THE AIRLINE PILOTS FORUM & RESOURCE

Aircraft Technical and Flight Safety

Airline Flight Safety - A Technical Perspective
by Frank Rose (1992)

Recent attention to the development of structured airline flight safety organizations has only briefly touched on the technical aspects of flight safety. Despite the fact that technical cause is found to be a primary or contributing factor in less than 25% of commercial hull loss accidents, it is an area that displays great potential for reducing the overall accident rate. This potential benefit is the direct result of the predictable performance of modern machinery based on observed and probable failure rates and the assumption that critical aircraft system failures will eventually combine with human error to result in an accident.

The Flight / Techno Relationship

The maintenance and flight operations organizations are often mistakenly viewed as separate entities with little or no shared mutual interests, when in actuality, the two organizations are closely interlinked in a myriad of complex relationships and objectives. While the maintenance/engineering division provides virtually all the technological expertise necessary to maintain the aircraft fleet, the flight and inflight (flight attendant) organizations are considered the end user of the technical product and, therefore, must maintain a users level of technical knowledge.

The development and maintenance of this user requirement, whether it is for access of a complex onboard data base or the operation of an evacuation system defines the first link in the flight/techno relationship.

The second link of the relationship is forged by the legal airworthiness concept. While the captain is responsible for ensuring the final airworthiness and safety of the aircraft, it is the technical division that maintains, or returns an aircraft to an airworthiness condition. Therefore, an active and formalized communication link between the two groups is necessary for mutual satisfaction of the end product, an up aircraft. A fundamental component of this link is the aircraft logbook, which serves to document the degradation and restoration of the aircraft between variable levels of serviceability, or airworthiness.

The third component of the flight-maintenance relationship is the regulatory-procedural link. Both procedural and technical regulatory issues must be coordinated between the two divisions. While regulatory requirements emanate from the Federal Aviation Administration (FAA), they are often precipitated from National Transportation Safety Board (NTSB) investigative findings, thereby necessitating direct communication with both agencies for effective implementation of evolving safety requirements.

In all of the above defined levels of interdivisional relationships, the concept of safety is prevalent, and dependent upon uninhibited access of information and communication between the flight and maintenance organizations.

Figure 1. The flight-techno relationship between the flight and maintenance departments provide the baisis for safety.

The Technical Flight Safety Responsibility

To enhance and facilitate the communication of time-critical safety information between the maintenance and flight operations divisions, dedicated formal communicative links must be established. Within all of the defined categories of the flight/techno relationship, exist sub-areas where safety issues will surface. To ensure that issues potentially affecting the safety of airline operations are quickly identified and addressed, it is critical to the safety process that responsibility for safety issues be clearly defined. Specific components of safety-critical responsibilities requiring joint coordination and resolution between the maintenance and flight operations organizations are outlined below:

• Technical Risk Analysis

  Responsibility for identification of active high risk primary and secondary technical failure modes must be addressed jointly between the maintenance/engineering and flight operations organizations. While primary high risk exposure is generally obvious and consists generally of structural events, the definition of secondary safety failure modes is less obvious. In general, a secondary safety failure can be defined as an event or exposure that may not in itself cause the loss of the aircraft, but may place extreme demands on the flight crew. Identification of secondary high risk events is primarily a flight related responsibility due to its relative subjectivity of categorization. For example, while single failures of powerplant, hydraulic and electrical systems are not traditionally categorized as safety related through certification Failure Modes and Effects Analyses (FMEA), they are generally recognized as safety incidents by the flight organization in routine airline operations due to the resultant degradation of aircraft performance and redundancy, and erosion of the so called margin of safety. Identification of flight-sensitive secondary failures by the flight operations safety organization will then allow the technical organization to assign available assets according to level of risk.

• FAA / NTSB Communication

  To ensure that complete and consistent support of NTSB and FAA technical based investigations is maintained, it is contingent upon the safety organization to forge strong communication links with the NTSB and FAA. Included in this process is the requirement for consistent analysis of the technical aspects of NTSB & FAA investigations. Due to the highly complex nature of modern aircraft, a means to quickly analyze and disseminate critical safety information is required. In addition, conduct of both major and minor technically oriented investigations will require indepth and thorough coordination of NTSB recommendations and FAA requirements. This is also true with foreign regulatory agencies; howver, the specific processes vary widely between nations.

• Flight Crew Communication

  Critical to the safety process is the ability to quickly communicate technical information with both the pilot and flight attendant groups. Safety information must be continually reviewed for information pertinent to each airlines' operations. For example, developments in technical detail or aircraft operational requirements/procedures must be provided to crewmembers in a timely manner. Included in the rapid communication process are issues related to cabin safety.

• Future Safety Issues

  Inherent in any proactive safety organization is the ability to look forward and identify potential safety risks. Safety cannot only be reactive in nature and statistically postured, it must also possess proactive elements for identification of future safety risks. This proactive approach is formed both by current safety data and the probable effects of new technology developments. For example, while TCAS helped resolve some safety concerns, its introduction resulted in the development of additional flight crew procedures related to its employment.

• Investigation

  Virtually all operational incidents will require a certain level of technical investigation and analysis to fully understand and identify the underlying cause factors. Within the airline corporate structure, investigative responsibility for flight safety incidents must be clearly assigned. Similarly, professional investigative methods must be consistently employed in the technical area. Use of investigative tools such as the Digital Flight Data Recorder (DFDR) requires a consistent objective and confidential method of analysis.

Also, since analysis methods require complex transcription methods, it is likely that DFDR analysis will occur at the technical division. However, DFDR information must be maintained in a strict confidential status with operational DFDR analysis performed by personnel familiar with current operational procedures.

Figure 2. While the maintenance and flight departments operate within their own spheres, there are areas of common interest.

The Technical Flight Safety Process

The technical analysis component of an airlines' flight safety organization must possess several essential characteristics before an effective level of contribution is achieved. First, the organization needs to identify a set of indices, or measurable indicators, indicative of overall technical safety performance. Then, following identification of the areas of interest, the safety department must develop the means to monitor performance. The ideal organization would be focused in the following areas:

Specific Risk Exposure

First and foremost, the flight safety organization must have the ability to quickly identify developing negative flight safety trends or indices relative to identified high risk events. Therefore, a flight safety data base is required. The data may be extracted from a variety of sources, including crew reports, maintenance information, manufacturer data, etc. Although the indices, or flags, employed to alert the safety organization of undesirable trends are varied and dependent upon each organizations area of interest and operations, a complete set of indices should include at least the following events/indices:

• Engine Inflight Failures Shutdowns

• Hydraulic System Failures

• Depressurizations

• Takeoff Aborts

• Flight Control Failures

• Tire Failures

• Aircraft Fire Incidents

• Flight Related Injuries

Although past accident experience has proven the association of these indices with accident potential, the identified safety list is dynamic and requires constant review for evolving failure modes and effects.

Risk Analysis / Assignment

To assign relative priority to different risk categories, the safety organization should possess the ability to review and analyze the available indices or trends. The assignment of risk reduction responsibility is a fundamental component of an effective accident prevention program. Risk responsibility must be quickly identified and assigned to control divergent safety exposure. For example, time sensitive technical risk factors must quickly be communicated to the appropriate departmental level of responsibility. Examples of action level responsibility include specific aircraft maintenance and technical support organizations (B737, B727, DC-10, etc.). In large airline companies, the safety organization may be the first to detect errant technical trends.

Risk Communication

In conjunction with the risk assignment process, the communication of pertinent information necessary for reduction of the risk must be provided to the safety user. Depending on the type of risk involved, the user may either be a pilot, flight attendants, mechanics, and/or related support person. The primary recipient of risk identity is dependent upon the type of failure cause. Recurring material failure causes (e.g. fuel pump failure) are generally the responsibility of the technical services or engineering organization, while human factor related cause factors are best communicated to employee groups (e.g, pilots, flight attendants, mechanics) as appropriate.

Safety Performance Monitoring

Successful overview of technical safety performance requires the employment of proper statistical methods to determine safety trends. Once the data collection process is in place to determine incident levels, analytical normalization of the data is necessary. For example, to account for differences between aircraft with different numbers of engines, it is necessary to normalize shutdown rates in relation to engine hours logged by each fleet. Powerplant failure rates are typically depicted in a rate per 1,000 engine hours. Thus, one inflight shutdown in a fleet logging 50,000 engine hours would be presented as .02 failures per 1,000 engine hours. In this manner, the average shutdown rate is comparable between aircraft types independent of the number of engines per aircraft. A similar normalization process can be accomplished for other system failures.

Following identification and selection of the desired indices representing safety performance, routine review of the data and comparison with past performance is essential for the identification of developing problem areas.

Evolution of the technical safety investigative branch is a natural and essential component of any safety oriented technical organization. The airline industry embodies virtually all facets of the modern corporate spectrum, from the end product of a service based commodity to the maintenance of highly complex machinery. An active and sophisticated flight safety program capable of addressing all aspects of the flight safety spectrum is essential in a competitive environment intolerant of failure.

Frank Rose [Senior Investigator Flight Safety - SFOFS United Airlines 1992]