HAZARD MANAGEMENT

This section describes the hazard analysis process as it applies to the Vintage Trolley System Safety Certification Plan. Within the Certification Program, the term "hazard" is defined to include identified or perceived hazards that may occur over the system's lifecycle. As part of the Vintage Trolley System Safety Certification Program the responsible parties will identify, analyze, and resolve hazards throughout the course of the Certification Program. The hazard management process is intended to verify that known hazards have been satisfactorily identified, tracked, and resolved through a formal resolution process.

The goal of the hazard analysis is to provide adequate information so that SDTI can certify that the Vintage Trolley project will provide an acceptable level of safety upon its completion.

Hazard Identification

Defining the physical and functional characteristics of the Vintage Trolley creates the foundation of the hazard identification process. These characteristics are presented in terms of the major elements that make up the system such as personnel, facilities, systems, equipment, procedures, the public, and the environment. The perceived hazards will be identified using several techniques including:

· Historical hazard or accident data

· Operational experience and lessons learned

· Identification of credible hazard

· Checklists of potential hazards

· Input from the SDTI / CPUC Staff

· Other methods as appropriate.

· Hazard Analysis

Hazard Analysis is a risk assessment of the safety of the Vintage Trolley System with regard to known hazards. The purpose of hazard analysis is to assess the severity and probability of the mishap risk associated with each identified hazard. Severity and probability generally are determined based on qualitative rather than quantitative analysis. The results and conclusions of the analyses of identified hazards, assessed in terms of severity or consequence and the probability of occurrence will be presented in accordance with FTA Hazard Analysis Guidelines. A Preliminary Hazard analysis (PHA) will be performed in the Restoration phase, based on the following definitions of Hazard Severity and the Probability of Occurrence will be used to develop the PHA. SDTI will maintain a copy of the PHA Report.

Hazard Severity

Hazard severity categories are defined to provide a qualitative measure of the worst credible mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, system, subsystem or component failure, or malfunction, as follows:

Category I: Catastrophic: Death, system loss or severe environmental damage.

Category II: Critical: Severe injury, severe occupational illness, major system, or environmental damage.

Category III: Marginal: Minor injury, minor occupational illness, minor system, or environmental damage.

Category IV: Negligible: Less than minor injury, occupational illness, or less than system or environmental damage.

Frequency of Occurrence

The assessment of the hazard also includes a probability of occurrence. A qualitative hazard probability can be derived from research, analysis, and evaluation of historical safety data from similar systems. The frequency of occurrence is assigned by level, A to E, for hazards and are listed in Table 4 below.

Table 4: Frequency of Occurrence Definitions

Descriptive Word

Level

Specific Individual Item

Fleet or Inventory

Frequent

A

Likely to occur frequently

Continuously experienced

Reasonably Probable

B

Will occur several times in life of an item

Will occur frequently

Occasional

C

Likely to occur sometime in life of an item

Will occur several times

Remote

D

Unlikely, but possible to occur in life of an item

Unlikely, but can reasonably be expected to occur

Improbable

E

So unlikely, it can be assumed occurrence may not be experienced

Unlikely to occur, but possible

Hazard Resolution

Hazard resolution is the process whereby hazards are identified, eliminated, mitigated or accepted. Risk assessment estimates will be used to determine whether individual system or subsystem hazards are to be eliminated, mitigated, or accepted. Individual hazards will be documented, discussed, and resolved with emphasis on the following mitigation methods:

· Design to eliminate hazards

· Eliminate the system/subsystem component

· Incorporate safety devices

· Utilize warning devices

· Implement special procedures and training

· Accept the hazard.

To classify the assessment, hazards identified in formal hazard analysis will receive a classification based on Table 5. Unacceptable and undesirable hazards shall be mitigated to an acceptable level by one or more of the above-mentioned methods.

Table 5: Vintage Trolley Risk Assessment Matrix

Event Frequency

EVENT SEVERITY

I - Catastrophic

II - Critical

III - Marginal

IV - Negligible

A - Frequent

Unacceptable

Unacceptable

Unacceptable

Acceptable /WR

B - Reasonably Probable

Unacceptable

Unacceptable

Undesirable

Acceptable /WR

C - Occasional

Unacceptable

Undesirable

Undesirable

Acceptable

D - Remote

Undesirable

Undesirable

Acceptable /WR

Acceptable

E - Improbable

Acceptable /WR

Acceptable /WR

Acceptable /WR

Acceptable

WR = with review by SDTI / CPUC

The Risk Assessment Matrix is used to categorize hazards as acceptable, acceptable with certain conditions applied, undesirable and unacceptable. Hazard severity categories are defined to provide a qualitative measure of the worst credible mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, system, subsystem or component failure, or malfunction.

Hazard Tracking

This process will include documentation of hazard resolution activities through the use of a hazard tracking system. The tracking system will record identified hazards, and track/record resolution through the use of one or more of the mitigation methods listed in Section 4.3 above. The effectiveness of the mitigation will be scrutinized to determine that no new hazards have been introduced. All identified Hazards are tracked through to resolution. As each hazard is eliminated or controlled to an acceptable level, the responsible party updates the hazard open items list. The update must include a description of the measures taken to resolve the hazard.

Certification

When all hazards have been satisfactorily resolved the San Diego Trolley System Safety Manager must complete and sign the Hazard Resolution Certificate of Conformance and submit the certificate to SDTI senior management for acceptance. The acceptance of the Certificate of Conformance is subject to review and approval by the SRC.

Descriptive Word	Level	Specific Individual Item	Fleet or Inventory
Frequent	A	Likely to occur frequently	Continuously experienced
Reasonably Probable	B	Will occur several times in life of an item	Will occur frequently
Occasional	C	Likely to occur sometime in life of an item	Will occur several times
Remote	D	Unlikely, but possible to occur in life of an item	Unlikely, but can reasonably be expected to occur
Improbable	E	So unlikely, it can be assumed occurrence may not be experienced	Unlikely to occur, but possible


Event Frequency	EVENT SEVERITY
Event Frequency	I - Catastrophic	II - Critical	III - Marginal	IV - Negligible
A - Frequent	Unacceptable	Unacceptable	Unacceptable	Acceptable /WR
B - Reasonably Probable	Unacceptable	Unacceptable	Undesirable	Acceptable /WR
C - Occasional	Unacceptable	Undesirable	Undesirable	Acceptable
D - Remote	Undesirable	Undesirable	Acceptable /WR	Acceptable
E - Improbable	Acceptable /WR	Acceptable /WR	Acceptable /WR	Acceptable