Published on April 25, 2019
slide 1: System Safety Approach – Relevance and Application By K. Ashoka Vijayan Aftab Ahmad Dr. G.C. Mohanta Abstract: Aircraft accidents becoming a growing concern both in the Airforce and commercial flights. The rise in accidents / fatalities is attributed to the more complex system design that demands more human interaction with the system. Moreover due to technological advancements the number of system involved in the design is on an increasing trend from time to time at a much faster pace. The flight accidents statistics reveals that more than 50 of the accidents were due to human errors. The next major cause for accidents is due to system failure which accounts for almost 17 – 20. Though human error accounts for most of the accidents there are certain limitations in training the operators which forces us to focus more on the system safety. Key words: System safety Hazard Assessment Hazard identification Hazard analysis Relevance of System safety approach System safety approach relevance System safety approach application. The accident investigations of military as well as commercial aircraft reveal that system / aircraft problem attributes to the second major cause of accidents next only to human errors. Though man continues to be a weak link in the man machine dynamics of aviation strengthening that link has certain limitation due to inherent character of human to err. This force us to give an extra thrust to the system safety which contributes the second highest cause accidents. Advances made in the aviation technology makes the system more complex. Understanding of the entire system is a mind boggling exercise which brings out the potential failure modes of the system thus enabling us to find an alternate solution to it. The records of fatal aircraft accidents available with the Directorate of flight safety from 01 April 1996 to 01 May 2001 reveals that 11 of 48 accidents 22.9 were due to technical defect. In the commercial jet fleet category from 1995 through 2004 23 out of 177 accidents 17 accidents world-wide were due to technical problems. Data obtained from Ref No. 2 System Safety approach System safety is the application of engineering and management principles criteria and technique to optimize safety. The goal of system safety is to optimize safety by the identification of safety related risks eliminating or controlling them by design and/or procedures based on acceptable system safety precedence. The system safety essentially consists of the five step approach. 1. Planning 2. Hazard identification slide 2: 3. Analysis 4. Assessment 5. Decision 1. Planning A system safety management plan is needed to address the management objectives responsibilities program requirements and schedule. The top management is responsible for the program project or activity. The system safety is an integrated and comprehensive engineering effort that requires a trained staff experienced in the application of safety engineering principles. The first and foremost objective of the management is to define the system safety requirements. A balanced program attempts to optimize safety performance and cost. Fig 1.1: Safety effort Vs Cost analysis 2. Hazard identification To achieve a correct safety balance the acceptable and unacceptable conditions should be established i.e. all the existing and realistic hazards should be identified. Defining the acceptable and unacceptable risk is important for cost effective accident prevention. Many hazard identification techniques are available applying which the near exhaustive list of realistic hazards can be brought out. a PHA Process hazard analysis b PSA c Hazard indices d Hazop slide 3: e FTA Fault tree analysis f ETA Event tree analysis g FMECA h CCA 3. Hazard Analysis After identifying the realistic hazards / risk the elements of risk i.e. hazard severity and likelihood of occurrence must be characterized. Realistically a certain degree of safety risk must be accepted. Determining the acceptable level of risk is the responsibility of the management. The more severe the consequences of an accident the lower the probability of its occurrence must be for the risk to be acceptable. Conversely accidents whose consequences are less severe may be acceptable risks at higher probabilities of occurrence. Using this concept as baseline design limits must be defined. An example taken from MIL – STD – 882C of the definitions used to define severity of consequences and event likelihood are given in the following tables 3.1 and 3.2 respectively. Table 3.1: Severity of Consequence Description Category Definition Catastrophic I Death and/or system loss and/or severe environmental damage Critical II Severe injury severe occupational illness major system and/or environmental damage Marginal III Minor injury minor occupational illness and/or minor system damage and/or environmental damage Negligible IV Less than minor injury occupational illness or less than minor system or environmental damage Table 3.2: Event Likelihood Probability Description Level Specific Event Frequent A Likely to occur frequently Probable B Will occur several times in the life of system Occasional C Likely to occur some time in the life of the system Remote D Unlikely but possible to occur in the life of the system slide 4: Improbable E So unlikely it can be assumed that occurrence may not be experienced 4. Hazard Assessment The risk management concept emphasizes the identification of the change in risk with a change in alternative solution. Comparative safety assessment is a planning tool that requires for the development of safety operating procedures and test programs to resolve uncertainty when safety risk cannot be completely controlled by design. Assessment of risk is made by combining the severity of consequence with the likelihood of occurrence in a matrix. An example based on MIL –STD – 882 is shown in Table 4.1. The matrix may be referred to as a Hazard Risk Index HRI a Risk Rating Factor RRF or other terminology but in all cases it is the criteria used by management to determine acceptability of risk. The comparative safety assessment matrix of Table 4.1 illustrates an acceptance criteria methodology. Region R1 on the matrix is an area of high risk and may be considered unacceptable by the managing authority. Region R2 may be acceptable with management review of controls and / or mitigations and R3 may be acceptable with management review. R4 is a low risk region that is usually acceptable without review. Table 4.1: Example of a Comparative Safety Assessment Matrix Frequency of occurrence Hazard Categories I Catastrophic II Critical III Marginal IV Negligible A Frequent IA IIA IIIA IVA B Probable R1 IB IIB IIIB IVB C Occasional IC IIC IIIC IVC R4 D Remote R2 ID IID IIID IVD E Improbable R3 IE IIE IIIE IVE Hazard Risk Index HRI Suggested criteria slide 5: R1 Unacceptable R2 Must control or mitigate MA review R3 Acceptable with MA review R4 Acceptable without review 5. Decision The final phase of the system safety approach is the decision making. There must be mutual confidence between program managers and system safety management. Safety personnel need to have a clear understanding of the system safety task along with the authority and resources to accomplish the task. Decision makers need to be fully aware of the risk they are taking when they make their decisions. They should also ensure that all known hazards and their associated risks are defined documented and tracked so that decision makers are made aware of the risks being assumed when the system becomes operational. Table 5.1: Safety Order of Precedence Description Priority Definition Design for minimum risk 1 Design to eliminate risks. If the identified risk cannot be eliminated reduce it to an acceptable level through design selection Incorporate safety devices 2 If identified risks cannot be eliminated through design selection reduce the risk via the use of fixed automatic or other safety design features or devices. Provisions shall be made for periodic functional checks of safety devices Provide warning devices 3 When neither design nor safety devices can effectively eliminate identified risks or adequately reduce risk devices shall be used to detect the condition and to produce an adequate warning signal. Warning signal and their application shall be designed to minimize the likelihood of inappropriate human reaction and response. Warning signs and placards shall be provided to alert operational and support personnel of such risks as exposure to high voltage and heavy objects. Develop procedures and 4 Where it is impractical to eliminate risks through slide 6: training design selection or specific safety and warning devices procedures and training are used. However concurrence of authority is usually required when procedures and training are applied to reduce risks of catastrophic hazardous major or critical severity. Relevance of System safety approach The accident statistics data of IAF reveals that 48 accidents took place between 01 April 1996 and May 2001. The distribution of accidents depending on the type of Aircraft is given below. MiG-21 24 MiG-23 01 MiG-27 05 MiG-29 02 KIRAN 03 ISKARA 01 AN-32 01 AVRO 01 CHETAH 03 Mi-8 03 HPT-32 03 Mi-17 01 The cause for the accidents has been divided into four categories namely human error technical defect unresolved and bird hit. They are listed as below. Human error 33 Technical defect 11 Unresolved 02 Bird hit 02 slide 7: The fatal accident statistics of world wide commercial jet fleet reveals that 23 of 177 accidents between 1995 and 2004 were due to technical fault. There may be no “Single solution” to a safety problem. There are usually a variety of directions to pursue. Each of these directions may produce varying degrees of risk reduction. A combination of approaches may provide the best solution. Many hazards may be associated with a single risk. In predictive analysis risks are hypothesized accidents and are therefore potential in nature. Severity assessment is made regarding the potential of the hazards to do harm. The system safety techniques offers us a very sophisticated tool in bringing out the hazards and approach the problems in a multi dimensional path to find out a balanced safe and cost effective design. Application of System safety approach Applying the system safety technique reduces the probability of risk with higher consequences considerably. The process involves the identification of the Safety critical system. Safety critical systems are defined as any system or subsystem whose performance or reliability can affect public health and safety and safety of property. Such systems either they directly or indirectly affect the flight of the vehicle. Example of potentially safety critical system that may be identified through the system safety analysis process using PHA Process Hazard Analysis or other hazard analysis techniques may include but not limited to: Structure / integrity of main structure Thermal protection system Temperature control system Propulsion system slide 8: Fuel tanks Power systems Take off / landing system Guidance Navigation control systems and other critical avionics Flight safety system Flight dynamics Ground support system Others identified through hazard analysis The system safety management by adopting the aforesaid technique list out analyze and assess the hazards as per the pre defined management objective to optimize safety by striking a near perfect balance between safety performance and cost. This technique will be more relevant in finding application in the field of Aviation safety. References 1. Principles of system safety – FAA system safety handbook December 30 2000 2. Wg Cdr BK Umesh Kumar Gp Capt H Malik Analysis of fatal human error aircraft accidents in IAF 2003 3. www.faa.gov 4. www.boeing.com Shri K. Ashoka Vijayan Scientist Former Safety Officer Directorate of Safety and Environmental Engineering Defence Research Development Laboratory Hyderabd – 500058 Shri Aftab Ahmad Scientist “F” Retd. Former Head Safety Engineering Division Directorate of Safety and Environmental Engineering Defence Research Development Laboratory Hyderabd - 500058. Dr.G.C. Mohanta Scientist “G” Retd. Former Director Directorate of Safety and Environmental Engineering Defence Research Development Laboratory Hyderabd - 500058.