A
                                                   n

                                               r
                                                d
                                                       s
                                                        i
                                                      y
                                                    a
                                                     l
                                              a

                                     1
                                   r
                                 t
                                  e
                                            a
                                             z
                                          H
                                      1
                                       :
                                                                        o
                                                                         d
                                                                       M
                                                                     t

                                                                             n
                                                                              g
                                                                             i
                                                                           e
                                                                            l
                                                                    a
                                                            n
                                                             d
                                                           a
                                                         s

                                                                  r
                                                                   e
                                                                h

                                                               T
                             h
                            C C h a p t e r   1 1 :      H a z a r d   A n a l y s i s   a n d   T h r e a t   M o d e l i n g      277 277
                                p
                               a
                          •  Hazard  analysis  Identification  of  a  substance,  activity,  or
                             condition  as  potentially  posing  a  risk  to  human  health  or
                             safety.
                          •  Risk  assessment  The  process  of  identifying  hazards  and
                             quantifying  or  qualifying  the  degree  of  risk  they  pose  for
                             exposed individuals, populations, or resources (severity) and
                             the  likelihood  that  the  hazard  will  occur  (probability  of
                             occurrence). The term also refers to a document containing
                             the explanation of how the assessment process is applied to
                             individual activities or conditions.
                          •  Safety-critical system  A system that has been designated
                             by  a  regulatory  body  as  needing  a  hazard  analysis  before
                             being put into operation.
                          •  Severity  The  actual  categorization  of  severity  is  usually
                             domain  specific.  For  example,  the  categorizations  for  the
                             Food and Drug Administration (FDA) and the Federal Transit
                             Administration (FTA) are compared in Table 11.1.
                         Other domains and regulatory bodies have their own definitions
                      of  terms.  The  reader  is  encouraged  to  review  the  appropriate
                      guidelines for their specific area of concern.
                         Severity alone is not sufficient when analyzing a hazard, as not
                      only is the severity important, but also the likelihood or probability of
                      occurrence. For example, a car company manufacturing a convertible
                      might determine that there is a risk that the vehicle might roll over,
                      causing injury to its occupants; however, the likelihood is very low
                      because  of  the  vehicle  handling  characteristics  and  low  center  of
                      gravity.  In  such  a  situation,  after  performing  a  risk  assessment,  a
                      decision is made not to include a roll bar with every convertible sold.
                      Hazard Analysis Processes
                      The  process  of  identifying  hazards  may  be  different  for  different
                      domains.  Regardless  of  domain,  the  basic  steps  are  the  same  (see
                  Type of Hazard             FDA Classification  FTA Classification
                  Potential for death        Major              Category I
                  Potential for serious injury  Major           Category II
                  Potential for minor injury   Moderate         Category III
                  Design flaws are unlikely to   Minor          Category IV
                  cause injury
                 TABLE 11.1  Comparison of FDA and FTA Categorizations of Risk