I do both, kind of...
I tend to assess by hazardous situation independently within the hazard analysis, but my document is structured slightly differently
Hazard Type | Hazard | RFSE | Hazardous Situation | Harm
As you acknowledged my thread regarding *when* a hazardous situation is, having the sequence of events documented as you have (though nowhere requires it to be documented, just that you must investigate them) allows you to more accurately estimate the probability of the overall hazardous situation occurring, depending on at what point in the "sequence of risk" you have documented it.
I manage this within the risk management report which includes a combined-risk summary where that holistic approach is taken.
This will review the number of hazardous situations that will lead to an individual harm - why these hazardous situations are occurring, and what risk control measures have been put in place across the board for all of them.
I've got a million hazardous situations that are all a million to one chance of killing somebody...
This is a very good point and, separate to the point of this thread but related in that I see acceptability based on calculated numbers, one of the reasons I've stopped using numbers for all of my calculations.
in a numerical S x P1 x P2 world a low severity frequent harm is just as unacceptable as a high severity rare harm - which may or may not be acceptable based on device type. I find more often I work with businesses that have a no-tolerance for high severity risks but a acceptability for low severity risks.
Moving to a matrix with Severity (1-6) on one side and Occurrence (A-E) on the other side and plotting it against a pre-defined acceptability matrix as per the plan has alleviated a lot of issues on risks being unacceptable through calculation when the business doesn't mean for them to be.
I find it looks great, but doing any kind of analysis if you're working in excel becomes an absolute ballache when you have merged cells.
I tend to assess by hazardous situation independently within the hazard analysis, but my document is structured slightly differently
Hazard Type | Hazard | RFSE | Hazardous Situation | Harm
As you acknowledged my thread regarding *when* a hazardous situation is, having the sequence of events documented as you have (though nowhere requires it to be documented, just that you must investigate them) allows you to more accurately estimate the probability of the overall hazardous situation occurring, depending on at what point in the "sequence of risk" you have documented it.
It is possible that 6 times out of 100 uses could be seen as unacceptable when looking at the total combined risk of the harm occurring, even if 2 out of 100 uses is acceptable for each of the individual hazardous situations? Or would this indicate some kind of logical breakdown in either our analysis or our acceptability criteria? Where is the acceptability of that combined risk evaluated? IS IT evaluated?
I manage this within the risk management report which includes a combined-risk summary where that holistic approach is taken.
This will review the number of hazardous situations that will lead to an individual harm - why these hazardous situations are occurring, and what risk control measures have been put in place across the board for all of them.
I've got a million hazardous situations that are all a million to one chance of killing somebody...
There is also the issue that the final decision point for acceptability is also arbitrary.
This is a very good point and, separate to the point of this thread but related in that I see acceptability based on calculated numbers, one of the reasons I've stopped using numbers for all of my calculations.
in a numerical S x P1 x P2 world a low severity frequent harm is just as unacceptable as a high severity rare harm - which may or may not be acceptable based on device type. I find more often I work with businesses that have a no-tolerance for high severity risks but a acceptability for low severity risks.
Moving to a matrix with Severity (1-6) on one side and Occurrence (A-E) on the other side and plotting it against a pre-defined acceptability matrix as per the plan has alleviated a lot of issues on risks being unacceptable through calculation when the business doesn't mean for them to be.
This was not asked, but I fully support "merged cells" when the same risk controls apply (and improve the ratings of) a common group of risk analysis lines.
I find it looks great, but doing any kind of analysis if you're working in excel becomes an absolute ballache when you have merged cells.