Скачать презентацию Safety Nets Primary or Secondary Defenses Does it Скачать презентацию Safety Nets Primary or Secondary Defenses Does it

b8fe9b0e1ae6dc57a3034ef3344e3243.ppt

  • Количество слайдов: 13

Safety Nets: Primary or Secondary Defenses? Does it Matter? Kathy H Abbott, Ph. D, Safety Nets: Primary or Secondary Defenses? Does it Matter? Kathy H Abbott, Ph. D, FRAES Federal Aviation Administration 7 June 2016 Federal Aviation Administration

Safety nets come in several forms Safety nets can be: – People – Alerting Safety nets come in several forms Safety nets can be: – People – Alerting systems – Automated systems – Others Federal Aviation Administration 2

Alerting systems • Examples include: – Ground proximity warning systems (GPWS) – Terrain Awareness Alerting systems • Examples include: – Ground proximity warning systems (GPWS) – Terrain Awareness and Warning Systems (TAWS) – Airborne Collision Avoidance System/ Traffic Collision Avoidance System (ACAS/TCAS) – Takeoff configuration alerting – Altitude alerting Federal Aviation Administration 3

These safety nets • Have contributed to preventing accidents • Are designed as secondary These safety nets • Have contributed to preventing accidents • Are designed as secondary defense – E. g. , “The intent of a TCAS is to serve as a backup to visual collision avoidance, application of right-ofway rules, and air traffic separation service. ” Advisory Circular 120 -55 c Air Carrier Operational Approval and Use of TCAS II Federal Aviation Administration 4

Although designed as secondary defenses, they are sometimes (often? ) used as primary • Although designed as secondary defenses, they are sometimes (often? ) used as primary • Altitude alerter – “One thousand to go” • TCAS: – “Do not deviate from an assigned clearance based only on TA information” Federal Aviation Administration 5

Spanair Flight 5022 accident Probable cause: “The crew lost control of the aircraft as Spanair Flight 5022 accident Probable cause: “The crew lost control of the aircraft as a result of a stall immediately after takeoff, which was caused by the incorrect plane configuration for take-off (i. e. not deploying the flaps and slats, following a series of errors and omissions), coupled with the absence of any warning of the incorrect configuration…” Federal Aviation Administration 6

Does it matter that secondary defenses are used as primary? • Inaction may result Does it matter that secondary defenses are used as primary? • Inaction may result – Skill degradation may be one consequence • Action may be based on assuming that safety net is always there • Regulatory approval assumes it is a secondary system • Required reliability of secondary, backup systems may not be as high as it would be if its purpose was to be the primary safety net Federal Aviation Administration 7

Additional information is provided on displays BUT “Because of design limitations, the bearing displayed Additional information is provided on displays BUT “Because of design limitations, the bearing displayed by TCAS is not sufficiently accurate to support the initiation of horizontal maneuvers based solely on the traffic display. ” “Because of the limitations that may exist with various display systems, the PF should not maneuver the aircraft based solely on the information shown on the TCAS display” Federal Aviation Administration 8

Additional information is provided on displays BUT Required limitation in TAWS flight manuals: “Navigation Additional information is provided on displays BUT Required limitation in TAWS flight manuals: “Navigation must not be predicated upon the use of the TAWS” Federal Aviation Administration 9

Safety nets • Safety nets are a risk mitigation • They might mitigate some Safety nets • Safety nets are a risk mitigation • They might mitigate some risks but introduce others (e. g. , go-arounds as a risk mitigation for unstable approaches) • Unintended consequences Federal Aviation Administration 10

Risk Mitigations (in decreasing order of effectiveness) • Eliminate hazard • Alter design • Risk Mitigations (in decreasing order of effectiveness) • Eliminate hazard • Alter design • Incorporate engineered features or safety devices • Provide warning devices • Incorporate signage, procedures, training Decreasing effectiveness Source: MIL-STD-882 E System Safety Handbook Federal Aviation Administration 11

Recommended Actions • Safety nets should not be primary means of achieving a task. Recommended Actions • Safety nets should not be primary means of achieving a task. Training and operational procedures for pilots (or controllers) should address this point. • Pilots (or controllers) should be made aware of the assumptions, limitations, and potential risks introduced by the “safety nets” • Regulators (and others) should address the potential risks introduced by the safety nets. The benefit of the safety net should be balanced against the risks introduced. Federal Aviation Administration 12

Concluding Remarks • Avoidance of the hazard is the first preference • Safety nets Concluding Remarks • Avoidance of the hazard is the first preference • Safety nets can help mitigate risks but may introduce different ones • “One should carefully consider both the intended and the unintended effects of implementing protection in sociotechnical systems. ”* *Source: Denis Besnard, Erik Hollnagel. Some myths about industrial safety. 2012. Federal Aviation Administration 13