

AS

Ass

um

ptions

ALA

RP

ass

essm

ent

Occ

upat

ional

safe

ty a

naly

sis

Sof

tware

is

safe

In-s

ervi

ce p

hase

of 7

5

Vers

ion

1.0

date

d 1 Ju

ne, 2

004

guidance for integrated project teams for use in ... · document reference stg/181/1/9/1 version...

Documents