Logo

Abstracts & Biographies

October 23, 2019 Meeting: Model-Based Functional Safety for Complex Software intensive Systems

Barry Hendrix, A-P-T Research

Abstract: Model Based Functional Safety is all about the functional decomposition of safety requirements, attributes and behaviors and expressing in easy to understand graphical and pictorial form to supplement templates and words. Models can help in a common interpretation of explicit safety behavior. Safety-Critical Systems and Safety-Critical Functions (SCF) must be the focus when conducting Functional Hazard Analyses and Functional Hazard Assessments (FHA). FHAs have become the prerequisite for software safety analyses since behavior of the software and systems must be well understood in the safety domain. Functional Safety models should focus on how the architecture and the physical system, the computer system and embedded software contributions ensure correct and predictable system behavior. Functional safety tasks focused on failure conditions leading to hazards should be integrated into models. Safety Use Cases, Safety Activity Diagrams, Safety Sequence Diagrams, Functional Flow Diagrams, Safety States and Modes models, off nominal models, etc. can depict safety behavior. Above all models can help influence system and explicit safety requirements, design safety features, hazard mitigation, safety verification, and risk reduction actions in the design and operations leading to system certification. The end goal is to reduce the level of abstraction of the many complex interactions in software and depict safety attributes clearly with objective safety evidence in safety documentation to be used for approval and certification. Functional Safety can be implemented for various safety policies, methods, and best practices of different agencies, companies, and product lines. (Presentation Slides)

Biography: Barry Hendrix joined A-P-T Research in 2015 after retiring from Lockheed Martin as Fellow Emeritus for System Safety. Barry’s career in System Safety started 35 years ago at LTV/Vought Aircraft Company in Dallas, TX after serving 10 years in the United States Navy as an aviation fire control/weapons delivery specialist with attack squadrons aboard aircraft carriers. Barry has worked a broad variety of tactical aircraft (A-7, F-16, B-2, F-22, F-35), integrated weapons, fire control systems, C2 systems, and particle beam systems. Since 1984 he has specialized in software safety on system of systems. He is a Fellow member of the International System Safety Society (ISSS), former President of the North Texas Chapter, past Director of Members Services, and was awarded the ISSS Manager of the Year in 2001. He has trained over 1000 in software system safety and airworthiness and served on committees contributed to many safety standards including ANSI/GEIA-STD-0010-2009, MIL-STD-882E, SAE ARP4754A, and RTCA DO-178C. He actively supports the SAE International G-48 Committee and has a strong interest in promulgating Model-based System Safety, Formal Methods and Safety Cases on modern software intensive systems.

June 27, 2017 Meeting: How to Audit a Safety Assessment Report (SAR) - Creating and Using a SAR Audit Protocol

Chris Trumble, AMCOM Safety Office

Biography: Mr. Chris Trumble is currently a safety engineer for the United States Army Aviation and Missile Command Safety Office, Aviation System Safety Division, at Redstone Arsenal in Alabama. He was a co-chair for the Joint Planning Development Office Safety Working Group’s Safety Management System Implementation Subcommittee. His experience has been within the military, public safety and commercial sectors. He is a mechanical and safety engineering, aviation, security, forensics, and emergency management professional.

May 30, 2017 Meeting: Safety Assessment Report (SAR): Purpose, Features, Format and Use

Chris Trumble, AMCOM Safety Office

Biography: Mr. Chris Trumble is currently a safety engineer for the United States Army Aviation and Missile Command Safety Office, Aviation System Safety Division, at Redstone Arsenal in Alabama. He was a co-chair for the Joint Planning Development Office Safety Working Group’s Safety Management System Implementation Subcommittee. His experience has been within the military, public safety and commercial sectors. He is a mechanical and safety engineering, aviation, security, forensics, and emergency management professional.

June 21, 2017 Meeting: Safety in Building and Racing Greenpower Cars

Drew Sparks, Greenpower Lead Teacher, Huntsville City Schools

Biography: Drew Sparks is the Greenpower Lead Teacher for Huntsville City Schools. He has been a part of the Greenpower program for 3 years and have competed in numerous events in throughout the United States and England. He has been involved in education for the past 10 years as a middle school math teacher and Greenpower teacher/mentor.

May 3, 2017 Meeting: Model Based Systems Engineering & Software System Safety Workshop

Dave West, SAIC, Chairman, SAE International G-48 System Safety Committee

Biography: David B. West, CSP, P.E., CHMM, ISSS Fellow; Chief Systems Engineer; Mission, Engineering, and Program Support Service Line; Science Applications International Corporation (SAIC), has over 29 years of experience performing safety work for Army Aviation, chemical weapons destruction, manned and unmanned spaceflight programs, petroleum refining and chemical process plants, and nuclear facilities. West is the chairman of the SAE International (formerly GEIA and TechAmerica) G-48 System Safety Committee. He previously served as the G-48 secretary from January 2005 to May 2009 and vice chairman from May 2009 to May 2010. In 2010, West was named the System Safety Society’s Manager of the Year. West is a past and current president of the Society’s Tennessee Valley Chapter (TVC) and was recipient of the TVC’s Professional of the Year award in 2005. He has been a director on the Board of Directors of the Board of Certified Safety Professionals (BCSP).

April 19, 2017 Meeting: Safety in Architecture and Design: A review of building codes and an architect's responsibility towards Health, Safety, and Welfare in Design

Chris Waters, AIA and Alison Corey, AIA, Chapman Sisson Architects

Biography: Chris Waters, AIA. Education: 2001 Bachelor of Architecture, Auburn University. Honors: American Institutes of Architects. Chris enjoys the challenge of managing a wide assortment of project types for Chapman Sisson. His attention to detail, whether it be construction documentation or customer service, is unmatched. Chris enjoys working on Church projects in particular, but is effective in all project types. He is part owner in the firm.

Biography: Alison Corey, AIA. Education: 2007 Bachelors of Science in Architecture, Minor in Management, Ball State University; 2009 Master of Architecture, Ball State University. Honors: American Institutes of Architects. After graduation, Alison relocated to Huntsville and joined the Chapman Sisson team. She has a passion for building relationship with clients and the community. Alison’s upbeat personality promotes an advantageous atmosphere throughout the office. She enjoys project management on all project types and strives to see them through to completion. Alison is part owner in the firm.

February 15, 2017 Meeting: Tips for Reviewing Fault Tree Analyses

Marge Jones, PPT Solutions, Inc.

Abstract: When an Fault Tree Analysis (FTA) is requested in a statement of work, often only the fault tree model is provided. This often doesn't capture the full "analysis" aspects that are needed to verify analysis results, correctness, and completeness. The presentation will be a review of the key elements of a FTA and why they are needed; as well as, some tips and lessons learned on things to look for in reviewing FTAs.

Biography: Marge Jones is a System Safety Consultant specializing in commercial aircraft certification. She has been a Federal Aviation Administration (FAA) Designated Engineering Representative (DER) for safety and reliability for structures, power plant, and systems and equipment for the past 15 years. Marge provides safety consultant/product safety services to aircraft industry and has been involved in a variety of type certificates (TC) and supplemental type certificates (STC), many requiring specialized safety assessments to support equivalent level of safety evaluations. Her area of safety consultation includes defining system architecture and detailed design requirements, performing safety analyses, developing design solutions to safety related issues, evaluating and/or preparing certification documentation for regulations compliance, and coordinating with design engineering and vendors to review concepts and design solutions. She has worked on numerous aviation projects including aircraft thrust reverser system equivalent level of safety certification, passenger-to-cargo conversions, smoke detection/fire suppression systems, rotorcraft medical LOX systems, display systems, and engine control systems. Marge also has several years of safety engineering experience with defense systems and NASA payloads. She holds a B.S. degree in Safety Engineering from Texas A&M University and an M.S. degree in Systems Management from Florida Institute of Technology.

January 18, 2017 Meeting: A Software Change Impact Analysis Procedure Overview

Greg Turgeon, GT Software Services, LLC

Abstract: Software changes in a system must be carefully analyzed to ensure the modified system continues to meets all its requirements, including safety requirements. Software Change Impact Analysis is a rigorous process to determine all the potential effects of software changes and the tasks required to verify the software changes. The U.S. Army Aviation and Missile Research, Development, and Engineering Center (AMRDEC) Software Engineering Directorate has defined a procedure and guidelines for systematic Software Change Impact Analysis. A summary of this guidance will be presented to capture the key activities that should be completed for any Software Change Impact Analysis.

Biography: Greg Turgeon is currently a consultant software safety engineer with his own company, GT Software Services, LLC. He currently is a Designated Engineering Representative (DER) for the Federal Aviation Administration, reviewing civilian aircraft software. Prior to his current position, he served as a software engineer and software team lead for various projects such as jet engine controls, the International Space Station, and automotive anti-lock braking systems. He holds a Bachelor of Science in Electrical Engineering from Wayne State University and a Master of Science in Software Engineering from the University of Michigan, Dearborn.

November 16, 2016 Meeting: Functional System Safety Engineering

Steven R. Hosner, PE, A-P-T Research, Inc.

Abstract: As the esteemed safety engineer Steve Mattern often says in his classes, the thing that programs and system engineers want from system safety are their safety requirements for the system. Ordinarily this is somewhat difficult since until systems engineering defines the systems a bit, the safety analysis must wait until enough of the implementation is defined to analyze and safety requirements cannot be generated. This presentation provides definitions for function and safety requirements and an example of using functions to get ahead of the curve and provide safety requirements in conjunction with system requirements so that the safety requirements can actually impact system design and implementation.

Biography: Steve Hosner spent 20+ years as a civil servant with the US Air Force working systems and software engineering on systems ranging from radar warning receivers to ground based space tracking radars. He spent the last three years of his civil service career in the Army's Aviation Engineering Directorate (AED) evaluating the airworthiness of Army rotorcraft. He was the primary author of a draft AED standard on system safety which provided guidance on how to blend the civilian safety guidance and MIL-STD-882 safety requirements for military aircraft. After retiring from civil service, he worked for Westar supporting the Army airworthiness mission until June 2014. He started and ended his own company, System Safety Engineering, LLC which was to provide system safety engineering training and mentoring. He has since went to work for A-P-T Research on a part-time basis supporting the Army's Software Engineering Directorate (SED) on software and airworthiness.

October 19, 2016 Meeting: Challenges of Applying Conventional Software System Safety to Agile Software Development Programs

Melissa Emery, A-P-T Research and Dave West, SAIC

Abstract: Modern systems are increasingly dependent on software for status monitoring, control, and safety. Software system safety originally evolved at a time when large software development followed a “waterfall” approach in which requirements definition, architecture design, coding, test, and deployment were conducted sequentially. This allowed time early in the program for completing several conventional system safety tasks, such as the system safety program plan (SSPP) and various hazard analyses. Many modern software development programs follow the Agile development approach, in which “sprints” are conducted, to rapidly and incrementally define the architecture, write code, and test it, often before all system requirements are established. Agile development does not align well with the conventional system safety approach. System safety engineers applying conventional software safety will find that by the time they complete and obtain approval of the SSPP, developers have already completed several sprints. To better support modern development programs, a modified software safety approach should be developed to allow software contributions to hazards (causes and controls) to be identified and assessed, before the development team has completed the software architecture and design. This will ensure software hazard causes are adequately mitigated and safety significant software adheres to the level of rigor requirements.

Biography: Melissa Emery, Senior Safety Engineer, A-P-T Research, holds a BS in Mathematics from the University of Houston, Clear Lake. She began her career working software change requests, pre-STS-1, at Rockwell International in Downey, California. She moved to Houston, Texas in 1986 and supported Space Shuttle Avionics software change activities involving Space Shuttle Mission Operations. In 1991 she moved to Huntsville Alabama and transitioned to software safety supporting the Safety and Mission Assurance (S&MA) Office at the NASA Marshall Space Flight Center (MSFC). Melissa has been employed at A-P-T Research, Inc. since 2002. Her career spans 20 years of system/software safety experience supporting NASA and the U.S. Army. She also has experience in software Airworthiness and has taught several system safety and software courses while at APT Research. Melissa has been active in the Tennessee Valley chapter and she served as the International System Safety Society (ISSS) Secretary and Executive Vice President. She is currently serving the ISSS in the capacity of Director of Member Services

Biography: Dave West, CSP, P.E., CHMM, Chief Systems Engineer, Science Applications International Corporation (SAIC), earned a BS in Nuclear Engineering from the University of Cincinnati in 1984. He has over 27 years of service with SAIC, where he provides system safety engineering expertise for various defense projects at the U.S. Army’s Redstone Arsenal. He is currently the President of the Tennessee Valley Chapter of the International System Safety Society. For the past 6 years, Mr. West has chaired the G-48 System Safety Committee, which is organized under the Systems, Standards, and Technology Council of SAE International. From 2008 through 2013, Mr. West served on the Board of Directors of the Board of Certified Safety Professionals.

September 21, 2016 Meeting: The Business Case for Using a Numbered Logarithmic Risk Severity Scale

Don Swallom, US Army Aviation and Missile Command

Abstract: By the way they are structured, the severity scales of both U.S. Department of Defense (DoD) Instruction 6055.07 dealing with actual accidents, and Military Standard 882 (MIL-STD-882) dealing with potential accidents, do not adequately address accidents with extremely high dollar or fatality loss. While the threshold for the highest classification of damage loss has been increased by 6055.07 to $2 million and 882 to $10 million, both up from $1 million, some DoD systems exceed those values by up to three orders of magnitude. The threshold for the highest injury classification is unchanged at one fatality. A numbered logarithmic severity scale similar to the Richter Scale used for earthquakes would resolve this deficiency and support classifying and assessing the risk of high-loss accidents. The new scale would not only improve the risk management of accidents but also would enhance the Department of Defense application of risk management. It could be further applied on a national basis in support of Presidential Policy Directive 8 which aims to strengthen the security and resilience of the nation through systematic preparation for the threats and hazards that pose the greatest risk to U.S. security and wellbeing.

Biography: Donald W. “Don” Swallom is a safety engineer with the U.S. Army Aviation and Missile Command Safety Office. Don holds a Bachelor of Science in Engineering Sciences from the United States Air Force Academy and a Master of Science in Systems Management from the University of Southern California. Prior to his current position, he served as a helicopter pilot, staff officer, and developmental engineer in the United States Air Force. His last Air Force assignment was as the chief of safety for the Arnold Engineering Development Center, the world's largest complex of aerospace ground testing facilities. He collaborated on the system safety chapter of the Handbook of Human Systems Integration (John Wiley and Son, 2003). Don is a Fellow member of the International System Safety Society and a past president of the Tennessee Valley Chapter.

July 20, 2016 Meeting: Introduction to the RSESC Complex Systems Integration Lab

David Arterburn, Director, Rotorcraft Systems Engineering and Simulation Center

Biography: Dave Arterburn is a retired Master Army Aviator with over 28 years in Army Aviation. He has served in engineering and acquisition positions including assignments as the Chief, Technical Management Division, Armed Scout Helicopter Project Office, Chief, Flight Projects Office, US Army Aeroflightdynamics Directorate, Test Director and Experimental Test Pilot at the US Army Aviation Technical Test Center, Chief Engineer for the UH-60M Upgrade Program and Chief Engineer of the OH-58F Kiowa Warrior Cockpit and Sensor Upgrade Program. Mr. Arterburn served as Assistant Professor in the Department of Civil and Mechanical Engineering at the United States Military Academy after receiving his Master’s Degree in Aerospace Engineering from the University of Maryland at College Park. Mr. Arterburn graduated from the United States Military Academy in 1984. His awards include the 2008 and 2013 American Helicopter Society Grover E. Bell Award as part of the U.S. Army/NASA/Sikorsky UH-60M Upgrade Flight Control Team and AMRDEC/NASA/PM Armed Scout Helicopter/Bell Aerodynamics Improvement Team, respectively, NASA Group Achievement Award for the development and first flight of the Rotorcraft Aircrew Systems Concepts Airborne Laboratory (RASCAL), TECOM Professionalism Award and numerous military awards. Mr. Arterburn is a member of the American Helicopter Society, the U.S. Army Aviation Association of America and the Society of Experimental Test Pilots.

May 18, 2016 Meeting: Field Programmable Gate Arrays (FPGA) Familiarization

Charles Fulks, Intuitive Research and Technology Corporation

Abstract: Field Programmable Gate Arrays are becoming ubiquitous is electronics. Many people misunderstand the nature of these devices and confuse their development with software development. This session introduces Field Programmable Gate Array (FPGA) technology and development. This is intended for engineers and management who need to understand FPGAs, but who do not intend to personally develop FPGA designs. The attendee will leave with a solid foundation of FPGA technology, development process, and management. They will also have basic knowledge of common errors and indicators of design quality (red flags).

Biography: Charles Fulks leads the FPGA development group for Intuitive Research and Technology Corporation. With over 20 years in the embedded / high reliability industry, Charles works with a number of different technologies. However, his focus over the past decade is primarily Field Programmable Gate Arrays (FPGA) and embedded digital design. He has patented FPGA-related technology. He holds a MSEE degree from the University of Central Florida and is a Senior Member of the IEEE. Charles has trained numerous design engineers, is a regular speaker at several conferences, and has presented on the topic of FPGA design internationally. He was interviewed for EE Web's Featured Engineer column.

April 20, 2016 Meeting: Universal Risk Scales

Tom Pfitzer, Founder and President, A-P-T Research, Inc.

Abstract: In 1999, the Risk-Based Explosives Safety Criteria Team (RBESCT) developed the Universal Risk Scales (URS) to assist in the job of selecting appropriate criteria for defining "How safe is safe enough?" To answer this question, the URS provides two types of numerical data plotted alongside a logarithmic scale. On the left side, the URS summarizes legal precedents and standards that contain criteria for risk acceptance and compares those standard criteria to numerous data on the right side representing actual risk statistics derived from historical accident data. The URS was the foundation for selection of the risk criteria currently used by Department of Defense Explosive Safety Board (DDESB) to evaluate risk-based explosives safety siting assessments. In 2014, A-P-T Research (APT), with guidance from the RBESCT, was tasked to update the URS to reflect changes in the safety culture since the initial study. More current data were collected to update risk values from the previously used activities, and new activities were researched in an attempt to better represent risks similar to the explosives industry. In addition, all standards mentioned in the initial study were compared to see if any updates were made, and new standards were included in the comparison. This research will be evaluated and assessed by the RBESCT and DDESB to determine if current Department of Defense (DoD) site planning criteria need revision. This presentaton provides the details of this update along with additional perspectives and comparisons with the updated and new data. This updated URS data also has many other potential uses within government and industry for decision makers who face the challenging question of "how safe is safe enough?"

Biography: Tom Pfitzer is the Founder and President of A-P-T Research, Inc. A native of Chattanooga, Tennessee, Mr. Pfitzer holds a Masters Degree in Industrial Engineering (System Safety Option) from Texas A&M University. He is a graduate of the U.S. Army Intern Program in Safety Engineering. He has 19 years service in the test and safety career field for the U.S. Army Space and Missile Defense Command (SMDC). Mr. Pfitzer has over 40 years in Test Planning, System Safety, Range Safety, and Risk Analysis. He has held various positions in safety and risk assessment both in Huntsville, AL and Kwajalein, Marshall Islands. Early in his career, he was the Safety Officer at a national range monitoring safety for over 200 launches. In 1990, he founded A-P-T Research, a company that employs over 120 practicing safety professionals. In 2004, he established the Safety Engineering and Analysis Center (SEAC) at A-P-T which currently supports approximately 40 U.S. government agencies. Major contracts support the US Missile Defense Agency and NASA Kennedy Space Center. Tom has supported numerous U.S. and international agencies that are developing risk-based standards. He is currently a member of the Society for Risk Analysis, a Fellow of the International System Safety Society, and is on the Board of Directors of the International Association for the Advancement of Space Safety, chairing the Launch Safety Committee. He has authored more than 25 papers in technical journals, and been keynote speaker at safety conferences.

March 16, 2016 Meeting: F-35 Aircraft Software System Safety

Josh McNeil and LaToya Eggleston, US Army AMRDEC Software Engineering Directorate (SED)

Abstract: The F-35, Lightning II, Joint Strike Fighter (JSF) is a 5th generation fighter aircraft that represents a milestone in aircraft innovation, combining advanced stealth capabilities with fighter aircraft speed and agility, fully-fused sensor information, network-enabled operations and advanced logistics and sustainment. The Software Engineering Directorate (SED) Software Airworthiness and Safety Lab (SASL) team was tasked by the F-35 Joint Program Office (JPO) to perform an Independent Software Safety Analysis Task (ISSAT) of selected F-35 Mission Systems Prime software domains. To perform the ISSAT the SED SASL team applied their Software System Safety Analysis Process (S4AP), which includes specific procedures and tailored safety checklists for performing criticality analyses, software requirements analyses, code analyses, interface analyses, and traceability analyses. The SED SASL team also utilized a software safety analyses database tool to facilitate repeatable analysis processes, analyst consistency, automated analysis findings and metrics reporting, and auditable results. This presentation will highlight the analyses processes and the analysis database tool used for the F-35 Mission Systems Prime Software ISSAT. (Presentation Slides)

Biography: Josh McNeil is the Software Safety lead for the Aviation Missile Research Development and Engineering Center, Software Engineering Directorate (SED) and manages the SED Software Airworthiness and Safety Lab (SASL). The SASL performs software safety analyses, software airworthiness assessments, and software independent verification & validation (IV&V) analyses on various US Army military programs. Mr. McNeil received his BS in Electrical and Computer Engineering from the University of Alabama in Huntsville and has worked in the Aerospace Industry for over 28 years as a Software Safety and System Safety Engineer. Mr. McNeil has given several tutorials on software safety and written numerous papers on software safety. He was an active member of International System Safety Society for over 23 years, serving as the ISSS Director of Publicity and Media (2001-2005); Executive Chair for the 19th International System Safety Conference (2001); and Past President of the Tennessee Valley Chapter (1997-1998).

Biography: LaToya Beale Eggleston has over 11 years’ experience with the Department of Defense performing software verification & validation testing, software safety analysis and software airworthiness for missile and aviation programs. Ms. Eggleston received a BS in Mathematics minor in Computer Science from Alabama A&M University, a BS in Electrical Engineering from the University of Alabama in Huntsville and a Master of Science in Management/Information Systems from Florida Institute of Technology. She recently worked F-35 Program as Software Airworthiness and Safety Lab (SASL) Independent Software Safety Assessment Team (ISSAT) Lead for the Software Engineering Directorate (SED) and currently working the Apache-Foreign Military Sales Program. Ms. Eggleston currently serves on the Army Materials Research Development Engineering Centers (AMRDEC) Strategic Diversity Advisory Group and is an Ambassador for AMRDEC Army Educational Outreach Program. She is an active member of the North Alabama National Society of Black Engineers Professional Chapter, serving as Treasurer (2010-2012) and President (2013-present).

February 17, 2016 Meeting: Risk-based Technique for Explosive Safety

Dean Nichols, A-P-T Research

Abstract: Some explosive safety professionals have the view that quantitative risk assessment (QRA) is difficult to understand and complicated to use. They are comfortable with the proven reliability of quantity distance (QD) methods and question the benefits of applying QRA principles to explosive safety. The presentation provides a short description of the development of the most well-known QD method, the American Table of Distances (ATD) and its strengths and weaknesses. Additionally, the presentation looks at features available in state of the art QRA software for explosives not possible using QD methods. The discussion will also include some aspects of risk determination and the empirical testing supporting the algorithms used in the software.

Biography: Dean Nichols works for the Explosives Safety and Test Division at A-P-T Research in Huntsville, Alabama, as a safety analyst. As such, his duties include coordination of training and distribution for explosives risk assessment software tools such as SAFER and IMESAFR. He joined APT after 20 years of service with the Federal Government including 16 years with the Mine Safety and Health Administration (MSHA). During his years with MSHA, Nichols assisted federal and state mine inspectors with industrial hygiene (IH) and explosive safety accident investigations, with safety and health regulation enforcement requiring scientific data analysis, and taught training classes in IH procedures and explosives safety methods. He holds a Master of Science in Public Health degree for Industrial Hygiene from the University of Alabama in Birmingham.

January 20, 2016 Meeting: The Application of Real-time Locating Systems (RTLS) Technology to Provide Hazard Notification and Safety Analysis in Industrial Environments

Randall Stanley, President and CTO of PLUS Location Systems US

Biography: Randall Stanley is the President and CTO of PLUS Location Systems USA, and has been with the company since its inception in March 2011. Mr. Stanley is responsible for product and technology development at PLUS, guiding new development efforts from concept to release. Mr. Stanley has managed the deployment of PLUS systems at multiple customer sites, established customer training programs, and managed integration of PLUS technology with custom solution providers partners. Mr. Stanley’s experience also includes sixteen years at Time Domain Corporation with responsibility over hardware, software, and system designs using ultra-wideband and other wireless technologies.

October 21, 2015 Meeting: Model-based System Safety Overview

Barry Hendrix, A-P-T Research

Abstract: Model-based System Engineering (MBSE) was promoted by the International Council of System Engineering (INCOSE) well over a decade ago as the desired method to develop modern and more complex systems. Many software-intensive and safety-critical programs in DoD, such as the F-35 Lightning II and major software suppliers, have successfully used MBSE with Unified Modeling Language (UML) and Systems Modeling Language (SysML) using Rhapsody and DOORs and more formal methods, even Goal Structuring Notation (GSN). MBSE replaces and augments outdated and cumbersome paperwork centric systems and can break down and simplify narrative artifacts and allows a greater understanding of the detail design with safety-critical functionality expressed in state diagrams, functional diagrams, behavioral diagrams, sequence diagrams with complete requirements traceability. No longer can software system safety use outdated tasks and vague documentation methods on programs with MBSE. Model-based System Safety (MBSS) is being successfully employed on several USAF, USN and commercial aircraft programs along with Safety Cases as a better way to produce objective safety evidence. As more model-based software is being standardized and matured on some US Army C2, C4 and Systems of Systems (SOS), system engineering, software engineering , software safety leaders and practitioners must collaborate with managing agencies, safety boards and certification authorities to undergo a cultural change to understand, accept and allow better techniques, methods, tools and processes. Safety Cases, that augment Safety Assessment Reports (SAR), are sought on model-based programs to produce objective safety evidence for hazard closure. More devoted research & development (R&D) and collaboration with the SAE G-48 Committee is needed to ensure a seamless transition to MBSS on some emerging programs that are currently planning on using it without formal promulgated software safety process procedures.

Biography: Barry Hendrix recently joined A-P-T Research in Huntsville after retiring from Lockheed Martin as Fellow Emeritus for System Safety. Barry’s career in System Safety started 35 years ago at Vought Aircraft Company in Dallas, TX after serving 10 years in the United States Navy in fighter and attack squadrons aboard aircraft carriers. Mr. Hendrix is a Fellow member of the International System Safety Society, former President of the North Texas Chapter, former Director of Members Services, and was awarded Manager of the Year in 2001 for system safety leadership in software safety on the F-22, F-35, C-130J and C-5M aircraft programs. He has trained over 1,000 in software safety and served on committees contributed to many Safety Standards including ANSI/GEIA-STD-0010-2009, MIL-STD-882E, SAE ARP4754A, and RTCA DO-178. He actively supports the SAE International G-48 Committee and has a strong interest in promulgating Model-based System Safety, Formal Methods and Safety Cases on modern software intensive systems.

October 19, 2015 Dinner Meeting: Engineering the Saturn V: Beyond Rocket Engineering

Aloysius (Al) Reisz, Reisz Engineers

Biography: President, CEO Reisz Engineers, involved with R&D of advanced in-space propulsion systems. Propulsion engineer with Boeing during development and flights of the Saturn V of the Apollo program. Engineer involved with Skylab program. Provides engineering services to industry and aerospace. Developed early large scale solar energy system used in processing soybeans into meal and oil during OPEC oil embargo of the mid 70s. Reisz Engineers' TVA project at Browns Ferry Nuclear Power Plant. The Browns Ferry processes waste water for large greenhouse facility winter heating and summer cooling and is recognized as 1 of 10 outstanding engineering projects in the US in 1978 by the National Society of Professional Engineers (NSPE). Working with the NASA Marshall Space Flight Center (MSFC) and University of Michigan his firm developed high-density electron cyclotron resonance advanced in-space propulsion system. A University of Kentucky mechanical engineering graduate. He has authored and co-authored numerous technical papers and magazine articles pertaining to space exploration and propulsion. Licensed professional engineer in Kentucky and Alabama. Member, Alabama Engineering Licensing Board 2005 – 2010. Invited Lecturer, University of Kentucky. Guest Lecturer, William Maxwell Reed Seminar, University of Kentucky. 2011 Hermann Oberth Award recipient for outstanding achievement in astronautics. Member and vice-chair American Society of Mechanical Engineers (ASME) Propulsion Technology Committee, ASME Fellow. Society of American Military Engineers (SAME) Fellow. Emeritus Member NCEES. Seminar Lecturer on Engineering Law. Appeared in Alfred P. Sloan Foundation Program “For All Mankind”.

July 2015 Meeting: How Do You Do Safety for Mil-Vilian Rotorcraft?

Steven R. Hosner, PE, System Safety Engineering, LLC

Abstract: No, mil-vilian rotorcraft are NOT some sort of evil helicopters. Mil-vilian rotorcraft are rotorcraft built under military contract that require unrestricted access to civil airspace. How do you accommodate the differences between military and civilian safety approaches and requirements during a military acquisition program? You combine and accommodate the differences at the start of the program. You use the civilian’s top-down functional analysis approach from the aircraft level of design down to the implementation level of design to gain system understanding, perform civilian-style functional safety assessments and assign functional safety requirements. The functional safety requirements are used as inputs to the military safety analyses and assessments on various levels of implementation design.

Biography: Steve Hosner spent 20+ years as a civil servant with the US Air Force working systems and software engineering on systems ranging from radar warning receivers to ground based space tracking radars. He spent the last three years of his civil service career in the Army’s Aviation Engineering Directorate (AED) evaluating the airworthiness of Army rotorcraft. He was the primary author of a draft AED standard on system safety which provided guidance on how to blend the civilian safety guidance and MIL-STD-882 safety requirements for military aircraft. After retiring from civil service, he worked for Westar supporting the Army airworthiness mission until June 2014. He since has started his own company, System Safety Engineering, LLC which will provide system safety engineering training and mentoring in the areas covered by the draft standard. The first class, ‘Functional System Safety Engineering’ shows how to blend the programmatics, higher level system analysis/modeling techniques, safety definitions and safety analysis techniques. Follow-on classes will address blending military and civil guidance to safety assessment/analysis documents.

June 2015 Meeting: Nine Ideas for Our Discipline

Tom Pfitzer, Founder and President, A-P-T Research, Inc.

Abstract: What does today’s System Safety discipline have to do with the nearly 400-year-old ideas of a French mathematician? APT President Tom Pfitzer traces the history of today’s risk management ideas to ancient times, revealing nine “new” ideas that are relevant to today’s safety professional, along with current industry trends and developments. His ideas offer an insightful path ahead for advancing our discipline.

Biography: Tom Pfitzer is the Founder and President of A-P-T Research, Inc. A native of Chattanooga, Tennessee, Mr. Pfitzer holds a Masters Degree in Industrial Engineering (System Safety Option) from Texas A&M University. He is a graduate of the U.S. Army Intern Program in Safety Engineering. He has 19 years’ service in the test and safety career field for the U.S. Army Space and Missile Defense Command (SMDC). Mr. Pfitzer has over 40 years in Test Planning, System Safety, Range Safety, and Risk Analysis. He has held various positions in safety and risk assessment both in Huntsville, AL and Kwajalein, Marshall Islands. Early in his career, he was the Safety Officer at a national range monitoring safety for over 200 launches. In 1990, he founded A-P-T Research, a company that employs over 120 practicing safety professionals. In 2004, he established the Safety Engineering and Analysis Center (SEAC) at A-P-T which currently supports approximately 40 U.S. government agencies. Major contracts support the US Missile Defense Agency and NASA Kennedy Space Center. Tom has supported numerous U.S. and international agencies that are developing risk-based standards. He is currently a member of the Society for Risk Analysis, a Fellow of the International System Safety Society, and is on the Board of Directors of the International Association for the Advancement of Space Safety, chairing the Launch Safety Committee. He has authored more than 25 papers in technical journals, and been keynote speaker at safety conferences.

May 2015 Meeting: Exploring Our Society’s History

Rex Gordon, MPH, PE, CSP; ISSS Fellow Member Emeritus

Biography: Rex Gordon is a 50-year charter member, and current Historian of the International System Safety Society. He is a past President of the Society and past Editor of the Journal of System Safety. He served as Chairman of the 2nd ISSC, and both the Northeast and Southern California Chapters. He has represented the Society on the boards of the Reliability and Maintainability Symposium (RAMS) and Certified Safety Professionals (CSP). He is an ISSS Chapter Member and a past Chairman of the Government Electronic Industries Association (GEIA) G-48 System Safety Committee. He has co-authored two text books, and over 15 published papers. He has lectured at George Washington University and the University of Southern California (USC). He has represented the Society at functions held in the White House, the Pentagon, in Germany, Holland, and Paris. His is retired after 40 years of employment as a System Safety Engineering Specialist, Manager, and Consultant. He currently lives with his wife of 61 years in Fallbrook, CA.

April 2015 Meeting: DoD 5000 and System Safety

David Swinney, Defense Acquisition University (DAU) South

Abstract: The new DoDI 5000.02 doesn’t have many changes in the wording about safety. Does that mean the recent changes in the acquisition system didn’t change much about safety? Let’s talk about the impact of changes to the acquisition system on the execution of System Safety responsibilities across the life cycle. From technical reviews to software safety to the new "Risk Management Guide," there’s more impact to System Safety than you might realize.

Biography: David Swinney serves as a Professor of Systems Engineering for the Defense Acquisition University (South Region). He teaches courses in systems engineering, test and evaluation, and information technology. He is a member of the DoD Acquisition Corps and holds level 3 certifications in the Engineering, Program Management, Test and Evaluation, and Information Technology career fields. Mr. Swinney came to Huntsville in 2005 after retiring from active duty in the US Air Force. He has extensive experience leading teams in the engineering management of large and complex aerospace systems including the development, test, fielding and support of large body aircraft, space launch vehicles, satellites, and ballistic missiles, and their associated test, launch, and support facilities. He holds an undergraduate degree in mechanical engineering from Oklahoma State University and a graduate degree in astronautical engineering from the Air Force Institute of Technology.

March 2015 Meeting: System Safety Using Ten Hundred Words

Don Swallom

Abstract: Albert Einstein said, "If you can't explain it simply, you don't understand it well enough." A challenge currently floating around the world-wide web is to explain complex ideas using only the most frequently used "ten hundred" (1,000) English words. This was first done describing NASA's Saturn 5 (Up Goer Five) and has even been used for a small book on the universe called "The Edge of the Sky – All You Need to Know about the All-There-Is." MIL-STD-882E defines the terms of system safety using 441 words of which only 104 are part the ten hundred. Can these system safety terms be meaningfully redefined using only the ten hundred words. What truths about system safety can we learn in the process?

Biography: Donald W. “Don” Swallom is a safety engineer with the U.S. Army Aviation and Missile Command Safety Office. Don holds a Bachelor of Science in Engineering Sciences from the United States Air Force Academy and a Master of Science in Systems Management from the University of Southern California. Prior to his current position, he served as a helicopter pilot, staff officer, and developmental engineer in the United States Air Force. His last Air Force assignment was as the chief of safety for the Arnold Engineering Development Center, the world's largest complex of aerospace ground testing facilities. He collaborated on the system safety chapter of the Handbook of Human Systems Integration (John Wiley and Son, 2003). Don is a Fellow member of the International System Safety Society and a past president of the Tennessee Valley Chapter.

February 2014 Meeting: Safety: Areas of concern (More things to think about?)

David Schultz, QinetiQ North America

Biography: Mr. David Schultz has been involved in many industries: Machine Tools, Pharmaceutical Production, Automotive Electronics, Superalloy Production, Military Electronics, Spaceflight, Chemical Processing, and others**. In each case, safety and quality have been a major concern. Member ISSS. (** and has enough experience to know better than to try to tell everything.)

December 2013 Meeting: Safety is not an Option - Sikorsky's Aviation Safety Equipment List (ASEL) Process

Clifford Parizo and Brandon Daugherty, Sikorsky Aircraft Corporation

Abstract: Sikorsky Aircraft Corporation has developed a method for evaluating and classifying rotorcraft safety enhancing equipment in terms of impact on safety and various equipment installation factors. Guidance from certifying agency policy and system safety standard practice were considered, resulting in a classification tool that can be used to determine if equipment should be marketed and sold as either mandatory or optional. The methodology that was developed may have applications for other products and industries.

Biography: Clifford Parizo holds a Bachelor of Science degree in Mechanical Engineering from Worcester Polytechnic Institute and a Master of Science degree in Management from Rensselaer Polytechnic Institute. He is the Manager for System Safety for Sikorsky Aircraft Corporation. He has a total of thirty-five years of experience in areas of test engineering, product safety, and system safety for rotorcraft design and development programs. He has attended and supported ISSC conferences since 2003, and been a member of the ISSS since July 2008. He received the Northeast Chapter President’s Award for his efforts in revitalizing the New England Chapter and helping to form the Northeast Chapter in 2011.

Biography: R. Brandon Daugherty holds a Bachelor of Science degree and a Master of Science degree in Industrial and Systems Engineering along with a Graduate Certificate in Occupational Safety and Ergonomics from Auburn University. Brandon has served as a System Safety Engineer for Sikorsky Aircraft Corporation supporting a variety of US Army and US Air Force Programs out of the Huntsville, Alabama, Facility since 2010. He also serves as the environment, health and safety representative for the Huntsville Facility. He attended and supported the ISSC in 2012 and 2013, and been a member of the ISSS since 2009. He is currently serving as Treasurer for the Tennessee Valley Chapter.

October 2013 Meeting: Safety Risk Estimation for Software

Josh McNeil, U.S. Army, and Melissa Emery, A-P-T Research

Abstract: The U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) Software Engineering Directorate (SED) will present their current efforts to develop a technique for estimating the Software contribution to overall System Risk. The current industry approach is a binary approach based on meeting a level if rigor (LOR) standard or not meeting the standard. This is inconsistent with risk assessment approaches for hardware systems which use a quantitative scale or qualitative scale to represent multiple levels for probability of occurrence. SED has developed an approach, Fuzzy Logic Approach to Risk Estimation (FLARE) which is used to perform a qualitative assessment to identify a likelihood that a given software function could lead to a hazard. This provides the risk acceptance authority with a best estimation of software's contribution to system risk. An overview of FLARE methodology and the process for using FLARE to evaluate software risk will be provided. A demo of the SED FLARE tool will also be provided. (ISSC 2012 Paper) (ISSC 2012 Slides)

Biography: Jonathan C. "Josh" McNeil, Sr. received his B.S. in Electrical and Computer Engineering from the University of Alabama - Huntsville. Mr. McNeil has worked in the Aerospace Industry for 20 years as a Software Safety and System Safety Engineer. In his current position, Mr. McNeil is the Software Safety lead and UAS Software Airworthiness lead for the U.S. Army Aviation and Missile Research Development and Engineering Center Software Engineering Directorate (SED) responsible for performing software safety analyses on various US Army military programs and software airworthiness assessments on various US Army Manned and Unmanned Aviation Systems (UAS). Mr. McNeil has given several tutorials and written numerous papers on software safety. He has also been an active member of International System Safety Society (ISSS) for over 17 years, serving as the Director of Publicity and Media (2001-2005); Executive Chair for the 19th International System Safety Conference (ISSC) (2001); and Past President of the Tennessee Valley Chapter (1997).

Biography: Melissa A. Emery, Senior System Safety Engineer, A-P-T Research, Inc. is a member of the International System Safety Society and currently serves as the Director of Member Services. She has also served as Executive Vice-President and Secretary for the ISSS as well as President for the Tennessee Valley Chapter. In addition Melissa has been the author/co-author of several papers in the area of System Safety.

September 2013 Meeting: What would Pascal think of the Practice of System Safety?

Tom Pfitzer, Founder and President, A-P-T Research, Inc.

Abstract: This is an update of ideas originally presented at the 2001 International System Safety Conference and expanded by Pat Clemens, Saralyn Dwyer, Tom Pfitzer and others during the last decade. The ideas have been incorporated in part by the ANSI Standard on System Safety. A similar paper was dedicated to Pat Clemens as part of the Keynote address at this year's IAASS conference in Montreal.

Biography: A native of Chattanooga, Tennessee, Tom Pfitzer is the Founder and President of A-P-T Research, Inc. Mr. Pfitzer holds a Masters Degree in Industrial Engineering (System Safety Option) from Texas A&M University. He is a graduate of the U.S. Army Intern Program in Safety Engineering. He has 19 years’ service in the test and safety career field for the U.S. Army Space and Missile Defense Command (SMDC). Mr. Pfitzer has over 35 years in Test Planning, System Safety, Range Safety, and Risk Analysis. He has held various positions in safety and risk assessment both in Huntsville, AL and Kwajalein, Marshall Islands. He has provided key leadership advice to U.S. Government agencies that are in the process of promulgating new risk-based standards. They include the National Range Commander's Council (RCC), which published a risk-based standard for debris protection, the government/contractor team that developed a risk-based standard for the DoD Explosive Safety Board and a national group (G-48) which published an ANSI standard on best practices for System Safety. He has served as a U.S. member of the expert-working group that the NATO risk-based safety standard. In 2004 he founded the Safety Engineering and Analysis Center (SEAC) which currently supports approximately 40 U.S. government agencies. He also advises other business on successful employee ownership approaches. Mr. Pfitzer has been honored three times by the International System Safety Society with the awards of Manager of the Year in 1999, Professional Development in 2008, and President’s Award in 2008. Since 2006, he has chaired the Launch Safety Committee of the International Association for the Advancement of Space Safety.

July 2013 Dinner Meeting: Will the Real System Safety Solution Please Stand Up

Barry Hendrix, Lockheed Martin Missiles and Fire Control

Biography: Barry Hendrix recently moved from Marietta, GA to Huntsville in March 2013 to work on his current assignment as the IBCS System Safety Lead. He is a Lockheed Martin Technical Fellow Emeritus assigned to Northrop Grumman and specializes in software system safety. Barry has 30 years system safety experience with Vought/LTV, Texas Instruments Missiles, Raytheon Missiles, and Lockheed Martin Aeronautics and Missiles & Fire Control. He served in the United States Navy as an aviation fire control and weapons delivery specialist in fighter and attack squadrons aboard aircraft carriers in the 1970s and is a Vietnam Veteran serving in Operation Linebacker in 1972. He has been married to Vera for 38 years and has two daughters and a granddaughter in graduate school at Texas A&M University. He plans on semi-retirement in the Huntsville area in a couple of years to become a part-time system safety consultant..

May 2013 Meeting: Understanding and Applying Total System Risk Summing (As Outlined in the Risk Summing Guidebook) (Link to paper)

Bill Edmonds, Pat Clemens, Tom Pfitzer, Bob Baker, Melissa Emery

Abstract: System safety, in majority practice, does not assess whole system risk. Instead, as most often applied, system safety subjectively assesses the separate partial risks of individual hazards identified as posing risk to valued assets. Risk acceptance authorities then judge the acceptability of whole system risk based exclusively on their consideration of these numerous partial risks. As a result, systems are committed to operation with acceptance of whole system risk but without knowledge of its overall value. This shortcoming has long been recognized, but has gone without remedial attention in the standards guiding practice of the discipline. Risk Summing ideas and techniques applied in routine system safety practice date back to 1972. This paper incorporates some of the early concepts and strategies as well as more recent research and case studies. In 2005, an international risk summing workshop arrived at consensus on criteria for a risk summing method. Such a method, now developed and described herein, satisfies requirements for simplicity, universal applicability, and interpretability of results. In addition to summing, it recognizes a family of aids for characterizing and interpreting total system risk. Opportunities for conservation of resources while lowering overall system risk are also made apparent

Biography: William T. "Bill" Edmonds, CSP, currently serves as a senior safety engineer for the United States Army Materiel Command located at Redstone Arsenal, Alabama. He is a graduate of Auburn University with a Bachelor of Industrial Engineering and a Certified Safety Professional with over 25 years of system safety experience in both private industry and government service..

Biography: P.L. "Pat" Clemens, PE, CSP, A-P-T Research, Inc. is a Fellow of the International System Safety Society and the author/co-author of more than 30 published papers dealing with safety engineering topics.

Biography: Tom Pfitzer is founder and President of APT Research. He holds a Master’s Degree in Industrial Engineering (System Safety Option) from Texas A&M University. He is a graduate of the US Army Intern Program in Safety Engineering and has 38 years of experience in the safety field. He has been recognized by the International System Safety Society as National Manager of the year for his efforts to bring common practices to the areas of System Safety, Range Safety, and Explosives Safety.

Biography: R. G. "Bob" Baker, Chief Analyst, A-P-T Research, Inc. is a member of the International System Safety Society and the author/co-author of numerous papers in the areas of flight safety, explosive safety, and system safety.

Biography: Melissa A. Emery, Senior System Safety Engineer, A-P-T Research, Inc. is a member of the International System Safety Society and the author/co-author of several papers in the area of System Safety.

April 2013 Meeting: Are We Ready for Driverless Cars?

Dave West, Science Applications International Corporation

Abstract: For decades, technological advancements have continually improved the automobile, making it easier to drive. As we integrate features like adaptive cruise control, GPS navigation, lane keeping, and so on, and make them interoperable, we move ever closer to having cars that will drive themselves to the destinations we enter into their programs. Some experts have even predicted that in less than a generation, it will be illegal to steer our cars ourselves! Though it may seem that serious safety challenges constrain our movement down this path, it may actually be the safety benefits offered by driverless cars that propel us in this direction. Several high-profile competitions have fostered the development of driverless car technology. Some jurisdictions are already passing legislation to pave the way for driverless cars on public roads. With driverless cars will come major changes in legal processes involving accidents. In many ways, the development of driverless cars that will operate on public roadways parallels the development of unpiloted aircraft that will fly in the national airspace. Design standards for hardware and software in civil aircraft (e.g., RTCA DO-254/DO-178) may serve as models for similar qualification of driverless car hardware and software.

Biography: David B. West, CSP, P.E., CHMM, Vice President and Chief Technology Officer (CTO) of the Systems, Software, and Solutions Operation of Science Applications International Corporation, has over 26 years of experience performing safety work for Army Aviation, chemical weapons destruction, manned and unmanned spaceflight programs, petroleum refining and chemical process plants, and nuclear facilities. West is the chairman of the TechAmerica (formerly GEIA) G-48 System Safety Committee. He previously served as the G-48 secretary from January 2005 to May 2009 and vice chairman from May 2009 to May 2010. In 2010, West was named the System Safety Society’s Manager of the Year. West is a past president of the Society’s Tennessee Valley Chapter (TVC) and was recipient of the TVC’s Professional of the Year award in 2005. Since January 2008, he has been a director on the Board of Directors of the Board of Certified Safety Professionals (BCSP).

March 2013 Meeting: Selling Safety

Steve Hosner and David Schultz, QinetiQ North America

Abstract: How to “sell” safety to: Lawyers, Scholars, Program Managers, and (Non-Safety) Engineers. Discussion and examples of how the safety profession has been damaged by misperception, and some ideas on how to improve the profession’s image. Thesis: Safety, as typically presented, has negative connotations. Antithesis: Safety, correctly presented, has positive benefits. Synthesis: Safety Engineering enhances quality of life for all.

Biography: Mr. Steve Hosner spent 20+ years as a civil servant with the US Air Force working systems engineering and software engineering on systems ranging from radar warning receivers, to automatic test equipment to special operations aircraft to ground based space tracking radars. He spent the last three years of his civil service career in the Aviation Engineering Directorate evaluating the airworthiness of Army rotorcraft with an emphasis on system safety. Since that time, he has continued his airworthiness work for the Army as a contractor with emphasis on the system safety aspect of airworthiness.

Biography: Mr. David Schultz has been involved in many industries: Machine Tools, Pharmaceutical Production, Automotive Electronics, Superalloy Production, Military Electronics, Spaceflight, Chemical Processing, and others**. In each case, safety and quality have been a major concern. Member ISSS. (** and has enough experience to know better than to try to tell everything.)

February 2013 Meeting: Software System Safety, Software Criticality, and Software Hazard Control Categories for Information Systems

Mike Pessoney, A-P-T Research

Abstract: Faced with the task of assessing software safety in a large military information family of systems, the authors found the sample Software Control Categories matrices described in MIL-STD-882E and in the Joint Software System Safety Engineering Handbook (JSSSEH) inadequate for controlling and evaluating the software safety of the system. For an information system, both the restricted span of control and the lack of control level independence posed problems to the evaluators. Substitute Software Control Categories (Renamed Software Hazard Control Categories) were postulated and refined until sufficient fidelity was reached for the Software Hazard Control Categories. These categories were used for the evaluation of software criticality and mapping to a level of rigor plan for software hazard control. This paper describes the methods, the substitute Software Hazard Control Categories developed, and summarizes the results obtained. An Information System, as used here, is a system that does not directly control any safety critical hardware or subsystems. All control is performed by an operator or associated system, based in whole or in part, on data provided by the information system.

Biography: Mike Pessoney is currently a Senior Software Safety Engineer working in software system safety supporting the U.S. Army’s Aviation and Missile Research, Development, and Engineering Center (AMRDEC) Software Engineering Directorate (SED). Mr. Pessoney has worked in the Military and Space Software Industry for 35 years as a Software Engineer, Software Development Manager, and System Software Safety Engineer. Major programs supported include the Apollo program, Site Defense Ballistic Missile Defense, P3-B/P-3C communications programs, Grizzly Remote I/O Modules, Abrams Diagnostics, and Bradley Diagnostics. Mr. Pessoney has worked four years as a software system safety engineer. Mr. Pessoney has been a Solo II Safety Steward for the Sports Car Club of America for 10 years. Mr. Pessoney received his BS and MA in Mathematics from Sam Houston State University in Huntsville, Texas. Mr. Pessoney has been an active member of System Safety Society (SSS) for seven years.

January 2013 Meeting: Relevancy of Technical Societies

Roger Eidsaune, Vice President, Huntsville Association of Technical Societies (HATS)

Abstract: This presentation will provide an overview of HATS and discuss recent actions within the organization to increase relevancy and usefulness to its members.

Biography: Roger Eidsaune has worked in the Aerospace industry since 1975 in the areas of engineering, program management and business development. He is currently the Vice President of HATS and a member of the Board of Directors for NDIA TVC. He previously served as Chairman of The Compassionate Friends, Huntsville and as a City Commissioner for Parks and Recreation in Placentia, California.

December 2012 Meeting: Board of Certified Safety Professionals (BCSP)

Dr. Treasa M. Turnbeaugh, Chief Executive Officer, BCSP

Abstract: This presentation will discuss the inception of the BCSP, including the alpha and omega of the specialty CSP exams, with Q&A about certification and the need for a current day systems safety specialty.

Biography: Treasa M. Turnbeaugh, Ph.D., MBA, CSP, CET was named Chief Executive Officer of the Board of Certified Safety Professionals in September of 2012. BCSP is a global certification body with over 30,000 individuals currently certified who are engaged in the performance of safety related activities in the safety, health and environmental fields. Dr. Turnbeaugh most recently served as the Chief Operating Officer of BCSP, where she was responsible for all examinations, marketing, customer service, and business development as well as the development of new initiatives for BCSP to bring value to its certificants. Dr. Turnbeaugh is experienced in the Safety, Health and Environmental (SH&E) field and in the field of professional certification. Additionally, Dr. Turnbeaugh brings experience and leadership in the business arena of both for-profit and not-for-profit organizations. Dr. Turnbeaugh holds a Ph.D. in Health Services Research, with a minor in Epidemiology and a Master of Public Health from Saint Louis University; a Master of Business Administration from Lindenwood University; and both a Master of Science and Bachelor of Science in Occupational Safety and Health, with a specialization in Industrial Hygiene, from Murray State University. She is a member of the American Society of Safety Engineers, the American Industrial Hygiene Association, and the American Society of Association Executives. Dr. Turnbeaugh has been in the SH&E profession for over 25 years, has held her CSP certification over 20 years, and is a Certified Environmental, Safety & Health Trainer (CET)

November 2012 Meeting: Help Wanted: Military Rotorcraft System Safety Engineering Academic Program Designers!

Steve Hosner, QinetiQ North America

Abstract: What courses would YOU like Masters and PhD holders to have before they come to work for, or with, you? To the best of my knowledge, no university has put together a program aimed at military rotorcraft system safety engineering. This presentation, developed without consulting UAH, shows possible interdisciplinary MS and PhD programs of study built on UAH courses from Computer Science, Computer Engineering, Industrial and System Engineering and Mechanical and Aeronautical Engineering departments and a handful of new classes that would have to be ‘built from scratch’. Please help ’plug holes’ and ‘fill in the cracks’!

Biography: Mr. Steve Hosner spent 20+ years as a civil servant with the US Air Force working systems engineering and software engineering on systems ranging from radar warning receivers, to automatic test equipment to special operations aircraft to ground based space tracking radars. He spent the last three years of his civil service career in the Aviation Engineering Directorate evaluating the airworthiness of Army rotorcraft with an emphasis on system safety. Since that time, he has continued his airworthiness work for the Army as a contractor with emphasis on the system safety aspect of airworthiness.

October 2012 Meeting: The Aviation Safety Management System (SMS) and Its Relevance to System Safety Engineering

Chris Trumble

Abstract: The global aviation community has recognized that the reactive nature of aviation safety needs to change so accidents can be identified prior to a catastrophic incident through detecting problems and identifying trends, and then implementing proactive mitigation actions. The methodology they selected is termed the Safety Management System (SMS). Implementation of the SMS into the aviation industry is occurring globally and will be a mandated requirement phased in over the next few years. An understanding of what constitutes an SMS and whether it will conflict or integrate with the system safety engineering process is necessary for system safety engineers and the future safety of the aviation industry. The SMS elements are compared and contrasted with system engineering and system safety engineering. Additionally, the structure of the International Civil Aviation Organization’s (ICAO’s), the Joint Planning Development Office’s (JPDO’s) SMS Standard and the Federal Aviation Administration's (FAA’s) guidance are discussed

Biography: Mr. Chris Trumble is currently a safety engineer for the United States Army Aviation and Missile Command Safety Office, Aviation System Safety Division, at Redstone Arsenal in Alabama. He was a co-chair for the Joint Planning Development Office Safety Working Group’s Safety Management System Implementation Subcommittee. His experience has been within the military, public safety and commercial sectors. He is a mechanical and safety engineering, aviation, security, forensics, and emergency management professional.

September 2012 Meeting: Wandering W80s: A Failure of a System of Systems

Drake Daggett

Abstract: "Wandering W80s: A Failure of a System of Systems" is a recount of the incident in which 6 W80 nuclear weapons were flown from Minot AFB, ND, to Barksdale AFB, LA, against all policy and without knowledge of nuclear command authorities. It briefly looks at the reaction of the USAF and focuses more on the 'holes in the Swiss cheese' systems-wise that lined up to allow such an incident to occur. It draws on Mr Daggett's extensive knowledge of nuclear weapon system management and his personal observations while assigned to the Blue Ribbon Review, an after-action fact finding committee that surveyed the nuclear enterprise in a cultural assessment manner.

Biography: Drake Daggett is a Safety Engineer with the Counter-Rocket, Artillery, Mortar program. He is an employee of Wyle-CAS. Mr Daggett is a graduate of the United States Air Force Academy with a BS in Chemistry and the University of Central Missouri, MS in Aviation Safety. He has experience with flightline aircraft maintenance on various airframes. He also has extensive experience with munitions, integrating the EGBU-28 Bunker Buster with the B-2, and bedding down the MOAB. Additionally, he managed the piece/part efforts for JDAM procurement. He also is one of a handful of USAF officers to work on both the F-117 and B-2, so he stealthily picked up a fair amount of stealth knowledge along the way. The last years of Mr Daggett's USAF career were spent with the Defense Threat Reduction Agency and the Air Force Safety Center's Weapons Safety Division. There he served as the AFSC advisor to several Class A munitions/missiles mishaps and was personally selected to represent the Air Force Safety Center on the Blue Ribbon Review, one study (of three) that were conducted following the W80 incident that resulted in the loss of positive custody and control of several nuclear weapons for 36 hours. Following retirement in 2010, Mr Daggett got a job as a cost estimator with MCR in the Missile Defense Agency. He was employed by Wyle-CAS in his current capacity as a Safety Engineer in June of 2012. He is a Project Management Professional, a member of the System Safety Society, and the National Eagle Scout Association. Mr Daggett is married to Kristin Zyber, of Riverside, CA, and has two children, Lauren, 6, (the apple of his eye and future President of these states united) and Jackson, 3 weeks (future starting quarterback for the 2032-?? Super Bowl Champions, the Green Bay Packers.

May 2012 Meeting: Starting with "Why"

Robert Schmedake

Biography: Robert Schmedake is a Boeing Technical Fellow with over 25 years experience in system safety engineering. He has worked on military programs at McDonnell Douglas and Boeing since 1985 with expertise in software safety, unmanned systems, and fuzing systems. He has served in the US military since 1986 as a member of the Missouri Air National Guard in the role of Environmental Compliance Officer, Readiness Officer and Operations Officer within a Civil Engineering unit. In 2004 he took an assignment in the USAF Reserves and as of April 2012 has finished an 8 year assignment within the Aeronautical Systems Center System Safety directorate, retiring at the rank of Lt Col. Robert Schmedake is serving as the US Co-Chair of the S5000F committee for the establishment of a data exchange standard for the feedback of Reliability, Maintainability, and Safety data from field organizations to the logistical support and development activities. He is the current Secretary of the G-48 System Safety Committee of Tech America and in the past he has served in leadership roles related to fuzing system interface standards publishing the SAE standard AS-5716 "Standard Electrical and Logical Interface for Airborne Fuzing Systems", safety guidelines for the "DoD Unmanned Systems Safety Guide for DOD Acquisition", and guidance for Software Safety. He is a senior member of the International System Safety Society and is the currently serving as the society Executive Vice President (ISSS bio). Other organizations in which he is affiliated include the Air Force Association, Institute for Electronic and Electrical Engineers, SAE, and National Defense Industry Association. He has authored a number of technical papers within the system safety discipline on topics including insensitive munitions, software safety, and approaches to dealing with non-standard development models.

December 2011 Meeting: International System Safety Society Status and Initiatives

Gary Braman

Biography: Gary Braman is a System Safety Engineer with Sikorsky Aircraft Corporation in Huntsville, AL. He is a retired Master Army Aviator with over 25 years in the aviation and safety professions. While on active duty, he served in varying positions of responsibility as an Aviation Safety officer, from the flight detachment level through the Department of the Army level including six years at the United States Army Safety Center (USASC). While at the USASC, he served as a US Army Accident Investigator and as a Primary Instructor for the US Army Aviation Safety Officer Course. He has a Master of Aeronautical Science (MAS) Degree in Aviation/Aerospace Management from Embry-Riddle Aeronautical University (ERAU) and a Master of Science (MS) Degree in Industrial Engineering Technology and Safety Management from Texas A&M University. Mr. Braman is a Certified Safety Professional (CSP) and holds certifications in hazard control management; environmental auditing in health and safety; and environmental, safety, and health management. He is an Assistant Adjunct Professor for ERAU in Huntsville, AL, certified to teach all safety-related course including graduate- and undergraduate-level accident investigation, human factors, and system safety. Mr. Braman is active in various professional organizations including the International Society of Air Safety Investigators (ISASI) and the American Society of Safety Engineers (ASSE). Mr. Braman is a past Chapter President of the Tennessee Valley Chapter and a Senior Member of the International System Safety Society. He is currently serving as President of the Society.

September 2011 Meeting: Plans for Developing a Safety Curriculum in the UAH College of Engineering

Dr. Jeff Kulick

Biography: Dr. Jeff Kulick has a BSE in Engineering Physics from New York University. Dr. Kulick also has an MSE and PhD in Electrical Engineering from The University of Pennsylvania. He was a Professor at Queen's University in Kingston Canada in the Department of Computer Science from 1973-1989; a Professor at UAH from 1990 to the present in the Department of Electrical and Computer Engineering as well as a Visiting Scientist and/or Visiting Professor at a variety of institutions including the Tata Institute of Fundamental Research in Bombay India, CERN in Geneva Switzerland, McGill University in Montreal Quebec and MIT in Cambridge Massachusetts. He currently works in Software Safety Engineering and provides consulting support to SED at AMRDEC.

July 2011 Meeting: Mathematical Techniques to Improve the Utility of a Hazard Risk Matrix

Don Swallom

Abstract: This presentation addresses how to increase the utility of a hazard risk matrix with techniques that leverage the mathematical relationship of severity, probability and risk on a well-defined matrix. It addresses the attributes of a well-defined matrix and how other quantifiable data can be integrated into a matrix to produce more meaningful measures and impacts of risk over the life-cycle of the system. Other techniques in this paper yield confidence that assessments of risk approximate reality by enabling comparison of risk assessments to actual accident data of a system and its legacy systems. The principles outlined in this paper should provide insights helpful for any practitioner applying a mishap risk assessment matrix to a specific system..

Biography: Donald W. “Don” Swallom is a safety engineer with the U.S. Army Aviation and Missile Command Safety Office. Don holds a Bachelor of Science in Engineering Sciences from the United States Air Force Academy and a Master of Science in Systems Management from the University of Southern California. Prior to his current position, he served as a helicopter pilot, staff officer, and developmental engineer in the United States Air Force. His last Air Force assignment was as the chief of safety for the Arnold Engineering Development Center, the world's largest complex of aerospace ground testing facilities. He collaborated on the system safety chapter of the Handbook of Human Systems Integration (John Wiley and Son, 2003).

May 2011 Meeting: Melding Civil and Military Safety Standards for Unmanned Aerial Systems

Steve Hosner

Abstract: This presentation looks at current Army guidance on the issue of airworthiness safety standards Unmanned Aerial Systems (UAS) must meet for civil airspace operations, civilian guidance for similar manned aircraft and melds the airworthiness safety standards to form one set that covers both domains.

Biography: Steve Hosner spent 20+ years as a civil servant with the US Air Force working systems engineering and software engineering on systems ranging from radar warning receivers, to automatic test equipment to special operations aircraft to ground based space tracking radars. He spent the last three years of his civil service career in the Aviation Engineering Directorate evaluating the airworthiness of Army rotorcraft with an emphasis on system safety. For the last five years, he has continued his airworthiness work for the Army with QinetiQ North America.

September 2010 Meeting: System and System Safety Engineering: Complementary Disciplines

Steve Hosner

Abstract: Not available

Biography: Steve Hosner spent 20+ years as a civil servant with the US Air Force working systems engineering and software engineering on systems ranging from radar warning receivers, to automatic test equipment to special operations aircraft to ground based space tracking radars. He spent the last three years of his civil service career in the Aviation Engineering Directorate evaluating the airworthiness of Army rotorcraft with an emphasis on system safety. For the last five years, he has continued his airworthiness work for the Army with QinetiQ North America.

July 2010 Meeting: The Software Safety Critical Function Analysis: The First Step in Developing Safe Software

Gary Braman

Abstract: A successful software safety engineering activity is based upon both the hazard analysis process and the software integrity process. Emphasis is placed on the context of the “system” and how software contributes to failures, faults, hazards, and/or mishaps. From the perspective of the system safety engineer and the hazard analysis process, software is considered a subsystem. In most instances, the system safety engineers must perform the hazard analysis process while the software development, software test, and independent verification and validation (IV&V) team(s) implement the software integrity process. The hazard analysis process is an activity that identifies and mitigates the exact software contributors to hazards. The first step in this process is the conduct of the System Safety Critical Function Analysis (SSCFA) which documents the identification and assessment of the safety-critical software functions. The analysis begins by constructing a worksheet to document the analysis of each software function to determine if it safety critical and developing a Software Criticality Matrix used in the analysis of each software function. Each function that was determined to be safety critical was further analyzed and assigned a Software Criticality Index (SCI) and a RTCA/DO-178B Software Level. The paper explains this process through example.

Biography: Gary Braman is a System Safety Engineer with Sikorsky Aircraft Corporation in Huntsville, AL. He is a retired Master Army Aviator with over 25 years in the aviation and safety professions. While on active duty, he served in varying positions of responsibility as an Aviation Safety officer, from the flight detachment level through the Department of the Army level including six years at the United States Army Safety Center (USASC). While at the USASC, he served as a US Army Accident Investigator and as a Primary Instructor for the US Army Aviation Safety Officer Course. He has a Master of Aeronautical Science (MAS) Degree in Aviation/Aerospace Management from Embry-Riddle Aeronautical University (ERAU) and a Master of Science (MS) Degree in Industrial Engineering Technology and Safety Management from Texas A&M University. Mr. Braman is a Certified Safety Professional (CSP) and holds certifications in hazard control management; environmental auditing in health and safety; and environmental, safety, and health management. He is an Assistant Adjunct Professor for ERAU in Huntsville, AL, certified to teach all safety-related course including graduate- and undergraduate-level accident investigation, human factors, and system safety. Mr. Braman is active in various professional organizations including the International Society of Air Safety Investigators (ISASI) and the American Society of Safety Engineers (ASSE). Mr. Braman is a past Chapter President of the Tennessee Valley Chapter and a Senior Member of the International System Safety Society. He is currently serving as Executive Vice President of the Society.

April 2010 Meeting: Lessons Learned in Software Safety of Medical Devices

Stan Hamilton

Abstract: Of the several main industry groups where software safety is an issue, the one with the greatest overall public safety exposure is the medical device industry. This is because of the hundreds of different medical devices on the market internationally, with many millions of lines of software that are directly related to hazards. Virtually all medical device companies use formal, regulated software development processes that include software hazard analysis - but unfortunately, with this level of exposure sometimes things go wrong. There have been a number of adverse events related to software, with many different root causes. We can view each one as a lesson to be learned, and look at risk controls that have been put into place as solutions. Given the relative immaturity of software safety and reliability practices (relative to hardware), it is important to be aware of known pitfalls, and to consider them in the context of current practice.

Biography: Stan Hamilton began his software engineering career in aerospace and defense in Huntsville, and is now at NASA performing software safety analysis for the ARES program. However, somewhere in between he spent about 15 years doing software safety analysis in the medical device industry for companies across the globe. He has been directly involved in numerous high profile software safety investigations and FDA enforcement actions, and has done software hazard analysis and related process development for many organizations. He holds a BS from the University of Alabama College of Engineering and has been a committee participant and co-author of key standards and guidance documents related to medical device software safety.


March 2010 Meeting: Structured Assurance Cases: Three Common Standards

T. Scott Ankrum and Dr. Alfred H. Kromholz

Abstract: For safety-, mission-, or security-critical systems, there are typically regulations or acquisition guidelines requiring a documented body of evidence to provide a compelling justification that the system satisfies specified critical properties. Current frameworks suggest the detailed outline of the final product but leave the truly meaningful and challenging aspects of arguing assurance to the developers and reviewers. We began with two major hypotheses. We selected a software notation suitable for building structured safety cases and applied it to three disparate assurance standards. Each of the three standard mapping efforts is discussed, along with the problems we encountered. In addition to the standards, we used the notation to structure an assurance case for a practical security-critical system, and we describe the lessons learned from that experience. We conclude with practical options for using our mappings of the standards and how well our initial hypotheses are borne out by the project.

Biography: T. Scott Ankrum has been a project manager, software designer and developer and has over 30 years of experience in many aspects of computing, from mainframe systems to distributed systems development and client/server design. He has managed projects and led development teams, and has been personally involved in software development from requirements definition to final testing. Mr. Ankrum is Senior Software System Engineer at the MITRE Corporation, working in software development process improvement and requirements management, and where he led the Assurance Frameworks research task. He holds a B.S. degree in Computer Science from American University and a Master of Software Engineering degree from the University of Maryland. He is a member of the Association for Computing Machinery (ACM), the IEEE Computer Society, and a senior member of the American Society for Quality (ASQ). He is currently the chairman of the local ASQ Software Special Interest Group (SIG).

Biography: Alfred Kromholz received a Bachelor of Electrical Engineering from Cornell University, with a side concentration in European languages and literature. After working for several years on the Apollo program, he went on to a master's degree in Classics and a PhD in ancient culture, both involving extensive computational analysis. After spending a dozen years in the Near East combining work in computers and anthropology, he returned to the US to join the space station program, where he focused on systems integration, interactions of technology and society, and organizational culture change. Dr. Kromholz has been with MITRE's Software Engineering Center for 10 years, during which he has worked in a wide range of areas, including both civilian sector (IRS, Department of Homeland Security, Department of Energy) and DoD (DISA, Defense Logistics Agency, Army and Navy/Marine Corps). His efforts tend to concentrate on program infrastructure and organizational improvement‐ change and configuration management, quality assurance, requirements management, the "ilities" – and on optimizing relationships among products, processes, and, above all, people.


February 2010 Meeting: Software Safety Assessment Report – How It Can Be Built And How It Can Be Reported

Mike Pessoney

Abstract: A method has been developed for documenting system and subsystem hazards that have software contributors and documenting software safety verification data in a Microsoft Access 2007 database. System and subsystem hazards with safety critical software functions identified as hazard contributors and hazard mitigations are added to the Hazard Tracking System (HTS). Each hazard is evaluated with a hazard risk index assessed and all software requirements associated with these hazard contributors and mitigations are tagged with a software criticality assessment. This software safety verification information is collected in a Safety Critical Software Requirements (SCSR) database. The SCSR also contains software related hazards (extracted from the HTS), safety critical software requirements (extracted from development documents), and software safety assurance activities and results (generated by software safety). This information is specifically needed to support assessment of hazard risk for software related hazards.

Biography: Mike Pessoney is currently a Senior Software Safety Engineer working in software system safety supporting the U.S. Army’s Aviation and Missile Research, Development, and Engineering Center (AMRDEC) Software Engineering Directorate (SED). Mr. Pessoney has worked in the Military and Space Software Industry for 35 years as a Software Engineer, Software Development Manager, and System Software Safety Engineer. Major programs supported include the Apollo program, Site Defense Ballistic Missile Defense, P3-B/P-3C communications programs, Grizzly Remote I/O Modules, Abrams Diagnostics, and Bradley Diagnostics. Mr. Pessoney has worked four years as a software system safety engineer. Mr. Pessoney has been a Solo II Safety Steward for the Sports Car Club of America for 7 years. Mr. Pessoney received his BS and MA in Mathematics from Sam Houston State University in Huntsville, Texas. Mr. Pessoney has been an active member of System Safety Society (SSS) for four years.


December 2009 Meeting: Safety is a Social Disease

John Rankin

Abstract: A historical/hysterical presentation identifying the responsibilities of programs to address safety in development. The presentation was compiled and delivered at the Asilomar National Conference Center in Monterrey, California in the early 1980s.

Biography: John P. Rankin, System Safety Engineering Manager (Retired), is a former Executive Vice President and Region III (SE USA) Vice President and Director of the System Safety Society. Author and presenter of numerous papers on development of sneak circuit analysis, common cause failure analysis, software sneak analysis, Hardware-Software Interaction Analysis, and other technologies created and applied to an extensive array of over 400 projects in all industries. He received acceptance into the Apollo Roll of Honor by NASA plus Engineer-of-the-Year and Manager-of-the-Year awards by the System Safety Society, as well as numerous other awards from various organizations and conferences. Mr. Rankin was selected to participate in NASA's software management program development committee plus several top level national conferences, such as Aerospace - Nuclear Safety conference regarding Probabilistic Risk Assessment technology. Selected for nationally highlighted accident investigations. He was Program Manager for all Boeing activities supporting projects of NASA's Ames Research Center, 1985-6, before retiring from the International Space Station project in Huntsville, Alabama.


November 2009 Meeting: ART – APT Risk-Management Tool for Performing Risk Assessments

Nina Donath

Abstract: Risk is a measure of the combined probability and severity of postulated harm to a valued asset. Risk management is a discipline that applies this concept within many venues – system safety, occupational safety, fire safety, and programmatic risk management to name just a few. The APT Risk Management Tool (ART), a stand-alone desktop risk management tool developed by APT Research, helps users perform quick subjective assessments of risk for safety, schedule, program and cost management, and other types of risk. ART supports a classic four-step process of risk management: identifying, assessing, reducing and accepting risk. The ART tool provides an easy at-a-glance user interface in a single screen display. Dropdown boxes allow user choice of frequency and consequence terms. Both are color-coded to facilitate analysis. ART then computes risk based on these selections. The tool also helps users reassess risk after mitigation features are in place.

Biography: Nina E. Donath has 24 years of experience in software development and software engineering. Currently she manages the Software Group at APT Research, which develops risk assessment tools and web-based software for both government agencies and the private sector. Ms. Donath has also supported system safety and software safety projects at APT, aiding with code-level software hazard assessments and independent code reviews. She holds a Masters Degree in Computer Science from University of Alabama in Huntsville and a Bachelors Degree in Computer Science from Tennessee Tech University.


October 2009 Meeting: Identification of Common Cause Failure Potential in Electrical Power and Control Systems

John Rankin

Abstract: A presentation of the development of a very simple but extremely effective analysis technique for the identification of common cause failure potential. Its development came primarily in areas of delivery of electrical power and control to systems under analysis for sneak circuits, but the approach is adaptable to non-electrical applications, such as fluidics and other electrical current flow analogs. The common cause failure analysis is considered to be an extension from single point failure criteria into coverage of multiple co-existing conditions that are to be avoided to avert catastrophes, as defined by undesirable events from tools such as fault tree analysis or even design basis criteria. The technique was used to identify the underlying causes of mysterious events that have actually occurred in mature operating systems, such as the Bay Area Rapid Transit people-mover system in the San Francisco Bay Area of California. The presentation describes the unique experience of the author in developing the technique, and actual examples of results from real projects will be described. The technique has been used to identify mysterious underlying design causes of what had appeared to be random, unrepeatable events in mature operating systems where no known single failure had occurred. Attendees should leave the session with the ability to use the approach in appropriate areas of their own activity so as to more effectively assess likelihood of events that may not yet have occurred.

Biography: John P. Rankin, System Safety Engineering Manager (Retired), is a former Executive Vice President and Region III (SE USA) Vice President and Director of the System Safety Society. Author and presenter of numerous papers on development of sneak circuit analysis, common cause failure analysis, software sneak analysis, Hardware-Software Interaction Analysis, and other technologies created and applied to an extensive array of over 400 projects in all industries. He received acceptance into the Apollo Roll of Honor by NASA plus Engineer-of-the-Year and Manager-of-the-Year awards by the System Safety Society, as well as numerous other awards from various organizations and conferences. Mr. Rankin was selected to participate in NASA's software management program development committee plus several top level national conferences, such as Aerospace - Nuclear Safety conference regarding Probabilistic Risk Assessment technology. Selected for nationally highlighted accident investigations. He was Program Manager for all Boeing activities supporting projects of NASA's Ames Research Center, 1985-6, before retiring from the International Space Station project in Huntsville, Alabama.


July 2009 Meeting: Safety Architecture and Its Function in Program Documentation and Reviews

James L. Schiermeyer

Abstract: Mr. Schiermeyer will discuss the detailed examination of the content and structure of a safety architecture and its programmatic value in an acquisition program.

Biography: James L. Schiermeyer is a retired U.S. Air Force Lt Col with 35 plus years of federal service and over 30 years of acquisition experience. His military experience includes being a research pilot as well as supporting aviation and space programs. He is currently the Lead Safety Engineer for Air Defense Systems in AMCOM. Mr. Schiermeyer has a MS in Systems Management, MS in Physics, and is currently working on his PhD in Physics. He is a graduate of the Air War College, National Security Management College and the Defense System Management College Program Managers Course. Mr. Schiermeyer is Defense Acquisition University certified level III in both Program Management and Test & Evaluation.


May 2009 Meeting: Anniston Chemical Agent Disposal Facility System Safety Tool Box

Robert D. Brooks, Jr.

Abstract: Rob will be providing a short discussion on the recent activities and status of the Anniston Chemical Agent Disposal Facility and some of the risk identification, mitigation and acceptance tools that are being used to ensure the safe operation of the facility.

Biography: Robert D. Brooks, Jr. is the Safety and Health Manager with the URS Corporation-EG&G Division at the Anniston Chemical Agent Disposal Facility (ANCDF) located in Anniston, Alabama, an Army owned-contractor operated facility that has been tasked with the safe destruction of the chemical weapons stockpile at the Anniston Chemical Activity. Rob has more than 10 years of safety and health experience in the chemical demilitarization industry, having helped to establish the safety and health programs for the facility during its construction, systemization and operational phases. Rob attended the University of North Alabama, where he received his B.S. in General Chemistry and Industrial Hygiene in 1994.


April 2009 Meeting: Military Flight Operations Quality Assurance (MFOQA) Program

J. Mark Gregory

Abstract: For every major accident there are several less significant accidents, hundreds of reportable incidents and thousands of unreported incidents. Below this lies the normal variations present in all flight operations. Understanding of these normal variations, as a precursor to aviation mishaps, is paramount to saving our most valuable asset - the Aviation Warfighter. Currently, more aircraft are lost due to human error than in combat. Most preventable accidents (greater than 80 percent) involve difficult to predict human (error) mishaps. In response to escalating mishap rates and costs, the Secretary of Defense set a goal of reducing mishaps by 75 percent by 2008. Memorandums from the Office of the Secretary of Defense and the Secretary of the Army directed the implementation of a multi-faceted Military Flight Operations Quality Assurance, or MFOQA, initiative within all services and that MFOQA would be a standard requirement for all new and existing aircraft. In its simplest terms, MFOQA is a systematic method of accessing, analyzing and acting upon information obtained from digital flight data recorders of routine operations to improve safety. MFOQA is designed to mitigate risk factors during military flight operations by converting crew and aircraft performance data into meaningful and actionable information that can be used to improve decision-making capabilities, particularly in regard to identifying and addressing problems or risk areas prior to a mishap.

Biography: J. Mark Gregory is a retired Master Army Aviator with over 24 years in Army Aviation. He has served as an aviation safety officer, standardization instructor pilot, master gunner, assistant operations officer, and executive officer at the Brigade and Battalion levels. Mr. Gregory provides the Program Executive Officer (PEO), Aviation, Warfighter focused subject matter expertise in aviation safety, maintenance, operations, and training. Mr. Gregory is the deputy project manager for the Army’s Military Flight Operations Quality Assurance (MFOQA) prototype project.