Sensitivity Analysis for the Integrated Safety Assessment Model (ISAM) John Shortle George Mason University May 28, 2015

Similar documents
Runway Safety Programme Global Runway Safety Action Plan

NETWORK MANAGER - SISG SAFETY STUDY

34th ATS/Airline Safety Forum Health Check. Simon McDonald Safety Assurance

Appendix F ICAO MODEL RUNWAY INCURSION INITIAL REPORT FORM

The pilot and airline operator s perspective on runway incursion hazards and mitigation options. Session 3 Presentation 1

QUANTIFICATION OF FAULT TREES FOR A CAUSAL MODEL

Agenda. What is a Large Height Deviation (LHD)? Why is it important to report LHDs? Understanding LHDs. LHD Reporting Category E LHDs

Research on Controlled Flight Into Terrain Risk Analysis Based on Bow-tie Model and WQAR Data

Second ICAO Global Runway Safety Symposium, Lima, Peru, November 2017 Panel 3 - Root causes of runway accidents and incidents David Gamper,

DEPENDENCIES BETWEEN EVENT SEQUENCE DIAGRAMS

RISK ASSESSMENT PROCEDURE FOR CIVIL AIRPORT

Participant Presentations (Topics of Interest to the Meeting)

Two s Too Many BY MARK LACAGNINA

March 2016 Safety Meeting

Jet Transport Airplane Performance - Briefing For Business Aviation Pilots & Operators

Appendix B. Comparative Risk Assessment Form

BOBASIO/7. Preliminary RVSM Airspace Safety Assessment

Use of technology to mitigate overrun aftermath

Aviation Safety Information Analysis and Sharing ASIAS Overview PA-RAST Meeting March 2016 ASIAS Proprietary Do Not Distribute

SECURITY OVERSIGHT AGENCY June 2017 ALL WEATHER (CAT II, CAT III AND LOW VISIBILITY) OPERATIONS

RUNWAY SAFETY GO-TEAM METHODOLOGY

Front Line Managers (FLMs) and Airline Pilots Training for Operational Evaluation! of enhanced Final Approach Runway Occupancy Signal (efaros) at DFW!

IATA Air Carrier Self Audit Checklist Analysis Questionnaire

International Civil Aviation Organization CHINA RMA REPORT. (Presented by the China RMA) SUMMARY

Unmanned Aircraft System Loss of Link Procedure Evaluation Methodology

AERODROME SAFETY COORDINATION

The pilot and airline operator s perspective on runway incursion hazards and mitigation options. Session 2 Presentation 2

Agenda Item 5: Group Discussion How Could We Prevent Runway Excursions (Risks and Lessons Learned)

Purpose This Advisory Circular provides information and guidance to assist aerodrome operators and other parties to undertake an aeronautical study.

Appendix B Ultimate Airport Capacity and Delay Simulation Modeling Analysis

Crew Resource Management

Ground movement safety systems and procedures - an overview

REMOTELY PILOTED AIRCRAFT SYSTEMS SYMPOSIUM March Detect and Avoid. DI Gerhard LIPPITSCH. ICAO RPAS Panel Detect & Avoid Rapporteur

Surveillance and Broadcast Services

Introduction to ROPS. Runway Overrun Prevention System. Presented by: Jerome JOURNADE ROPS Technical Manager

STABLE APPROACHES. Captain Alan Stealey DSVP Flight Operations Emirates Airline

NOISE ABATEMENT PROCEDURES

AFI Flight Operations Safety Awareness Seminar (FOSAS)

Boeing s goal is gateto-gate. crew awareness that promotes safety and efficiency.

COLLISION AVOIDANCE FOR RPAS

According to FAA Advisory Circular 150/5060-5, Airport Capacity and Delay, the elements that affect airfield capacity include:

The pilot and airline operator s perspective on runway excursion hazards and mitigation options. Session 2 Presentation 1

TANZANIA CIVIL AVIATION AUTHORITY SAFETY REGULATION CHECKLIST FOR INSPECTION OF SURFACE MOVEMENT GUIDANCE CONTROL SYSTEM (SMGCS)

FAULT TREE MODELLING FOR THE CAUSAL MODEL OF AIR TRANSPORT SAFETY - FINAL REPORT

Calendar 2017 Q1 Runway Safety Report

NM Top 5 Safety Priorities. Tzvetomir BLAJEV

Development of the Safety Case for LPV at Monastir

Aerodrome Safety. H.V. SUDARSHAN International Civil Aviation Organization

Safety Analysis Tool for Automated Airspace Concepts (SafeATAC)

Response to Docket No. FAA , Voluntary Disclosure Reporting Program, published in the Federal Register on 19 March 2009

TAKEOFF SAFETY ISSUE 2-11/2001. Flight Operations Support & Line Assistance

Runway Safety through Standardized Stop Bars Practices

Defining and Managing capacities Brian Flynn, EUROCONTROL

Wake Turbulence Research Modeling

AIRFIELD SAFETY IN THE UNITED STATES

Using PBN for Terminal and Extended Terminal Operations

GENERAL INFORMATION Aircraft #1 Aircraft #2

International Civil Aviation Organization. First Meeting of the RASG-MID Steering Committee (RSC/1) Global Developments related to Aviation Safety

The Challenge of Surface Conditions. AST: A New Solution to a Global Aviation Problem. Benefits and Business Value to Airports and Operators


Turboprop Propulsion System Malfunction Recog i n titi ion on an d R d Response

Aeroplane State Awareness during Go-around (ASAGA)

Safety Enhancement SE RE Airports Policies and Procedures to Mitigate Runway Excursion Consequences & Severity

LARGE HEIGHT DEVIATION ANALYSIS FOR THE WESTERN ATLANTIC ROUTE SYSTEM (WATRS) AIRSPACE CALENDAR YEAR 2016

THE IMPACTS OF AIRCRAFT INCIDENT ON THE UNIT OPERATING COSTS OF CIVIL AIRCRAFT

OPERATIONS CIRCULAR 4 OF 2011

Practical Risk Management

helicopter? Fixed wing 4p58 HINDSIGHT SITUATIONAL EXAMPLE

LAPL(A)/PPL(A) question bank FCL.215, FCL.120 Rev OPERATIONAL PROCEDURES 070

National Transportation Safety Board Aviation Incident Final Report

WORKING TOGETHER TO ENHANCE AIRPORT OPERATIONAL SAFETY. Ermenando Silva APEX, in Safety Manager ACI, World

Commercial Aviation Safety Team

A Human Factors Approach to Preventing Tail Strikes. Captain Vern Jeremica Senior Safety Pilot Boeing Commercial Airplanes May 2004

AN INTEGRATED SAFETY AND OPERATIONAL AVAILABILITY ANALYSIS SYSTEM FOR AIR TRAFFIC SYSTEMS

Safety Enhancement RNAV Safe Operating and Design Practices for STARs and RNAV Departures

The SESAR Airport Concept

CASCADE OPERATIONAL FOCUS GROUP (OFG)

Data, Baseline and Predictability supporting the Runway Safety Team

Minimum Safe. Federal Aviation Administration Altitude Warning. Presented to: Pan American Aviation Safety Summit; Sao Paulo, Brazil

Aeronautical Studies (Safety Risk Assessment)

Abstract. Introduction

All-Weather Operations Training Programme

5.1 Approach Hazards Awareness - General

Application of TOPAZ and Other Statistical Methods to Proposed USA ConOps for Reduced Wake Vortex Separation

Closing of Detailed Implementation Plans (DIPs)

This Advisory Circular relates specifically to Civil Aviation Rule Parts 121, 125, and 135.

Fly Quiet Report. 3 rd Quarter November 27, Prepared by:

National Transportation Safety Board Aviation Accident Final Report

Runway Safety Programme Global Runway Safety Action Plan First Edition, November 2017

A Network Model to Simulate Airport Surface Operations

Airspace Complexity Measurement: An Air Traffic Control Simulation Analysis

RUNWAY SAFETY MINISTRY OF TRANSPORT REPUBLIC OF INDONESIA DIRECTORATE GENERAL OF CIVIL AVIATION DIRECTORATE OF AIRWORTHINESS AND AIRCRAFT OPERATIONS

An Automated Airspace Concept for the Next Generation Air Traffic Control System

Safety Enhancement SE ASA Training - Policy and Training for Non-Normal Situations

RSAT RUNUP ANALYSIS 1. INTRODUCTION 2. METHODOLOGY

FAA/HSAC PART 135 SYSTEM SAFETY RISK MANAGEMENT SAFETY ELEMENT TRAINING OF FLIGHT CREWMEMBERS JOB AID Revision 1

RPAS Working Group RPAS in Switzerland Rules and Integration

Evidence - Based Training: A walk through the data

Analysis of Aircraft Separations and Collision Risk Modeling

AI AIRCRAFT SERIOUS INCIDENT INVESTIGATION REPORT THAI AIRASIA X CO., LTD. H S X T C CHINA AIRLINES B

Transcription:

Sensitivity Analysis for the Integrated Safety Assessment Model (ISAM) John Shortle George Mason University May 28, 2015

Acknowledgments Sherry Borener, FAA Alan Durston, Brian Hjelle, Saab Sensis Seungwon Noh, Zhenming Wang, GMU

Integrated Safety Assessment Model Aviation information to estimate current event occurrence probs. Estimates of the effects of operational improvements on the event occurrence probs. ISAM (Integrated Safety Assessment Model) Estimated occurrence prob. of each accident scenario Risk comparison between groups (Baseline, NextGen Scenarios) What-if analysis for the contribution of safety events 3

Event Sequence Diagrams (ESD) 1.2*10-4 /flight Initiating Event Pivotal Event 1 0.5 Pivotal 0.3 End 1.8*10-6 /flight Event 2 State 1 no yes End State 2 4.2*10-6 /flight 35 ESDs capture all aircraft accident scenarios Each ESD has a unique initiating event. Categorized by flight phase End State 3 0.6*10-5 /flight 4

Example ESD & Fault Trees Flight crew rejects take-off US01b1 FC decides to reject take-off b1.1 Flight crew executes rejected take-off b1.2 FC detects reject. take-off may be req'd. b1.1.1 ATC cancels take-off clearance b1.1.2 FC does not maintain control US01e2 Incorrect flight crew actions e2.1 Situation exceeded capab. to correct e2.2 Incorrect situational guidance to FC Ineffective flight crew CRM Inadequate FC procedures Poor manual flight control Poor automated systems management FC technical equipment failure Aircraft state inhibiting ability to maint. ctrl. Environmental factors e2.1.1 e2.1.2 e2.1.3 e2.1.4 e2.1.5 e2.1.6 e2.2.1 e2.2.2 No warning system in place-fc Warning system fails to give warning-fc Warning system gives erroneous warning-fc Other system provides incorrect info-fc e2.1.1.1 e2.1.1.2 e2.1.1.3 e2.1.1.4 5

Objective ISAM contains thousands of parameters 35 event trees 205 pivoting events 3,454 fault tree nodes Objective: Identify most important parameters within ISAM

Quantification of Parameters DATA DATA INFERRED Probabilities of initiating event and end states are from historical data. By solving a system of equations probabilities of pivotal events are inferred. 7

Sample ESD (US-01) Aircraft system failure Flight crew.07365 Rejected Insufficient during take-off rejects take-off take-off.07365 runway length Overrun b1 at high speed c1 remaining d1 0.0 1.2*10-5 unit: per flight no yes Flight crew does not.07365 maintain control e2 Sufficient braking not accomplished f2 Veer-off Overrun 4.79*10-9 0.0 Stops on runway 6.03*10-8 Aircraft does not rotate and lift off c2 No Flight crew does not maintain control Flight crew does not maintain control d4 d5 Veer-off Overrun Collision with ground Continue flight 0.0 0.0 0.0 1.11*10-5 Insufficient runway length remaining Flight crew does not maintain control Sufficient braking not accomplished d2 e4 f4 Overrun Veer-off Overrun Stops on runway 0.0 0.0 0.0 8.19*10-7

Common Importance Measures Measure Fussell-Vesely (FV) Risk Achievement Worth(RAW) Birnbaum Importance (BI) Principle P( base) P( e i = 0) P( base) Pe ( i = 1) P( base) Pe ( = 1) P( e= 0) i i ee ii : event i PP ee ii = 0 oooo 1 : probability of accident in which the probability of event i is 0 or 1 PP bbbbbbbb : the baseline probability of an accident Borst, M. and Schoonakker, H., An overview of PSA importance measures

Initial Sample Result (RAW & BI) 2,319.6 Very similar ranks between RAW / BI importance measures Most important Rotating and lifting after no take-off rejection (c2) Maintaining control after lifting off (d5) Least important Maintaining an aircraft under control after failure of lifting off (d4) Risk Achievement Worth (RAW) 2,319.6 1.11E-05 1.11E-05 Birnbaum Importance (BI) 171.8 171.8 171.8 13.6 13.6 13.6 13.6 13.6 1.0 8.19E-07 8.19E-07 6.51E-08 6.03E-08 0.00E+00 8.19E-07 6.51E-08 6.51E-08 6.03E-08

Factorial Design Sensitivity results sensitive to baseline values Many pivotal events have zero probability Small data, rare-event issue Factorial design varies all parameters (2 n combinations) x 8 Hi x 5 x 6 x 7 Factor 2 x 2 x 4 Hi Low x 1 Low Factor 1 x 3 Hi Low

Factorial Design (US-01) Pivotal Event Unique ID Low Prob. High Prob. Description US01b1 0 1 flight crew rejects take-off given system failure US01c1 0 1 rejected take-off at high speed US01d1 0 1 US01e2 0 1 US01f2 0 1 US01d2 0 1 US01e4 0 1 US01f4 0 1 insufficient runway length remaining in case of high-speed takeoff rejection flight crew does not maintain control in case of high-speed takeoff rejection sufficient braking is not accomplished in case of high-speed takeoff rejection insufficient runway length remaining in case of low-speed take-off rejection flight crew does not maintain control in case of low-speed take-off rejection sufficient braking is not accomplished in case of low-speed takeoff rejection US01c2 0 1 aircraft does not rotate and lift off US01d4 0 1 flight crew does not maintain control in case of no rejection and no lift-off given system failure US01d5 0 1 flight crew does not maintain control after lift-off

Summary of Rankings (US-01) Unique ID RAW BI Factorial (0-1) Factorial (other) US01b1 6 6 3 7 US01c1 6 6 10 4 US01d1 6 9 4 8 US01e2 6 6 4 9 US01f2 6 9 4 9 US01d2 3 3 4 1 US01e4 3 3 4 2 US01f4 3 3 4 2 US01c2 1 1 1 5 US01d4 11 11 10 11 US01d5 1 1 1 5 Important Capability of rotating and lifting off after no take-off rejection (c2) Maintaining control after lifting off (d5) Not important Maintaining control after failure of lifting off (d4) Mixed results Whether a take-off rejection is at high speed (c1) Insufficient runway length remaining in case of high-speed take-off rejection (d1) Sufficient braking is not accomplished in case of high-speed take-off rejection (f2)

Observations Similar ranks of pivotal events from RAW, BI importance measures and (0,1) factorial design ESDs with the same structure have similar results. Main caveat: Results of sensitivity analysis may change with different baseline event probabilities in all methods.

Common Structure: Approach b1 f1 No US-19, US-21, US-23, US-25, US-40 Most Significant: Initiating rejected approach (b1), failure to maintain control after rejected approach (c2) Least Significant: Structural failure after off-nominal landing (f1) No c2 No No

Common Structure: Take-off US-01, US-02, US-03, US-04, US-05, US-09, US-10 One of a few structures for takeoff phase ESDs No Most Significant: Capability of rotating and lifting off after no take-off rejection (c2) and maintaining control after lifting off (d5) c2 d4 No Least Significant: Maintaining control after failure of lifting off (d4) d5 No

Consequence Data Sensitivity with respect to accidents (overrun, veer off, collision with ground, etc.) does not differentiate accident severity Repeat analysis where end events are fatalities A B Fatality probability Fatality probability C Fatality probability No

Sensitivity Result w/ Fatality Data c1 f1 (collision) (undershoot) (veer-off) (overrun) US-19, US-21, US-23, US-25, US-40 (approach & landing) Most Significant: Failure to maintain control without rejected approach (c1) with rejected approach (c2) (overrun) No (veer-off) Least significant: Structural failure (f1) from factorial design (overrun) (overrun) No No c2 (collision) No

Sensitivity Result w/ Fatality Data c1 e2 (overrun) (veer-off) (overrun) US-01, US-02, US-03, US-04, US-05, US-09, US-10 One of a few structures for takeoff phase ESDs e4 No (overrun) (veer-off) (overrun) No (veer-off) Most Significant: Maintaining control after lifting off (d5) Least Significant: Rejected takeoff at high speed (c1), maintaining control after highspeed take-off rejection (e2), maintaining control after lowspeed take-off rejection (e4) from IMs (overrun) d5 (collision) No

Observations Some similarities and differences between fatalitybased results and accident-based results Results within an ESD structure class are not as consistent as before Pivotal events located before the end event having zero fatality probability (e.g., veer-off) become less significant. More pivotal events with negative importance measure using fatality-based results

Common Events ESDs Flight crew rejects take-off Fault Trees Flight crew FC does not not maintain control US01e2 control Shown in ESD 01~05, 09, 10, etc. Flight crew not maintain control Incorrect situational guidance to FC e2.1.1 Ineffective flight crew CRM e2.1.2 Inadequate FC procedures e2.1.3 Incorrect flight crew actions e2.1 Poor manual flight control e2.1.4 Poor automated systems management e2.1.5 FC technical equipment failure e2.1.6 Aircraft state inhibiting ability to maint. ctrl. e2.2.1 Situation exceeded capab. to correct e2.2 Environmental factors e2.2.2 Shown twice in ESD 01~05, 09, 10, and from once to a few times in others. No warning system in place-fc e2.1.1.1 Flight crew not maintain control Warning system fails to give warning-fc e2.1.1.2 Incorrect situational guidance to FC e4.1.1 Warning system gives erroneous warning-fc e2.1.1.3 Ineffective flight crew CRM e4.1.2 Other system provides incorrect info-fc e2.1.1.4 Inadequate FC procedures e4.1.3 Incorrect flight crew actions e4.1 Poor manual flight control e4.1.4 Flight FC does crew not control not maintain Poor automated systems management e4.1.5 US01e4 control FC technical equipment failure e4.1.6 SAME Aircraft state inhibiting ability to maint. ctrl. e4.2.1 Situation exceeded capab. to correct e4.2 Environmental factors e4.2.2 No warning system in place Warning system fails to give warning-fc Warning system gives erroneous warning-fc Other system provides incorrect information-fc e4.1.1.1 e4.1.1.2 e4.1.1.3 e4.1.1.4

Common Events Many events are common to multiple ESDs An event that appears in many ESDs may have a higher importance system-wide compared with its importance within one ESD

Net Fatality Probabilities 1.8E-08 1.6E-08 1.4E-08 1.2E-08 1.0E-08 8.0E-09 6.0E-09 4.0E-09 2.0E-09 0.0E+00 Expected fatalities per operation Control system failure Fire Conflict w/ terrain US01 US03 US05 US08 US10 US12 US14 US16 US18 US21 US25 US27 US32 US35 US37 US39 US41 US43 Global metric of interest: Total fatality probability = sum of these values

Top 10 Pivoting Events (Fatality) Flight crew does not initiate rejected approach is most significant event Decreases fatality frequency by 0.525% when the probabilities of the event increase by 1%. Similar top 10 list for accidents Metric = fatality frequency (red = in both lists) Pivotal Events % change of fatality # of frequency observations Flight crew does not initiate rejected approach -0.525% 4 Flight crew does not maintain control 0.498% 75 Sufficient braking not accomplished 0.174% 32 ATC does not resolve the conflict 0.163% 4 Aircraft lands outside nominal landing parameters 0.130% 5 Flight crew does not execute avoidance maneuver successfully 0.129% 1 Insufficient runway length remaining 0.082% 27 Flight crew does not detect and extinguish fire 0.081% 1 Structural failure -0.055% 5 Flight crew does not execute wind shear escape maneuver 0.042% 1

Caveats ISAM model is truth Uncertainty in data (rare events) Results depend on baseline parameters. Mitigate in part by considering: Multiple importance measures Multiple output metrics (accident risk, fatality risk) System-wide analysis and individual ESD analysis Common label events treated as identical

Conclusions An event may be important for a variety of reasons Relationship between # of observations and sensitivity are not clearly detected Many common events identified in single ESD and full ISAM analysis ATC does not resolve the conflict, Flight crew does not maintain control, Sufficient braking not accomplished, Insufficient runway length remaining, etc. For pivotal events, top 10 list is similar using accident and fatality metrics, different for fault-tree events Results useful as input for further data collection / analysis

Questions

Factorial Design Result (US-01) Unique ID Pivotal Probability Low (A) High (B) Avg. Frequency With Low (C) With High (D) Difference (D) (C) Sensitivity {(D) (C)} /{(B)-(A)} US01b1 0 1 4E-06 3.43E-06 5.71E-07 5.71E-07 US01c1 0 1 3.71E-06 3.71E-06 0.00E+00 0.00E+00 US01d1 0 1 3.86E-06 3.57E-06 2.86E-07 2.86E-07 US01e2 0 1 3.86E-06 3.57E-06 2.86E-07 2.86E-07 US01f2 0 1 3.86E-06 3.57E-06 2.86E-07 2.86E-07 US01d2 0 1 3.86E-06 3.57E-06 2.86E-07 2.86E-07 US01e4 0 1 3.86E-06 3.57E-06 2.86E-07 2.86E-07 US01f4 0 1 3.86E-06 3.57E-06 2.86E-07 2.86E-07 US01c2 0 1 4.28E-06 3.14E-06 1.14E-06 1.14E-06 US01d4 0 1 3.71E-06 3.71E-06 0.00E+00 0.00E+00 US01d5 0 1 4.28E-06 3.14E-06 1.14E-06 1.14E-06

Factorial Design Result (US-01) High Sensitivity Inability to rotate and lift-off after no rejection of take-off (c2) Maintaining control after take-off (d5) Low Sensitivity Rejected take-off at high speed (c1) Maintaining control with no rejection and no lift-off (d4) 1.20E-06 1.00E-06 Sensitivity 8.00E-07 6.00E-07 4.00E-07 2.00E-07 0.00E+00 US01c2 US01d5 US01b1 US01d1 US01e2 US01f2 US01d2 US01e4 US01f4 US01c1 US01d4

Factorial Design Result (US-01) Assume different high and low probabilities (Case 2) Unique ID US01b1 US01c1 US01d1 US01e2 US01f2 US01d2 US01e4 US01f4 US01c2 US01d4 US01d5 Low Prob. 0.3 0 0.7 0 0 0 0 0 0 0 0 High Prob. 1 0.3 1 0.05 0.05 0.1 0.05 0.05 0.1 0.05 0.1 Different results in terms of values and ranks. Case 1 Case 2 US01c2 US01d5 US01b1 US01d2 US01e4 US01f4 US01d1 US01e2 US01f2 US01c1 US01d4 Highly depend on how the range of probability for pivotal events are assumed.

Sensitivity Result by Structures b1 d1 US-39, US-41 Another structure for take-off phase ESDs d2 e3 e4 No No More Significant: ATC not resolve the initiating event (b1), capability of rotating and lifting off with no take-off rejection (d2) and maintaining control after lifting off (e4) Less Significant: High speed take-off rejection (d1) and maintaining the aircraft under control after failure of lifting off (e3) No No

Sensitivity Result by Structures US-12 (F), 26, 27 (A&L) a1 b1 US-31, 32, 35, 36 (F, T, A&L) a1 b1 c1 c2 No No No US-18 (F) US-42, 43 (A&L) a1 b1 c1 a1 b1 d2 c2 No d2 Note F: in Flight T: Take-off A&L: Approach & Landing c2 No No

Consequence Data Use fatality probabilities to distinguish types of accidents Type Fatality Probability (ESD #) Avg. Prob. Aircraft continues flight damaged 0.00 (11, 33) 0.00 Aircraft lands off runway 0.0297 (18) 0.0297 Collision in mid-air 0.2041 (31) 0.2041 Collision on runway 0.6316 (32) 0.6316 Collision on taxiway or apron 9.09E-05 (36) 9.09E-05 Collision with ground 0.00 (01, 02, 03, 04, 08, 09, 21, 23, 25, 33, 39, 40, 41), 0.1429 (05), 0.4545 (06), 0.9259 (10), 0.9912 (13), 0.7143 (14), 0.6296 (15), 0.8571 (17), 0.2214 (18), 0.5238 (18), 0.1013 (19), 0.6480 0.3571 (19),0.4483 (38),1.00 (11, 12, 16, 37) Controlled flight into terrain or obstacle 0.7938 (35),1.00 (12) - In-flight break-up 0.00 (33),1.00 (17) 1.00 Runway excursion (overrun) 0.00 (01, 02, 03, 04, 05, 09, 10, 19, 21, 23, 25, 27, 39, 40, 43),0.50 (04),0.0279 (19),0.0710 (26),0.98 (39) 0.3812 Runway excursion (veer-off) 0.00 (01, 02, 03, 04, 05, 09, 10, 19, 21, 23, 25, 26, 27, 39, 40, 43) 0.00 Taxiway excursion (overrun)/taxiway collision 0.00 (41, 42) 0.00 Taxiway excursion (veer-off) 0.00 (41, 42) 0.00 Undershoot / Overshoot 0.00 (21, 23, 25, 40),0.5217 (19) 0.5217 Data provided by Alan Durston, Saab Sensis

Sensitivity Result, w/ s No No US-01, US-02, US-03, US-04, US-05, US-09, US-10 One of a few structures for takeoff phase ESDs Significant: Capability of rotating and lifting off after no take-off rejection (c2) and maintaining control after lifting off (d5) Less Significant: Maintaining control after failure of lifting off (d4) c2 d4 d5 No

Sensitivity Result, w/ s c1 f1 US-19, US-21, US-23, US-25, US-40 Structure for approach & landing phase ESDs No Significant: Failure to maintain control without rejected approach (c1) and after rejected approach (c2) Less Significant: Structural failure after off-nominal landing (f1) No No c2 No

Sensitivity Result w/ Fatality Data b1 d1 (overrun) US-39, US-41 (veer-off) (overrun) No (overrun) (veer-off) (overrun) Another structure for take-off phase ESDs Significant: ATC not resolve the initiating event (b1) from factorial design analysis Less Significant: Rejected takeoff at high speed (d1) from factorial design No (veer-off) (overrun) (collision) No No

Sensitivity Result, w/ s b1 No US-39, US-41 Another structure for take-off phase ESDs Significant: ATC not resolve the initiating event (b1) from factorial design analysis Less Significant: Maintaining the aircraft under control after failure of lifting off (e3) No e3 No No

Common Pivotal Events 205 pivotal events in all 35 ESDs 27 unique labels for these events. Some labels appear in multiple ESDs, possibly multiple times in the same ESD 13 labels appear only once Pivotal Events # of observations Flight crew does not maintain control 75 Sufficient braking not accomplished 32 Insufficient runway length remaining 27 Aircraft does not rotate and lift off 9 Flight crew rejects take-off 9 Rejected take-off at high speed (V > V1) 9 Aircraft does not land on runway 5 Aircraft lands outside nominal landing parameters 5 Structural failure 5 ATC does not resolve the conflict 4 Flight crew does not initiate rejected approach 4 Insufficient taxiway length remaining 3

Common Fault Tree Events 3,454 fault tree events in all 240 fault trees 226 unique labels for these events. More than half of labels appear in multiple trees, some labels seen more than 100 times. 93 events seen only once Fault Tree Events # of observations No warning system in place-fc 200 Warning system fails to give warning-fc 200 Warning system gives erroneous warning-fc 200 Inadequate FC procedures 197 Ineffective flight crew CRM 197 FC technical equipment failure 196 Other system provides incorrect information-fc 181 Poor manual flight control 156 Poor automated systems management 155 Aircraft state inhibiting ability to maintain control 77 Environmental factors inhibiting ability to maintain control 76 Maintenance conducted incorrectly 56

Methodology Assume same-label events are the same Sensitivity methodology: Maintain unique baseline probability values of events Multiply same-label events by a common factor (e.g., increase all nodes labeled rejected takeoff at high speed by 1%) Calculate the new overall accident frequency through all ESDs and compare to the baseline accident frequency. Assumes that a change would result in a similar proportional increase in values, even if the baseline probabilities are different

Are Same-Label Events the Same? Same-label events in different places can have different probabilities Hard to tell when to treat as different or the same Flight crew does not maintain control can be on the ground (rejected take-off) or in air (after take-off) 1.0 Probability 0.8 0.6 0.4 0.2 0.0 Flight crew does not maintain control (75) 0 10 20 30 40 ESD #

Example Prob = 1.0 Some Frequency Zero Frequency

Initiating Event Probabilities Initiating events per operation 0.10 0.09 0.08 0.07 0.06 0.05 0.04 0.03 0.02 0.01 0.00 US01 US03 Take-off configuration US05 US08 US10 Absolute scale US12 US14 US16 US18 US21 Unstable approach US25 Wind shear US27 US32 US35 US37 US39 US41 US43 1.E+00 1.E-01 1.E-02 1.E-03 1.E-04 1.E-05 1.E-06 1.E-07 1.E-08 Log scale US01 US03 US05 US08 US10 US12 US14 US16 US18 US21 US25 US27 US32 US35 US37 US39 US41 US43

Conditional Fatality Probabilities Expected fatalities per initiating event 0.10 0.09 0.08 0.07 0.06 0.05 0.04 0.03 0.02 0.01 0.00 US01 Engine failure, take-off US03 US05 US08 US10 Absolute scale Inappropriate handling during flare US12 US14 US16 Runway incursion take-off US18 US21 US25 Loss of control US27 US32 US35 US37 US39 US41 US43 1.E-01 1.E-02 1.E-03 1.E-04 1.E-05 1.E-06 1.E-07 Log scale US01 US03 US05 US08 US10 US12 US14 US16 US18 US21 US25 US27 US32 US35 US37 US39 US41 US43

Methodology For each event (defined by a unique label): Increase the probabilities of each event by 1% from baseline probabilities in all ESDs/fault trees where the event is observed. Calculate the new overall accident frequency through all ESDs and compare to the baseline accident frequency. # oooo EEEEEEEE SSSSSSSSSSSSSSSSSSSSSS = NNNNNN AAAAAA FFFFFFFF ii BBBBBBBB AAAAAA FFFFFFFF ii BBBBBBBB AAAAAA FFFFFFFF ii ii=1

Example Calculation ESD Example event: ATC does not resolve the conflict Sensitivity (C) = (B - A) / A Initiating Event US01 Aircraft system failure during take-off Initiating Event Freq. Baseline Prob. Baseline Freq. New Prob. New Freq. 1.20E-05 4.25E-04 5.10E-09 4.25E-04 5.10E-09 Sensitivity US31 Aircraft are positioned on collision course in flight US32 Runway incursion involving a conflict 1.16E-06 4.12E-03 4.80E-09 4.16E-03 4.85E-09 2.58E-05 1.86E-04 4.79E-09 1.87E-04 4.84E-09 US33 Cracks in aircraft pressure boundary 0.00 0.00 0.00 US35 Conflict with terrain or obstacle imminent US36 Conflict on taxiway or apron 1.47E-04 1.31E-04 1.92E-08 1.32E-04 1.94E-08 2.18E-05 4.18E-02 9.11E-07 4.22E-02 9.20E-07 US43 Landing on the wrong runway 1.17E-07 0.00E+00 0.00E+00 0.00E+00 0.00E+00 Total 1.01E-01 3.22E-01 1.510E-06 3.22E-01 1.519E-06 0.622%

Top 10 Pivoting Events (s) ATC does not resolve the conflict is most significant event Increases accident frequency by 0.622% when the event probability increases by 1%. Most of significant pivotal events observed multiple times in ESDs Metric = accident frequency Pivotal Events % change of # of accident frequency observations ATC does not resolve the conflict 0.622% 4 Flight crew or vehicle driver does not resolve the conflict 0.606% 2 Flight crew does not maintain control 0.187% 75 Flight crew does not detect and extinguish fire 0.076% 1 Flight crew does not initiate rejected approach -0.069% 4 Rejected take-off at high speed (V > V1) -0.065% 9 Sufficient braking not accomplished 0.054% 32 Aircraft lands outside nominal landing parameters 0.054% 5 Insufficient runway length remaining 0.035% 27 Flight crew rejects take-off 0.020% 9

Top 10 Fault Tree Events (s) Avoidance essential is most significant fault tree event Increases accident frequency by 0.622% when the probabilities of the event increase by 1%. Most of significant fault tree events observed a relatively small number of times in ESDs. Metric = accident frequency Fault Tree Events % change of # of accident frequency observations Avoidance essential 0.622% 4 Conflict in non-movement area 0.412% 1 Avoidance action creates new conflict 0.211% 4 Communications technical equipment failure 0.112% 33 Incorrect FC/driver response to controller action 0.111% 2 Other aircraft deviation 0.111% 4 Situation exceeds capability to correct 0.107% 11 FC/driver fails to take correct avoidance action 0.106% 2 FC/driver misjudges avoidance action 0.106% 2 Flight crew fails to take correct avoidance action 0.106% 2

Top 10 Fault Tree Events (Fatality) Situation exceeds capability to correct is most significant fault tree event Increases fatality frequency by 0.262% when the probabilities of the event increase by 1%. Mostly different top 10 list (red = in both lists) Metric = fatality frequency, red = in both lists Fault Tree Events % change of fatality # of frequency observations Situation exceeds capability to correct 0.262% 11 Avoidance essential 0.163% 4 Unsuccessful visual avoidance 0.148% 5 Ineffective flight crew CRM 0.121% 197 Inadequate FC procedures 0.114% 197 FC technical equipment failure 0.113% 196 Aircraft state inhibiting ability to maintain control 0.101% 77 Poor manual flight control 0.088% 156 Environmental factors inhibiting ability to maintain control 0.088% 76 Braking system not applied correctly 0.086% 32

Conclusions Investigated impact of changes in event probabilities on system-wide metrics (accident probability, fatality probability) Events may be evaluated as important for a variety of reasons Significant effect within an important ESD Appearing multiple times throughout ISAM Relationship between # of observations and sensitivity are not clearly detected Many of important pivotal events in previous analysis are also significant in common event analysis ATC does not resolve the conflict, Flight crew does not maintain control, Sufficient braking not accomplished, Insufficient runway length remaining, etc. To a lesser extent, similar observation for fault tree events Communications technical equipment failure, Other aircraft deviation, Situation exceeds capability to correct For pivotal events, top 10 list is similar using accident and fatality metrics, different for fault-tree events

2.00E-06 Death Rates in U.S. 1.50E-06 1.00E-06 5.00E-07 Aviation hourly risk (approximate) 0.00E+00 20-24 25-29 30-34 35-39 40-44 45-49 50-54 55-59 60-64 65-69 Age Group Source: CDC

Event-Sequence Diagram List

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback