Safety case development in ATM R&D Safety feedback for decision-makers and concept developers Episode 3 - CAATS II Final Dissemination Event Jelmer J.

Slides:



Advertisements
Similar presentations
Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
Advertisements

EUROCAE WG 73: UAS integration Elements for the European Commission UAS panel Presentation at Workshop 2 UAS insertion into airspace Gérard Mardiné (SAFRAN-Sagem)
1 CAATS Second Workshop Validation User Group VDR Survey - Results Ulrich Borkenhagen; EUROCONTROL HQ, Core Team Lanzarote, Thursday 16 th February 2006.
1 The PHARE Concept and Scenarios by Job Brüggen Head Air Transport Division National Aerospace Laboratory, NLR.
1 CARE-ASAS Action Plan Francis Casaux CARE-ASAS Action Manager on behalf of EUROCONTROL.
UNIVERSITY of GLASGOW A Comprehensive Approach to ATM Incorporating Autonomous Aircraft ATM Research Group University of Glasgow.
Expert Groups in Episode 3 Episode 3 - CAATS II Final Dissemination Event Raquel Garcia Isdefe Episode 3 Brussels, 13 & 14 Oct 2009.
Episode 3 / CAATS II joint dissemination event Gaming Techniques Episode 3 - CAATS II Final Dissemination Event Patricia López Aena Episode 3 Brussels,
PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,
The Performance Framework Episode 3 - CAATS II Final Dissemination Event Laurent Tabernier EUROCONTROL Project Episode 3 Brussels, 13 & 14 Oct 2009.
ENAV S.p.A. ASAS TN I Workshop, April 20031/13 Airborne Spacing and Safety Alberto Pasquini - Deep Blue (ENAV)
In need of a model for complexity assessment of highly automated human machine systems Fredrik Barchéus, Pernilla Ulfvengren, Johan Rignér.
Episode 3 Operational Concept Detailing Episode 3 - CAATS II Final Dissemination Event Ros Eveleigh & Eliana Haugg EUROCONTROL & DFS Episode 3 Brussels,
E-OCVM (Version 2) Explained Episode 3 - CAATS II Final Dissemination Event Alistair Jackson EUROCONTROL Episode 3 Brussels, 13 & 14 Oct 2009.
Environment case Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009 Hellen Foster, Jarlath Molloy NATS, Imperial College London.
Episode 3 1 Episode 3 EX-COM D Final Report and Recommendations Operational and Processes Feasibility Pablo Sánchez-Escalonilla CNS/ATM Simulation.
Episode 3 / CAATS II joint dissemination event Lessons Learnt Episode 3 - CAATS II Final Dissemination Event Philippe Leplae EUROCONTROL Episode 3 Brussels,
Continuous Climb Operations (CCO) Saulo Da Silva
Risk Management: Are We Stuck Inside the Box?. Air Navigation Service Providers Play a Vital Role…
Episode 3 Prototyping Sessions En-route and TMA Episode 3 - CAATS II Final Dissemination Event Bill Booth EUROCONTROL Episode 3 Brussels, 13 & 14 Oct 2009.
Episode 3 / CAATS II joint dissemination event Combining Techniques: Expert Groups, Gaming and Modelling Pablo Sánchez-Escalonilla AENA Episode 3 Brussels,
Advanced Safe Separation Technologies and Algorithms (ASSTAR) Project ASAS-TN2 Workshop #1 Malmö 26 th -28 th September 2005 ASSTAR is a Specific Targeted.
Case interrelations Relationships and integration Episode 3 - CAATS II Final Dissemination Event John Harrison Hu-Tech CAATS II Brussels, 13 & 14 Oct 2009.
Episode 3 / CAATS II joint dissemination event Combining Techniques: Expert Groups, Fast-Time Simulation and Prototyping Episode 3 - CAATS II Final Dissemination.
1 DLR/EEC Total Airport Management Christoph Meier & Peter Eriksen European Organisation for the Safety of Air Navigation.
Iterative development and The Unified process
Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.
Introduction to Computer Technology
BUSINESS CASE Episode 3 - CAATS II Final Dissemination Event Ignacio Zozaya Boeing Research & Technology Europe CAATS II Brussels, 13 & 14 Oct 2009.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
© 2004 EUROCONTROL TUNIS, 3-4 June Fundamentals of a Safety Framework Dr. Erik Merckx EUROCONTROL EUROCONTROL Head of Safety Enhancement Business.
Episode 3 / CAATS II joint dissemination event Michael Standar Chief, Operational Concept and Validation.
Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 1 Scene setting for Episode 3 Philippe Leplae EUROCONTROL Episode 3.
ASSTAR User Forum #1 Rome 4th April 2006 ASAS-TN2 Second Workshop ASSTAR Safety Approach and Preliminary Issues Dr Giuseppe GRANIERO, SICTA
Scene setting for CAATS II Episode 3 - CAATS II Final Dissemination Event Carlos Regidor Isdefe CAATS II Brussels, 13 & 14 Oct 2009.
Computerised Air Traffic Management Tools - Benefits and Limitations OMAR BASHIR (March 2005)
CRISTAL ATSAW Project Sep 2007 ASAS TN Christelle Pianetti, DSNA Simona Canu-Chiesa, Airbus.
Overview Day 1 Episode 3 - CAATS II Final Dissemination Event Martijn Koolloos Isdefe Episode 3 & CAATS II Brussels, 13 & 14 Oct 2009.
WORKSHOP, Nicosia 2-3rd July 2008 “Extension of SAFETY & QUALITY Common Requirements to the EMAC States” Item 3 : Regulatory Context Peter Stastny EUROCONTROL.
PROJECT MANAGEMENT. A project is one – having a specific objective to be completed within certain specifications – having defined start and end dates.
European Operational Concept Validation Methodology E-OCVM Version 3: What’s New Episode 3 - CAATS II Final Dissemination Event Matthias Poppe DFS Episode.
An Automated Airspace Concept for the Next Generation Air Traffic Control System Todd Farley, David McNally, Heinz Erzberger, Russ Paielli SAE Aerospace.
1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.
- Session 4: Interoperation José M. Roca Air/Ground Cooperative ATS Programme Eurocontrol.
Nigel Makins EUROCONTROL
KLM - Operations at Schiphol: how does ASAS fit? ASAS TN2: final seminar, April, Paris E. Kleiboer Sr. Manager Strategy ATM.
Safety Management in Europe European Organisation for the Safety of Air Navigation Dr. Erik Merckx EUROCONTROL Directorate ATM Programmes Head of Business.
ASAS TN2 Final Seminar Paris, April 2008 Recommendations by the ASAS Thematic Network Ken Carpenter.
Federal Aviation Administration AP23 briefing on D3: ASAS Concept of operations ASAS-GN Seminar 13 Nov 08, Rome By Ken Carpenter, QinetiQ.
Episode 3 E3-WP0-MWPM PPT-V th ExCom Slides 1 Episode 3 - Ex-Com Final Report Tools & Validation Dr. Ralph Leemüller R&D Division - DFS.
ENAV S.p.A. 1 AENA / ENAV / DFS / LFV ASAS Thematic Network Workshop Malmoe, ASAS /ADS-B: SAMPLE ANSPs STRATGIES & EXPECTATIONS.
SSAP The European Strategic Safety Action Plan (SSAP) The History & Rationale.
Joint wrap-up of event Episode 3 - CAATS II Final Dissemination Event Martijn Koolloos Isdefe Episode 3 & CAATS II Brussels, 13 & 14 Oct 2009.
Episode 3 1 Final Report Performance Aspects Ex-Com #6 - Brussels, December 15th 2009
Ensuring the Safety of Future Developments
1 Controller feedback from the CoSpace / NUP II TMA experiment ASAS-TN, April 2004, Toulouse Liz Jordan, NATS, U.K. Gatwick approach controller.
A consolidated starting point from DFS / AENA / LFV ASAS Thematic Network Workshop Toulouse, Is ASAS /ADS-B needed for ANSP strategy?
Alberto Pasquini – Deep Blue Safety Assessment in MFF ASAS TN2 3-5 April 2006, Rome MENU: COVER | SUMMARY | OVERVIEW | TASKS | ALLOCATIONSCOVER SUMMARY.
44222: Information Systems Development
Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.
4 th Workshop, Amsterdam, 23 rd -25 th April 2007 ASAS-SEP Applications Airborne Implementation Overall Architectural Considerations.
DIRECTORATE GENERAL FOR ENERGY AND TRANSPORT Information Day 6th Framework Programme 1st Call for Proposals, 5 Feb. 2003, Brussels ASAS operational improvements:
RISK MANAGEMENT FOR COMMUNITY EVENTS. Today’s Session Risk Management – why is it important? Risk Management and Risk Assessment concepts Steps in the.
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
P3 Business Analysis. 2 Section F: Project Management F1.The nature of projects F2. Building the Business Case F4. Planning,monitoring and controlling.
ASSTAR Overview Jean-Marc Loscos, DSNA
Ensuring the Safety of Future Developments
Karim Zeghal EUROCONTROL Experimental Centre
OptiFrame WP1: Project Management
Safety Management in Europe
Presentation transcript:

Safety case development in ATM R&D Safety feedback for decision-makers and concept developers Episode 3 - CAATS II Final Dissemination Event Jelmer J. Scholte NLR-ATSI CAATS II Brussels, 13 & 14 Oct 2009

Episode 3 - CAATS II Final Dissemination Event 2 Contents Motivation Safety case contents Practical development of safety case Concluding remarks

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 3 History (1/2) Accident statistics of Large Aeroplane flights in commercial aviation Accidents Fatal Accidents Fatalities period ,554 Average per year Average per flight5.57 E E E-6 Separation related 7.9% 3.75% 5.0% Source: NLR-ATSI’s Air Safety Data Base

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 4 History (2/2)

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 5 Current picture It is good practice for an ANSP to develop a safety case for implementation of changes to its ATM system  to fulfill its own objectives and responsibilities  to satisfy safety regulations Several safety regulations and methods are in use that were developed for use by an ANSP for changes to its ATM system  ESARR 4  EC regulation 2096/ 2005  EATMP ANS Safety Assessment Methodology (SAM)  Eurocontrol Safety Case Development Manual (SCDM)

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 6 A practical example (1/2) Independent parallel departures on SIDs

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 7 A practical example (2/2) Key hazards in cockpit and at ATC  Crew makes error in entering the SID in FMS  ATC fails to communicate a late SID change to aircraft  ATC-published SID design entered wrongly in database Resolution of conflicts involves ATCo and pilots  ATCo cannot solve the conflict without pilot  Pilot may correct SID errors independently  Timing of pilot’s R/T frequency change from TWR to APP Challenge:  The role of the airline and the pilots is crucial  Focusing on ANSP is not desired!

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 8 Future challenges (1/2)

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 9 Future challenges (2/2)

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 10 Example solutions proposed Reference business trajectories Functional airspace blocks Flexible use of airspace ASAS applications Reduced separation criteria... R&D required to tackle the major design hurdle faced!

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 11 E-OCVM (1/2) E-OCVM to support effective R&D: “... the process whereby the many stakeholders eventually should come to a decision to either:  Continue development to... or  stop or substantially modify developments...” V1 Scope V2 Feasibility V3 Integration V4 Pre-operation V5 Operation V0 ATM Needs Idea Implemented Concept Identify ATM performance needs & constraints Scope operational concepts and create validation strategy Iteratively develop and evaluate concept Integrate concept in wider context And confirm performance Industrialisation and procedure approval Implementation

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 12 E-OCVM (2/2) E-OCVM poses specific, new requirements to safety case development Feedback to stakeholders!

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 13 Summary of motivation Most safety regulations & methods were developed for use by ANSP for changes to its ATM system Major changes to air traffic operations are needed to maintain an acceptable level of safety  ambitious targets in multiple KPAs  large number of stakeholders involved Major changes require R&D supported by safety analysis E-OCVM is the framework for validation of these major changes E-OCVM poses specific, new requirements to safety case development

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 14 Contents Motivation Safety case contents Practical development of safety case Concluding remarks

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 15 Safety analysis feedback to design Design Analysis

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 16 Safety analysis tailored to maturity  The aim of safety analysis changes from V1 to V5 Safety feedback to design Safety assurance V1 V5

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 17 Safety analysis objectives per phase V0: ATM Need Identify ATM need w.r.t. safety Identify barriers V1: Scope Plan & scope, based on evidence Feedback to design V2: Feasibility Determine feasibility Feedback to design V3: Integration Determine system level performance Feedback to design

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 18 Safety analysis methods Safety case development in R&D has been subject of a lot of recent research  Experiences with developing a safety case in E- OCVM are just building up  Large design challenges pose several new needs to safety case development in R&D  Several complementary approaches are emerging that aim to address the SESAR- identified emerging needs  Integration so far limited

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 19 SESAR-identified emerging needs A.The need for a ‘macro’ safety case B.The need to address safety regulations C.The need to address the multi-stakeholder nature of advancing air traffic operations D.The need to address the success side of a change also E.The need to cover human operators in the ATM system F.The need to identify unknown ‘emergent’ risks G.The need to address E-OCVM requirements H.The need to assess concept maturity I.The need for managing relations between cases

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 20 A: The need for a ‘macro’ safety case Motivation:  SESAR consists of multiple local changes by various stakeholders. Example: Functional Airspace Blocks  Includes many smaller changes Identified approaches:  Connect to an overall incident-accident model  Apportioned safety criteria based on statistics  ‘Joint safety analysis’

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 21 B: The need to address safety regulation Motivation: “Developing the ATM safety regulatory framework is essential to the success of SESAR” Example: ASAS applications  Responsibilities transfer from ground to cockpit  ESARR 4 applied to airline? Identified approaches:  Early scanning of concepts on fundamental safety issues including existing safety regulations  Address impact of changed regulations in early safety analysis  Safety assessment assuming current regulations, while keeping track of needs for changes

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 22 C: The need to address the multi-stakeholder nature Motivation  SESAR will fundamentally change stakeholder roles Example: FABs  Who manages traffic?  Who is responsible?  Who decides on acceptability of risk? Identified approach:  Safety validation framework with active roles to be played by all stakeholders - joint goal oriented approach - joint safety validation

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 23 D: The need to address the success side of a change also Motivation:  Safety assessments have often focused on failure  ICAO has always asked to address the success side also Example: TCAS RA downlink  Focus on failure of downlink?  What if downlink successful? Identified approaches:  Integrated safety analysis covering both failures and successes  Complement traditional ‘failure approach’ with dedicated ‘success approach’

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 24 H: The need to assess concept maturity Motivation: How to decide whether a concept is ready for next E-OCVM phase? Example: individual SESAR development projects Identified approaches:  Generic SARD criteria (Strategic Assessment of ATM R&D)  Safety case specific set by CAATS II in SARD update  Safety case specific set by EEC (for ‘SAME’)

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 25 I: The need for managing relations between cases Motivation: effectiveness and efficiency Example: use of real-time simulations  Can multiple cases benefit? Identified approaches:  Safety & HF: share info where useful, disjoint where needed  Safety & environment: disjoint analyses  Safety providing input to business  Framework for managing relations between cases

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 26 Contents Motivation Safety case contents Practical development of safety case Concluding remarks

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 27 Basic steps I.Select the phase of E-OCVM’s Concept Lifecycle Model to be tackled II.Determine objective and scope of safety analysis in line with the selected phase III.Determine methods and techniques to be used IV.Document the results

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 28 Selection of methods/ techniques Develop expertise and practical experience with emerging methods Work on integration of emerging methods to combine their strong points There are complementary needs of  advanced safety courses and  hands-on safety learning Get an expert aware of these emerging needs, and with experience with emerging approaches!

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 29 Documentation ‘Negative’ analysis results have great value as feedback to design In R&D, the value is in the explanation why a concept is not yet valid or safe Validation is most of the time invalidation Only the last cycle is validation!

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 30 Contents Motivation Safety case contents Practical development of safety case Concluding remarks

Brussels, 13 & 14 Oct 2009 Episode 3 - CAATS II Final Dissemination Event 31 Concluding remarks Experiences with developing a safety case in E-OCVM are just building up Several needs are emerging for safety case development for large design challenges, as traditional approaches fall short Several complementary approaches have been identified that aim to address the SESAR-identified emerging needs Key focus points:  Gain experience with emerging complementary approaches  Integration of emerging complementary approaches

Questions? Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009