Date post: | 27-Mar-2015 |
Category: |
Documents |
Upload: | jennifer-miller |
View: | 216 times |
Download: | 2 times |
1
Safety Assessment
July 2006
2
SAFETY ASSESSMENTSAFETY ASSESSMENT
A Safety Assessment is essentially a process for finding answers to three fundamental questions:
What could go wrong? What would be the consequences? How often is it likely to occur?
Once we know the answers this automatically raises the next question:
Is this acceptable? What can we do if not?
3
SAFETY ASSESSMENTSAFETY ASSESSMENT
The objective of Safety Assessments is to:
Ensure that the system operates normally and without exposing unacceptable risk to anyone;
Reduce and prevent incidents and accidents and;
Limit the consequences of any occurrence that might occur.
8
SAFETY ASSESSMENTSAFETY ASSESSMENT
ICAO SEVEN STEP APPROACH Hazard Identification and Estimation steps
Step 1 – System and Environment Description Step 2 – Hazard Identification Step 3 – Hazard Severity Step 4 – Hazard Likelihood
Mitigation steps Step 5 – Risk Evaluation Step 6 – Risk Mitigation
Documentation Step 7 – Safety Assessment Documentation
9
STEP 1 - DESCRIPTIONSTEP 1 - DESCRIPTION
Before a safety assessment can be performed, we need to describe the ATM system and environment being assessed.
10
STEP 1 - DESCRIPTIONSTEP 1 - DESCRIPTION
APP/DEP Charts Topographical maps A/D layout (markers, position of NAVAIDS, fence, roads,
rwy extension, etc.) MET info – origin, wind conditions/shears, visibility, rwy
friction Equipment liability (VHF, NAVAIDS, etc.) APP/DEP procedures Ground Operations procedures ETA or cancellation – information from where? Procedures for non-normal operations (missed APP,
malfunction of A/C, etc.) Previous occurrences, reports, investigation results
11
STEP 2 – HAZARD IDENTIFICATIONSTEP 2 – HAZARD IDENTIFICATION
Purpose
…to identify what could go wrong!(- or anticipate problems before they occur…)
….to identify the consequences (on safety) of the hazards
A hazard is defined as any condition, event or
circumstances which could induce an accident
or incident (ICAO DOC 9422)
The equipment (hardware and software);
The operating environment; The human operators; The human machine interface (HMI); Operational procedures; Maintenance procedures; External services.
12
13
14
STEP 2 – HAZARD IDENTIFICATIONSTEP 2 – HAZARD IDENTIFICATION
Brainstorming: Easy and straightforward process. Group sessions are usually good at
generating ideas and identifying issues. The interactions between participants with
varying experience and knowledge tend to lead to broader, more comprehensive and more balanced consideration of safety issues.
No criticism – No judgment – No explanation Hitchhiking – Freewheeling
15
STEP 2 – HAZARD IDENTIFICATIONSTEP 2 – HAZARD IDENTIFICATION
EXAMPLE
16
STEP 3 – SEVERITY ASSESSMENT
The severity expresses the impact on operation or the harm an individual may suffer.
Severity Classification is a gradation, ranging from "worst case/accident" to "no safety impact" – expressing the magnitude of the consequence of the hazard.
Thus, a severity is allocated each hazard consequence in accordance with the agreed severity classification scheme.
17
STEP 3 – SEVERITY ASSESSMENT
Severity Classification Scheme
1 Accident One or more catastrophic accident One or more mid-air collision One of more collisions on ground between two aircraft No independent source of recovery mechanism, such as surveillance or ATC / Flight Crew procedure, can
reasonably be expected to prevent the accident(s)
2 Serious Incident large reduction in separation (e.g. a separation of less than half the separation minima), without crew or ATC fully controlling the situation or able to recover from the situation.
one or more aircraft deviating from their intended clearance, so that abrupt manoeuvre is required to avoid collision with another aircraft or with terrain (or when an avoidance action would be appropriate).
3 Major Incident large reduction in separation (e.g. a separation of less than half the separation minima), with crew or ATC fully controlling the situation or able to recover from the situation.
Minor reduction in separation (e.g. a separation of more than half the separation minima), without crew or ATC fully controlling the situation, or able to recover from the situation, jeopardising the ability to recover without use of collision or terrain avoidance manoeuvres
4 Significant Incident Increased workload on ATCO or Flight Crew or slightly degrading capability of the CSN system Minor reduction in separation (e.g. a separation of more than half the separation minima), without crew or
ATC fully controlling the situation, or able to recover from the situation and fully able to recover the situation
5 No immediate effect on safety
No immediate direct or indirect impact on operations
18
STEP 4 – LIKELIHOOD ASSESSMENT
The likelihood of occurrence expresses how often the consequence of a hazard is likely to occur.
Likelihood Classification is a gradation, ranging from "frequently" to “extremely improbable".
Thus, a likelihood is allocated each hazard consequence in accordance with the agreed likelihood classification scheme.
19
STEP 4 – LIKELIHOOD ASSESSMENT
Likelihood Classification Scheme
1 Frequently Likely to occur frequently (often)
2 Probable Likely to occur several times during the life-time of the system (2-5 occurrences per year)
3 Occasional Occurs sometimes during the life-time of the system (1 occurrence per year)
4 Remote Unlikely to occur sometimes during the life-time of the system (1 occurrence per 5 years)
5 Improbable Very unlikely to occur (1 occurrence per 20 years)
6 Extremely Improbable Extremely unlikely to occur (1 occurrence per 100 years)
20
STEP 3 & 4 – SEVERITY AND LIKELIHOODSTEP 3 & 4 – SEVERITY AND LIKELIHOOD
EXAMPLE
22
STEP 5 – RISK EVALUATION
Determine what is / is not acceptable Acceptable level of Safety
Determine acceptability of identified risks Clearly unacceptable Clearly acceptable May be / may be not acceptable
Risk Classification
Probability Severity
Probability Qualitative Definition Quantitative
Definition 1 2 3 4 5
Frequently Likely to occur frequently. > 5*10-4 A A A A C
Probable Likely to occur several times during system life.
< 5*10-4 A A A B D
Occasional Occurs sometime during system life. < 1*10-5 A A B C D
Remote Unlikely to occur sometimes during system life.
< 1*10-6 A B C D D
Improbable Very unlikely to occur. < 1*10-7 B C D D D
Extremely Improbable
Extremely unlikely to occur. < 1*10-8 C D D D D
likelihood
likelihood
24
STEP 5 – RISK EVALUATIONSTEP 5 – RISK EVALUATION
EXAMPLE
25
STEP 6 – RISK MITIGATIONSTEP 6 – RISK MITIGATION
Identify potential causes for a risk to occur Some causes are identified during the hazard
identification Ensure that we have identified all causes
Identify potential mitigation Remove the risk (remove the cause of the risk) Reduce the risk
Reduce severity and/or probability
Identify preferred mitigation approach
26
Risk Classification
Probability Severity
Probability Qualitative Definition Quantitative
Definition 1 2 3 4 5
Frequently Likely to occur frequently. > 5*10-4 A A A A C
Probable Likely to occur several times during system life.
< 5*10-4 A A A B D
Occasional Occurs sometime during system life. < 1*10-5 A A B C D
Remote Unlikely to occur sometimes during system life.
< 1*10-6 A B C D D
Improbable Very unlikely to occur. < 1*10-7 B C D D D
Extremely Improbable
Extremely unlikely to occur. < 1*10-8 C D D D D
likelihood
likelihood
STEP 6 – RISK MITIGATIONSTEP 6 – RISK MITIGATION
29
STEP 6 – RISK MITIGATIONSTEP 6 – RISK MITIGATION
Performed by a small group System users/operational experts System technical experts Safety and human factors experts
Different experts may be required to: Performed detailed studies of the causes of a risk
Study system design to determine component potentially causing, e.g. loss of air situation display
Study procedures to determine where e.g. misunderstandings can arise
Ways to remove those causes
31
STEP 6 – RISK MITIGATIONSTEP 6 – RISK MITIGATION
EXAMPLE
32
STEP 7 - SAFETY ASSESSMENT DOCUMENTATION
The purpose: To provide a permanent record of the final result of
the safety assessment To provide the arguments and evidence
demonstrating that the risks associated with the implementation of the proposed system or change:
have been eliminated, or have been adequately controlled and reduced to a
tolerable level.