Order of Safety Design Precedence
Elimination of the Hazard - The design precedence should be first to design-out and identified hazards.
Design for Minimum Hazard or Impact - Control identified hazards to a safe-state through the selection of appropriate safety defensive strategies such as fault detection and autonomous accommodation strategies, graceful degradation, fail-safe defaults, redundancy, and fail-over strategies. This may include the use of diverse and independent architecture with no dormant failure conditions.
Use Safety Devices or Interlocks - Hazards which cannot be eliminated through design selection will be reduced to an acceptable level through the use of appropriate safety devices, such as interlocks, pressure relief valves, etc.. If identified risks cannot be eliminated through design selection, reduce the risk via the use of fixed, automatic, or other safety design features or devices. Provisions shall be made for periodic functional checks of safety devices.
Use Warning Annunciation Devices - Where it is not possible to preclude the existence or occurrence of an identified hazard, devices may be employed for the timely detection of the undesirable condition and the generation of an adequate annunciation or alarm to a degree and persistence that operator intervention may be applied to maintain the system in a safe-state. Warning signals (annunciation) and their application shall be designed to minimize the probability of incorrect personnel reaction to the signals and shall be standardized within like types of systems
Use of Safety Alerts, Placard and Labels - This strategy is a passive method of informing potentially influenced personnel of potentially unsafe conditions with appropriate action required to avoid the propagation of a hazard to a mishap. Safety Alerts by themselves should not be used to mitigate or control significant hazard risks.
Training and Procedures - This strategy should only be used (by itself) to mitigate or control low risk hazards or may be used in combination with other strategies listed above as part of a combined strategy for more significant hazard risk. Training and procedures by themselves should not be used to mitigate or control significant hazard risks.
User/Maintainer Documentation - This strategy should only be used (by itself) to mitigate or control low risk hazards or may be used in combination with other strategies listed above as part of a combined strategy for more significant hazard risk. Documentation by itself should not be used to mitigate or control significant hazard risks.
Design Precedence: The order in which types of solutions to mitigate hazards are considered. In decreasing order of preference they are:
A safety design “order-of-precedence” provides a clear preference for resolving hazards to an acceptable level of risk.