AVIATION SYSTEM SAFETY COURSE (COMBINED COURSE – 1) Description: This course, dating back to 2007, covers the SAE ARP4761 approach to system safety assessment and much more than you would expect. For example, what elements of system safety are missing or incorrect in SAE ARP4761). Piqued your interest? Practical insight is provided (e.g., how do you prepare for and conduct an FHA, what is not covered by an FHA). Also discussed are the difficulties that can be encountered applying safety assessment techniques. System safety is a key element of airworthiness. For this reason, when we think of system safety, we think of safety relative to flying the aircraft. There are other types of safety though. There is safety as it applies to the crew and passengers, there is safety as it applies to maintaining the aircraft, there is safety as it applies to the environment, and there is safety as it pertains to health hazards. These additional aspects of safety assessment are discussed as well. For military applications, we also cover the topics of Preliminary Hazard Analysis (PHA), Subsystem Hazard Analysis (SSHA), System Hazard Analysis (SHA), Operating & Support Hazard Analysis (O&SHA), etc. Interested in a critique of PHA/SSHA/SHA versus FHA/PSSA/SSA? You will receive this insight and much, much more. Topics covered include Functional Hazard Assessment (FHA), Preliminary System Safety Assessment (PSSA), System Safety Assessment (SSA), Common Cause Analysis (CCA), Development Assurance Levels (DALs), Certification Maintenance Requirements (CMRs), and Minimum Equipment Lists (MELs). Our audiences applaud this course as it provides them much more insight into aviation system safety than they were expecting. HCRQ's most recent attendees include Roketsan, Aselsan, Havelsan, Viasat, Nordam, Astronics Advanced Electronic Systems, Lockheed Martin, and more. Click here to see the list of all of the organizations we have taught. By the way, you may have heard that SAE ARP4761A is due to surface. SAR ARP4754A already calls up Preliminary Aircraft Safety Assessment (PASA) and Aircraft Safety Assessment (ASA). HCRQ is in contact with the key person driving 4761A. HIGHLIGHTS  Designing in Safety  Validating Safety  Risk Concepts  Risk Displacement  Managing Risk  Failure Conditions, Classifying  Quantitative and Qualitative Targets  Development Assurance Levels  System Safety Management Plans (SSMP)  System Safety Programs (SSP)  System Safety Program Plans (SSPP)  Hazard Mitigation Precedence  Hazard Tracking, Hazard Logs & Their Design  SAE ARP4754A, 4761, DO-178C, 254 - Overview, What's Missing  Functional Hazard Assessment (FHA)  Aircraft Level  System Level  What's Missing  Preliminary System Safety Assessment (PSSA)  System Safety Assessment (SSA)  Common Cause Analysis (CCA)  Zonal Safety Analysis (ZSA)  Particular Risks Analysis (PRA)  Common Mode Analysis (CMA)  Very Insightful  Certification Maintenance Requirements (CMR)  Minimum Equipment List (MEL)  Pluses and Minuses of SAE ARP4761  Pluses and Minuses of MIL-STD-882  Preliminary Hazard Analysis (PHA)  Versus FHA (e.g., what the PHA provides that the FHA does not)  Subsystem Hazard Analysis (SSHA)  System Hazard Analysis (SHA)  Operating & Support Hazard Analysis (O&SHA) - One of 4761's Missing Elements  Safety Assessment Reports (SARs)  What the SSA does not cover  Human Factors  Interfacing HFE and System Safety  Safe Design Techniques  FMEA, What SAE ARP4761 Got Wrong  FMES  FMECA  Fault Tree Analysis (FTA)  Very detailed coverage  Safety Compliance  Safety Verification SOFTWARE SAFETY COURSE (COMBINED COURSE – 2) Description: This is a mature, comprehensive, and very practical course. HCRQ's expertise in software safety dates back to 1986 (the THERAC-25). Software engineering techniques are described for developing safe software, and case studies are presented regarding catastrophic situations that resulted from software faults that could have been avoided. Specific techniques of hazard analysis, failure and fault detection, fault tolerance, and effective mitigations within the software engineering paradigm are discussed. One of the benefits of this course is that it covers:  When to reject safety analyses,  When to reject supplier's safety management,  When to reject supplier's safety engineers. This is of particular interest to organizations such as:  Army,  Navy,  Air Force,  FAA,  FRA,  FDA,  NASA Also covered are preferred programming languages, language subsets, operating systems, etc. In terms of languages in our past we have used assembly language, C, C++, Ada, Pascal, Modula-2, and FORTRAN. This software safety course also includes first-hand insight into software-related accidents and lessons learned. If you are interested in the Joint Software Systems Safety Engineering Handbook, IEEE 1228, AMCOM 385- 17, AOP-52, NASA Software Safety Standard, NASA Software Safety Guidebook, Software Safety Integrity Levels to name just a few, this course is for you. We will discuss RTCA DO-178C as well. During our course, emphasis on different topics varies depending on audience interest and on the safetycritical sector. Within some areas, particular audiences will have no interest, partial interest or great interest. Course recipients sometimes inform us in advance of their desired emphasis so that the instructor will arrive prepared and additional pertinent material brought to the course. When the recipients are unsure, the instructor has sufficient insight into all of the safety-critical sectors such that he can dynamically adjust the course appropriately. This software safety course has been attended by many large organizations from around the world. Some of the organizations include FRA, FAA, General Dynamics, L3, Lloyd's Register, Lockheed Martin, NAVAIR, Naval Surface Warfare Center, Raytheon, Rockwell, Sikorsky Aircraft, Bell Helicopter, Westland Helicopters, U.S. Army (AMCOM, CECOM, TACOM, etc.), U.S. Navy, U.S. Air Force, U.S. Marine Corps, U.S. Coast Guard, Ministry Of Defence (MOD), Siemens, NASA Johnson Space Center, and NAV Canada. Another organization was Spar Aerospace (now MD Robotics) who developed the Mobile Servicing System (MSS), an essential component of the International Space Station. We taught them 3 courses. HCRQ's most recent attendees included:  U.S. Army ARDEC ("Thank you for the class. The training was very informative, and we had a lot of good conversations. In addition, thanks for all the resources and information you sent throughout the week"),  AVIBRAS ("The course was very, very good"),  STM (Turkey) {a repeat client of ours},  Canadian Space Agency,  TUSAS Engine Industries,  BNSF,  U.S. Army TARDEC,  Department of National Defence (DND Canada), and  AMOG (Australia - live on-line). HIGHLIGHTS  Designing in Safety  Validating Safety  Safety Integrity Levels (SILs)  Common Mistake  Software SILs  Software Criticality Assessment  Software Control Categories (SCCs)  Software Criticality Indexes (SwCIs)  Software Development Assurance Levels (SDALs)  Software Safety Stds., Guidelines & Regulations  MIL-STD-882E (System Safety) - Relevance to Software Safety  AMCOM 385-17  AOP-52  STANAG 4404  NASA Software Safety Standard  ARP4754A/4761- Relevance to Software Safety  RTCA DO-178 - Relevance to Software Safety  IEC 61508  Formal Methods  N Version Programming, Recovery Blocks  Data Redundancy  Safe Design Techniques  Safety Kernels  Barriers  Lockins, Lockouts - Baton Passing  Interlocks - Types, Precautions  Software Assertions  Software Requirements Checklist  Software Design Checklist  Software Safety Program Plans (SwSPP)  Software Safety Working Group (SwSWG)  Software Safety Analysis Process  Software Requirements Analysis  Software Design Analysis  Software Code Analysis  Software Change Analysis  Static Code Analyzers  Software FMEA (SFMEA)  Software Fault Tree Analysis (SFTA)  3 Levels  Software Failure Rate Derivation  Software Safety Cases  Good, Better, Best RTOS’s MIL – STD – 882E SYSTEM SAFETY COURSE (COMBINED COURSE – 3) Description: This is an in-depth course on MIL-STD-882E. Its foundation is our experience with "E", "D", "C" and "B", which dates back to 1988, and our webinar (which is based on a sentence by sentence comparison between "E" and "C"). In MIL-STD-882E there are:  dilemmas,  surprises, and  confusion waiting. There are also things that are flat out wrong. We wish you could have heard some of the expressions coming from attendees. Join many before you, sign up for this course and protect yourself against cost overruns. Coverage, provided by this course, is very insightful and practical. For instance, what should you do if your customer has quoted MIL-STD-882E but not provided a list of tasks? - how can this be approached in a costeffective manner (for instance in situations where you are the only safety engineer on the project and you were not involved with the bid). Speaking of Hazard Logs, the insight the audience receives is very practical and has been applauded. Speaking of Fault Tree Analysis, what criteria should be applied to determine whether to accept or reject fault tree analyses? There are 28 attributes (recently updated) to look for (16 of which are absolutely mandatory). In a survey conducted most fault tree analysts could not come close to answering this question. If you work for government branches (e.g., FAA, FDA, FRA, DOD, DND, MOD, NASA), clients, auditors, or system integrators, and are a reviewer of contract deliverables, you should know this. This checklist is included in this course. Speaking of FMEA and FMECA, this course clarifies how these should be performed. After taking this course recipients, such as the Army, Navy and Air Force, have a clear understanding in terms of what they should expect. HCRQ's most recent attendees include BAE, TAI, MIT, CAE, U.S. Air Force, Orbital ATK, Hensoldt Sensors GmbH (Germany), Meggitt SA (Switzerland), and U.S. Army. Looking for a MIL-STD-882E course excluding coverage of software safety? We have received requests of this kind and are able to offer a shorter, cost-reduced course. Contact us if this is of interest to you. HIGHLIGHTS NOTE: There is MUCH, MUCH MORE than this - eye-opening things, problematic things -  System Safety Program (SSP)  System Safety Program Plan (SSPP) - InDepth  Input from our In-depth SSPP webinar  SSMP  Hazard Tracking  Wrinkles in 882E  Input from our In-depth PHA/HL webinar  Preliminary Hazard List (PHL)  Preliminary Hazard Analysis (PHA)  Input from our PHA/HL webinar  Input from psychologists  System Requirements Hazard Analysis  Subsystem Hazard Analysis (SSHA)  Difficulties, Guidelines  System Hazard Analysis (SHA)  Guidelines  Fault Tree Analysis (FTA) - In-Depth  Software Fault Tree Analysis (SFTA)  Failure Mode and Effects Analysis (FMEA)  Getting It Wrong  Failure Mode, Effects and Criticality Analysis (FMECA)  Getting It Wrong  Software Failure Mode and Effects Analysis (SFMEA)  Operating & Support Hazard Analysis (O& SHA)  Very In-Depth