Federal Aviation Administration Safety & Human Factors Analysis of a Wake Vortex Mitigation Display System

Similar documents
Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report

1.0 PURPOSE 2.0 REFERENCES

Risk Management. Definitions. Principles of Risk Management. Types of Risk

-JHA- Job. For Science and Engineering. Hazard Assessment

Employ The Risk Management Process During Mission Planning

Aeronautical studies and Safety Assessment

FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD

New Airfield Risk Assessment / Categorisation

Safety Standards Acknowledgement and Consent (SSAC) CAP 1395

Workshop to Generate Guidelines For the Implementation of: 1 - Step 1 of State Safety Program (SSP) and 2 - Phases 1 & 2 of ICAO SMS

Aviation Unit Safety Management System

Marine Risk Assessment

Integrating Wildlife Hazard Management into a Safety Management System (SMS)

ALIGNING MOD POSMS SAFETY AND POEMS ENVIRONMENTAL RISK APPROACHES EXPERIENCE AND GUIDANCE

Safety-Critical Systems

How to Define Your Systems and Assets to Support Reliability. How to Define Your Failure Reporting Codes to Support Reliability

Advisory Circular (AC)

Unit 5: Prioritize and Manage Hazards and Risks STUDENT GUIDE

Hazardous Waste Training Plan. Supersedes: 02/15/16 (Rev.02) Preparer: Owner: Approver: EHS Team Member EHS Team Member EHS Manager

An atc-induced runway incursion

Activity Hazard Analysis (AHA) EM A.13 FIGURE 1-2 CONTRACTOR REQUIRED AHA TRAINING

Safety Risk Assessment Worksheet Title of Risk Assessment Risk Assessment Performed By: Date: Department:

Managing for Liability Avoidance. (c) Lewis Bass

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016

SYSTEM SAFETY ENGINEERING AND MANAGEMENT

Phase B: Parameter Level Design

The Best Use of Lockout/Tagout and Control Reliable Circuits

North Coast Outfitters, LTD. Model SR901RT Multi-Purpose Utility Table SAFETY ASSESSMENT REPORT (SAR)

Purpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT

HINDSIGHT SITUATIONAL EXAMPLE. unexpected runway crossing

Probability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture

HS329 Risk Management Procedure

Reliability engineering is the study of the causes, distribution and prediction of failure.

CASE STUDY ON RISK ASSESSMENTS FOR CROSS CONTAMINATION. Stephanie Wilkins, PE EMA Workshop June 2017

Safety Risk Management

Policy for Evaluation of Certification Maintenance Requirements

RISK ASSESSMENT FORM Project / Work Description: Handling of furniture.

Applicazione della Metodologia RAMCOP ORAT Runway Incursion. Italo Oddone Carlo Cacciabue

Rescue Technician: Rope Rescue I

ESSENTIAL SAFETY RESOURCES

1309 Hazard Assessment Fundamentals

Module 3 Developing Timing Plans for Efficient Intersection Operations During Moderate Traffic Volume Conditions

FMEA What s the Worst That Could Happen?

innova-ve entrepreneurial global 1

LECTURE 3 MAINTENANCE DECISION MAKING STRATEGIES (RELIABILITY CENTERED MAINTENANCE)

Identification of emergent hazards and behaviour Shifting the boundary between unimaginable and imaginable hazards. Hans de Jong and Henk Blom (NLR)

Risk Analysis Process Tool for Surface Loss of Separation Events

Risk Management Qualitatively on Railway Signal System

TECHNICAL RESCUE NFPA 1006, Chapter 5, 2013 Edition

FMEA- FA I L U R E M O D E & E F F E C T A N A LY S I S. PRESENTED BY: AJITH FRANCIS

Hazard analysis. István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems

PROCEDURE. April 20, TOP dated 11/1/88

SEMS II: BSEE should focus on eliminating human error

Why Zone In on Speed Reduction?

Go around manoeuvre How to make it safer? Capt. Bertrand de Courville

CHAPTER 4 FMECA METHODOLOGY

WORKING AFTER-HOURS OR ALONE GUIDELINE

Environmental-Related Risk Assessment

SAFE WORK METHOD STATEMENT CARPENTER

BRITISH GLIDING ASSOCIATION SAFETY MANAGEMENT SYSTEM MANUAL

OIL & GAS. MTS DP Committee. Workshop in Singapore Session 4 Day 2. Unwanted Thrust

Introducing STAMP in Road Tunnel Safety

VI.B. Traffic Patterns

What s Up in Navigation Displays?

Risks and Hazards Identified Now What?

Basketball Risk Assessment for AoC Sport National Championships 2018 Nottingham University

A Presentation to the International System Safety Society August 11, 2016 by Gary D. Braman Senior System Safety Engineer Sikorsky Aircraft

Safety Assessments of ADS-B and ASAS Andrew D. Zeitlin MITRE/CAASD 7515 Colshire Dr. McLean VA USA

A Method Quantitatively Evaluating on Technical Progress of Students in Ship Handling Simulator Training ABSTRACT

ANNUAL DYNAMIC POSITIONING TRIALS FOR DYNAMICALLY POSITIONED VESSELS

Gamma-ray Large Area Space Telescope

Why do I need dual channel safety? Pete Archer - Product Specialist June 2018

Dynamic Positioning Control Augmentation for Jack-up Vessels

THE BAKER REPORT HOW FINDINGS HAVE BEEN USED BY JOHNSON MATTHEY TO REVIEW THEIR MANUFACTURING OPERATIONS

Risk Assessment Form

Hazard Identification and Control

Biomedical Laboratory: Its Safety and Risk Management

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

Understanding safety life cycles

Incorrect Relief Valve Material Causes Release

Application of FMCA as a Tool for Risk Assessment

THE SAFE ZONE FOR PAIRED CLOSELY SPACED PARALLEL APPROACHES: IMPLICATIONS FOR PROCEDURES AND AUTOMATION

VI.B. Traffic Patterns

Continuous Descent Final Approach

Rescue Technician: Trench Rescue I/II

Calspan Task N Page 1. Precursor Systems Analyses of Automated Highway Systems. AHS Safety Issues

Proposed Abstract for the 2011 Texas A&M Instrumentation Symposium for the Process Industries

Using STPA in the Design of a new Manned Spacecraft

Temporary Equipment Fails After 20 Years of Use Worker Gets Sandblasted

AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF. SEMS HAZARD ANALYSIS TRAINING September 29, 2011

Committee Input No. 35-NFPA [ Chapter 1 ] Submitter Information Verification. Committee Statement

Transformational Safety Leadership. By Stanley Jules

Load Falls From Crane

HELICOPTER SAFETY. Escambia County, Florida - ALS/BLS Medical Protocol

Connecting Sacramento: A Trip-Making and Accessibility Study

SH&E Work Method Statement Concrete Cutting & Drilling Fast Cut Qld Pty Ltd, 91 Basalt, GEEBUNG PH M ABN

Notes on Risk Analysis

Sharing practice: OEM prescribed maintenance. Peter Kohler / Andy Webb

APPENDIX J REQUIRED NAVIGATION PERFORMANCE IMPACTS EVALUATION REPORT

Transcription:

Safety & Human Factors Analysis of a Wake Vortex Mitigation Display System Presented to: EUROCONTROL Safety R&D Seminar By: Dino Piccione Date: October 23, 2008

Project Objectives Forge a link between Human Factors and Safety activities in FAA system acquisition Test the HESRA tool on a system still in the concept phase Participate in the development of the human error portion of the safety package for SMS Provide a feed-forward to the Human Factors practitioners for detailed system design Use a Human System Integration approach 2

The basis for HESRA Human Error and Safety Risk Analysis Proactive human error analysis Based on engineering model (FMEA) Looking at human errors rather than component failures Based on tasks rather than component functions Three scales for each potential error mode Likelihood of occurrence Severity of outcome Likelihood of detection/mitigation* Scales use nominal anchors Goal is to produce ordered list of errors/outcomes *Not part of SMS 3

What are the objectives of using HESRA? Provide tools to support the FAA Safety Management System (SMS) Safety Risk Management (SRM) component of SMS Hazard identification Safety risk assessments Hazard tracking and risk mitigation Provide FAA human factors staff with a method that will allow them to evaluate system design and proactively predict elements of design that negatively influence human performance and safety. Allow FAA to field better and safer systems that will enhance ATM safety, and improve the ability of maintainers and service providers to successfully perform the job 4

What does HESRA do? Identifies the relative likelihood of particular errors Relies on relative, ordinal scaling Rank orders error modes Identifies critical single component failures Can utilize detection/mitigation Produces a task breakdown as a byproduct 5

How does HESRA do it? Starts with procedural and task breakdown Relies on analysts to identify possible error modes For each error mode, analysts assign ratings for Likelihood of occurrence Severity of outcome Likelihood of detection/mitigation Rating scales follow SMS Ratings are multiplied to yield Hazard Index (HI) = Likelihood X Severity Risk Priority Number (RPN) = Likelihood X Severity X Detection can be used to supplement SMS requirements Error modes are sorted by HI, RPN, or both 6

HESRA Likelihood Scale Error Likelihood Rating 1(A) 2(B) 3(C) 4(D) 5(E) Category Extremely Likely (Frequent) Likely (Probable) Occasional (Remote) Unlikely (Extremely Remote) Extremely Unlikely (Extremely Improbable) Error Likelihood Rating Definition Likely to occur on the order of once every 3-4 times the task is performed. Likely to occur on a regular basis, on the order of once every 10 times the task is performed. Likely to occur sporadically over the life of the system, on the order of once every 25 times the task is performed. Not likely to occur more than 5-10 times over the life of the system. Not likely to occur more than once or twice during the operational life of the system. 7

Severity Rating Scales (FAA SMS Category Names) Severity Rating 1 2 3 4 Category Catastrophic (Catastrophic) Critical (Hazardous) Significant (Major) Marginal (Minor) Severity Definition Serious injury, death, permanent loss of one or more equipment functions Extended loss of function/service Major increase in maintainer or ATC workload Increased safety risk for FAA personnel Loss of positive A/T control Extended reduction of safety margin Serious injury or moderate temporary loss of equipment function Moderate increase in maintainer or ATC workload No safety margin for FAA personnel Potential loss of A/C separation Brief reduction in local safety margin Moderate injury or moderate equipment damage Loss of redundancy for a critical component Slight increase in maintainer or ATC workload Decreased safety margin for FAA personnel Increased risk should additional errors or equipment failures occur Potential increased stress on remaining functional equipment Minor injury or slight equipment damage Work around Loss of redundancy for a non-critical component Increased risk of more serious effects Minimal decrease of safety margin 5 Negligible (No Safety Effect) No injury or equipment damage No significant effect on osafety ofunction/service oschedule 8

Detection/Recovery Rating Scales Recovery Rating 1 2 3 4 5 Category Very Low Low Moderate High Very High Recovery Scale Definition Detection and/or recovery are not likely to occur until the error propagates through the operational system(s) Detection and/or recovery are delayed until the error causes at least some serious effects on the operational system(s) Detection and/or recovery occur after a moderate delay, but in time to prevent all but minor effects on the operational system(s) Immediate or very quick detection. Recovery requires manual intervention, but is likely to be done before the error causes any operational effects. Immediate, automatic detection and/or recovery 9

What do we do with the results? Categorize results, e.g., Slight Moderate Severe Extreme Assign actions based on category Determine how hazards can be managed during Acquisition Management System (AMS) process Allocate hazard management to system design, procedures, training, etc. Commit resources where they will do the most good. 10

11

WTMD Concept of Use HESRA First Pass The WTMD weather algorithm will determine which runways will be wake independent for the next 30 minutes. Send that information to the tower supervisor s display. Exact form of that display has yet to be determined. If the tower supervisor decides to declare one of the eligible runways as a Wind Independent Runway (WIR), the runway is selected and designated as a WIR Procedures (not yet developed) must be invoked Updating the ATIS message to reflect the presence of the WIR(s) Informing the appropriate ATC facilities that one, or more, WIR has been designated Verbally verifying with the local controllers that they know about the WIRs and understand the implications for departure spacing. 12

WTMD Concept of Use If a WIR no longer qualifies as wake independent: Visual and audio alert will be sent to the tower supervisor s display Visual indication will appear on the local controllers WTMD displays to alert them to the new non-wir status When the tower supervisor acknowledges the alert, the audio portion will be silenced and all displays will revert to their pre- WIR status. Once WIR status is withdrawn, departure operations for that runway should revert to standard wake separation rules When a previously declared WIR becomes a non-wir, communication needs to occur among the supervisor, local controllers, centers, and pilots. 13

Initial Task Categories HESRA Wake Turbulence Start or stop the WTMD system Detect, recognize, select WIR(s) Communicate that WIR(s) are available Clear aircraft for departure with no wake separation Detect, recognize, acknowledge that WIR(s) is(are) NOT available Communicate that WIR(s) NOT available Clear aircraft for departure with wake separation 14

Human Error Highlights WTMD provides for suspending and invoking rules Introduces potential for new errors Consequences of errors vary depending on outcome of wake turbulence encounter Identified errors can be mitigated through: Proper human factors in system design Development of procedures Training 15

Highlights of Human Errors Aircraft on wrong runway cleared with no wake delay Misinterpretation of display Failure to detect that runway is no longer wind independent Failure to communicate non-wir status Position relief brief Supervisor distraction 16

Hazard Index Results Assessment of hazard severity was curtailed due to lack of information Several human error modes could result in a wake turbulence encounter Consequences of an encounter were not available at the time of the analysis Controller and system SMEs used for the analysis had no credible basis for making this judgment At the early stages of system development this may be a frequent analytical problem Results of the analysis are still valuable for hazard management 17

Mitigation and Hazard Management Proper design of display system Use of audio and visual display alerts Alerts should orient toward safety not capacity Need redundant displays to allow verification of WIR status by supervisor and local controller Procedures and training to require verification Readback-hearback procedures within tower cab Verification of verbal instructions prior to suspending wake separation rules Integration of WTMD procedures in position relief Monitoring of WTMD to assure procedures match runway status 18

Conclusions Proactive analysis of human error is a viable and valuable tool for hazard management Results of the analysis were passed on to the system design and human factors teams Tool still needs refinement and validation Validation trials scheduled Unclear use of Risk Priority Number (RPN) = Likelihood X Severity X Detection How to proceed when severity information is not available? 19

Next Steps Validation trials for HESRA Tool refinement to finalize and introduce to SMS toolbox Follow-up to assure mitigation recommendations are incorporated System design Procedure design Training 20

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback