Aircraft System Safety
   Search
Aircraft System Safety
You are here: Information » Tools and Techniques Register | Login
 An Introduction to Tools and Techniques Minimize

This table summarises some of the Safety Assessment Tools and Techniques available to the safety assessor. Each of these tools has its own advantages and disadvantages and the extent to which these can be used during various phases of the product lifecycle, and the degree to which they can be applied to safety assessments, vary. For a list of Advantages and Limitations of each, see Appendix A to Aircraft System Safety: Military and Civil Aeronautical Applications.

It is extremely important to note that as the complexity of the tool increases so does the degree of training required for the user and/or the need for an experienced evaluation team to conduct the evaluation. On the plus side, the data derived from the more complex methodologies may be more supportable. Unfortunately, the primary disadvantage of such tools is that "trained subject matter experts" may have limited experience in the actual operational environment and, therefore, their evaluations may not be entirely applicable to the certification process.

To hide this text and give you more room to view the table of tools and techniques, click the "minus" sign symbol at the top right of the container surrounding this introduction.
 Print   
 Tools and Techniques Minimize
 NameSorted By Name In Ascending OrderDescription
Bottom-Up Analysis ApproachAlso known as the "hardware" method, this starts with the hardware failure modes which can occur, and analyses the effects of these on the sub-system and the system.

An example bottom-up approach is the FMEA.
Bow Tie AnalysisUses a methodology known as the Hazards and Effects Management Process, which requires hazards to be identified, assessed, controlled and if subsequently they are released, recovery measures to be in place to return the situation to normal if possible.

Bow Tie Analysis

The stages worked through in the Bow Tie are:

Proactive Measures
  • Identification of the Hazard.
  • Identification of the Threats that could release the hazard.
  • Assessment of the Threat Controls already in place and the identification of additional controls that may be necessary to manage the threat effectively.
  • Identification of the Escalation Factors that are conditions that prevent a threat control being effective.
  • Assessment of the Escalation Controls, which are further measures needed to maintain control of the escalation factor.
  • Identification of the Hazardous Event, which is the initial release of the hazard that can lead to an accident.
Bow Tie Analysis

Reactive Measures
  • Assessment of the Recovery Measures that would be appropriate to return the situation to as near to normal as possible.
  • Identification of the Escalation Factors that are conditions that prevent a recovery measure being effective.
  • Assessment of the Escalation Controls, which are further measures needed to maintain control of the escalation factor.
Brain StormingUses a team of knowledgeable people to work in an imaginative and non-critical atmosphere to solve problems.
Cable Failure Matrix AnalysisLess then adequate design of cables can result in faults, failures, and anomalies, which can result in contributory hazards and accidents. Should cables become damaged system malfunctions can occur. Cable Failure Matrix Analysis identifies the risks associated with any failure condition related to cable design, routing, protection, and securing. [FAA System Safety Handbook, Chapter 9: Analysis Techniques December 30, 2000]
Causal AnalysisDeductive analysis, which investigates the possible outcome of an undesired event. Uses techniques such as FTA, Software FTA, FMECA.

Causal Analysis
Cause Consequence AnalysisIntegration of deductive (e.g. fault tree) and inductive (e.g. event tree) analysis into a single method and notation.

Mainly used in nuclear industries, no good examples found in other industries yet.

See also Consequence Analysis.
Change Analysis ChecklistChange Analysis examines the effects of modifications from a starting point or baseline.

In the past, Hazards Identification relied on the experience of individual engineers and on previous accidents. Sometimes this knowledge would be embodied in Hazard Checklists. A checklist is, as its name implies, a list of questions, features or key points against which something is assessed ("checked") to determine its acceptability. Checklists can be constructed for many purposes and can be short or long, simple or complex. In fact, checklists are as varied as the systems being designed or evaluated or the tasks to be performed. Checklists incorporate past experiences in convenient lists of "do's" and "don'ts". The list is more of a prompt to the imagination of the user than a checklist which can guarantee identifying all possible Hazards.

Some useful checklists include:
  • The ATC Electronic Checklist, developed by the Volpe Center and the FAA, provides a checklist of human factors issues that should be considered in the design and evaluation of air traffic control systems and equipment. The checklist points controllers and other operations specialists to questions that they may wish to consider in the evaluation of new systems or subsystems or a new component of an existing system (see FAA Human Factors Research and Engineering Division).
  • The Ergonomics Audit Program (ERNAP) is a computerized checklist to help managers design and/or evaluate procedures for aviation maintenance and inspection. ERNAP is simple to use and evaluates existing and proposed tasks and set-ups by applying ergonomic principles. ERNAP allows the auditor to maintain Audits for further reference. ERNAP was developed under the auspices of the FAA, and can be downloaded from the Human Factors in Aviation Maintenance and Inspection (HFAMI) website. See http://www.hfskyway.com/jobaids.htm)
  • CRT display checklist, which forms Appendix A to NUREG/CR-3557. It provides subjective comparisons of methods for displaying screen information but is also used as a design checklist [refer Kirwan and Aisworth, 1992; Blackman et al, 1983]
  • Ravden & Johnson Checklist, which is a comprehensive checklist of items that evaluate the usability of human-computer interfaces. It is easy to administer but its 156 questions make it somewhat lengthy. It generates much data on interface factors including visual clarity, consistency, compatibility, feedback, explicitness, functionality, control, error management, help facilities, and the usability of help facilities [Ravden and Johnson, 1988].
  • NUREG-0700: US Nuclear Regulation Commission (NRC) has produced several human factors guidance documents. NUREG-0700 is a detailed checklist for control room design (or more precisely, design review) in the nuclear power industry. The checklist addresses individual instruments, so using this checklist is time-consuming process because of its detail. The guidelines, first issued in 1981, were recently revised to take into account the introduction of computer-based, human-computer interface technology (NRC, 1995). [NRC, 1981, 1995; Kirwan and Ainsworth, 1992].
Chi-Squared MethodA method for detecting differences between a binomial and a multinomial population. Observations may fall into one or more categories and compare two or more samples.
Cognitive Event Tree System (COGENT)Human error reliability assessment.
Cognitive Reliability Assessment Technique (CREATE)Human error reliability assessment.
Page 2 of 18First   Previous   1  [2]  3  4  5  6  7  8  9  10  Next   Last   
 Print   

Copyright 2007 by Duane Kritzinger   Terms Of Use  Privacy Statement