BY ORDER OF THE AIR FORCE PAMPHLET 91-215 SECRETARY ...
BY ORDER OF THE AIR FORCE PAMPHLET 91-215 SECRETARY ... BY ORDER OF THE AIR FORCE PAMPHLET 91-215 SECRETARY ...
Figure A2.38. Example ETBA. Scenario: The supervisor of a maintenance facility has just investigated a serious incident involving one of his personnel who received a serious shock while using a portable power drill in the maintenance area. The tool involved used a standard three prong plug. Investigation revealed that the tool and the receptacle were both functioning properly. The individual was shocked when he was holding the tool and made contact with a piece of metal electrical conduit (same one his drill was plugged into) that had become energized as a result of an internal fault. As a result the current flowed through the individual to the tool and through the grounded tool to ground resulting in the severe shock. The supervisor decides to fully assess the control of electrical energy in this area. Option 1. Three prong tool. Electrical energy flow is from the source through an insulated wire, to the tool, to a single insulated electric motor. In the event of an internal fault the flow is from the case of the tool through the ground wire to ground through the grounded third prong through a properly grounded receptacle. Threats: Receptacle not properly grounded, third prong removed, person provides lower path of resistance, break in any of the ground paths (case, cord, plug, receptacle). These threats are serious in terms of the frequency encountered in the work environment and might be expected to be present in 10% or more cases. Option 2. Double insulated tool. The tool is not grounded. Protection is provided by double insulating the complete flow of electrical energy at all points in the tool. In the event of an internal fault, there are two layers of insulation protection between the fault and the person preventing shorting through the user. Threats: If the double layers of insulation are damaged as a result of extended use, rough handling, or repair/maintenance activity, the double insulation barrier can be compromised. In the absence of a fully effective tool inspection and replacement program such damage is not an unusual situation. Option 3. Circuit Fault Interrupters. Either of the above types of tools are used (double insulated is preferred). Electrical energy flows as described above in both the normal and fault situations. However, in the event of a fault (or any other cause of a differential between the potential and ground side of a circuit), it is detected almost instantly and the circuit is opened preventing the flow of dangerous amounts of current. Because no dangerous amount of current can flow the individual using the tool is in no danger of shock. Circuit interrupters are reliable at a level of 1 in 10,000 or higher and when they do fail, most failure modes are in the fail safe mode. Circuit fault interrupters are inexpensive to purchase and relatively easy to install. In this case, the best option is very likely to be the use of the circuit interrupter in connection with either Option 1 or 2, with 2 the preferred. This combination for all practical purposes eliminates the possibility of electric shock and injury/death as a result of using portable power tools. 88
A2.C.5. THE FAULT TREE ANALYSIS A2.C.5.1. FORMAL NAME. The fault tree analysis A2.C.5.2. ALTERNATIVE NAMES. The probabilistic logic tree A2.C.5.3. PURPOSE. The fault tree analysis (FTA) is a professional-level hazard ID tool based on the negative type logic diagram. The FTA adds several dimensions to the basic logic tree. The most important of these additions are the use of symbols to add information to the trees and the possibility of adding quantitative risk data to the diagrams. With these additions, the FTA adds substantial hazard ID value to the basic logic diagram previously discussed. A2.C.5.4. APPLICATION. Because of its relative complexity and detail, it is normally not cost effective to use the FTA against risks assessed below the level of extremely high or high. The method is used extensively in the acquisition of new weapons systems and other complex systems where, due to the complexity and criticality of the system, the tool is a must. A2.C.5.5. METHOD. The FTA is constructed exactly like a negative logic diagram except that the symbols depicted in Figure A2.39 are used. Figure A2.39. Key Fault Tree Analysis Symbols. The output event. Identification of a particular event in the sequence of an operation. A basic event. An event, usually a malfunction, for which further causes are not normally sought. A normal event. An event in an operational sequence that is within expected performance standards. An “AND” gate. Requires all of the below connected events to occur before the above connected event can occur. An “OR” gate. Any one of the events can independently cause the event placed above the OR gate. An undeveloped event. This is an event not developed because of lack of information or the event lacks significance. in out Transfer symbols. These symbols transfer the user to another part of the diagram. These symbols are used to eliminate the need to repeat identical analyses that have been completed in connection with another part of the fault tree. 89
- Page 37 and 38: Risk—An expression of consequence
- Page 39 and 40: A2.A.3. THE OPERATIONS ANALYSIS AND
- Page 41 and 42: A2.A.3.8.2. Any one event of the ab
- Page 43 and 44: ase of experience and expertise. Of
- Page 45 and 46: the involvement of operators and th
- Page 47 and 48: Figure A2.8. Example Deployment Sce
- Page 49 and 50: 4 levels is usually very limited. T
- Page 51 and 52: A2.A.7.6. RESOURCES. A key resource
- Page 53 and 54: Figure A2.16. Sample Change Analysi
- Page 55 and 56: Figure A2.18. Example of Change Ana
- Page 57 and 58: Figure A2.19. Example of Cause and
- Page 59 and 60: A2.B.3. THE HAZARD AND OPERABILITY
- Page 61 and 62: A2.B.4. THE MAPPING TOOL A2.B.4.1.
- Page 63 and 64: A2.B.5. THE INTERFACE ANALYSIS A2.B
- Page 65 and 66: A2.B.6. THE MISSION PROTECTION TOOL
- Page 67 and 68: A2.B.7. THE SAFETY QUIZ A2.B.7.1. F
- Page 69 and 70: A2.B.8. THE NEXT MISHAP ASSESSMENT
- Page 71 and 72: A2.B.10. THE INTERVIEW TOOL A2.B.10
- Page 73 and 74: A2.B.11. THE INSPECTION TOOL A2.B.1
- Page 75 and 76: A2.B.12. THE MISHAP/INCIDENT INVEST
- Page 77 and 78: Figure A2.30 Sample Job Hazard Anal
- Page 79 and 80: training and observation time. Succ
- Page 81 and 82: A2.B.15.6. RESOURCES. Effective use
- Page 83 and 84: A2.B.16. THE OPPORTUNITY ASSESSMENT
- Page 85 and 86: SECTION A2.C. THE ADVANCED HAZARD I
- Page 87: Figure A2.37. Types of Energy. Elec
- Page 91 and 92: A2.C.6. THE FAILURE MODE AND EFFECT
- Page 93 and 94: A2.C.7. THE MULTILINEAR EVENTS SEQU
- Page 95 and 96: A2.C.8. THE MANAGEMENT OVERSIGHT AN
- Page 97 and 98: Attachment 3 RISK ASSESSMENT TOOLS,
- Page 99 and 100: A3.2.3. Lack of a range of rankings
- Page 101 and 102: Attachment 4 RISK CONTROL OPTION AN
- Page 103 and 104: SECTION A4.B. THE RISK CONTROL OPTI
- Page 105 and 106: Figure A4.2. Example Risk Control O
- Page 107 and 108: elatively small investments in risk
- Page 109 and 110: Figure A5.2. Example Maximizing Ban
- Page 111 and 112: Attachment 6 RISK CONTROL IMPLEMENT
- Page 113 and 114: Attachment 7 SUPERVISE AND REVIEW D
Figure A2.38. Example ETBA.<br />
Scenario: The supervisor of a maintenance facility has just investigated a serious<br />
incident involving one of his personnel who received a serious shock while using<br />
a portable power drill in the maintenance area. The tool involved used a standard<br />
three prong plug. Investigation revealed that the tool and the receptacle were both<br />
functioning properly. The individual was shocked when he was holding the tool<br />
and made contact with a piece of metal electrical conduit (same one his drill was<br />
plugged into) that had become energized as a result of an internal fault. As a result<br />
the current flowed through the individual to the tool and through the grounded tool<br />
to ground resulting in the severe shock. The supervisor decides to fully assess the<br />
control of electrical energy in this area.<br />
Option 1. Three prong tool. Electrical energy flow is from the source through an<br />
insulated wire, to the tool, to a single insulated electric motor. In the event of an<br />
internal fault the flow is from the case of the tool through the ground wire to<br />
ground through the grounded third prong through a properly grounded receptacle.<br />
Threats: Receptacle not properly grounded, third prong removed, person provides<br />
lower path of resistance, break in any of the ground paths (case, cord, plug,<br />
receptacle). These threats are serious in terms of the frequency encountered in the<br />
work environment and might be expected to be present in 10% or more cases.<br />
Option 2. Double insulated tool. The tool is not grounded. Protection is<br />
provided by double insulating the complete flow of electrical energy at all points<br />
in the tool. In the event of an internal fault, there are two layers of insulation<br />
protection between the fault and the person preventing shorting through the user.<br />
Threats: If the double layers of insulation are damaged as a result of extended use,<br />
rough handling, or repair/maintenance activity, the double insulation barrier can be<br />
compromised. In the absence of a fully effective tool inspection and replacement<br />
program such damage is not an unusual situation.<br />
Option 3. Circuit Fault Interrupters. Either of the above types of tools are used<br />
(double insulated is preferred). Electrical energy flows as described above in both<br />
the normal and fault situations. However, in the event of a fault (or any other cause<br />
of a differential between the potential and ground side of a circuit), it is detected<br />
almost instantly and the circuit is opened preventing the flow of dangerous amounts<br />
of current. Because no dangerous amount of current can flow the individual using<br />
the tool is in no danger of shock. Circuit interrupters are reliable at a level of 1 in<br />
10,000 or higher and when they do fail, most failure modes are in the fail safe mode.<br />
Circuit fault interrupters are inexpensive to purchase and relatively easy to install.<br />
In this case, the best option is very likely to be the use of the circuit interrupter in<br />
connection with either Option 1 or 2, with 2 the preferred. This combination for<br />
all practical purposes eliminates the possibility of electric shock and injury/death as<br />
a result of using portable power tools.<br />
88
Change language