4.5 Review Exercises and References 523 68. Consider a steady-state solution to the availability Petri net mode l. 69. Explain complex systems theory. 70. Discuss systems engineering and complex systems theory. 71. Consider the application and significance of systems engineering in engineering design. 72. Briefly discuss complexity in engineering design and its significance in systems engineering. 73. Give a brief account of the functions of systems engineering analysis. 74. Describe reliability block diagrams (RBDs) and availability block diagrams (ABDs), and indicate their fundamental differences. 75. Consider effectiveness m easures in systems engineering and their significance in engineering design. 76. Give a brief account of evaluating complexity in engineering design. 77. Define complexity in systems design. 78. Describe various system state definitions and evaluating complexity of the dif- ferent state d efinitions. 79. Define complicatedness in systems design. 80. Describe complexity in systems and complicatedness as a function of complex- ity in designing for complex but uncomplicated systems. References Ajmone Marsan M, Balbo G, Conte G, Donatelli S, Franceschinis G (1995) Modelling with gen- eralised stochastic Petri nets. Wiley, New York Alfredsson P, Wååk O (1999) Constant vs. non-constant failure rates: some misconceptions with respect to practical applications. Systecon AB, Stockholm Ayres RU (1988) Complexity, reliability, and design: manufacturing implications. Manufacturing Rev 1(1):26–35 Barringer PH (1998) Life cycle cost and good practices. In: NPRA Maintenance Conf, May, San Antonio, TX Barringer PH, Weber DP (1996) Life cycle cost tutorial. Fifth Int Conf Process Plant Reliability, Gulf, Houston, TX Batill SM, Renaud JE, Xiaoyu Gu, (2000) Modeling and simulation uncertainty in multidis- ciplinary design optimization. In: AIAA-2000-4803, 8th AIAA/NASA/USAF/ISSMO Symp Multidisciplinary Analysis and Optimization, American Institute of Aeronautics and Astronau- tics, California, September, pp 5–8 Bing G (1996) Due diligence techniques and analysis: critical questions for business decisions. Quorum Books, Westport, CT Blanchard BS, Verma D, Peterson EL (1995) Maintainability: a key to effective serviceability and maintenance management. Prentice Hall, Englewood Cliffs, NJ Bobbio A, Telek M (1997) Non-exponential s tochastic Petri nets: an overvie w of methods and techniques. Computer Systems Sci Eng Booker JM, Bement TR, Meyer MA, Kerscher WJ (2000) PREDICT: a new approach to product development and lifetime assessment using information integration technology. Los Alamos National Laboratory Rep LA-UR-00-4737 Boullart L (1988) Artificial intelligence and expert systems: next generation tools. In: Boullart L, Van Ravenzwaaij E, Jansen JP (eds) Industrial process control systems: reliability availability and maintainability. Proc IFAC Worksh, Bruges, Belgium, pp 45–52 524 4 Availability and Maintainability in Engineering Design Box GEP, Hunter WG, Hunter JS (1978) Statistics for experiments. Wiley, New York Bulgren WG (1982) Discrete system simulation. Prentice Hall, Engle wood Cliffs, NJ Bussey LE (1978) The economic analysis of industrial projects. International Series in Industrial and Systems Engineering, Prentice Hall, Englewood Cliffs, N J Carter CL (1978) The control and a ssurance of quality, reliability and safety. C.L. Carter, Richard- son, TX Casti J (1979) Connectivity, complexity, and catastrophe in large-scale systems. International Se- ries on Applied Systems Analysis, Wiley, New York Casti J (1994) Complexification. Harper Collins, New York Chen R, Ward AC (1995) The RANGE family of propagation operations for intervals on simulta- neous linear equations. Artificial Intelligence Eng Design Anal Manufacturing 9(3):183–196 Cheremisinoff NP (1984) Fluid flow. Gulf, Houston, TX Choi H, Kulkarni VG, Triv edi K (1994) Markov regenerative stochastic Petri nets. Performance Evaluation 20:337–357 Ciardo G, Muppala J, Tr ivedi KS (1991) On the solution of GSPN re ward models. Performance Evaluation 12:237–253 Ciardo G, German R, Lindemann C (1994) A characterization of the stochastic process underlying a stochastic Petri Net. IEEE Trans Software Eng 20:506–515 Conlon JC, Lilius WA (1982) Test and evaluation of system reliability, availability and maintain- ability. Office of the Under Secretary of Defense for Research and Engineering, USA Depart- ment of Defense, DoD 3235.1-H Corkill DD, Gallagher KQ, Johnson PM (1987) Achieving flexibility, efficiency, and generality in blackboard architectures. Department of Computer and Information Science, University of Massachusetts, Amherst, MA Deshmukh AV (1993) Complexity and chaos in manufacturing systems. PhD Thesis, School of Industrial Engineering, Purdue University, West Lafayette, IN Dhillon BS (1983) Reliability engineering in systems design and operation. Van Nostrand Rein- hold, Berkshire Dhillon BS (1999b) Engineering maintainability. Gulf, Houston, TX Diamond B (1995) Performance modelling for decision support. Imagine That, San Jose, CA Diamond R (1997) Extend: performance modelling for decision support. Imagine That, San Jose, CA DoD 3235.1-H. (1982) Test and evaluation of system reliability, availability and maintainability. Of fice of t he Under Secretary of Defense for Research and Engineering, USA, DoD 3235.1-H DoD 5000.2-R. (1997) Reliability, availability and maintainability (RAM). USA Department of Defense, Of fice of the Under secretary o f Defense for Research and Engineering, Rep DoD 5000.2-R, March Drenick RF (1960) The failure law of complex equipment. J Soc Industrial Appl Math 8:680–690 Du X, Chen W (1999a) Towards a better understanding of modeling feasibility robustness in engi- neering design. ASME Design Technical Conf, Pap no DAC-8565, Las Vegas, NV Du X, Chen W (1999b) A methodology for managing the effect of uncertainty in simulation-based design. Sem Pap, 1999, University of Illinois at Chicago, Chicago, IL Du X, Chen W, Garimella R (1999c) Propagation and management of uncertainties in simulation- based collaborative systems design. University of Illinois at Chicago, Chicago, IL Elsayed EA (1996) ‘Reliability engineering’. Addison-Wesley Longman, Reading, MA Emshoff JR, Sisson RL (1970) Design and use of computer simulation models. M acmillan, New York Extend (2001) Extend performance modelling for decision support. Imagine That, San Jose, CA Fabrycky WJ, Blanchard BS (1991) Life-cycle cost and economic analysis. Prentice Hall, Engle- wood Cliffs, N J Garey M, Johnson D (1979) Computers and intractability: a guide to the theory of NP- completeness. W.H. Freeman, New York German R, Lindemann C (1994) Analysis of stochastic Petri nets by the method of suppl ementary variables. Performance Evaluation J 20:317–335 4.5 Review Exercises and References 525 Goldratt EM (1990) What is this thing called the theory of constraints? North River Press, Croton- on-Hudson, NY Gunter BH (1989a) The use and abuse of C pk. Quality Progress, January, pp 72–73 Gunter BH (1989b) The use and abuse of C pk, part 2. Quality Progress, March, pp 108–109 Gunter BH (1989c) The use and abuse of C pk, part 3. Quality Progress, May, pp 79–80 Gunter BH (1989d) The use and abuse of C pk, part 4. Quality Progress, July, pp 86–87 Hicks CR (1993) Fundamental concepts in the design of experiments. Oxford Univ ersity Press, Oxford Hill PH (1970) The science of engineering design. Holt, Rinehart and Winston, New York Hillestad RJ (1982) Multi-echelon technique for recoverable item control. Rand Corporation Project Air F orce Rep R-2785-AF, Santa Monica, CA Hoover SV, Perry RF (1989) Simulation: a problem-solving approach. Addison-Wesley, Reading, MA Huggett PJ, Edmundson JB (1986) Machinery damage control. Edmundson Huggett, Ne w Doorn- fontein, Johannesburg Huzdovich JM (1981) Power plant availability engineering—methods of analysis, program plan- ning, and applications. Electricity Power Research Institute Final Rep EPRI NP-2168 Nuclear Power Division ICS (2002) The dynamic systems simulation blackboard model. ICS Industrial Consulting Ser- vices, Miami, Gold Coast City, Queensland INCOSE (2002) Systems engineering. International C ounc il on Systems Engineering, Seattle, WA, Wiley, New York Jardine AKS (1973) Maintenance, replacement and reliability. Wiley, New York Kececioglu D (1995) Maintainability, availability, and operational readiness engineering. Prentice Hall, Englewood Cliffs, NJ Lam C, Yeh R (1994) Optimal maintenance policies f or deteriorating systems under various main- tenance strategies. IEEE Trans Reliability 43 Laviolette M, Seaman J Jr, Barrett J, Woodall W (1995) A probabilistic and statistical view of fuzzy methods. Technometrics J 37:249–281 Law AM, Kelton WD (1991) Simulation modelling and analysis, 2nd edn. McGraw-Hill, New York Lee DE, Melkanoff M E (1993) Issues in product life cycle analysis. In: ASME Design Automation Conf, Advances in Design Automation, Albuquerque, NM, ASME Press, Ne w York, pp 75–86 Lindemann C, Thummler A (1999) Transient analysis of deterministic and stochastic Petri nets with concurrent deterministic transitions. Elsevier, Amsterdam, Performance Evaluation 36/37:35–54 Little JDC (1961) A proof for the queuing formula: L=lW. Operations Res 9:383–387 McGuire JG, Kuokka DR, Weber JC, Tenenbaum JM , Gruber TR, Olsen GR (1993) SHADE: technology for knowledge-based collaborative engineering. Concurrent Eng Res Appl 1(3) McKinney M, Thompson G (1989) A survey of process plant maintainability problems. Proc Inst Mech Engrs P art F J Process Mech Eng 203(El):29–35 Mead C (1994) Preface to Workshop report on New Paradigms for Manufacturing. In: Mukherjee A, Hilibrand J (eds) National Science Foundation Rep NSF 94-123, Arlington, VA, pp 1–2 MIL-HDBK-470A (1997) Designing and dev eloping maintainable products and systems. Depart- ment of Defense, Washington, DC MIL-HDBK-471A (1996) Maintainability demonstration. Department of Defense, Washington, DC MIL-HDBK-472 (1996) Maintainability prediction. Department of Defense, Washington, DC MIL-STD-470 (1996) Maintainability Improvement Program. DoD, Washington, DC MIL-STD-470A (1996) Maintainability Program for Systems and Equipment. DoD, Washington, DC MIL-STD-471A (1996) Maintainability verification/demonstration/evaluation. Department of De- fense, Washington, DC 526 4 Availability and Maintainability in Engineering Design MIL-STD-1472D (1996) Human engineering design criteria for military systems, equipment and facilities. DoD, Washington, DC MIL-STD-46855B (1996) Human engineering requirements for military systems, equipment and facilities. DoD, Washington, DC Molloy MK (1982) Performance analysis using stochastic Petri n ets. IEEE Trans Computers C31:913–917 Montgomery DC (1991) Introduction to statistical quality control, 2nd edn. Wiley, New York Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77:541–580 Naylor TH, Balintfy JL, Burdick DS, Chu K (1966) Computer simulation techniques. Wiley, New York Nelson ME (1981) Handbook of availability improvement methodology. Trident Engineering As- sociates, Annapolis, MD, US Department of Energy, Economic Regulatory Administration, Division of Power Supply and Reliability Neuts MF (1981) Matrix geometric solutions in stochastic models. Johns Hopkins University Press, Baltimore, MD Olsen GR, Cutkosky MR, Tenenbaum JM, Gruber TR (1995) Collaborative engineering based on knowledge sharing agreements. Concurrent Eng Res Appl 3(2):145–159 Orlicky J A, Plossi GW, Wight OW (1970) Material requirements planning systems. 13th Int APICS Conf, Cincinnati, OH Pancerella C, Hazelton A and Frost HR (1995) ‘An autonomous agent for on-machine acceptance of machined components’, Proceedings of Modeling, Si mulation, and Control Technologies for Manufacturing, SPIE’s International Symposium on Intelligent Systems and Advanced Manu- facturing. Parkinson A, Sorensen C and Pourhassan N (1993) ‘A General Approach for Robust Optimal Design’, Trans. of the ASME, Vol. 115, pp. 74–80 Patton JD (1980) Maintainability and maintenance management. Instrument Society of America, Research Triangle Park, NC Pecht M (1995) Product reliability, maintainability, and supportability handbook. CRC Press, New York Peterson JL (1981) Petri net theory and the modeling of systems. Prentice Hall, Englewood Cliffs, NJ Phadke MS (1989) Quality engineering using robust design. Prentice Hall, Englewood Cliffs, NJ Pritsker AB (1990) Papers, experiences, perspectives. Systems Publishing, New York Shannon RE (1975) Systems simulation: the art and science. Prentice Hall, Englewood Cliffs, NJ Simon HA (1981) The s ciences of the art ificial. MIT Press, Cambridge, MA Smith DJ (1981) Reliability and maintainability in perspective. Macmillan Press, London Steiner S, Bovas A, MacKay J (1995) Understanding process capability indices. Institute for Im- provement of Quality and Productivity, Department of Statistics and Actuarial Science, Uni- versity of Waterloo, Waterloo, Ontario Suh NP (1999) A theory of complexity, periodicity, and the design axioms. Res Eng Design 11:116–131 Suri R, Otto K (1999) System-level robustness through integrated modeling. ASME Design Tech- nical Conf, Pap no DETC99/DFM-8966, Las Vegas, NV Taguchi G (1993) Taguchi on robust technology development: bringing quality engineering up- stream. ASME Press, New York Taguchi G, Elsayed E, Hsiang T (1989) Quality engineering in production systems. McGraw-Hill, New York Tang V, Salminen V (2001) Towards a theory of complicatedness: framework for complex systems analysis and design. 13 Int Conf Engineering Design, Glasgow, Scotland, UK Thompson G, Geominne J, Williams JR (1998) A method of plant design evaluation featuring maintainability and reliability. Proc Inst Mech Engrs vol 212 Part E Vajda S (1974) Maintenance replacement and reliability. Topics in Operational Research, Univer- sity of Birmingham 4.5 Review Exercises and References 527 Virtanen I (1975) Application of supplementary variables and Laplace transforms to operational behaviour and reliability of a complex system. Proc Turku School of Economics and Business Administration, Series A II(1):385–399 Virtanen I (1977) On the concepts and derivation of reliability in stochastic systems with states of reduced efficiency. Doctoral Thesis Publ no 10, Institute for Applied Mathematics, University of Turku, Turku Warfield J N (2000) A structure-based science of complexity: transforming complexity into under- standing. Kluwer , Dordrecht Wolfram S (1988) Emerging syntheses in science. In: Proc Founding Workshops of Santa Fe Insti- tute, Addison-Wesley, Reading, MA, pp 183–189 Zadeh LA (1995) Probability theory and fuzzy logic are complementary rather than competitive. Technometrics, August, vol 37, no 3, pp 271–276 Zakarian A, Kusiak A (1997) Modeling manufacturing dependability. IEEE Trans Robotics Au- tomation 13(2) Chapter 5 Safety and Risk in Engineering Design Abstract In this chapter, the introduction of new or modified systems into an engi- neering process is considered, whereby safety with respect to risk and loss through accidents or incidents resulting from the complex integration of systems is pre- dicted, assessed and evaluated, to ensure that the design will have as minimum a risk as is reasonably practicable. Risk relates to a combination of the likelihood of occurring hazards, and to the severity of their outcome or consequence. Safety in engineering design begins with identifying possible hazards that could occur, as well as the corresponding system states that could lead to an accident or incident in the designed system. This is determined through hazards analysis. The initial hazards analysis should begin at the earlie st concept formation stages of systems design, and the information should be used to guide the emerging design with re- spect to safety requirements throughout the engineering design process. Safety in engineering design normally includes a causal analysis, which involves id entify- ing various cause-effect sequences of hazardous events that may combine to cause the identified hazards. T hereafter, a consequence analysis identifies the sequences of events that could lead from a hazard to an accident or incident. Working through these phases of hazards and safety analysis, and iterating where appropriate,a safety case is prepared that relates to the assurance that the system is relatively safe. H az- ards and safety analyses provide a comprehensive methodology for designing for safety. Designing for safety includes risk reduction measures and involves conduct- ing risk mitigation strategies to, first, reduce the likelihood that a hazard could result in an accident or incident and, second, to aim at reducing the severity of the likely event. Because designing for safety strives for a significant level of confidence in the results of these strategies, and the need for an objective systems scrutiny from a safety viewpoint, it typically involves systematic safety analysis with independent safety prediction, safety assessment, and safety evaluation during the schematic, preliminary and detail design phases respectively of the overall engineering design process. R.F. Stapelberg, Handbook of Reliability, Availability, 529 Maintainability and Safety in Engineering Design, c Springer 2009 530 5 Safety and Risk in Engineering Design 5.1 Introduction The previous two chapters dealt with an analysis of engineering design that con- sidered prediction, assessment and evaluation of systems reliability and functional performance, and of systems availability and maintainability during engineering process operations. In this chapter, the introduction of new or altered systems into a complex engineering process environment is considered, whereby safety with re- spect to risk and loss through accidents or incidents resulting from the complex integration of systems is predicted, assessed and evaluated, to ensure that the design will have as minimum a risk as is reasonably practicable. Risk relates to the combi- nation of the likelihood of occurring hazards, and to the severity of their outcome or consequence. An accident or incident may be viewed as an unintendedevent that re- sults in either a critical or non-critical loss, and may include events such as death or personal injury, and environmental or financial losses, according to a relative scale of safety criticality. Safety in engineering design starts by identifying the possible hazards of the new system, which are system states that can lead to an accident or incident. This is typically conducted through a series of collaborative hazards analysis sessions, during which keyword prompts and checklists are used to aid identification of haz- ardous system states. Suitably qualified experts representing all the areas that are relevant to the system b eing designed must participate in these sessions. Normally, a causal analysis is then conducted, which involves identifying various cause-effect sequences of hazardous events that may combine to cause the hazards already iden- tified. Thereafter, a consequence analysis is conducted, which identifies the next sequences of events that could lead from a hazard to an accident or incident. Work- ing through these phases of analysis, and iterating where appropriate, a safety case is prepared, which relates to an assurance that the system is relatively safe. This assurance is not a statement that the system is risk free—almost no system of any complexity can demonstrate this property. Instead, risks are typically divided into three categories, and each category is treated slightly differently. The three categories of risks are the following: • Intolerable risks: These are risks that are not acceptable under any circumstances—for example, the hazardous exposure to process products of a system that have a high likeli- hood of affectingworkers occupational safety and health. The engineering design will need to include ways of removing such risks, or of drastically reducing their severity. The safety case must show that no such risks remain in the system. • To lerable risks: These are risks that are considered acceptable provided they confer some benefit, and the risk has been reduced as much as was reasonably practicable. The ‘ben- efit’ may be hard to measure objectively, especially in placing a cost value on accidents such as personal injury o r death with respect to the cost of preventive measures. A typical example is the consideration of tolerable risks in the case of large construction projects of engineered installations during which accidents 5.1 Introduction 531 and incidents are inevitable. The safety case would argue that there is a trade-off benefit of allowing certain risks at a given criticality level. • Negligible risks: These are risks that are so small as to be insignificant, and no further precautions are considerednecessary.The safety case would only include negligible risks that merit attention, such as those previously considered to be relatively significant risks. Designing for safety entails definitive risk reduction measures and involves conduct- ing or specifying mitigation strategies to, first, reduce the likelihood that a hazard will result in an accident or incident and, second, to aim at reducing the severity of the likely event. Because designing for safety strives for confidence in the re- sults of these strategies, and the need for an objective system s scrutiny from a safety viewpoint, it typically involves systematic safety analysis, with independent safety prediction, safety assessment, and safety evaluation audits dovetailing with the re- spective schematic, preliminary and detail design phases of the overall engineering design process. Designing for safety tends to be both costly and time consuming because of the number of domain and other experts needed to determine those areas of high safety risk in the total integrated engineering design, the wide range of fac- tors that n eed to be considered , and the implementation of additional safety control systems. Techniques that are to be added into this work must therefore be cost and time effective, whilst fitting within existing as well as new methodologies in determining the integrity of engineering design. Hazards and safety analyses provide a comprehensive methodology for design- ing for safety. The initial h azards analysis should begin at the earliest concept for- mation stages of systems design, and the information should be used to guide the emerging design with respect to safety requirements throughout the engineering d e- sign process. Later equipment hazards analysis information is used to evaluate the integrity of the design and to make trade-off decisions. The development of a safety intent specification supports both the evolution of systems design as well as system safety analysis. The design rationale for safety issues that are normally lost during the design’s development stages is preserved in a single, logically structured docu- ment (or electronic database) that is based upon fundamental principles of human problem solving. Safety-related requirements and design constraints are traced from the highest systems levels, down through system design to component design and into hardware schematics and detail design specifications. An important feature of the safety intent specification is that it integrates formal and informal design speci- fications. It is thus during the design stage of an engineering project when major improve- ments in safety and occupational health relating to construction, ramp-up and op- eration o f an engineered installation can be achieved. However, there are real chal- lenges involved in designing for safety in order to achieve the required step change in a safe and healthy environment in the construction and operation of industrial process plant an d facilities. To date, there have been many factors that have limited improvements in this area, such as a lack of time and funding—besides the lack 532 5 Safety and Risk in Engineering Design of communication, understanding and commitment. The culture of a segmented en- gineering construction industry with its fragmented processes, along with the fact that many project clients are reticent in fully appreciating the significant added costs of designing for safety, must be critically addressed in order to break through into a new arena of safe working practices and performance. In appreciation o f the chal- lenges involved in designing for safety with the construction and operation of en- gineered installations, an agenda for change was developed at a major international conference on Designing for Safe and Healthy Construction, organised by the Euro- pean Construction Institute (ECI) and the Conseil International du Bâtiment (CIB) in London in June 2000. These changes—in particular with respect to changes required of process engi- neering designs—included the following (ECI 2001): • Recognising the fact that engineering designs will dictate, to a considerable de- gree, the nature and extent of hazards that will pose a threat to worker safety and health, not only during construction but throughout the life cycle of the project. • Concentrating on significant complex risks that competent contractors would not be expected to be aware of, rather than on easily identified residual risks. • Achieving better risk identification methods. • Utilising different levels of risk assessment at different stages in the project. • Concentrating on interfaces between systems where high risks occur. • Developing a better awareness of safe working practices and ergonomics. • Making occupationalsafety and health (OSH) a top priorityin the design process. • Considering OSH implicatio ns in the earlier part of the engineer ing design pro- cess, such as safety predictions during the conceptual design phase. • Recognising duty of care in considering OSH requirements in engineering de- signs, and its impact on construction activities. • Maximising the use of innovative techniques and methodologythat reducesOSH risk, such as pre-assembly and/or off-site manufacturing, and standardisation of equipment. • Using the appropriate CAD systems to schematically examine the project during the pr eliminary design phase, to determine engineerin g design integrity. • Using intelligent computer automatedmethodology for determining the integrity of engineering design through the application of automated continual design re- views throughout the engineering design process. • Applying safety constructability reviews that contribute towards addressing con- struction worker safety in the design. • Maintaining communication feedback and risk data to reduce unplanned con- struction work greater than required in the design. • Designing for safe access for maintenance personnel to restricted areas, including access for routineand preventive maintenance and for installation of replacement equipment. • Including risk analysis not only for construction, commissioning, ramp-up and operation but also for decommissioning or d econstructing of plant and facilities. Safety engineering has also received much attention from the defence industry for several decades, particularly the US Department of Defence. The first military safety 5.1 Introduction 533 document titled “System Safety Engineering for the Development of United States Air Force (USAF) Ballistic Missiles” was published in 1962. In 1963, the USAF published a document titled “Safety Engineering of Systems and Associated Sub- Systems and Equipment” (MIL-STD-38130 1963). This document was superseded in 1969 by a document titled “Requirements for Safety Engineering of Systems and Associated Sub-Systems and Equipment” (MIL-STD-882), which has subsequently been updated in 1977 (MIL-STD-882A), in 1984 (MIL-STD-882B), in 1993 (MIL- STD-882C) and in 2000 (MIL-STD-882D). Additional military safety documentation covering system safety includes the fol- lowing handbooks: • the US Army handbook ‘System safety design guide for army materiel’ (MIL- HDBK-764 1994), • the US Air Force Systems Command handbook ‘System safety design handbook’ (AFSC DH 1-6 1967), • the US National Aeronautics and Space Administration (NASA) handbook‘Sys- tem safety handbook’ (NASA DHB-S-00 1999). In any engineered installation, human factors are an important part of process con- trol. Therefore, an effective safety program cannot consider only the automated sys- tems hierarchy but must also consider the impact of human error on the system, and the effect of systems design on errors in human judgement and control. Increased automation in complex systems has led to changes in the human con- troller’s role, and to new types of technology-induced human error. Such errors abound in records of major process engineering catastrophes. In a detailed survey of safety incidents in the US nuclear power industry (INPO 84-027. 1984, 1985), it was revealed that of the roughly 1,000 identified root causes of incidents that were investigated, 51% were classified as “human performance problems”, and 74% of these (i.e. 38% of all root causes) were “maintenance related”, this being broadly defined to include preventive and corrective maintenance, surveillance testing and modification work. The Three Mile Island nuclear power generator accident in 1979 demonstrated the significance of human error. The accident was attributed to mechanical failure and operator error. Despite the fact that about half of the reactor core melted, the containment building that housed the reactor prevented any release o f radioactivity, and the reactor’s other p rotection systems also functioned as designed. The emer- gency core cooling system would h ave prevented the accident but for the interven- tion of the operators. Investigations following the accident led to a new focus on the human factors in nuclear safety. No major design changes were called for in nuclear reactors but controls and instrumentation were improved and operator training was overhauled. By way of contrast, the Chernobyl reactor in the Ukraine did not have a contain- ment structure like those used in the West or in post-1980 Soviet designs. The April 1986 disaster at the Chernobyl nuclear power plant was the result of major design deficiencies in the type of reactor, the violation of operating procedures and the ab- sence of a safety culture. The accident destroyed the reactor, k illed 31 people, 28 of . application and significance of systems engineering in engineering design. 72. Briefly discuss complexity in engineering design and its significance in systems engineering. 73. Give a brief account of the. Maintainability verification/demonstration/evaluation. Department of De- fense, Washington, DC 526 4 Availability and Maintainability in Engineering Design MIL-STD-1472D (1996) Human engineering. and Safety in Engineering Design, c Springer 2009 530 5 Safety and Risk in Engineering Design 5.1 Introduction The previous two chapters dealt with an analysis of engineering design that con- sidered