Operational Envelope or Context


A system cannot be considered acceptably safe without the context of the conditions under which it is to be used. The accuracy of the operational envelope is important to the validity of the safety case.

Factors in operation which affect the safety of the system include the environment, the level of usage, and the procedures governing use of the system by all stakeholders. Two approaches to improving the nature of the operational envelope are via training and competency requirements.

Any arguments relating to statistical testing are based upon the accuracy of the operational envelope, and if a system undergoes little or no monitoring while in use there is a chance that the operational envelope will only be an idealised version of reality.

Hazard identification and risk assessment might not only affect existing hazards and safety requirements, but must also consider whether the operational envelope of a system might result in new hazards.

Why?

The Armi Tunnel stall and the Granville train crash were contributed to by incorrect or ignored operational envelopes.

Resource:

The Operating and Support Hazard Analysis task of MIL-STD-882C "System Safety Program Requirements".