Download presentation
Presentation is loading. Please wait.
Published byJennifer Miller Modified over 11 years ago
1
1 Safety Assessment July 2006
2
2 SAFETY ASSESSMENT A Safety Assessment is essentially a process for finding answers to three fundamental questions: What could go wrong? What would be the consequences? How often is it likely to occur? Once we know the answers this automatically raises the next question: Is this acceptable? What can we do if not?
3
3 SAFETY ASSESSMENT The objective of Safety Assessments is to: Ensure that the system operates normally and without exposing unacceptable risk to anyone; Reduce and prevent incidents and accidents and; Limit the consequences of any occurrence that might occur.
4
4 SAFETY ASSESSMENT Safety A condition in which the risk of harm or damages is limited to an acceptable level Risk The probable rate of occurrence of a hazard causing harm and the degree of severity of the harm Risk = Severity * likelihood Need to define severity and likelihood Need to define acceptability
5
5 SEVERITY CLASSIFICATION Severity Classification Scheme 1 Accident One or more catastrophic accident One or more mid-air collision One of more collisions on ground between two aircraft No independent source of recovery mechanism, such as surveillance or ATC / Flight Crew procedure, can reasonably be expected to prevent the accident(s) 2 Serious Incident large reduction in separation (e.g. a separation of less than half the separation minima), without crew or ATC fully controlling the situation or able to recover from the situation. one or more aircraft deviating from their intended clearance, so that abrupt manoeuvre is required to avoid collision with another aircraft or with terrain (or when an avoidance action would be appropriate). 3 Major Incident large reduction in separation (e.g. a separation of less than half the separation minima), with crew or ATC fully controlling the situation or able to recover from the situation. Minor reduction in separation (e.g. a separation of more than half the separation minima), without crew or ATC fully controlling the situation, or able to recover from the situation, jeopardising the ability to recover without use of collision or terrain avoidance manoeuvres 4 Significant Incident Increased workload on ATCO or Flight Crew or slightly degrading capability of the CSN system Minor reduction in separation (e.g. a separation of more than half the separation minima), without crew or ATC fully controlling the situation, or able to recover from the situation and fully able to recover the situation 5 No immediate effect on safety No immediate direct or indirect impact on operations
6
6 LIKELIHOOD CLASSIFICATION Likelihood Classification Scheme 1 Frequently Likely to occur frequently (often ) 2 Probable Likely to occur several times during the life-time of the system (2-5 occurrences per year ) 3 Occasional Occurs sometimes during the life-time of the system (1 occurrence per year ) 4 Remote Unlikely to occur sometimes during the life-time of the system (1 occurrence per 5 years ) 5 Improbable Very unlikely to occur (1 occurrence per 20 years) 6 Extremely Improbable Extremely unlikely to occur (1 occurrence per 100 years )
7
7 RISK CLASSIFICATION Likelihood
8
8 SAFETY ASSESSMENT ICAO SEVEN STEP APPROACH Hazard Identification and Estimation steps Step 1 – System and Environment Description Step 2 – Hazard Identification Step 3 – Hazard Severity Step 4 – Hazard Likelihood Mitigation steps Step 5 – Risk Evaluation Step 6 – Risk Mitigation Documentation Step 7 – Safety Assessment Documentation
9
9 STEP 1 - DESCRIPTION Before a safety assessment can be performed, we need to describe the ATM system and environment being assessed.
10
10 STEP 1 - DESCRIPTION APP/DEP Charts Topographical maps A/D layout (markers, position of NAVAIDS, fence, roads, rwy extension, etc.) MET info – origin, wind conditions/shears, visibility, rwy friction Equipment liability (VHF, NAVAIDS, etc.) APP/DEP procedures Ground Operations procedures ETA or cancellation – information from where? Procedures for non-normal operations (missed APP, malfunction of A/C, etc.) Previous occurrences, reports, investigation results
11
11 STEP 2 – HAZARD IDENTIFICATION Purpose …to identify what could go wrong! (- or anticipate problems before they occur…) ….to identify the consequences (on safety) of the hazards A hazard is defined as any condition, event or circumstances which could induce an accident or incident (ICAO DOC 9422) The equipment (hardware and software); The operating environment; The human operators; The human machine interface (HMI); Operational procedures; Maintenance procedures; External services.
12
12
13
13
14
14 STEP 2 – HAZARD IDENTIFICATION Brainstorming: Easy and straightforward process. Group sessions are usually good at generating ideas and identifying issues. The interactions between participants with varying experience and knowledge tend to lead to broader, more comprehensive and more balanced consideration of safety issues. No criticism – No judgment – No explanation Hitchhiking – Freewheeling
15
15 STEP 2 – HAZARD IDENTIFICATION EXAMPLE
16
16 STEP 3 – SEVERITY ASSESSMENT The severity expresses the impact on operation or the harm an individual may suffer. Severity Classification is a gradation, ranging from "worst case/accident" to "no safety impact" – expressing the magnitude of the consequence of the hazard. Thus, a severity is allocated each hazard consequence in accordance with the agreed severity classification scheme.
17
17 STEP 3 – SEVERITY ASSESSMENT Severity Classification Scheme 1 Accident One or more catastrophic accident One or more mid-air collision One of more collisions on ground between two aircraft No independent source of recovery mechanism, such as surveillance or ATC / Flight Crew procedure, can reasonably be expected to prevent the accident(s) 2 Serious Incident large reduction in separation (e.g. a separation of less than half the separation minima), without crew or ATC fully controlling the situation or able to recover from the situation. one or more aircraft deviating from their intended clearance, so that abrupt manoeuvre is required to avoid collision with another aircraft or with terrain (or when an avoidance action would be appropriate). 3 Major Incident large reduction in separation (e.g. a separation of less than half the separation minima), with crew or ATC fully controlling the situation or able to recover from the situation. Minor reduction in separation (e.g. a separation of more than half the separation minima), without crew or ATC fully controlling the situation, or able to recover from the situation, jeopardising the ability to recover without use of collision or terrain avoidance manoeuvres 4 Significant Incident Increased workload on ATCO or Flight Crew or slightly degrading capability of the CSN system Minor reduction in separation (e.g. a separation of more than half the separation minima), without crew or ATC fully controlling the situation, or able to recover from the situation and fully able to recover the situation 5 No immediate effect on safety No immediate direct or indirect impact on operations
18
18 STEP 4 – LIKELIHOOD ASSESSMENT The likelihood of occurrence expresses how often the consequence of a hazard is likely to occur. Likelihood Classification is a gradation, ranging from "frequently" to extremely improbable". Thus, a likelihood is allocated each hazard consequence in accordance with the agreed likelihood classification scheme.
19
19 STEP 4 – LIKELIHOOD ASSESSMENT Likelihood Classification Scheme 1 Frequently Likely to occur frequently (often ) 2 Probable Likely to occur several times during the life-time of the system (2-5 occurrences per year ) 3 Occasional Occurs sometimes during the life-time of the system (1 occurrence per year ) 4 Remote Unlikely to occur sometimes during the life-time of the system (1 occurrence per 5 years ) 5 Improbable Very unlikely to occur (1 occurrence per 20 years) 6 Extremely Improbable Extremely unlikely to occur (1 occurrence per 100 years )
20
20 STEP 3 & 4 – SEVERITY AND LIKELIHOOD EXAMPLE
21
21 STEP 5 & 6 – RISK EVALUATION AND MITIGATION Is this risk acceptable? We have a risk with a defined likelihood and severity Acceptable risks No Yes Not acceptable risks One of the causes training of Discussion of causes and failures What are the potential causes could be insufficient This consequence prevented if How can we resolve it? Discussion of Risk Mitigation could be reduced or Risk Mitigation Plan Mitigation will remove risk Mitigation will not remove risk Residual risk acceptable? Risk mitigation impracticable? Mitigation impracticable Open risks Discussion of acceptability
22
22 STEP 5 – RISK EVALUATION Determine what is / is not acceptable Acceptable level of Safety Determine acceptability of identified risks Clearly unacceptable Clearly acceptable May be / may be not acceptable likelihood
23
23 STEP 5 – RISK EVALUATION Performed by a small group System users/operational experts: ATCOs and Flight Crew (where necessary), to assess the consequences of hazard(s) from an operational perspective; System technical experts, to explain the system purpose, interfaces and functions; Safety and human factors experts, to guide in the application of the FHA methodology itself and to bring wider experience of the consequences of hazards. May need to be extended with specialists in areas relevant for the ALARP assessment
24
24 STEP 5 – RISK EVALUATION EXAMPLE
25
25 STEP 6 – RISK MITIGATION Identify potential causes for a risk to occur Some causes are identified during the hazard identification Ensure that we have identified all causes Identify potential mitigation Remove the risk (remove the cause of the risk) Reduce the risk Reduce severity and/or probability Identify preferred mitigation approach
26
26 likelihood STEP 6 – RISK MITIGATION
27
27 STEP 6 – RISK MITIGATION Risk mitigation should be sought in any of the three components of a system: People Procedures Equipment The possible approaches to risk mitigation include: revision of the system (or airport) design; modification of operational procedures; changes to staffing arrangements; and training of personnel to deal with the hazard.
28
28 STEP 6 – RISK MITIGATION To identify causes a number of techniques may be required Brainstorming sessions Fault tree analysis - Effect tree analysis Common cause failure identification (Single point failure) Task, Fail-Safe & Error Tolerance Analysis Failure Mode and Criticality Analysis Reliability, Availability and Maintainability Analysis Focus on components giving: Highest likelihood Highest degree of severity
29
29 STEP 6 – RISK MITIGATION Performed by a small group System users/operational experts System technical experts Safety and human factors experts Different experts may be required to: Performed detailed studies of the causes of a risk Study system design to determine component potentially causing, e.g. loss of air situation display Study procedures to determine where e.g. misunderstandings can arise Ways to remove those causes
30
30 STEP 6 – RISK MITIGATION Mitigation actions (safety requirements) should be carefully analysed: Will the mitigation remove the risk or reduce the risk (what will be remaining risk be) Will the implementation introduce any new hazards (repeat step 3, 4 and 5) Mitigation actions shall be documented Risk Mitigation Plan
31
31 STEP 6 – RISK MITIGATION EXAMPLE
32
32 STEP 7 - SAFETY ASSESSMENT DOCUMENTATION The purpose: To provide a permanent record of the final result of the safety assessment To provide the arguments and evidence demonstrating that the risks associated with the implementation of the proposed system or change: have been eliminated, or have been adequately controlled and reduced to a tolerable level.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.