A Systems Approach to the Development of an Aircraft Smoke Control System

Similar documents
Committee for a Study of Electronic Vehicle Controls. and Unintended Acceleration National Research Council SPECIAL TOPIC

FINAL REPORT AIRBUS A , REGISTRATION 9V-SKD SMOKE IN LAVATORY SINGAPORE CHANGI AIRPORT 31 JANUARY 2011 AIB/AAI/CAS.072

HeliTAWS. The Pilot s Low-Level Hazard Avoidance System 2/1/12 1

The agri-motive safety performance integrity level Or how do you call it?

Effective Alarm Management for Dynamic and Vessel Control Systems

Avionics/Systems Policy Updates - Small Airplane Directorate

NEW CENELEC STANDARDS & CSM-RA NEW CENELEC STANDARDS & CSM-RA 2017

Light Detection and Ranging LiDAR and the FAA FAA Review and Reclassification of LiDAR systems

Connected Airport INNOVATION TAKES FLIGHT. Taking the Intelligent Airport to New Heights

Connected Airport INNOVATION TAKES FLIGHT. Taking the Intelligent Airport to New Heights

Risk-informed Airport Fire Engineering Solutions for Operational Continuity

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

Failure Modes, Effects and Diagnostic Analysis

ADIPEC 2013 Technical Conference Manuscript

Prereq: FOD 131 or Instructor Permission

HONEYWELL VOICE SOLUTIONS FOR MAINTENANCE AND INSPECTION Sophisticated Inspection Documentation and Voice-Compliant Processing

water patterns of urban sustainability

Fieldbus Foundation TM Bus diagnostics and troubleshooting

The evolution of level switches and detectors

Falcon 900B Serial Number 139 Registration Number N900SX

Y. ORMIERES. Fire risk analysis method for nuclear installations

BRIDGING THE SAFE AUTOMATION GAP PART 1

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

1 Aviation English Vocabulary Level 4 to 5

Ground Traffic Management. ATC Guild- 20 th Nov 2014

Critical Condition Management on a Corporate Scale. Lyondell Is a Major Global Chemical Company

Introduction to Modular Programming. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

Achieving Functional Safety using Time-Triggered Architectures

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

AIR HANDLING SYSTEM RETRO-COMMISSIONING TRENDING ANALYSIS

High-Efficiency Front-Load Washer

Evolution in Emergency Lighting 7 March 2018

Functional Safety Experience on Railway Signalling in Japan. Yuji Hirao Nagaoka University of Technology (Japan)

Part 21 Design Organisation Approval (DOA) Implementation Workshop Industry

Integration Test Plan

Digital EPIC 2 Safety manual

Functional Safety: the Next Edition of IEC 61511

Recent Advances in Fire Suppression Modeling Issues & Perspectives of Fire Safety Engineering Applications

TRX SENTINEL. Introduction. Conclusion

Road tunnel safety rules in Italy: the tunnel country

Unifying Alarms and Operating Envelopes for the Achievement of KPI s and Business Objectives

Safety Temperature Limiter STL 50 Certified to DIN EN (replaces DIN 3440)

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Corporate. Management. Line. Management. Plant. Manager HSSE. Maintenance Manager. (Plant. Operations Manager. Process Safety) Plant.

Procedure for the Approval of New Fire Detection and Alarm Technologies

[Docket No. FAA ; Product Identifier 2017-NE-02-AD; Amendment ; AD ]

FINDINGS FROM FIRE TESTS IN TUNNEL CONSTRUCTIONS WITH VENTILATION SYSTEMS AND FIXED FIRE SUPPRESSION SYSTEMS

Failure Modes, Effects and Diagnostic Analysis

Emergency Procedures Training

Hazardous Material Safety Program

Tollgrade Lighthouse Sensor Pilot at CenterPoint Energy. Presented at SWEDE 2011

The National Smart Metering Program and the AS4755 Appliance Interface: Establishing a Direct Connection

2015 Functional Safety Training & Workshops

5/9/2017. Understanding Risk Analysis and Emergency Planning and How They Affect the Design of Emergency Communications Systems

Airbus 380 Evacuation Demonstration

VIATION, LLC - MR. HARRISON LEFRAK

Design and Analysis of Safety Critical Systems

DFPC s Toolbox. Colorado Fire Prediction System (CO-FPS)

AP1000 Advanced Control Room

Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design. Feng Tao

1.1. SYSTEM MODELING

Each burner shall be equipped with a Micro-Processor Based Burner Management Flame Safeguard and Parallel Positioning Control System.

Safer & quicker evacuation From Emergency Lighting Systems to Adaptive Evacuation Systems

The Light Control Case Study: Problem Description

CHAPTER I: INTRODUCTION

Gerd Koffmane, Henrik Hoff, AP Sensing GmbH, Böblingen

B.E.G. LUXOMAT net. KNX intelligent building automation using sensors from B.E.G.

Configuration and Operation Manual for the Unipos

EXICALL EN70 EXICALL EN70MR EXICALL EN70-ATEX

IEC61511 Standard Overview

CO Guardian LLC Document: E. AIRPORT DRIVE Date: 11/15/05 OWNERS MANUAL

Building Analytics and Compliance: How analytics can be used to aid in performancebased certifications. Bryant M. Kirkland Jr, PE, CCP, LEED AP

Fire Alarm and Mass Notification Project

CombustionONE. Improving and Sustaining the Combustion Asset. Driven by the New Standards. Bulletin 53A90A01-01E-A

Improved Dryer Control

Elements of Smart Growth on the Waterfront. Framing the Public Conversation About Coastal Development

Interactive Fire Control Panel IFS7002 one signal loop Instruction Manual

Risk Assessment of large Hydrocarbon Storage tanks. G. Unnikrishnan, Kuwait Oil Company

FIRE PROTECTION BUREAU ACCREDITATION AND CERTIFICATION PO Box Olympia WA (360) FAX: (360) AIRPORT FIREFIGHTER

THE FUTURE OF FIRE SUPPRESSION

PLC Based Control and Monitoring in Ship

Alert Service Bulletin

Direct Sequence Spread Spectrum RF Technology comes to aviation:

DCS DSS OSS EIB OBPS OPTS FDS AFSS

The Light Control Case Study: Problem Description

Safety in the process industry

Canadair Regional Jet 100/200 - Lighting

17 TH APRIL 2017 Switch Board Monitoring Protecting Switchboard. Courtesy of ABB. Paul Lee

Particle Accelerators - Their Hazards and the Perception of Safety

COMP201: Software Engineering I. Assignment 1, Part 1 (2017/2018) (100% mark for Assignment 1 is 10% of COMP201 grade)

Arc Flash Mitigation Solutions: A Proactive Approach To Arc Flash Risk

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Because Safety is not found in a Box

Application Note Heat Transfer Design Team 7 Compact Inverter Jack Grundemann

Failure Modes, Effects and Diagnostic Analysis

Building America AC Installation Using CheckMe!

Based on NFPA 1003: Standard for Airport Fire Fighter Professional Qualifications 2015 Edition

Alarm Management at Operators Workstations

The SIL Concept in the process industry International standards IEC 61508/ 61511

Transcription:

A Systems Approach to the Development of an Aircraft Smoke Control System Danilo da Costa Ribeiro danilo.costa@embraer.com.br March 2016

Motivation 2

Motivation Technology Evolution Flight Control System Flight Envelope Protection Gain scheduling Improved Performance Less Weight ( ) Cable Technology 90s Flight Envelope Protection EMI/HIRF shielding Large bandwith Less Weight ( ) Fly By Wire Technology 2000s Flight By Light Technology 2

Motivation Technology Evolution Flight Control System Less Time to Market Flight By Light Technology 2

Motivation Safety often considered expensive Cost Parameters constraints 3

Motivation Safety often considered expensive Cost Parameters constraints 3 (Fleming, 2015)

Motivation Component Interaction Accidents Increasing with the systems complexity and integration Not covered by Component Failure Analysis 4

Motivation Traditional Assessment Failure oriented Assess many Interfaces at a later stage Experience plays a significant role STPA Function oriented Systemically assess Interfaces at an early stage Experience allied to a systemic process 5

Motivation Aircraft Requirements System Requirements Item Requirements Item Design Item Verification System Verification Aircraft Verification AFHA ASA PASA Aircraft CCA Aircraft CCA SFHA SSA PSSA System CCA System CCA System FMEA Allocation System FTA System CMA System FTA System CMA Integration System FMEA Software Design Hardware Design 6 (Adapted from ARP 4754A, 2010)

Motivation 6 (Adapted from ARP 4754A, 2010)

Complexity A complex system is a group or organization which is made up of many interacting parts (...) In such systems the individual parts called components or agents and the interactions between them often lead to largescale behaviors which are not easily predicted from a knowledge only of the behavior of the individual agents. Such collective effects are called emergent behaviors. 7 (Mitchell and Newman, 2002)

Complexity Systems Thinking and Safety Aircraft System 8

Smoke Control System Functions: Detect smoke on board Prevent smoke from entering an occupied zone Prevent fire on board 9

STPA: Accidents and Hazards Accidents A-1 A-2 A-3 Multiple fatalities Loss of aircraft Loss of mission Hazards Hazards Associated Accident H-1 Smoke inside the cabin A-1 H-2 Uncontrolled fire on board A-2 H-3 Unnecessary loss of relevant functions A-3 10

STPA: Level 0 Safety Constraints Safety Constraints to avoid Hazards L0-01 - There shall never be smoke inside the cabin L0-02 - There shall never be uncontrolled fire on board L0-03 - No relevant function shall be lost when not required 11

STPA: Functional Control Structure External Inputs Subsystems 12

Electrical Procedure (02) Feedback (02) Smoke Procedure (02) Feedback (03) Smoke Procedure (01) STPA: Functional Control Structure Aircraft Manufacturer Procedures Airliner Society Feedback (05) Training / Imposistions Influences Electrical Procedure (01) Pilot Feedback (01) Electrical System Electrical Procedure (03) Feedback (06) Air Management System Passenger Cabin Feedback (04) E-BAYS 12

STPA: Step 01 Unsafe Control Actions According to Leveson, there are four ways for a control action to be hazardous: A safety required control action is not followed. An unsafe control action is provided. A safety required control action is provided too late or too early or out of sequence. A safety required control action is stopped too soon or applied too long. 13

Electrical Procedure (02) Feedback (02) Smoke Procedure (02) Feedback (03) Smoke Procedure (01) STPA: Step 01 Unsafe Control Actions (UCA) Aircraft Manufacturer Procedures Airliner Society Feedback (05) Training / Imposistions Influences Electrical Procedure (01) Pilot Feedback (01) Electrical Procedure (03) Electrical System Feedback (06) Air Management System Passenger Cabin Feedback (04) FWD E-BAY FWD E-BAY FWD E-BAY 14

STPA: Step 01 Unsafe Control Actions (UCA) Control action Safe control action Unsafe control not provided action provided Wrong timing/order Stopped too soon or applied too long Smoke procedure from the Pilot to Air Management System Smoke procedure not executed in case of smoke on board [UCA21] Smoke procedure executed when there is no smoke on board [UCA22] Smoke procedure Too soon: smoke procedure not fully executed in case executed too late of smoke on board [UCA24] [UCA23] Accidents Hazards Unsafe control actions A-1 Multiple fatalities H-1 Smoke inside the cabin 21;23;24 A-3 Loss of mission H-3 Unnecessary loss of relevant functions 22 15

STPA: Step 01 Safety Constraints Safety Constraints to avoid Unsafe Control Actions L1-04a: The pilot shall execute completely on time the smoke procedure to the AMS (UCA 21, 23 and 24) L1-05a: The pilot shall execute the smoke procedure only when there is smoke on board (UCA 22) ( ) 16

STPA: Step 02 Causal Factors Process Models 17

STPA: Step 02 Process Models Electrical System Process Model: Electrical Procedure -Procedure executed -Procedure not executed -Unknown Electrical Procedure Feedback -Procedure successful -Procedure unsuccessful -Unknown UCA-59: The electrical procedure affects the effectiveness of the smoke procedure, when it is performed at the AMS Actuator Electrical Procedure Air Management System Process Model: Electrical Procedure -Procedure executed -Procedure not executed -Unknown Electrical Procedure Feedback -Procedure successful -Procedure unsuccessful -Unknown Electrical Procedure Feedback Sensor 17

STPA: Step 02 Electrical System Process Model: Electrical Procedure -Procedure executed -Procedure not executed -Unknown Electrical Procedure Feedback -Procedure successful -Procedure unsuccessful -Unknown Actuator Electrical Procedure Electrical Procedure Feedback Sensor 18 Air Management System Process Model: Electrical Procedure -Procedure executed -Procedure not executed -Unknown Electrical Procedure Feedback -Procedure successful -Procedure unsuccessful -Unknown UCA-59: The electrical procedure affects the effectiveness of the smoke procedure, when it is performed at the AMS Scenarios Associated causal factors Safety Constraint Allocated to The electrical procedure was [Process Model Flaw: defined incorrectly and turn some The electrical procedure shall not affect the Aircraft Electrical / Air AMS components off, which smoke procedure efficiency (L2-42) manufacturer reduces the smoke procedure Management efficiency Systems]: The The electrical procedure is smoke procedure The electrical procedure shall not affect the Aircraft executed with an incorrect timing has its efficiency smoke procedure efficiency (L2-42) manufacturer and affect the smoke procedure reduced by the The communication between the The communication between the electrical and Aircraft electrical procedure electrical and air management air management systems shall be assured (L2- manufacturer systems is flawed 43)

Safety Constraints 03 Safety Constraints - Hazards 21 Safety Constraints - Unsafe Control Actions 43 Safety Constraints - Causal Factors Requirements Multi-disciplinary Team 19

Conclusion Generated Level 02 Safety Constraints 16 8 19 Traditionally captured by requirements Traditionally captured in an advanced stage Captured only with STPA 20

Conclusion STPA. 23 Socio-technical safety constraints generated Traditional Hazard Analysis Does not address the sociotechnical aspect of system 13 Socio-technical safety constraints not addressed as a requirement by nowadays regulations Systemically generate requirements Some requirements were created after some accident An accident must occur to make flying safer? 21

Thank you!

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback