Safety analysis of aircraft systems
• In aviation, safety is defined as the absence of accidents and incidents.
• JAR 25 treats systems as a whole.• Acceptable accident rates must be established,
100% safety can never be guaranteed.• A relationship must be established between
severity of effect and probability of occurrence.
Probability versus severity of effect
The principle of graceful degradation
• In any system the failure of a single element, component or connection should not prevent continued safe flight and landing.
• This single failure should also not lead to an unacceptable workload for the operating crew.
Types of failure to be considered
• Single active failure• Passive and undetected (dormant) failures• Combinations of independent failures• Common-mode failures• Cascade failures• Failures produced by the environment
Errors
• Design errors• Manufacturing errors• Maintenance errors• Pilot mismanagement• Errors in manuals or checklists
Dormant failure
• Reverser is deployed!• Lauda Air B767 , 26-
5-1991• Design errors in the
thrust reverser electric systems led to unobserved deterioration of the HIV valve
Common-mode failure• Whatever you do, keep
us away from the city!”• UA 232, 19-6-1989, Sioux
City, Iowa.• No. 2 engine fan disc
disintegration severed all 3 hydraulic lines in the tail area.
• Exceptional flying by the crew led to a landing at Sioux airport
Cascade failure• THY 981, 3-7-1974,
Paris• Inadequately closed
lower deck door opened, causing floor collapse
• This blocked the flying control runs under the floor, causing catastrophic failure
Failure rates in light single engined aircraft
• Engine failure. A minimum demonstrated flying speed must be 61 kts or below, to enable a succesful off-airport landing.
• Instrument systems for IFR operations must be dual and independent. Vacuum pump MTBF 700 hrs.
• Prevention of flap asymmetry must be adequate
A few examples
• Cessna 172. Seat rails, flap system, elevator control
• Piper PA 28 wing attachment• Robinson R22 helicopter, mast bumping
Current concerns for GA
• Inadequate training• Inadequate currency• Insufficient pilot ability• Lack of familiarity with the full flight
envelope• Inadequate understanding of increasingly
complex systems