THE UNIVERSITY OF YORK

Foundation of system safety

engineering ( FSE)

OPEN ASSESSMENT
 EXAM NUMBER: Y4848066

FSE Question 1(16 marks)

I. The potential benefits and drawbacks for the two options are shown in the tables
below. ( 4 marks )

The powered conveyor system option

Hazards Benefits Drawbacks
Vehicle hazard – Conveyor belt is used in many ----------
industrial to transfer materials
between stages, and use
conveyors is a good way to
reduce the risk and the Vehicle
hazards (accidents, fire,)
Environmental – Dust extractions and air filters – Dust can be generated at
can be used during conveying the feed and discharged
operation to prevent dust points during conveyor
generation. operation
Handling – Conveyors can eliminate the – Products may fall off the
multiple handling of materials or conveyor when a
products while preventing all the conveyor passes over a
hazards typically caused by walkway, roadway, or
trucks and /or loaders work station.
– Conveyor system allows users to – Need to guarding system.
install conveyor quickly and
easily.
– Conveyor promotes the
effective ,use of people
equipment , space and energy
– Reduce the need for repetitive
lifting and carrying.
Mechanical --------------------------- – Conveyor has dangerous
moving parts moving
parts ( head ,tail ends
end pulleys ( head , tail
end pulleys ,belt etc....)
– Conveyor motor and
eccentric weights tend to
operate at high speed
Electrical – Electrical powered system, no – Electrical power may
environmental impacts. cause electric shock
hazards
ENVIRONMENTAL – The noise hazards can be – The nature of operation
controlled by suitable sound can be creating noise
proofing and work place noise hazards.
can be minimizing by design &
Engineering controls at the
source.
TABLE (1)
 EXAM NUMBER: Y4848066

The barnaton bypass option

Hazards Benefits Drawbacks
Vehicle hazards ------------ – Moving vehicles as a source of harm injury while driving
vehicles
– Loading and unloading vehicles could be result of hazards
– Refuelling of vehicles leading to injury or fire.
Environmental ------------ – - Dusty air during loading and unloading
– - Fuel spillage.
– - Moving heavy vehicles can create noise hazards.
– -
Handling ------------ – Moving machine during handling may cause several hazards
(Accidents, fall objects ...)
TABLE (1)

Powered conveyor system Benefits

1- Use conveyors are a good way to reduce the risk and Vehicle hazards
(accidents, fire ...)
2- Dust extractions and air filters can be used during conveying operation to prevent
dust generation and environmental protection.
3- Conveyors can eliminate the multiple handling of materials or products while
preventing all the hazards typically caused by trucks and /or loaders
4- Conveyor system allows users to install conveyor quickly and easily.
5- Conveyor promotes the effective ,use of people equipment , space and energy
6- Engineering control system (Engineering design) can be applied to conveyor
systems to minimize the hazards (noise, vibration and loads or products falling ...)
at the source.
Powered conveyor system Drawbacks

1- Products may fall off the conveyor when a conveyor passes over a walkway,
roadway, or work station.
2- Dust can be generated at the feed and discharged points during conveyor
operation.
3- Need to complex guarding system.
4- Conveyor has dangerous moving parts moving parts (head, tail end pulleys, belt.)
5- Electrical power may cause electric shock hazards.
6- The nature of operation can be creating noise hazards.
Barnaton bypass Drawbacks

1-Moving vehicles as a source of harm injury while driving vehicles

2-Loading and unloading vehicles could be result of hazards
3-Refuelling of vehicles leading to injury or fire.
4-Engineering hazards control cannot be applied.
5-Moving machine during handling may cause several hazards (Accidents, fall
objects ...)
I. Identifying Safety Issues. (5marks)
EXAM NUMBER: Y4848066

To Identifying Safety Issues we must break down the system in terms of its
functions and analyse each of them separately, Operation process including
the buildings and connections of services such as power and communication,
control System and Safety standards, The maintenance of the conveyor
system, and finally the environment in which the conveyor system operate, to
identify these issues we have to apply checklist as in the table below, these
issues should be addressed by the safety case.

Checklist Safety issues Description

Material The conveyors will be in several sections,
Slipping/falling and the converging length will be over 2Km,
and would cross above the canal and the
road, so martial or product could be spilling
or falling on road or canal during this
distance.
Machinery All exposed moving machinery parts present
a hazards (motors nip points and shear
points)

Fire “A fire can start anywhere along the

Operation conveyor system and can spread quickly to
other areas creating major losses” (1).
Suddenly system The system may be Suddenly started at any
starting (system time during /or after emergency shutdown or
failure or human error) during maintenance, that may introduce
hazards.
Control system failure The system would be remotely controlled
and monitoring from control room, if the
system failure (no stop, high speed) that
could introduce hazards.
Environmental ( noise, “Belt conveyors use wide flat belts to move
dust) product, this type of conveyor presents its
own unique set of variables that affect the
noise generated”(2), The dust also can be
generated in loading and discharge points.
Safety standards “Procedures and standards help provide a
safe system of work and remove the heavy
reliance on the use of common sense (which
tends to be very uncommon). They let
everyone know how a job should be done
and allow maintaining the operation at a
standard, and the operation without
standards it is mean hazards”(3).

Communication Communication between operating staff is

very important during operation process and
in emergency cases bad communication
could introduce hazards.
The design of conveyor belt is very important
EXAM NUMBER: Y4848066

Design to reduce many hazards, for example the

pipe conveyor prevents material from
dropdown.

General Routine inspection and preventive and

corrective maintenance program must be
contacted to insure that all safety features
and devises retained because the
maintenance is very important to reduce the
Maintenance system hazards.
Maintenance “When a conveyor is stopped for
operation maintenance purposes, starting devices or
powered accessories shall be locked or
tagged out in accordance with a formalized
procedure designed to protect all person or
groups involved with the conveyor against an
unexpected start”(3).

Training for Operation Without proper training operators and

Training & maintenance maintenance staff may not appreciate safety
critical nature of the operation.
Personal protection Training in the use of Personal protection
equipments(PPE) equipments (PPE) could be hazards if
performed to the system.
Misuse Environment The conveyor would be in several sections
converting a total length of 2 KM and would
cross above canal and road on a high level
bridge , so the materials may fall off the
conveyor to the road and canal ,also the
weather –strong winds may be cause sand
fall off to the buildings and vehicles and
cause hazards .
Law HSE Health safety and environmental
considerations if don’t follow up during
operation and maintenance could introduce
hazards to the human and the system.

II. ( 1 mark )
The wording of a suitable top-level goal for the safety case is Argument by
satisfaction of all conveyor belt system safety requirements

III. The reasonable strategy for arguing the safety of the conveyor belt system.
(3 marks)
EXAM NUMBER: Y4848066

A reasonable strategy for arguing the safety of the conveyor system we have to
apply safety case the safety case will have safety plan and functional hazard
assessment (FHA) report, witch content the complete list of hazards and safety
objectives , to ensure that the risk managed during the design of the conveyor
belt system , also the safety case should be content safety analyses for the
system as a whole to prove that the safety requirements have been satisfied and
the hazards identified have been mitigated , The safety plan should be apply to
the system to identify the, safety requirements and safety component, the safety
requirements should prove that the system component has not any failures.
The second step will be the consequence analysis to establish the hazard log
also use fault tree analysis (FTA) to minimize any safety impact of the system,
the strategy should define if the hazards have been eliminated, the severity of the
hazard resulting from the failure is minimised and the probability of the
component is sufficiently remote.
The safety case shall be consist of structured argument supported by a body of
evidence, that provides a compelling , comprehensible and valid case that a
system is safe for given application in a given environmental.

FHA
Integration
Safety
PSSA
Consequence
Systems
Conveyor
Primary
Platform
Safety platform
Implementation
Design
SSA
Causal
Integration
Units &Caseof&safety
System
Analysis
Hazards test
Decomposition
Analyses
Definition
Identification
Evidence
PHI
 EXAM NUMBER: Y4848066

Figure (1) safety case strategy and lifecycle

IV. The strategy can apply to all issues identified in( ii ) as the following :
(3 marks)

Description Safety Strategy

The conveyors will be in several sections, and the
The safety case report should include that to
converging length will be over 2Km, and would insure the design of the conveyor provided
cross above the canal and the road, so martial orwith spill guards, pan guards, or the
product could be spilling or falling on road or canal
equivalent if there is a potential for material to
during this distance. fall off the conveyor and endanger personnel
or equipment. The guards shall be designed
to catch and hold any load or material that
may fall off or become dislodged from the
system.
All exposed moving machinery parts present a The safety case report should include that to
hazards (motors nip points and shear points) insure the design of the conveyor provided
with Mechanically or electrically guarded or
guarded by location, should apply to the
system to minimize the hazards.
“A fire can start anywhere along the conveyor Fire hazards could be reduced by
system and can spread quickly to other areas engineering control by detection methods.
creating major losses” (1).
The system may be Suddenly started at any time This hazard could be eliminating by warning
during maintenance by human mistake or after signs shall be provided along the conveyor at
system failure. areas that are not guarded or protected by
their location. Also The area around loading
and unloading points shall be kept clear of
obstructions that could create a hazard.
“Belt conveyors use wide flat belts to move The safety case report should include that to
product, this type of conveyor presents its own insure the design of the conveyor can be
unique set of variables that affect the noise Control noise hazards or by use PPE and
generated”(2), The dust also can be generated in exhausted air should be found in loading and
loading and discharge points. discharge points, to minimize dust generation
during operation process.

Communication between operating staff is very
important during operation process and in
emergency cases bad communication could
introduce hazards.
“When a conveyor is stopped for maintenance
purposes, starting devices or powered
accessories shall be locked or tagged out in
accordance with a formalized procedure designed
to protect all person or groups involved with the
conveyor against an unexpected start”(3).
Without proper training operators and
maintenance staff may not appreciate safety
critical nature of the operation.
The conveyor would be in several sections
Good supervision and follow the procedures
and operations manual to close this hazard
.
Machinery must include a safety interlock
circuit to prevent inadvertent starting. The
maintenance procedures should include a
safe system of work that puts the system in
to a safe shut down state for maintenance.
Appropriate training must be provided
for operating and maintenance staff.
The safety case report should include that to
 EXAM NUMBER: Y4848066

converting a total length of 2 KM and would cross
above canal and road on a high level bridge , so
the materials may fall off the conveyor to the road
and canal ,also the weather –strong winds may
be cause sand fall off to the buildings and
vehicles and cause hazards .
Health safety and environmental considerations if
don’t follow up during operation and maintenance
could introduce hazards to the human and the
system.
insure the design of the conveyor provided
with spill guards, pan guards, or the
equivalent to prevent materials fall off, also
Use prominent a wariness devices, such as
warning signs or lights.
This hazard would be mitigated through the
Application of the strategy by apply HSE
requirement by keep an overview of the SHE
regulations.

(1) CONVEYORBELT GUIDE ( http://www.conveyorbeltguide.com/SafetyInUSA.html )

(2) Noise considraration for design,spesification of convyors system( http://www.mhi.org )

(3) Occupational fsfety and health adminstrator (OSHA).

 EXAM NUMBER: Y4848066

FSE Question 2 (20 marks)

i. Classification of The factors contributed to the accident. (4 marks)

Classification Factors
Technical 1- The warning systm was not working (buzzer, light)
2- The electrical bell between the outocoach and locomotive was not
working.
3- The teadly system was not operating correcttly. the treadle arm is
not set at the correct height , this increase the total length of
warning .
4- The brake controls is difficult to use in an emergency “The RAIB
and the DFR carried out tests using the auto-train to establish how
the braking system behaves in various different modes of operation.
These tests confirmed that, once the vacuum brake has been
applied, it is not possible to release it quickly: it can take up to thirty
seconds to re-create vacuum using the ejector by placing the
combination valve in the ‘release’ position“(1).
5- No having working sanding equipments on the train . “The DFR had
no requirement for the train crew to check that the sand boxes for the
locomotive and the auto coach were filled and operational Not having
working sanding equipment on the train may have contributed to the
accident. “(1).
Management 1- Lack of training and experiece of fire man . “When the locomotive is
and training propelling the coach, the fireman is alone on the footplate and
unable to seek advice from the driver if unsure about what to do at
any point, he had only two days experience on the auto-train before the
accident occurred, and had no training in or experience of the action to be
taken in emergency situations. “(1).
2- The DFR known about the problem with the warning systm but they
dont take action. “ The treadle operated approach warning
mechanism was known to be faulty. This had been reported four
days before the accident and the DFR proposed to rectify the fault,
but had not done so by the time of the accident, and had not
informed operating staff of the fault“(1).
3- The DFR does not pressure from road to minimize traffic delays.
4- The age of the driver (71 year) retired . “The driver was over the
maximum age for driving“(1).
5- The medical examination for the driver should be every one year as
DFR requirments but the managment were only requiring every five
years.
6- The driver axceeded the speed over 10 mph(16 Km/h) , the train
speed was 20mph (30Km/h) when it bassed the speed restricion
board .this is lack of training.
7- The crossing keepers have delay to opening the gates to the
railway crossing .

8- The driver did not anticipate the effect that the wet condition of the
rail head would have on the braking performance of the train. This
was contributory to the accident.
9- The crossing keepers noticed during the first passage of the train
 EXAM NUMBER: Y4848066

earlier in the day that the treadle operated flashing light and the
warning buzzer had not operated, and they only became aware of
the approach of the train when they saw it coming.
10-The possible outcome of using the release valve needs to be fully
understood by the railway and by individual drivers and firemen so
that the brakes can be safely handled in all situations and proper
training can be given to staff.
11-The crews on the DFR had not practised handling the brake in
emergencies
12- There are not procedures in place to inform staff that system have
failed or the operating in adegraded conditions .
13-“Steam engine footplate crews are selected from volunteer engine
cleaners and are trained by the locomotive inspectors. They are
assessed for competence to act as firemen, and in due course may
advance to driver“(1).
Design 1- The low position of the warning treadly arm .
2- No effective system for inform the train crews that the warning
system was not working .
3-
4- The speed indicator board position is not clear.
5- “The arm of a treadle device that has been mechanically designed
such that its return from the depressed position takes place in a
controlled timed manner (usually slow) “(1)

6- The operation of the treadle by a train causes a buzzer to sound ,and

light to flash this is lack of design , treadle operated equipments should
be install to warn the crossing when the train approach .
Environmenta 1- The noise from passing traffic . “The noise from passing traffic, in
l particular heavy goods vehicles climbing the hill, could have contributed to
the crossing keepers not hearing the warning whistle from the
approaching train“(1).
1- The weather was reported as being poor with signification rainfall
that caused the train to slide, the train would have been stop befor
the reaching the board if the rail had been dry.

i. Events Timeline (6 marks).

EXAM NUMBER: Y4848066

To draw a timeline we should identify all the events leading up to the accident,
first we identify the event of the period preceding the accident ,as the figure
below :

The
The
The
The Service
crossing
train
14:4
12: Norchord
crossing
crossing
driver
The station
keepers
keepers
keepers
The station
crossing
blows
The tow
close
train
the
signals
stop
crossing
keepers
driver
operates
the
train
the
four
with
whistle
reduce
road
secure
keepers
gates
the
green
traffic
treadle
to
speed
and
the
flag
confirm
move
and
crossing
permit
to
to
(the
open
to
the
20mph
the
the
buzz
road
train
train
the
gates
crossing
+light)
traffic
to
railway
approaching
processing
togates
resume
10 through the crossing
0

Second the events of the final few minutes before the accidant.
EXAM NUMBER: Y4848066

TheThe
fire
The
The
The
train
man
The
leading
leading
The
crossing
passed
operate
detached
The
The
train
end
end
crossing
crossing
The
stand
keepers
over
the
Train
of
ofgate
The
driver
the
the
combination
The
the
with
The
The
keepers
speed
autocoach
struck
keepers
train
wheels
autocoach
began
treadle
driver
saw
it
driver
driver
sapproached
passed
leading
the
one
saw
to
locked
fully
had
but
sounded
sounded
brake
stop
gates
struck
of
struck
the
warning
applied
no
the
end
and
the
train
valve
warning
not
10
crossing
the
the
the
the
30
the
road
the
mph
completely
when
the
buzzer
stop
partially
metres
and
partially
whistle
whistle
train
traffic
to
brakes
to
the
board
it
keepers
open
20
slide
come
and
past
reservoir
open
open
and
mph
open
light
the
the
into
open
(he
crossing
crossing
gates
crossing
did
view
injured)
but
the
not
the
gates
gate
gate
operate
train did not
stop
EXAM NUMBER: Y4848066
 EXAM NUMBER: Y4848066

Timeline
100
The
40
20
327
m
500
485
431
455
400
300
272
Mph200
driver
Speed
The
Crossing
The
Stoop fully
crossing
train
indicator
board
gate
cross
keepers
board
the Treadle
start opens the gates
applied the brakes

40

20

100 200 272 300 327 400 431 455 485 500
 EXAM NUMBER: Y4848066

Figure (2) timeline of the accident

This Figure shows the comparing between the train speed and the distance; we
assume the accident event start when the train cross the treadle.

ii. Way-Because Graph( 6 marks ) The wheels was locked

Accident

Weather conditions The train reach crossing

gates

Amount of water on RWY surface The driver excessive the train speed
Gateman severely injured by
The train reach the stop displaced crossing gate
board

RWY very wet

The train driver was unable to stop it Train speed 20 mph

Damage to the train

The leading end of the outcoach struck the crossing gate

The crossing keepers saw the train when it come into view
The train did not stop

The gates was not fully open

Noise from road traffic The wheels locked & the train slide
 EXAM NUMBER: Y4848066

The crossing keepers had not warning to open the gate

The train passed over the treadle

Warning buzzer and light did not operate

The driver sounded the whistle
The driver fully applied the brakes
The buzzer & the light did not operate

Lack of maintenance
The treadle operated approach warning was faulty
The cross keepers close the
four gates & resume the traffic

DFR Poor management

The train driver blows the train whistle to
confirm the train approaching

Internal event Source event The crossing keepers stop the road traffic
& open the railway gates The signalman belled the crossing keepers by telephone

Internal process Source process

The train departed norchard station

The signalman know the buzzer & the light did n

Source state Internal state

Figure (3) Way-Because Graph of accident

iii. (4 marks).

The rail trnsport sector should learned from this accidant by devlope The railway with
respect to the safety by follow the safety standerd and all the recommendations
made by like these investigations reports.

• Install automatic open crossing remotely monitored ( AOCR) , for all crossing
gates , AOCR will have the standard steady member and flashing traffic light
signals these will be activated automatically by an approaching train, these
automatic gates will prevent the accidents that occur by human errors .
• Improve the old design of the singes of the level crossing (whistle board , speed
indicator board, and remove the trees in the area that near the gates) also the
size and the location of the singes should be as the standard.
 EXAM NUMBER: Y4848066

• Training courses for all employees for rail transport sector by create career
development plans.
• Initiate and apply risk assessment model to all level crossing to establish
reasonably practical safety system options and control, to minimize the risks.
References
(1) Accident report. Website: www.raib.gov.uk

FSE Question 3 (14 marks)

i. Councils responsibilities with respect to fire safety.(10 marks)

“Under the Regulatory Reform (Fire Safety) Order 2005 and The Fire
(Scotland) Act 2005, anyone who has control of premises or who has a
degree of control over certain areas or systems may be designated a
‘responsible person’ (e.g. an employer, a managing agent, an owner, an
occupier or any other person who has some control over all or part of relevant
premises)”(1) so the Councils responsible for:
NO Councils responsibilities Southwark council a actions
1 Councils are required by law to carry out fire Lakanal House did not have a valid fire
risk assessment on social housing high-rise risk assessment in place when fire broke
blocks “The responsibility to do fire risk out.
assessments was transferred to local
councils in 2006. “(1) the current
responsibility to do fire risk assessment is
with local councils following aching to the
legislation in October 2006 .so fire risk
 EXAM NUMBER: Y4848066

assessment is very important to implement

appropriate fire safety measures to minimize
the fire risk .
2 “Put in place plans and actions to eliminate “Southwark Council has previously
or reduce the risk from fire as far as is released files showing it knew in 2000
reasonably practical, and provide general fire
precautions to deal with any residual risk”. that Lakanal House posed a risk of rapid
The emergency plan should be found in fire spread but did nothing for seven
every building and the people who live in years. Also Lakanal House was due to be
these high –rise blocks must be know about demolished under the council's Labour
emergence procedures in case of fire.
administration. But when the council
changed hands to Liberal Democrat the
new administration decided to keep
Lakanal House” (2).
3 “Take additional measures to ensure fire “All the facades and window frames were
safety where flammable or explosive replaced with flammable uPVC which
materials are used or stored” (2).this melts in fire, releasing toxic fumes” (1).
measured should be including in fire risk
assessment for example the material of
window frames, the location of material
storage.
4 “Create a detailed plan to deal with any Emergency plan relevant to premises had
emergency and, in most cases, document not been communicated effectively to
the findings” (2).in case of any emergency residents.
should found plan includes who is
responsible and what are the producers
which should follow.
5 “Landlords have to ensure there are “The design of the block, which has only
adequate fire precautions (including alarms, one central staircase. Fire doors that
extinguishers and fire blankets) and fire were either not fire resistant and/or self-
escape routes. These must be well closing”(2).and also during the
maintained and adequate for the number of investigation found the fire alarm system
residents and the size of the property” (2). does not working .

From number (1) we find Southwark council did not carry out fire risk assessment
which required by law, to implement appropriate fire safety measures to minimise
the risk to life from fire, also from( 2 ) Southwark council was knew in 2000 that
Lakanal House posed a risk of rapid fire spread but did nothing for seven years and
don’t take actions to eliminate or reduce the risk from fire according to the law
( responsibilities ) also in (3) the council should take additional measures to ensure
fire safety where flammable or explosive materials are used or stored, but the
council replaced all the facades and window frames with flammable uPVC which
melts in fire in (4) the council should Create a detailed plan to deal with any
emergency and, in most cases, document the findings but the Emergency plan
relevant to premises had not been communicated effectively to residents.
EXAM NUMBER: Y4848066

I think the situation of other councils has changed and they are learn from the fire at
lakanal house, because “more than one in five councils stepped up fire safety work
on tower blocks following a high-rise blaze that killed six people, for example A
Hackney Council carried out 52 fire risk assessment, after 3 July” (1) (INSIDE
HOUSING 23/10/2009)
“Also Sheffield Council has 25 tower blocks and had done no ‘formal comprehensive
fire risk assessments’ before the Lakanal fire. It had completed 20 FRAs by 21
September.”(2)
“Lambeth Council had assessed just two of its 75 blocks of seven or more storeys
before the Lakanal blaze. By the time it responded to the FOI, on 2 October, it had
started FRAs on three more blocks and it has now pledged to assess the fire risks of
all its blocks of six or more storeys by March 2010”(1).
In (Inside house ) total survey found 282 blocks of four or more storeys that did not
have a fire risk assessment before 3 July, but now most of the councils situations
changed and they start carried out fire risk assessment for the high –rise blocks
Safety in numbers survey shown in the table below this survey is completed by
inside housing , the survey comparing between the actions have taken by the
councils to fulfil their fire safety responsibilities before Lakanal and whether they
have changed their stance since.
EXAM NUMBER: Y4848066

http://www.insidehousing.co.uk/story.aspx?storycode=6506865

ii. ( 4 marks ) The impact of the coverage on the residents of high-rise blocks was
very strong. because there are many blocks like lakanal house with one central
stairwell and same the design of lakanal house, and many people ask questions
about what happens when the fire breaks out in these flats, also there are
families with young children living in high blocks, they described these flats as
“death traps” and others described it disaster waiting to happen.
References
1) Inside housing http://www.insidehousing.co.uk/story.aspx?storycode=6506865
2) BBC London news.