Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using STAMP to enrich Bow-tie Safety Assessments in Air Traffic Control Simon P. P. Whiteley BEng (Hons) MSc MRAeS Whiteley Aerospace Safety Engineering.

Published byAmelia Henderson Modified over 9 years ago

Similar presentations

Presentation on theme: "Using STAMP to enrich Bow-tie Safety Assessments in Air Traffic Control Simon P. P. Whiteley BEng (Hons) MSc MRAeS Whiteley Aerospace Safety Engineering."— Presentation transcript:

1 Using STAMP to enrich Bow-tie Safety Assessments in Air Traffic Control Simon P. P. Whiteley BEng (Hons) MSc MRAeS Whiteley Aerospace Safety Engineering & Management Limited www.stampmindmap.com 1 24th Annual SCSC Symposium Brighton, 4th February 2016. TEXT “WEBINAR” to: 07903 5 67718

2 Who is Simon Whiteley? Simon is an Independent System Safety Engineering Consultant & Director of his own Company. Simon has worked in System Safety across all parts of the Engineering and Product Lifecycle and in a number of industries, predominantly Civil & Defence Aerospace, including Air Traffic Control, but also Defence Land, Maritime & Defence Nuclear. Simon is also an active member of a number of Special Interest Groups focused on developing & promoting System Safety & STAMP in general, but also more specifically in Pharmaceuticals & Healthcare, including the application of STAMP to Drug Development & Clinical Trials. (In case you hadn’t noticed… ) Simon is a keen promoter of STAMP & Systems Thinking, and is currently writing an upcoming book focused on STAMP & System Safety Engineering. He is also organising a series of STAMP-focused Webinars & Live Events. If you're interested, please ask him about it. The first Webinar will be held very soon, with the first Live Event planned for September / October 2016. 2

3 Bow-tie Analysis: Quick Qs Familiar with it? Used it? Found it valuable? Had Issues? 3 http://www.ralphlauren.co.uk/product/images?productId=52353391&zoom=1&color=1001476&view=1

4 STAMP: Quick Qs 4 Familiar with it? Used it? Found it valuable? Had Issues?

5 What is S.T.A.M.P? An Acronym! Catch-all label for: A “New” & Revolutionary “Accident Causality Model” System Modelling A set of Analysis Processes 5 Systems Theoretic Accident Modelling & Processes

6 ST AMP: Accident Causality Model What is an “Accident Causality Model”? A model of how things happen, or could happen. Underpins efforts to engineer for safety Usually implicit 6

7 ST AMP: Accident Causality Model 7 Traditional ViewSTAMP View Accidents are chains of directly related events Accidents involve complex dynamic processes Defines safety: “Management of Failures” problem Defines safety: “Dynamic Control problem”

8 8 Everything is a "slice of Swiss Cheese"

9 STA M P: Modelling 9 “Control Loop” / Hierarchical Control Structure (HCS) Model It just depends how far you zoom in / out! Everything is a “feed-back loop”

10 Hierarchical Control Structure 10

11 SYSTEM DEVELOPMENT [Leveson, 2012] SYSTEM OPERATION

12 STAMP: 5 3 Basic Steps 1) Build a Model of the Hierarchical Control Structure 2) Analyse the Hierarchical Control Structure (Model) 3) Identify Areas of Concern 4) Manage Areas of Concern 5) Monitor & Control Changes to the Control Structure (Actual / Real System & the HCS Model) 12 STAMP Fundamental parts: Modelling Analysis using STAMP-based Processes Results

13 13

14 UK CAA: Significant 7 Loss of Control: 1.1 Aircraft upset Runway Excursion: 2.1 Inability to stop within distance CFIT: 3.1 Terrain separation deteriorating below normal requirements Runway Incursion: 4.1 Incorrect presence of aircraft on protected area 14 Airborne Conflict: 5.1 Close proximity with another aircraft Ground Handling: 6.1 Outside mass and balance envelope Fire: 7.1 Hidden area fire

15 Airborne Conflict 5.1: Close Proximity http://www.caa.co.uk/Safety-Initiatives-and- Resources/Working-with-industry/Bowtie/ http://www.caa.co.uk/Safety-initiatives-and- resources/Working-with-industry/Bowtie/Bowtie- templates/Bowtie-document-library/ 15 CAA is the intellectual owner of the Bowtie models presented Bowtie Models © CAA

16 Airborne Conflict 5.1: Close Proximity 16 CAA is the intellectual owner of the Bowtie models presented Bowtie Models © CAA Notice the language used: “Something” has gone “wrong” or “failed” in some way.

17 STAMP: HCS Modelling 17 Controllers / Controlled Processes / Actuators / Sensors / Disturbances Interactions / Relationships Outcomes to be avoided Large CAT Fixed Wing Aircraft UK Class A Airspace ATCO Clearance / Instruction Flight Crew Passengers Weather Undescribed* Technical / Performance Issues Sport / Recreation Traffic Military Traffic Flight Path Trajectory / Aircraft Proximity Issuing Clearance / Instruction “Manages” aircraft Penetration of Airspace Mid-Air Collision Fatalities Abrupt Manoeuvring Injuries

18 STAMP: HCS Modelling 18 Controllers / Controlled Processes / Actuators / Sensors / Disturbances Interactions / Relationships Outcomes to be avoided Large CAT Fixed Wing Aircraft UK Class A Airspace ATCO Clearance / Instruction Flight Crew Passengers Weather Undescribed* Technical / Performance Issues Sport / Recreation Traffic Military Traffic Flight Path Trajectory / Aircraft Proximity Issues Clearance / Instruction “Manages” aircraft Penetration of Airspace Mid-Air Collision Fatalities Abrupt Manoeuvring Injuries Forces you to think about: System Hierarchy / Structure System Components: Humans, Hardware, Software & Data Interactions / Relationships Control / Feedback Priorities Functions & Responsibilities

19 19 Raw Bow-tie ==> STAMP HCS

20 20 Everything is a “feed-back loop”, so… “Close-the-loop”

21 21 Potentially missing aspects? Significant?

22 Lets get into detail… 22

23 23 Common Mitigation Very similar Mitigation

24 24 Controllers / Controlled Processes / Actuators / Sensors / DisturbancesInteractions / Relationships Large CAT Fixed Wing Aircraft UK Class A Airspace ATCO Clearance / Instruction Flight Crew Passengers Weather Undescribed* Technical / Performance Issues Sport / Recreation Traffic Military Traffic Planning Tool (iFACTS) Flight Monitoring (RADAR) Traffic Situation Awareness (Flight Crew) ACAS & Traffic Advisory (TA) / Traffic Display ANSP Airspace Design Regulatory Requirements Standard Phraseology FMS / Automation Flight Path Monitoring (Flight Crew) Account for Aircraft performance / weather limitations Recognise inability to confirm to clearance / instruction Unit Procedures (Unusual / Emergency Events) Electronic Warning (e.g. Controlled Airspace Infringement Tool (CAIT)) Infringing Aircraft Aircraft Protection System AutoPilot Cabin Crew Cabin Seat Belts Secure Cabin SOP Flight Path Trajectory / Aircraft Proximity Issues Clearance / Instruction “Manages” aircraft Penetration of Airspace Planning Tool Alerts Challenge Clearance / Instruction Detection, Recognition & Correction Readback Enter into FMS/ Automation CAIT Alerts ACAS Resolution Advisory (RA) Aircraft Handling Aircraft Protection System Manoeuvre limits RA Manoeuvre Emergency Avoiding Action Secure Cabin

25 25 International Copyrights © Simon P. P. Whiteley

26 Enrichment: Basic Findings STAMP HCS Modelling HCS Creation + “Closing-the-loop” focuses Analysts attention Highlights interactions & other potential causal factors not already considered by the Bow-tie, including: Not strictly failures, e.g. unable to visually acquire proximate A/c. Normal conditions that are potentially unsafe, e.g. Flight without ACAS Highlights controls: Over-accounted / optimistic. 26

27 Biggest Take Aways STAMP enables very focused and specific assessments of complex scenarios STAMP identifies many more causal factors than Bow-tie (and other Traditional Methods) STAMP enables specific Safety Requirements / Constraints to be defined Did I mention it was rapid, and straight forward? And we didn’t mention 10x- blah /hr 27

28 QUESTIONS? TEXT “SLIDEPACK” to: 07903 5 71611 TEXT “WEBINAR” to: 07903 5 67718 www.stampmindmap.com 28

29 U.C.A. GUIDE WORDS 1)Control Action is provided that creates a hazard / does not enforce a Safety Constraint; 2)Control Action is not provided and creates a hazard / does not enforce a Safety Constraint; 3)Control Action is provided too late, too early or in the wrong sequence and creates a hazard / does not enforce a Safety Constraint; 4)Continuous Control Action is provided too long or is stopped too soon and creates a hazard / does not enforce a Safety Constraint. 5)Control Action is provided but not followed and creates a hazard / does not enforce a Safety Constraint e.g. a fault or delay in a part of the control loop other than with the Controller itself, or possibly due to uncoordinated control action from a different controller, possibly a Human. 29

Download ppt "Using STAMP to enrich Bow-tie Safety Assessments in Air Traffic Control Simon P. P. Whiteley BEng (Hons) MSc MRAeS Whiteley Aerospace Safety Engineering."

Similar presentations

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
1 Regulation. 2 Organisational separation 3 Functional Separation.

1 Regulation. 2 Organisational separation 3 Functional Separation.
Captain Dan Maurino Flight Safety and Human Factors – ICAO

Captain Dan Maurino Flight Safety and Human Factors – ICAO
TEM as an Analytical Tool

TEM as an Analytical Tool
Page 1 CARE/ASAS Activity 3: ASM workshop Brétigny, 19 December 2001 Autonomous Aircraft OHA CARE-ASAS Activity 3: ASM Autonomous Aircraft OHA.

Page 1 CARE/ASAS Activity 3: ASM workshop Brétigny, 19 December 2001 Autonomous Aircraft OHA CARE-ASAS Activity 3: ASM Autonomous Aircraft OHA.
Page 1 CARE/ASAS Activity 3: ASM workshop Brétigny, 19 December 2001 Autonomous Aircraft OSED CARE-ASAS Activity 3: ASM Autonomous Aircraft OSED.

Page 1 CARE/ASAS Activity 3: ASM workshop Brétigny, 19 December 2001 Autonomous Aircraft OSED CARE-ASAS Activity 3: ASM Autonomous Aircraft OSED.
ICAO European Regional Runway Safety Seminar Amsterdam, The Netherlands 8 March 2012 ir. Job Brüggen, LVNL safety manager The global voice of ATM.

ICAO European Regional Runway Safety Seminar Amsterdam, The Netherlands 8 March 2012 ir. Job Brüggen, LVNL safety manager The global voice of ATM.
The pilot and airline operator’s perspective on runway incursion hazards and mitigation options Session 3 Presentation 1.

The pilot and airline operator’s perspective on runway incursion hazards and mitigation options Session 3 Presentation 1.
NZ’s STATE SAFETY PLAN W hat the CAA has to do to implement its SMS CAA/AIA/GAPAN South Pacific Aviation Symposium on SMS Simon Clegg General Manager -

NZ’s STATE SAFETY PLAN W hat the CAA has to do to implement its SMS CAA/AIA/GAPAN South Pacific Aviation Symposium on SMS Simon Clegg General Manager -
Management Of Human Factors Risk Conference - RAeS 11 th May 2006 Managing Human Factors Risk Captain Steve Sheterline General Manager Training British.

Management Of Human Factors Risk Conference - RAeS 11 th May 2006 Managing Human Factors Risk Captain Steve Sheterline General Manager Training British.
Best Practices for Taxi Operations at Towered & Non-Towered Airports

Best Practices for Taxi Operations at Towered & Non-Towered Airports
Functional Check Flights Presented by Wally Istchenko Chief Flight Test Transport Canada Functional Check Flight Symposium February 8-9, 2011 Vancouver,

Functional Check Flights Presented by Wally Istchenko Chief Flight Test Transport Canada Functional Check Flight Symposium February 8-9, 2011 Vancouver,
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.

1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
Sense & Avoid for UAV Systems

Sense & Avoid for UAV Systems
HAZARD AND RISK ASSESSMENT. Today’s Session 1.Taking a look at hazard and risk assessment. 2. Definitions. 3.What hazard and risk management does for.

HAZARD AND RISK ASSESSMENT. Today’s Session 1.Taking a look at hazard and risk assessment. 2. Definitions. 3.What hazard and risk management does for.
ICAO/ASPA Safety Management System Seminar Air Traffic Management Occurrence Reporting Mexico City, Mexico, 14 – 16 March 2006 Jeremy Jackson – Civil Aviation.

ICAO/ASPA Safety Management System Seminar Air Traffic Management Occurrence Reporting Mexico City, Mexico, 14 – 16 March 2006 Jeremy Jackson – Civil Aviation.
Executive Briefing This briefing is designed as a stand alone briefing for Airline Senior Executives / CEOs. Minor text amendments following review at.

Executive Briefing This briefing is designed as a stand alone briefing for Airline Senior Executives / CEOs. Minor text amendments following review at.
TCAS Basics Capt Craig Hinkley. 2 TCAS HISTORY  1956 - Two planes collided over the Grand Canyon  1974 - Alternative airborne version using transponders.

TCAS Basics Capt Craig Hinkley. 2 TCAS HISTORY  Two planes collided over the Grand Canyon  Alternative airborne version using transponders.
Best Practices for Taxi Operations at Towered & Non-Towered Airports

Best Practices for Taxi Operations at Towered & Non-Towered Airports
Page 1 CARE/ASAS Activity 3: ASM workshop Brétigny, 19 December 2001 Time-Based Sequencing OHA CARE-ASAS Activity 3: ASM Time-Based Sequencing OHA.

Page 1 CARE/ASAS Activity 3: ASM workshop Brétigny, 19 December 2001 Time-Based Sequencing OHA CARE-ASAS Activity 3: ASM Time-Based Sequencing OHA.

Similar presentations

Ads by Google