Safety analysis of aircraft systems

• In aviation, safety is defined as the absence of accidents and incidents.

• JAR 25 treats systems as a whole.• Acceptable accident rates must be established,

100% safety can never be guaranteed.• A relationship must be established between

severity of effect and probability of occurrence.

Probability versus severity of effect

The principle of graceful degradation

• In any system the failure of a single element, component or connection should not prevent continued safe flight and landing.

• This single failure should also not lead to an unacceptable workload for the operating crew.

Types of failure to be considered

• Single active failure

• Passive and undetected (dormant) failures

• Combinations of independent failures

• Common-mode failures

• Cascade failures

• Failures produced by the environment

Errors

• Design errors

• Manufacturing errors

• Maintenance errors

• Pilot mismanagement

• Errors in manuals or checklists

Dormant failure

• Reverser is deployed!• Lauda Air B767 , 26-

5-1991• Design errors in the

thrust reverser electric systems led to unobserved deterioration of the HIV valve

Common-mode failure

• Whatever you do, keep us away from the city!”

• UA 232, 19-6-1989, Sioux City, Iowa.

• No. 2 engine fan disc disintegration severed all 3 hydraulic lines in the tail area.

• Exceptional flying by the crew led to a landing at Sioux airport

Cascade failure

• THY 981, 3-7-1974, Paris

• Inadequately closed lower deck door opened, causing floor collapse

• This blocked the flying control runs under the floor, causing catastrophic failure

Failure rates in light single engined aircraft

• Engine failure. A minimum demonstrated flying speed must be 61 kts or below, to enable a succesful off-airport landing.

• Instrument systems for IFR operations must be dual and independent. Vacuum pump MTBF 700 hrs.

• Prevention of flap asymmetry must be adequate

A few examples

• Cessna 172. Seat rails, flap system, elevator control

• Piper PA 28 wing attachment

• Robinson R22 helicopter, mast bumping

Current concerns for GA

• Inadequate training

• Inadequate currency

• Insufficient pilot ability

• Lack of familiarity with the full flight envelope

• Inadequate understanding of increasingly complex systems