one team ― swift, decisive, resilient and respected
DESCRIPTION
One Team ― swift, decisive, resilient and respected. Air and space power for Australia ’ s security. FLTLT Andrew STOCKWELL 8 August 2012 for International System Safety Conference 2012. Overview. What is System Safety Overall RAAF safety philosophy How RAAF manages aircraft safety - PowerPoint PPT PresentationTRANSCRIPT
One Team ―
swift, decisive, resilient and respectedAir and space power for Australia’s security
FLTLT Andrew STOCKWELL8 August 2012
for International System Safety Conference 2012
Overview
• What is System Safety • Overall RAAF safety philosophy• How RAAF manages aircraft safety• Tailoring and Integration• Recognizing prior acceptance• In-service safety
What is System Safety
• Some definitions:• FAA
• System safety is a specialty within system engineering that supports program risk management. It is the application of engineering and management principles, criteria and techniques to optimize safety. The goal of System Safety is to optimize safety by the identification of safety related risks, eliminating or controlling them by design and/or procedures, based on acceptable system safety precedence.
• MIL-STD-882C• The application of engineering and management principles, criteria, and
techniques to optimize the safety of a system within the constraints of operational effectiveness, time, and cost throughout all phases of the system life cycle.
What is System Safety
• Commonality• application of engineering and management
principles, criteria and techniques to optimize the safety
• Military Specific• Operational effectiveness;• Time; and• Cost.
Why the difference?
• When was the last time your saw a civilian make an approach like this:
Why the difference?
• Or saw a Fed Ex aircraft drop something weighing as much 10-12 cars?
Another Difference• In civil aviation the responsibilities are spread, for
example:• FAA are the regulators,• Manufacturer is responsible for design and developing
certification artifacts,• Operator just wants to fly it forever
• Military is regulator, certifier and operator• Conflict of interest?• Handled through delineation of responsibility to different
organizations and staff• Formal process for transfer of risk
RAAF System Safety Philosophy
• Aircraft safety must be inherent in everything:• Design,• Maintenance, and• Operations
• Must be ‘designed’ in the system, difficult to ‘reverse engineer’ in later
• Instilling workforce change to place emphasis on thinking of safety in every action
• Empowerment of all staff to ‘make it safe’
RAAF System Safety Philosophy
• Ever heard of ALARP:• All risks must be kept As Low As Reasonably Practicable• Not formally used by RAAF, but great idea in principle
• But what is reasonable?• Operational effectiveness?• Risk vs Reward
• RAAF System Safety aims to better disclose the technical risk inherent in an aircraft system, to promote informed risk treatment decisions
Effectiveness from a Transport Perspective• “Our job is to get important things to
needy people in tough places”• Sometimes risk avoidance can
jeopardize the safety of those needy people in tough places
Airworthiness Manuals
• Australian Air Publication (AAP) document set for RAAF
• AAP 7001.048 (AM1) - ADF Airworthiness Manual• AAP 7001.053 (AM1) - Technical Airworthiness
Management Manual (re-issued 21 Oct 10 Amendment List 1 update 6 Mar 12)
• AAP 8000.010(AM1) - ADF Operational Airworthiness Manual
Objectives of RAAF Safety Program• safety goals consistent with world’s best practice are established and documented;• a safety management framework that clearly articulates the risk level to appropriate
management authorities is established, implemented and maintained;• safety, consistent with mission requirements, is designed into the system in a
timely, cost-effective manner;• hazards are identified, analyzed, evaluated and eliminated or the associated risk
reduced to an acceptable level throughout the lifecycle of a system;• hazards identified in-service are evaluated against established safety goals;• hazard elimination/reduction is formally documented;• pragmatic risk treatments are appropriately considered;• historical safety data, including lessons learned are continually assessed,
considered and used; and• safety is not assured by a reliance on design standards alone
How RAAF Manages Aircraft Safety
• Design
Achieving Safe Design of AircraftAAP 7001.053 section 3 figure 22-1
How RAAF Manages Aircraft Safety
• Whole of lifecycle safety considerations are achieved through:• Aircraft Certification Basis• Aircraft System Safety Program
• Adherence to standards alone does not make an aircraft safe
Aircraft Certification Basis
• AAP 7001.054 “Airworthiness Design Requirements Manual” devoted to describing standards and process that comprise a suitable basis for certification• Selection of requirements and benchmarks
from military and civil industry• Constantly evolving to ensure consistency with
world’s best practice
Standards
• Because of the wide variety of aircraft in RAAF service no one standard is a coverall
• AAP7001.054 defines acceptable standards and suitable means of compliance as well as required tailoring
• Examples• 14 CFR 25.1309 (+ACs) needs additional requirements for
military specific environment and usage• MIL-STD-882C needs additional requirements to specify how
safety analysis should be conducted
Standards
Example from AAP 7001.054
Provides suitable standards and defines pros vs cons
Later annexes detail how to put together a System Safety Program to best manage the cons
Integration
• A critical factor in any safety program is integration of the different aspects
• One of these challenges particularly in civilian derivative military aircraft is Tailoring of Requirements to meet military need, particularly:• Design Assurance Levels, and • Software Safety
Design Assurance Level Tailoring
• RAAF adds unique design assurance levels for equipment that is:•Mission Critical•Mission Important
• Not classifications in civil documentation• Important in military context
Software Safety
• Largest challenge in modern aircraft design• Simple in principle• Difficult to manage in practice• Difficult to quantify and accept risk
• Managed through combination of standards• Aircraft software is expected to undergo multiple updates
during a lifecycle• Each update effects configuration, roles and may change
environment• Software changes are far more invasive than traditional system
updates or changes
Tailored Statements of Requirement
• To allow for working with different standards and nations AAP7001.054 also specifies a number of contract deliverables• Up to each project or sustainment office to implement• Makes references to MIL-STD-DIDs, MIL-STD tasks and
civil standard objectives from standards like ARPs, DOs etc
• In conjunction with AAP 7001.053 defines goals for utilization of prior acceptance
Recognition of Prior Acceptance
• Aim to use acceptance of aircraft and modification by other airworthiness authority as basis for RAAF acceptance• Military Airworthiness Authorities:
• USAF,• RAF, etc
• Civil Airworthiness Authorities• FAA,• CASA,• EASA etc
Challenges with Recognizing Prior Acceptance• What is the accepted configuration?• What operating roles or profiles were in the
original design assumptions?• particularly relevant to military use of civil
certified aircraft• What operating environment was the
aircraft certified as safe in?• EMI/EMC, other intrinsic risks, etc
In Service Safety
• the System Safety Program Plan;• the System Safety Group;• the Safety Assessment Report;• the Hazard Log; and• the process for retention and
management of residual risks
Changing Safety Picture
• Aircraft baseline only safe when used as ‘designed’
• Safety subject to changes in configuration, operating roles and operating environment
• RAAF maintains annual review of airworthiness to ensure continued compliance
Changing Safety Picture
• Yesterday’s accepted level of safety is not Today’s ALARP• MIL-STD-882 constantly evolving,• Regular updates to 14 CFR 23/25,• Recent release of DO-178C
• New modifications to existing aircraft are required to meet contemporary design requirements and standards
So that’s why its different
• Civil aviation industry sets the benchmark for required level of safety
• Air Forces’ job is to do things that are not always safe
• Policy needs to take both into account and develop a platform that is safe to operate and maintain in all roles
Final Thoughts and the World of Tomorrow• Benchmark for safety is constantly moving
• Standards are constantly evolving• Global requirements are changing daily
• Military roles are changing to match• Where does that leave safety
• If we take a snapshot we don’t get less safe,• But we get further from ideal safety and accept
greater risk everyday
Questions ?
