DOCSLIB.ORG

Common Cause Failures, Particular Risks and Zonal Safety Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Common Cause Failures, Particular Risks and Zonal Safety Analysis SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 COMMON CAUSE FAILURES, PARTICULAR RISKS AND ZONAL SAFETY ANALYSIS R.G.W. Cherry & Associates Limited 2012. All rights reserved - 1 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 1 Common Cause Failures Common Cause Failures are often the limiting factor on the integrity of complex systems, and yet they are often overlooked in the safety assessment process. In this module consideration is given to the various forms of Common Cause Failures that have the potential for compromising the reliability of aircraft systems and the possible methods for identifying them during the design process. 1.1 THEORY V PRACTICE It is normally expected that if the probability of failure of one channel in a given period is X and there are N channels, any of which may achieve the intended function, then the probability of all channels failing is: XN …………………. Equation 1 The impact of Common Cause Failures on an aircraft electrical power generation system was assessed from a study carried out by Hawker Siddeley Aviation in the 1970s. The study was carried out on an in-service aircraft that had three otherwise independent electrical power generation channels. For this aircraft, the average failure rate for each of the channels was found to be approximately: 9.5 x 10 -4 per flight Now if the aircraft had only two electrical power generation channels then the probability of both failing due to independent causes might be expected to be :- (9.5 x 10 -4)2 per flight = 9 x 10 -7 per flight (approx.) And for the three-channel system: (9.5 x 10 -4)3 per flight = 8.6 x 10 -10 per flight (approx.) However, when the in-service record for the subject aircraft was investigated it was found that multi-channel failures occurred at a much greater frequency than predicted by this simple theoretical approach. A comparison between what might be expected if failures were totally independent and what was actually achieved on the in-service aircraft is illustrated in Figure 1. (The curve for the failure probability of the in-service aircraft has been adjusted to account for there being three ways in which two channels may fail in a three channel system.) RGW Cherry & Associates Limited - 2 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 Figure 1 - Probability of Failure against number of channels for an aircraft electrical power generation system It can be seen from Figure 1 that for the three-channel system the frequency of total system failure is several hundred times greater than the simple theory suggests. A further study carried out by Hawker Siddeley Aviation relating to hydraulic systems illustrated that the difference between the simple theory and what is actually achieved was also exhibited by aircraft hydraulic systems as illustrated in Figure 2. Figure 2 - Probability of Failure against number of channels for aircraft hydraulic systems This marked difference between the simple theory prediction, and what is actually achieved in terms of the probability of multiple system failures, is likely to be exhibited in other, probably all, multi-channel aircraft systems. RGW Cherry & Associates Limited - 3 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 The simple theory expressed in Equation 1 is predicated on there being no significant dormancies in the system. However, in most complex systems there could be a number of faults that are not normally detected until system checks are carried out during maintenance. The system designer needs to concentrate on arranging the system architecture to reduce the number of dormant faults; those remaining require a maintenance check set at an interval such that their probability of occurrence, in combination with other failures, is to an acceptable level. However, the primary reason for the differences between the simple theoretical curve and the practical curve shown in Figure 1 is that channel failures are not totally independent and that Common Cause Failures have a significant influence on the probability of total system failure actually achieved. Following their identification, consideration should be given to design changes, manufacturing techniques, maintenance actions and system operating procedures to eliminate or mitigate Common Cause Failures. Whilst not an exhaustive list, the foregoing sections address some of the most frequently occurring Common Cause Failures that may present a “threat” to most aircraft types. Those external to the system may be caused by a variety of occurrences, many of which are known as Particular Risks. RGW Cherry & Associates Limited - 4 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 1.2 COMMON MODE FAILURES The simple theory of multi-channel failure is predicated on failure independence amongst the channels. However, in order to optimise the design most multi-channel systems will have similar components. These similar components will have similar failure modes known as Common Mode Failures. Manufacturing or design faults resulting in high early life failure rates can have a pronounced effect on the probability of total system failure. A similar situation arises from “wear-out” failures. Consider a component in a two-channel system exhibiting the failure rate characteristics shown in Figure 3. Figure 3 - Component exhibiting “wear-out” characteristics When the aircraft first enters service, the component has a failure rate that is approximately 2 x 10 -4 per hour. However, if the component survives in both of the channels for 3,000 hours their failure rates increase to approximately 1 x 10 -3 per hour. For an aircraft that has an average flight time of one hour the probability of both channels failing due to this component, when the aircraft first enters service, is approximately (2 x 10 -4)2 - equal to 4 x 10 -8 per hour. However after the aircraft has been in service for 3,000 hours the probability of both channels failing due to this component is approximately = (1 x 10 -3)2 equal to 1 x 10 -6 per hour. Hence, the probability of both channels failing due to this component has increased by a factor of 25 . A similar situation exists if the component exhibits an infant mortality failure rate characteristic, perhaps resulting from manufacturing or maintenance induced defects. Another frequent form of Common Mode Failure is mal-assembly or mal-rigging of similar equipment in multi-channel systems. Despite the precautions taken to RGW Cherry & Associates Limited - 5 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 prevent failures occurring due to errors of this kind, they still present a significant risk to the integrity of vital aircraft systems. On an aircraft test flight inadvertent operation of the stall recovery system occurred just after take-off due to the incorrect rigging of the microswitches on the leading edge slat. The two microswitches were in each of two channels in the stall recovery system. The mal-rigging of both microswitches resulted in the stall recovery system being in the slats retracted mode, which at take-off speed resulted in stick pusher operation. Of course, dissimilar redundancy can sometimes alleviate the “threat” from Common Mode Failures. The BAe 146 Electrical Power Generation System represents a good illustration of the way in which dissimilar redundancy may be used to good effect. It has two engine-driven generators, one Auxiliary Power Unit (APU) driven generator, an hydraulically driven generator and a battery. This degree of dissimilar redundancy provides a good measure of protection against Common Mode Failures. However, this approach is not always practical since systems are designed to optimise the exacting requirements demanded of them. Therefore, any variation in this standard must result in penalties in terms of performance, weight, cost, operational reliability or any other of the design parameters. In most cases, the designer is forced to use similar equipment on all system channels, and must rely on close attention to the design, maintenance checks and operating procedures in order to achieve the levels of integrity required. RGW Cherry & Associates Limited - 6 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 1.3 CASCADE FAILURES Most multi-channel systems are designed so that under normal operating conditions they share the total system demands. It therefore follows that failure of a single channel will usually result in the remaining channels taking an increased load. This increase in load almost invariably produces a consequential increase in failure probability. Although cascade failures of this type are readily understood for structural components, they are not often expected in electrical systems. Multi-channel electrical systems are usually designed so that any one channel is capable of meeting the requirements of essential services. However, following a channel failure the increase in load on the other channels is likely to result in an increase in their probability of failure. Attempts have been made to quantify the relationship between load and failure rate for electrical components - the results of this work are contained in MIL-HDBK-217 "Reliability Prediction of Electronic Equipment.” Figure 4 shows the relationship between failure rate and load for a 125 VA transformer using the data from MIL- HDBK-217. It may be seen that for this particular component there is a marked difference between the predicted failure rate at rated power, 125 VA, and half-rated power. Most components will demonstrate an adverse relationship between failure rate and load, although not necessarily as severe as the example shown in Figure 4. Figure 4 Relationship between Failure rate and Electrical Load for a 125 VA Transformer RGW Cherry & Associates Limited - 7 - SYSTEM SAFETY ASSESSMENT COURSE 9th May 2012 Assuming that the failure rate of two similar components in a dual channel system is unaffected by any changes in load the probability of total system failure is given by the following expression: 2 λλλ1 λλλ2 t per flight Where t is the flight time in hours and the failure rates are on a per hour basis.
Load more

Recommended publications
  • Vol. 81 Thursday, No. 174 September 8, 2016 Pages 61973–62352
    Vol. 81 Thursday, No. 174 September 8, 2016 Pages 61973–62352 OFFICE OF THE FEDERAL REGISTER VerDate Sep 11 2014 22:15 Sep 07, 2016 Jkt 238001 PO 00000 Frm 00001 Fmt 4710 Sfmt 4710 E:\FR\FM\08SEWS.LOC 08SEWS sradovich on DSK3GMQ082PROD with FRONT MATTER WS II Federal Register / Vol. 81, No. 174 / Thursday, September 8, 2016 The FEDERAL REGISTER (ISSN 0097–6326) is published daily, SUBSCRIPTIONS AND COPIES Monday through Friday, except official holidays, by the Office PUBLIC of the Federal Register, National Archives and Records Administration, Washington, DC 20408, under the Federal Register Subscriptions: Act (44 U.S.C. Ch. 15) and the regulations of the Administrative Paper or fiche 202–512–1800 Committee of the Federal Register (1 CFR Ch. I). The Assistance with public subscriptions 202–512–1806 Superintendent of Documents, U.S. Government Publishing Office, Washington, DC 20402 is the exclusive distributor of the official General online information 202–512–1530; 1–888–293–6498 edition. Periodicals postage is paid at Washington, DC. Single copies/back copies: The FEDERAL REGISTER provides a uniform system for making Paper or fiche 202–512–1800 available to the public regulations and legal notices issued by Assistance with public single copies 1–866–512–1800 Federal agencies. These include Presidential proclamations and (Toll-Free) Executive Orders, Federal agency documents having general FEDERAL AGENCIES applicability and legal effect, documents required to be published Subscriptions: by act of Congress, and other Federal agency documents of public interest. Assistance with Federal agency subscriptions: Documents are on file for public inspection in the Office of the Email [email protected] Federal Register the day before they are published, unless the Phone 202–741–6000 issuing agency requests earlier filing.
    [Show full text]
  • Analysis of Factors
    SYSTEM SAFETY ASSESSMENT COURSE June 2017 COMMON CAUSE FAILURES, PARTICULAR RISKS AND ZONAL SAFETY ANALYSIS R.G.W. Cherry & Associates Limited 2017. All rights reserved - 1 - SYSTEM SAFETY ASSESSMENT COURSE June 2017 1 Common Cause Failures Common Cause Failures are often the limiting factor on the integrity of complex systems, and yet they are often overlooked in the safety assessment process. In this module consideration is given to the various forms of Common Cause Failures that have the potential for compromising the reliability of aircraft systems and the possible methods for identifying them during the design process. 1.1 THEORY V PRACTICE It is normally expected that if the probability of failure of one channel in a given period is X and there are N channels, any of which may achieve the intended function, then the probability of all channels failing is: XN …………………. Equation 1 The impact of Common Cause Failures on an aircraft electrical power generation system was assessed from a study carried out by Hawker Siddeley Aviation in the 1970s. The study was carried out on an in-service aircraft that had three otherwise independent electrical power generation channels. For this aircraft, the average failure rate for each of the channels was found to be approximately: 9.5 x 10-4 per flight Now if the aircraft had only two electrical power generation channels then the probability of both failing due to independent causes might be expected to be :- (9.5 x 10-4)2 per flight = 9 x 10-7 per flight (approx.) And for the three-channel system: (9.5 x 10-4)3 per flight = 8.6 x 10-10 per flight (approx.) However, when the in-service record for the subject aircraft was investigated it was found that multi-channel failures occurred at a much greater frequency than predicted by this simple theoretical approach.
    [Show full text]
  • A Zonal Safety Analysis Methodology for Preliminary Aircraft Systems and Structural Design
    A Zonal Safety Analysis Methodology for Preliminary Aircraft Systems and Structural Design Chen, Z. and Fielding, J. P. School of Aerospace, Transport and Manufacturing, Cranfield University ABSTRACT Zonal Safety Analysis (ZSA) is a major part of the civil aircraft safety assessment process described in Aerospace Recommended Practice 4761 (ARP4761). It considers safety effects that systems/items installed in the same zone (i.e. a defined area within the aircraft body) may have on each other. Although the ZSA may be conducted at any design stage, it would be most cost-effective to do it during preliminary design, due to the greater opportunity for influence on system and structural designs and architecture. The existing ZSA methodology of ARP4761 was analysed but it was found to be more suitable for detail design rather than preliminary design. The authors therefore developed a methodology that would be more suitable for preliminary design and named it the Preliminary Zonal Safety Analysis (PZSA). This new methodology was verified by means of the use of a case-study, based on the NASA N3-X project. Several lessons were learnt from the case study, leading to refinement of the proposed method. These lessons included focusing on the positional layout of major components for the zonal safety inspection, and using the Functional Hazard Analysis (FHA)/Fault Tree Analysis (FTA) to identify system external failure modes. The resulting PZSA needs further refinement, but should prove to be a useful design tool for the preliminary design process. _____________________________________ INTRODUCTION This paper outlines the development of a methodology, hereafter referred to as the Preliminary Zonal Safety Historically, system safety analysis was primarily based Analysis (PZSA).
    [Show full text]
  • E U R Op E a N a V Ia T Ion S a F E T Y a G E Nc Y an N U Al
    ANNUAL SAFETY RECOMMENDATIONS REVIEW 2016 SAFETYANNUAL RECOMMENDATIONS EUROPEAN AVIATION SAFETY AVIATION EUROPEAN AGENCY EUROPEAN AVIATION SAFETY AGENCY SAFETY ANALYSIS AND RESEARCH DEPARTMENT Designed in Luxembourg Strategy & Safety Management Directorate Safety Intelligence & Performance Department Annual Safety Recommendations Review 2016 Disclaimer: Neither the European Aviation Safety Agency, nor any person acting on behalf of the European Aviation Safety Agency is responsible for the use which might be made of the following information. The Annual Safety Recommendations Review is produced by the European Aviation Safety Agency (EASA). This edition provides an overview of the safety recommendations that have been addressed to EASA in 2016. It also presents the replies produced during the year. This annual review aims at providing a feedback on the follow-up given to safety recommendations in the con- text of openness, transparency and accountability that characterises the European Public Administration. Apart from its safety related information character, this review is also expected to provide relevant information related to raised safety concerns, both for EASA itself, as well as its stakeholders, including the European public. © European Aviation Safety Agency, 2016. All rights reserved. Proprietary document. Printed copies are not controlled. Confirm revision status through the EASA-Internet site: www.easa.europa.eu. 2016 Annual Safety Recommendations Review PAGE 3 Foreword by the Executive Director I am pleased to introduce the 10th edition of the Annual Safety Recommendations Review, which provides infor- mation on the activity of the Agency in 2016 in the field of safety investigation and follow-up. In addition, the review highlights a range of safety issues and the Agency’s safety improvement efforts that are of interest to the European Aviation Community and the public.
    [Show full text]
  • TEMPLATE CRYSTAL DELIVERABLE Use Case Descriptions
    PROPRIETARY RIGHTS STATEMENT THIS DOCUMENT CONTAINS INFORMATION, WHICH IS PROPRIETARY TO THE CRYSTAL CONSORTIUM. NEITHER THIS DOCUMENT NOR THE INFORMATION CONTAINED HEREIN SHALL BE USED, DUPLICATED OR COMMUNICATED BY ANY MEANS TO ANY THIRD PARTY, IN WHOLE OR IN PARTS, EXCEPT WITH THE PRIOR WRITTEN CONSENT OF THE CESAR CONSORTIUM THIS RESTRICTION LEGEND SHALL NOT BE ALTERED OR OBLITERATED ON OR FROM THIS DOCUMENT. THE RESEARCH LEADING TO THESE RESULTS HAS RECEIVED FUNDING FROM THE EUROPEAN UNION’S SEVENTH FRAMEWORK PROGRAM (FP7/2007-2013) FOR CRYSTAL – CRITICAL SYSTEM ENGINEERING ACCELERATION JOINT UNDERTAKING UNDER GRANT AGREEMENT N° 332830 AND FROM SPECIFIC NATIONAL PROGRAMS AND / OR FUNDING AUTHORITIES. CRitical SYSTem Engineering AcceLeration Use – Case Definition Simulation for PRA D210.010 D210.010 Simulation for PRA DOCUMENT INFORMATION Project CRYSTAL Grant Agreement No. ARTEMIS-2012-1-332830 Deliverable Title Simulation for PRA Deliverable No. D210.010 Dissemination Level CO Nature R Document Version V01.02 Date 2014-01-29 Contact Odile Laurent Organization A-F Phone + 33 5 61 18 12 76 E-Mail [email protected] Version Nature Date Page V01.02 R 2014-01-29 2 of 42 D210.010 Simulation for PRA AUTHORS TABLE Name Company E-Mail Odile Laurent A-F [email protected] Hélène Moutier A-F [email protected] REVIEW TABLE Version Date Reviewer V01.00 2013-12-20 Hélène Moutier V01.01 2014-01-13 Jean-Luc Johnson V01.01 2014-01-20 Ralf Bogusch CHANGE HISTORY Pages Version Date Reason for Change Affected V01.00 2013-12-16 Initial version V01.01 2013-12-20 Internal review 13,14,15,18,31,38 V01.02 2014-01-22 External reviews Version Nature Date Page V01.02 R 2014-01-29 3 of 42 D210.010 Simulation for PRA CONTENT 1 INTRODUCTION .....................................................................................................................................................
    [Show full text]
  • Aircraft Fire Protection
    Applied Science Ingenieurbüro Dieter Scholz Seevering 53 D - 21629 Neu Wulmstorf Aircraft Fire Protection Dieter Scholz April 2006 Report prepared for Minimax GmbH & Co KG Industriestraße 10/12 D - 23840 Bad Oldesloe Aircraft Fire Protection 2 Table of Contents page Abbreviations ............................................................................................................ 4 1 Setting the Scene ........................................................................................................ 5 2 Introduction to Aircraft Systems ............................................................................ 7 2.1 Aircraft Systems General ............................................................................................ 7 2.2 Definitions .................................................................................................................. 9 2.3 Breakdown ................................................................................................................ 10 2.4 Certification .............................................................................................................. 12 2.5 Safety and Reliability ............................................................................................... 13 2.6 Mass .......................................................................................................................... 18 2.7 Power ........................................................................................................................ 21 2.8 Costs and
    [Show full text]
  • Annual Safety Recommendations Review 2011 FINAL
    European Aviation Safety Agency Safety Analysis and Research Department Executive Directorate 2011 Annual Safety Recommendations review Executive Directorate- Safety Analysis and Research Page 1/114 © European Aviation Safety Agency, 20 10 . All rights reserved. Proprietary document. Printed copies are not controlled. Confirm revision status through the EASA-Internet/Intranet. 2011 Annual Safety Recommendations review Document ref. Status Date Contact name and address for enquiries: European Aviation Safety Agency Safety Analysis and Research Postfach 10 12 53 50452 Köln - Germany Information on EASA is available at: www.easa.europa.eu Disclaimer : Neither the European Aviation Safety Agency, nor any person acting on behalf of the European Aviation Safety Agency is responsible for the use which might be made of the following information. Authorisation : Name Signature Date Prepared Dominique Verdoni 05/03/2012 Reviewed 1 Bernard Bourdon 27/03/2012 Reviewed 2 Authorised John Vincent 27/03/2012 Executive Directorate- Safety Analysis and Research Page 2/114 © European Aviation Safety Agency, 20 10 . All rights reserved. Proprietary document. Printed copies are not controlled. Confirm revision status through the EASA-Internet/Intranet. Table of Contents 1 Introduction ................................................................................................................ 5 2 Overview of Safety Recommendations in 2011 ................................................................ 6 2.1 Safety recommendations received in 2011 ..............................................................
    [Show full text]
  • Explanatory Note to TCDS EASA.A.110 – Airbus 380 - Issue 03
    Explanatory Note to TCDS EASA.A.110 – Airbus 380 - Issue 03 This annex to the EASA TCDS IM.A.110 was created to publish selected special conditions / deviations / equivalent safety findings that are part of the applicable certification basis: Table of Contents: Certification Review Items: B-01 SC & IM: Stalling and scheduled operating speeds ....................................................................3 B-02 SC: Motion and Effect of Cockpit Control .................................................................................9 B-04 SC &IM: Static Directional, Lateral and Longitudinal Stability and Low energy awareness ..10 B-05 SC: Flight envelope protection ..................................................................................................13 B-06 SC: Normal load factor limiting system ....................................................................................15 B-10 SC: Human factor evaluation of novel features in the flight deck ............................................16 B-15 SC: Soft Go Around mode ........................................................................................................17 C-01 SC & IM: Crashworthiness of Large Aircraft Structures ..........................................................19 C-02 SC: Discrete Gust ......................................................................................................................21 C-03 SC & IM : Loading conditions for multi-leg landing gear ........................................................22 C-04 SC: Undercarriage
    [Show full text]
  • TEMPLATE CRYSTAL DELIVERABLE Use Case Descriptions
    PROPRIETARY RIGHTS STATEMENT THIS DOCUMENT CONTAINS INFORMATION, WHICH IS PROPRIETARY TO THE CRYSTAL CONSORTIUM. NEITHER THIS DOCUMENT NOR THE INFORMATION CONTAINED HEREIN SHALL BE USED, DUPLICATED OR COMMUNICATED BY ANY MEANS TO ANY THIRD PARTY, IN WHOLE OR IN PARTS, EXCEPT WITH THE PRIOR WRITTEN CONSENT OF THE CESAR CONSORTIUM THIS RESTRICTION LEGEND SHALL NOT BE ALTERED OR OBLITERATED ON OR FROM THIS DOCUMENT. THE RESEARCH LEADING TO THESE RESULTS HAS RECEIVED FUNDING FROM THE EUROPEAN UNION’S SEVENTH FRAMEWORK PROGRAM (FP7/2007-2013) FOR CRYSTAL – CRITICAL SYSTEM ENGINEERING ACCELERATION JOINT UNDERTAKING UNDER GRANT AGREEMENT N° 332830 AND FROM SPECIFIC NATIONAL PROGRAMS AND / OR FUNDING AUTHORITIES. CRitical SYSTem Enginieering AcceLeration Use Case Definition Airbus-Germany Environmental Control Systems D201.011 Environmental Control D201.011 Systems DOCUMENT INFORMATION Project CRYSTAL Grant Agreement No. ARTEMIS-2012-1-332830 Deliverable Title Environmental Control Systems Deliverable No. D201.011 Dissemination Level CO Nature R Document Version V1.0 Date 2014-01-29 Contact Dietmar Sander Organization A-G Phone +49 40 743 64199 E-Mail [email protected] Version Nature Date Page V01.00 R 2014-01-29 2 of 35 Environmental Control D201.011 Systems AUTHORS TABLE Name Company E-Mail Dietmar Sander Airbus Operations GmbH [email protected] Arne Rosenbohm Airbus Operations GmbH [email protected] Mathias Maruhn Airbus Operations GmbH [email protected] REVIEW TABLE Version Date Reviewer 0.2 24.1.2014 Andreas Mitschke – Airbus Group Innovations 0.2 24.1.2014 Thomas Kuhn – Fraunhofer IESE CHANGE HISTORY Pages Version Date Reason for Change Affected 0.1 20.9.2013 Initial Description all 0.2 20.12.2013 Draft Version all 1.0 29.1.2014 First Version after review all Version Nature Date Page V01.00 R 2014-01-29 3 of 35 Environmental Control D201.011 Systems CONTENT 1 INTRODUCTION .....................................................................................................................................................
    [Show full text]
  • Cranfield University
    Cranfield University G. James Sweers Methodology for the design assurance of aircraft lightning protection systems continued airworthiness. School of Engineering Aerospace Engineering Group PhD Thesis Academic Year 2009-2010 Supervisor: Professor J.P. Fielding September 2010 This thesis is submitted in partial fulfillment of the requirements for the Degree of Doctor of Philosophy. © Cranfield University, 2008. All rights reserved. No Part of this publication may be reproduced without the written permission of the copyright holder. Abstract This thesis describes a new approach to lightning protection components design by incorporating the use of multiple data sources, aircraft environmental threats models and component characteristics to determine if the component design meets the continued airworthiness requirements. This innovative aircraft lightning protection component design methodology examines critical component characteristics and evaluates these characteristics for long term survivability given known environmental design data. Use of in-service data, test data, material sciences and detailed component construction produces predictive results and provides inputs for the design community. A simple case of non-active lightning protection components was used to validate this methodology, concluding that certain design degradation mitigations are necessary to improve the continued airworthiness performance. Following this validation, the methodology was exercised by several case studies using actual design data from a large transport aircraft. The case studies provide for understanding how the methodology can be applied and showed that value was produced in creating design optimizations for the protection components. The case studies also proved that the methodology could be applied to different lightning protection designs spanning from structural design protection components to systems infrastructure transport elements and wiring.
    [Show full text]
  • POLITECNICO DI TORINO Repository ISTITUZIONALE
    POLITECNICO DI TORINO Repository ISTITUZIONALE Digital Twin: towards the integration between System Design and RAMS assessment through the Model–Based Systems Engineering Original Digital Twin: towards the integration between System Design and RAMS assessment through the Model–Based Systems Engineering / Brusa, Eugenio. - In: IEEE SYSTEMS JOURNAL. - ISSN 1932-8184. - ELETTRONICO. - (2020), pp. 1-12. Availability: This version is available at: 11583/2842332 since: 2020-08-05T10:56:01Z Publisher: IEEE Published DOI:10.1109/JSYST.2020.3010379 Terms of use: openAccess This article is made available under terms and conditions as specified in the corresponding bibliographic description in the repository Publisher copyright IEEE postprint/Author's Accepted Manuscript ©2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collecting works, for resale or lists, or reuse of any copyrighted component of this work in other works. (Article begins on next page) 28 September 2021 1 Digital Twin: towards the integration between System Design and RAMS assessment through the Model–Based Systems Engineering Eugenio Brusa least more expensive, when failures are considered, and some Abstract —The design of a safety-critical system requires an refinements of RAMS requirements are needed [5]. effective prediction of its reliability, availability, maintainability In system design, a holistic approach is currently applied, and safety (RAMS). Anticipating the RAMS analysis at the since it is developed through the requirement, functional and concept design helps the designer in the trade-off of the system physical analyses.
    [Show full text]
  • Common Cause Analysis of Circular Variable Nacelle Inlet Concepts for Aero Engines in Civil Aviation
    Proceedings IRF2018: 6th International Conference Integrity-Reliability-Failure Lisbon/Portugal 22-26 July 2018. Editors J.F. Silva Gomes and S.A. Meguid Publ. INEGI/FEUP (2018); ISBN: 978-989-20-8313-1 PAPER REF: 7148 COMMON CAUSE ANALYSIS OF CIRCULAR VARIABLE NACELLE INLET CONCEPTS FOR AERO ENGINES IN CIVIL AVIATION Stefan Kazula (*) , David Grasselt, Klaus Höschler Brandenburg University of Technology, Cottbus, Germany (*) Email: [email protected] ABSTRACT This paper presents the application of a safe design process within a concept study for variable aero engine inlets. The safety assessment method Common Cause Analysis (CCA), consisting of a Zonal Safety Analysis (ZSA), a Particular Risk Analysis (PRA) and a Common Mode Analysis (CMA), is performed on variable inlet concepts. By the means of the CCA individual failure modes and external events, which can lead to failure conditions, are identified. Potential design adaptations to mitigate these failure conditions are presented. Keywords: variable aero engine inlets, coupled design and safety process, safety and reliability, safety assessment methods. INTRODUCTION The product development in the civil aviation industry is driven by the objective of achieving improvements in efficiency, emissions and travel speed, while ensuring safety and reliability (European Commission, 2011). The aero engine and its subsystems, e.g. the inlet, have an influence on these objectives. The efficiency and the flight speed of an aircraft could be increased by using variable aero engine inlets instead of rigid inlets (Baier, 2015). While research studies concerning circular variable inlets with adjustable lip and duct geometry have been performed, e.g. Kondor (2004) and Ozdemir (2015), there are none of them in service in commercial aviation.
    [Show full text]