|
|
|
|
An Introduction to Tools and Techniques
|
 |
This table summarises some of the Safety Assessment Tools and Techniques available to the safety assessor. Each of these tools has its own advantages and disadvantages and the extent to which these can be used during various phases of the product lifecycle, and the degree to which they can be applied to safety assessments, vary. For a list of Advantages and Limitations of each, see Appendix A to Aircraft System Safety: Military and Civil Aeronautical Applications.
It is extremely important to note that as the complexity of the tool increases so does the degree of training required for the user and/or the need for an experienced evaluation team to conduct the evaluation. On the plus side, the data derived from the more complex methodologies may be more supportable. Unfortunately, the primary disadvantage of such tools is that "trained subject matter experts" may have limited experience in the actual operational environment and, therefore, their evaluations may not be entirely applicable to the certification process.
To hide this text and give you more room to view the table of tools and techniques, click the "minus" sign symbol at the top right of the container surrounding this introduction.
|
|
 |
|
|
Tools and Techniques
|
|
| | Name | Description |
|
| Quantitative Assessment | A collective term for the varous analyses (such as failure modes and effects, fault tree, or dependence diagram) which also includes numerical probability information. The probabilities of primary failures can be determined from failure rate data and exposure times, using failure rates derived from service experience on identical or similar items, or acceptable industry standards. The conventional mathematics of probability can then be used to calculate the estimated probability of each Failure Condition as a function of the estimated probabilities of its identified contributory failures or other events.
Often used for Hazardous or Catastrophic Failure Conditions of systems that are complex, that have insufficient service experience to help substantiate their safety, or that have Attributes that differ significantly from those of conventional systems.
Quantitative Probability Terms are usually expressed in terms of acceptable numerical probability ranges for each flight hour, based on a flight of mean duration for the aeroplane type (However, for a function which is used only during a specific flight operation; e.g., take-off, landing, etc., the acceptable probability should be based on, and expressed in terms of, the flight operation's actual duration):
- Probable Failure Conditions are those having a probability greater than of the order of 1 x 10-5.
- Improbable Failure Conditions are divided into two categories as follows:
- Improbable (Remote) Failure Conditions are those having a probability order of 1 x 10-5 or less but greater than of the order of 1 x 10-7.
- Improbable (Extremely Remote) Failure Conditions are those having a probability of the order of 1 x 10-7 or less, but greater than of the order of 1 x 10-9.
- Extremely Improbable Failure Conditions are those having a probability of the order of 1 x 10-9 or less.
|
|
| RDF 2000 | This is the latest and most comprehensive of the European methodologies developed by CNET. It hasn't yet received much attention in the US but it could evolve into the new international standard should MIL-HDBK-217 continue to become outdated.
Like the PRISM approach, it also addresses thermal cycling and dormant system modeling.
RDF 2000 is the new version of the CNET UTEC80810 reliability prediction standard that covers most of the same components as MIL-HDBK-217. The models take into account power on/off cycling as well as temperature cycling and are very complex with predictions for integrated circuits requiring information on equipment outside ambient and print circuit ambient temperatures, type of technology, number of transistors, year of manufacture, junction temperature, working time ratio, storage time ratio, thermal expansion characteristics, number of thermal cycles, thermal amplitude of variation, application of the device, as well as per transistor, technology related and package related base failure rates.
See Quanterion Solutions Inc.. |
|
| Reliability Analysis | A full review of the reliability of an aircraft part or component, making use of past data to determine the reliability of a component or maintenance technique. |
|
| Reliability Block Diagram | A graphical means of representing which set of correctly working components may combine to provide the system function. Constructed of blocks and connections representing devices in provision of a function. |
|
| Repertory Grid Analysis | Based in clinical psychology and personality theory, Repertory Grid Analysis is a structured and theoretical form of interview method. Subjects group concepts and justify how the groups are similar and dissimilar. Although a simple technique it does require some familiarity for effective application [Baber, 1996]
See WebGrid III
and Euroncontrol
and Enquire Within. |
|
| Risk-Based Decision Analysis | An efficient approach to making rational and defensible decisions in complex situations [Tarrents, 1980] |
|
| Root Cause Analysis | This method identifies causal factors to accident or near-miss incidents. The root causes are the underlying contributing causes for observed deficiencies that should be documented in the findings of an investigation [Tarrents, 1980].
Root causes are the most basic causes of an event that meet the following conditions: - they can be reasonably identified
- management has the ability to fix or influence them
Typically, root causes are the absence, neglect, or deficiencies of management systems that control human actions and equipment performance.
Root cause analysis provides a means to determine how and why something occurred. Understanding the accident scenario is not enough. Scenarios tell us what happened, not why it happened. Events in accident scenarios are generally only symptoms of underlying problems in the administrative controls that are supposed to keep those events from occurring. Understanding only the scenario addresses the outward symptoms, but not the underlying problems. More investigation of the underlying problems is needed to find and correct those that will contribute to future accidents. |
|
| Safety Review | Assesses a system, identify facility conditions, or evaluate operator procedures for hazards in design, the operations, or the associated maintenance. Periodic inspections of a system, operation, procedure, or process are a valuable way to determine their safety integrity. A Safety Review might be conducted after a significant or catastrophic event has occurred. [Tarrents, 1980] |
|
| Scenario Analysis | Scenario Analysis identifies and corrects hazardous situation by postulating accident scenarios where credible and physically logical Scenarios provide a conduit for brainstorming or to test a theory in where actual implementation could have catastrophic results. Where system features are novel, subsequently, no historical data is available for guidance or comparison, a Scenario Analysis may provide insight. [Tarrents, 1980] |
|
| Scenario-Based Requirements Analysis (SCRAM) | An iterative scenario based technique based on a mixture of creative and systematic processes.
Question Probes: What could go wrong at next step?
Influencing Factors: What is likely to make things go wrong at the next step?
Consider Design Defense: How could the error/fault be prevented? |
|
|
|
|
|