Transcript PowerPoint - 30th International System Safety Conference

FLTLT Andrew STOCKWELL
8 August 2012
for International System Safety Conference 2012
Overview
•
•
•
•
•
•
What is System Safety
Overall RAAF safety philosophy
How RAAF manages aircraft safety
Tailoring and Integration
Recognizing prior acceptance
In-service safety
What is System Safety
• Some definitions:
•
FAA
• System safety is a specialty within system engineering that supports
program risk management. It is the application of engineering and
management principles, criteria and techniques to optimize safety. The goal
of System Safety is to optimize safety by the identification of safety related
risks, eliminating or controlling them by design and/or procedures, based on
acceptable system safety precedence.
•
MIL-STD-882C
• The application of engineering and management principles, criteria, and
techniques to optimize the safety of a system within the constraints of
operational effectiveness, time, and cost throughout all phases of the system
life cycle.
What is System Safety
• Commonality
• application of engineering and management
principles, criteria and techniques to optimize
the safety
• Military Specific
• Operational effectiveness;
• Time; and
• Cost.
Why the difference?
• When was the last time your saw a
civilian make an approach like this:
Why the difference?
• Or saw a Fed Ex aircraft drop
something weighing as much 10-12
cars?
Another Difference
• In civil aviation the responsibilities are spread, for
example:
• FAA are the regulators,
• Manufacturer is responsible for design and developing
certification artifacts,
• Operator just wants to fly it forever
• Military is regulator, certifier and operator
• Conflict of interest?
• Handled through delineation of responsibility to different
organizations and staff
• Formal process for transfer of risk
RAAF System Safety Philosophy
• Aircraft safety must be inherent in everything:
• Design,
• Maintenance, and
• Operations
• Must be ‘designed’ in the system, difficult to
‘reverse engineer’ in later
• Instilling workforce change to place emphasis on
thinking of safety in every action
• Empowerment of all staff to ‘make it safe’
RAAF System Safety Philosophy
• Ever heard of ALARP:
• All risks must be kept As Low As Reasonably Practicable
• Not formally used by RAAF, but great idea in principle
• But what is reasonable?
• Operational effectiveness?
• Risk vs Reward
• RAAF System Safety aims to better disclose the
technical risk inherent in an aircraft system, to
promote informed risk treatment decisions
Effectiveness from a Transport
Perspective
• “Our job is to get important things to
needy people in tough places”
• Sometimes risk avoidance can
jeopardize the safety of those needy
people in tough places
Airworthiness Manuals
• Australian Air Publication (AAP) document
set for RAAF
• AAP 7001.048 (AM1) - ADF Airworthiness
Manual
• AAP 7001.053 (AM1) - Technical Airworthiness
Management Manual (re-issued 21 Oct 10
Amendment List 1 update 6 Mar 12)
• AAP 8000.010(AM1) - ADF Operational
Airworthiness Manual
Objectives of RAAF Safety
Program
•
•
•
•
•
•
•
•
•
safety goals consistent with world’s best practice are established and documented;
a safety management framework that clearly articulates the risk level to appropriate
management authorities is established, implemented and maintained;
safety, consistent with mission requirements, is designed into the system in a timely,
cost-effective manner;
hazards are identified, analyzed, evaluated and eliminated or the associated risk
reduced to an acceptable level throughout the lifecycle of a system;
hazards identified in-service are evaluated against established safety goals;
hazard elimination/reduction is formally documented;
pragmatic risk treatments are appropriately considered;
historical safety data, including lessons learned are continually assessed,
considered and used; and
safety is not assured by a reliance on design standards alone
How RAAF Manages Aircraft Safety
• Design
Achieving Safe Design of Aircraft
AAP 7001.053 section 3 figure 22-1
How RAAF Manages Aircraft Safety
• Whole of lifecycle safety
considerations are achieved through:
• Aircraft Certification Basis
• Aircraft System Safety Program
• Adherence to standards alone does not
make an aircraft safe
Aircraft Certification Basis
• AAP 7001.054 “Airworthiness Design
Requirements Manual” devoted to
describing standards and process that
comprise a suitable basis for certification
• Selection of requirements and benchmarks
from military and civil industry
• Constantly evolving to ensure consistency with
world’s best practice
Standards
• Because of the wide variety of aircraft in RAAF service
no one standard is a coverall
• AAP7001.054 defines acceptable standards and
suitable means of compliance as well as required
tailoring
• Examples
• 14 CFR 25.1309 (+ACs) needs additional requirements for
military specific environment and usage
• MIL-STD-882C needs additional requirements to specify how
safety analysis should be conducted
Standards
Example from
AAP 7001.054
Provides suitable standards and
defines pros vs cons
Later annexes detail how to put
together a System Safety
Program to best manage the cons
Integration
• A critical factor in any safety program is
integration of the different aspects
• One of these challenges particularly in
civilian derivative military aircraft is
Tailoring of Requirements to meet military
need, particularly:
• Design Assurance Levels, and
• Software Safety
Design Assurance Level Tailoring
• RAAF adds unique design assurance
levels for equipment that is:
• Mission Critical
• Mission Important
• Not classifications in civil documentation
• Important in military context
Software Safety
• Largest challenge in modern aircraft design
• Simple in principle
• Difficult to manage in practice
• Difficult to quantify and accept risk
• Managed through combination of standards
• Aircraft software is expected to undergo multiple updates
during a lifecycle
• Each update effects configuration, roles and may change
environment
• Software changes are far more invasive than traditional system
updates or changes
Tailored Statements of Requirement
• To allow for working with different standards and
nations AAP7001.054 also specifies a number of
contract deliverables
• Up to each project or sustainment office to implement
• Makes references to MIL-STD-DIDs, MIL-STD tasks and
civil standard objectives from standards like ARPs, DOs
etc
• In conjunction with AAP 7001.053 defines goals
for utilization of prior acceptance
Recognition of Prior Acceptance
• Aim to use acceptance of aircraft and modification
by other airworthiness authority as basis for RAAF
acceptance
• Military Airworthiness Authorities:
• USAF,
• RAF, etc
• Civil Airworthiness Authorities
• FAA,
• CASA,
• EASA etc
Challenges with Recognizing Prior
Acceptance
• What is the accepted configuration?
• What operating roles or profiles were in the
original design assumptions?
• particularly relevant to military use of civil
certified aircraft
• What operating environment was the
aircraft certified as safe in?
• EMI/EMC, other intrinsic risks, etc
In Service Safety
•
•
•
•
•
the System Safety Program Plan;
the System Safety Group;
the Safety Assessment Report;
the Hazard Log; and
the process for retention and
management of residual risks
Changing Safety Picture
• Aircraft baseline only safe when used as
‘designed’
• Safety subject to changes in
configuration, operating roles and
operating environment
• RAAF maintains annual review of
airworthiness to ensure continued
compliance
Changing Safety Picture
• Yesterday’s accepted level of safety is not
Today’s ALARP
• MIL-STD-882 constantly evolving,
• Regular updates to 14 CFR 23/25,
• Recent release of DO-178C
• New modifications to existing aircraft are
required to meet contemporary design
requirements and standards
So that’s why its different
• Civil aviation industry sets the
benchmark for required level of safety
• Air Forces’ job is to do things that are
not always safe
• Policy needs to take both into account
and develop a platform that is safe to
operate and maintain in all roles
Final Thoughts and the World of
Tomorrow
• Benchmark for safety is constantly moving
• Standards are constantly evolving
• Global requirements are changing daily
• Military roles are changing to match
• Where does that leave safety
• If we take a snapshot we don’t get less safe,
• But we get further from ideal safety and accept
greater risk everyday
Questions ?