APSYS – EADS La Maîtrise des Risques
Download
Report
Transcript APSYS – EADS La Maîtrise des Risques
Model Based
Safety
Analysis
MBSA Methods with SIMFIA
1/22
Agenda
Safety activities within Engineering Process
SIMFIA for model making and processing as integrated in the whole process
Modelling approach for MBSA
MBSA with SIMFIA for Airworthiness
SIMFIA references
MBSA Methods with SIMFIA
2/22
Safety Activities during development cycle
Concept and
Concept and
Definition
Definition
Development
Development
PROCESS
PROCESS CONTROL , TECHNICAL STUDIES, TRAINING, DISSEMINATION
DEFINITION
CONFIGURATION MANAGEMENT
Aircraft
Requirements
Identification
System
Requirements
Identification
Item Requirements
Identification
Item Verification
Item Design
DELIVERY
Feasibility studies
Feasibility studies
In
In
Service
Service
In service
Follow up
Change Ctrl
System
Verification
Aircraft Verification
Aircraft Verification
Aircraft FHA
Aircraft Synthesis
PASA
Aircraft CCA
Aircraft CCA
Validation of
requirements at the
next highest level
System FHA
Item Verification
System SSA
System PSSA
System CCA
System CCA
Top down RAM and
safety
Development
Requirements &
validation
Validation of
requirements at the
next highest level
System Verification
Item FMEA
Item FMEA
Item FTA
Item FTA
Item CMA
Item CMA
Validation of
requirements at the
next highest level
Bottom Up
Safety
Requirements
verification
Item Software Design
Item Hardware Design
Technological Design
MBSA Methods with SIMFIA
SIMFIA
3/22
Interoperability of SIMFIA workbench designed
to produce and process the models
System
Design
Functional
Hazard
Analysis
Additional
Analysis
Trouble
shooting /
Testability
Operaters /
Users
Support
Specification
Information
RAMS
Analysis
Safety
Analysis
FAULT
TREE
Qualitative
Quantitative
Assessment
Safety
Demonstration
Data
Sheet
Demonstration
Report
Design
Information
SIMFIA
Design process
MODELS
SAFETY
FMECA
SIMFIA
Development process
RELDIAG
SIMUL
MBSA Methods with SIMFIA
RAMS tasks
Doc / Report
4/22
Top Down
DESIGN
INFORMATION
REPOSITORY
Model Structure
SYSTEM
SUB SYSTEM
EQUIPMENT
…
RAMS
INFORMATION
DATA BASES
-n
Datasheets
for
Reports
-n
-n
…
-n
Bottom Up
System
Engineering
Tool / Workbench
Framework
Data /
Information /
Model
Patterns
Functional/
Hazard
analysis
Model Processing
RAMS
analysis
-consistensy check
-completeness check
-scenario simulations
Safety
analysis
MBSA Methods with SIMFIA
Simulation/
Diagnosis
5/22
Structure of SIMFIA
SIMUL
Function / Hazard
Simulation
SOFIA
Functional
and
SOFIA
Dysfunctional analysis
SIMFIA
SIMFIA
Logistic
Data
Base
R.A.M.S
R.A.M.SSoftware
Software
F.M.E.C.A
SAFETY
Fault tree
Spreadsheets
(ASCII, ...)
RELDIAG
(Reliability Diagram)
SIMLOG
Logistic SIMLOG
Support Analysis
Software
Logistic Support Analysis
Fault Modes, Effect and
Criticality Analysis
OPTIM - STOCK
Initial spares allocation
COST
Life cycle cost
Level Of Repair Analysis
LORA
Level Of Repair Analysis
MBSA Methods with SIMFIA
6/22
Modelling Methodology for MBSA
Top Down approach: from need to solution….
First step: specification production
Second step: solution functional specification
Third step: physical specification.
Last step: manufacturing
MBSA Methods with SIMFIA
8/22
Modeling Method in MBSA approach
SOW
Specification
System
F2
F1
Functional
Design
Physical
Definition
Step 1
Step 2
Step 3
Soft
Hard
Manufacturing
Step 4
MBSA Methods with SIMFIA
9/22
Reminder about the Safety process
The steps along the Safety process are following:
– Functional Hazards Assessment (FHA) : A Functional Hazard Assessment is
defined as a systematic, comprehensive examination of functions
to identify and classify failure conditions of those functions
according to their severity
– Preliminary System Safety Assessment (PSSA): A PSSA is used
to complete the failure conditions list and the corresponding safety
requirements.
– System Safety Assessment (SSA): A System Safety Assessment
is a systematic, comprehensive evaluation of the implemented
system to show that relevant safety requirements are met.
· The SSA is a verification that the implemented design meets
both the qualitative and quantitative safety requirements as
defined in the FHA and PSSA
· Therefore it needs, both qualitative and quantitative verification
means such as FTA, FMEA, FMES etc…
MBSA Methods with SIMFIA
10/22
FHA with SIMFIA
FHA PROCESS:
– Identification of all the functions associated with the level under study (internal
functions and exchanged functions)
– Identification and description of failure conditions associated with these functions,
considering single and multiple failures in normal and degraded environments
– Determination of the effects of the failure condition
– Classification of failure condition effects on the aircraft (Catastrophic, SevereMajor/Hazardous, Major, Minor and No Safety Effect)
– Assignment of requirements to the failure conditions to be considered at the lower
level
– Identification of the supporting material required to justify the failure condition
effect classification
– Identification of the method used to verify compliance with the failure condition
requirements
MBSA Methods with SIMFIA
11/22
FHA with SIMFIA
The FHA is an oriented analysis of the system. SIMFIA can be used as a support
for such analysis using a specificication « high level » model
MBSA Methods with SIMFIA
12/22
FHA with SIMFIA
High level / functional view of the system.
MBSA Methods with SIMFIA
13/22
FHA with SIMFIA
User data to input the columns content for each Failure condition
This allows to document all functional knowledge of the system in a Simfia Model for further
processing of this knowledge
Fully FHA – compliant output
Function
Failure Condition
Phase
To_decelerate_the_aircraf
t_using_the_braking_syst Unannounced loss of
em
braking system
Landing
To_decelerate_the_aircraf
t_using_the_braking_syst Unannounced loss of
em
braking system
RTO
To_decelerate_the_aircraf
t_using_the_braking_syst Announced loss of
em
braking system
Landing
EFFECT OF FAILURE CONDITION ON
Reference to supporting
AIRCRAFT/CREW
Classification
material
Crew detects failure when braking is
launched. The Crew/Aircraft is in exit ramp
Procedures to prevent loss
phase. Crew ensure some braking via flight
of normal, emergency or
controls and/or thrust reversers
CATASTROPHIC parking mode
Crew detects failure when braking is
launched. The Crew/Aircraft is in exit ramp
Procedures to prevent loss
phase. Crew ensure some braking via flight
of normal, emergency or
controls and/or thrust reversers
CATASTROPHIC parking mode
Crew warns their passengers and control
tower of the failure. Crew ensure some
Do this kind of scenario in
braking via flight controls and/or thrust
tests to improve reactivity
reversers. Airport prepare the landing route
and minimize this kind of
14/22
by using foam to decelerate.
HAZARDOUS
event.
MBSA Methods with SIMFIA
PSSA / SSA with SIMFIA
PSSA / SSA Process
– Preliminary / Final technical « breakdown » of the functions
· Model all equipments and link them to the functions
MBSA Methods with SIMFIA
15/22
· ATA32_LANDING_GEARS Breakdown
MBSA Methods with SIMFIA
16/22
· COCKPIT_ATA_32 Breakdown
MBSA Methods with SIMFIA
17/22
PSSA / SSA with SIMFIA
The functionnal model can be used to generate the table containing all
quantitative objectives
There again thanks to user data available in SIMFIA
Failure Condition
Unannounced loss of braking system
Announced loss of braking system
Class. / RT
MIN (Saf. Fl.)
DEL (Op. Rel.)
MIN (Saf. Fl.)
DEL (Op. Rel.)
S/R Objective
Design Objective
Expected
probability
1.0E-03 (Saf.)
1.0E-05 (Saf.)
TBD
1.0E-03 (Saf.)
1.0E-05 (Saf.)
TBD
MBSA Methods with SIMFIA
18/22
PSSA / SSA with SIMFIA
The expected probability can then be evaluated using the full model
with technical equipments for each FC using FTA analysis (one FTA
per phase)
MBSA Methods with SIMFIA
19/22
SIMFIA V2 connectors to capture external information
Functional Analysis languages : SADT, SART, APTE…
Hardware Modelling languages : EXPRESS , SIMLULLINK, MACAR…
Performance analysis languages : PETRI, Queue Network…
Formal languages : STATE MATE…
MBSA Methods with SIMFIA
20/22
SIMFIA references in aeronautics
COMPANY
MODULES
AIRBUS
SAFETY, SIMUL
BRITISH AEROSPACE
SAFETY, FMECA, RELDIAG
CASSIDIAN
SAFETY, FMECA, RELDIAG, DIAGSYS
EUROCOPTER
SAFETY, FMECA, RELDIAG
ROLLS ROYCE UK
SAFETY, FMECA, RELDIAG
SAGEM
SAFETY, FMECA, RELDIAG
SAFRAN
SAFETY, FMECA, RELDIAG
THALES
SAFETY, FMECA, RELDIAG, DIAGSYS, SIMUL
MBSA Methods with SIMFIA
21/22
SIMFIA references in other domains
COMPANY
TYPES OF SYSTEMS
SNECMA
Production of models of Engines
SAGEM
Production of models of Unmanned Air Systems
CEGELEC
TOTAL
Power Supply Networks
Offshore platforms
GEMS
Vascular Platforms
EUROCOPTER
Design To Cost Simulation Framework
PSA
Computer Aided Diagnosis an TroubLeshooting
BOMBARDIER
Operational Availability Follow Up and Management Application
MBSA Methods with SIMFIA
22/22