Tool for risk assessment and user manual
Contents
1. 3 13 Identify the impacts of future emerging and current risks The tool for risk assessment implements the risk model and accident scenarios developed within the ASCOS initiative These can be used to identify the impact of future emerging and current risk The tool for risk assessment enables the user to associate elements to a specific risk type current future emerging Elements of the model can be filtered by their risk type To give an overview of a specific risk type all elements associated to this risk type can be viewed 3 14 Identify future and emerging risks resulting from precursors Within the ASCOS initiative precursors of base events in the fault tree have been identified The tool enables the user to link these precursors to base events The base events can be filtered by precursors For each precursor all associated base events are listed The user can link precursors to future and emerging risks that he modelled within an analysis 3 15 Show and overview of all base events The tool for risk assessment is able to list all base events Section 2 3 5 of this manual explains how to list all base events This list can be filtered by current future and emerging risk 3 16 Visualize ESDs and Fault trees The tool for risk assessment visualizes Event Sequence Diagrams and Fault trees Sections 2 3 1 and 2 3 3 of this manual explain how to access the visualizations of the current risk picture Section2. View Current Risk Picture Change user Information Modification type Back to the ASCOS add_to_modification website Modification analysis Example Analysis Logout Fault Tree Details Title Description x Esd element Example ESD element Create Fault tree modification D Back to ESD element Example element Back to Analysis Example Analysis ron A NS Kk meve 5 5 KSC SEVENTH FRAMEWORK PROGRAMME Figure 29 Analysis Fault tree Create In this screen you will add a modification to create a fault tree to the analysis You add a modification in 2 steps 3 Enter the details of the modification a Modification name Type in the name of the modification b Modification description Type in a description of the modification ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 49 Issue 1 2 Classification Public c Modification fault tree Type in the id of fault tree that you want to modify d Title Type in the modified title of the fault tree e Code Type in the code for the fault tree f Description Type in the modified description of the fault tree 4 Create fault tree modification Click on this button to save the fault tree modification in the analysis and apply it to the modified model 2 4 11 Show fault tr
3. inherits its probability from the top event of the linked fault tree If you click on the link a to the linked fault tree you access a screen that shows details of the linked fault tree ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 21 Issue 1 2 Classification Public Home page Disclaimer Aecos safety certification Home Model master ESD element Flight crew does not regain control User Menu Title Flight crew does not regain control View Current Risk Picture Probability 4 590E 07 Analysis Safety design Event sequence diagram Loss of control due to poor airmanship Future risk Parent 147 Supporting Documents Linked fault tree Flight crew does not regain control lt 2 Back to ESD Loss of control due to poor airmanship Change user Information Back to the ASCOS website Logout a ES TRE FTE LEER EN GEE GE EET EEE ENNE SEVENTH FRAMEWORK PROGRAMME Figure 6 View current risk picture ESD element 2 3 3 Access Fault trees If you click on the link to the linked fault tree in the detail view of an ESD element explained in section 2 3 2 you will see the screen in Figure 7 In this screen you see details of the fault tree as well as the fault tree diagram The fault tree diagram is made up of fault tree elements Each element of the fault tree shows the e
4. Analysis Safety design Description F isk uture risk Diagram New Esd element L Supporting Documents Back to ESD list Back to Analysis Example Analysis Change user Information Back to the ASCOS website Logout SSS EN ade ny ver SEE Ad nn nnn nennen nennen nn EF ndr hes SEVENTH FRAMEWORK PROGRAMME Figure 26 Analysis ESD Show empty ESD In this screen you see details of the ESD The event sequence diagram is still empty You can click on the link a New ESD element Create a new ESD element see section 2 4 8 2 4 8 Modify remove Create an ESD element in an analysis As mentioned before you can make changes to all elements in the current risk picture These changes are represented by modifications If you follow one of links to Edit Delete or create a New ESD element in the show ESD screen of an analysis see section 2 4 7 you access a screen similar to the one shown in Figure 27 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 45 Issue 1 2 Classification Public Home page Disclaimer A2COS ZER safety certification Home Analysis Example Analysis Modified ESD Example event sequence Diagram User Menu New ESD Element modification Modification Details View Current Risk Picture Modification name Analysis Safety design EO Supp
5. Home page Disclaimer Aecos ZES safety certification Home Share Analysis Example Analysis User e mail address User Menu lt 2 View Current Risk Picture Select user rig Read lt 5 DANSE CAM Gesign Create Analysis permission Future risk Back D Supporting Documents Change user Information Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 21 Analysis Share an analysis Share with new user To share the analysis with a new user you must the following information a User e mail address Please provide the e mail address of the user with whom you want to share the analysis NOTE The user must have an account for the ASCOS tool for risk assessment see section 1 4 b Select the user right e Read The user can access your analysis and add comments The user can not make any modifications to the analysis This is meant if you want a user to review the changes you made e Write The user can access you analysis make comments and make changes to your analysis He can add modifications of the Risk model to the analysis This is meant for users that you want to collaborate when generating the analysis c Create Analysis permission Click on this button to grant access to the analysis to the user you specified 2 4 4 Access analysis If you follow the link Show of an analysis in the analyses overview screen see section 2 4 you access the screen with det
6. 2 Classification Public a List and filter fault tree elements a a If you click on List fault tree elements you access a screen where you explore details of all fault tree elements in the current risk picture see section 2 3 5 b Event sequence diagrams ESD In this section you see a list of all Event sequence diagrams ESD in the current risk picture b a If you click on the link show you access a screen with details of the selected ESD see section 2 3 1 c Export options In this section you can export the current risk picture to EXCEL c a If you click on the link Excel version of model XLS a download of the EXCEL version of the model is started d Manage associations The tool for risk assessment supports the classification of elements by different categories Each category can be associated to an element through an association There are 6 different categories available Area of change EASP category Risk type Safety barrier Precursors Stakeholder For each category there are 2 links d a If you click on the category name you will access the overview screen of the category See section 2 3 6 d b If you click on this link d b you access the overview screen of the associations within a category See section 2 3 7 2 3 1 Access ESDs The screen in Figure 5 shows an event sequence diagram ESD The diagram is made up of ESD elements Each element of the ESD shows the element title the un
7. Details of the analysis This screen is divided in 5 sections a Analysis Details In this section you can see and change the information of the analysis that you entered when you created the analysis To change the details click on the link a a Edit Change the information of the current analysis ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 39 Issue 1 2 Classification Public b View and modify model In this section you find the link to view the risk model including the modifications you make in the analysis and to add new modifications b a View modified model and add modifications This opens a screen where you see the risk model that incorporates all the modifications you make within an analysis see section 2 4 5 c Modifications within the analysis In this section you see a list of all modifications you made to the event risk model You can make modifications to the e Event sequence diagrams ESD e ESD elements e Fault trees e Fault tree elements e For each modification there are three links c a Show View details of the modification c b Edit Make changes to the modification c c Destroy Remove the modification from the analysis You will be asked to confirm that you want to destroy the modification d Export options In this section you can export your analysis in two different format d a Printable report PDF This
8. Home page Disclaimer AccCOSs lt Safety certification Home Model master Explore ASCOS risk model User Menu Here you can explore the risk models defined in ASCOS View Current Risk Picture List and filter Fault Tree elements MH _ O fault tree elements Ga Analysis Safety design Future risk Event sequence diagrams ESD ASCOS risk model Event Sequence Diagrams ESD Supporting Documents Filter by EASP category Select EASP category Change user Information wiken Title Code Description Back to the ASCOS i 5 ESD edi Aircraft system failure during take off isti aP Show ESD TER ATC event during take off ASC 3 Show Export Options KK Excel version of model or Manage Associations Area of change Za Associate Area of change to elements Ca b Edit EASP categories Associate EASP categories to elements Edit Risk types Associate Risk types to elements Edit Safety barriers Associate Safety barriers to elements Edit Precursor list Associate Precursors to elements Stakeholders Associate stakeholders to elements SEVENTH FRAMEWORK PROGRAMME Figure 4 View current risk picture Overview screen This screen is divided in 2 main sections These sections allow you to explore the current risk picture in different ways ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 19 Issue 1
9. Modify probability of top event In section 2 4 12 it was explained how you could make modifications to fault tree elements There are two types fault tree elements o Base events e Top events The probability of a top event results from combining the probability of the cut set of the top event according to gate variants AND OR XOR If in Figure 32 you input a change to the probability of a top event you access a screen similar to Figure 33 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 53 Issue 1 2 Classification Public Home page Disclaimer ACOS safety certification Home Choose how to modify the Top Event You want to change the probability of a Top Event You can choose User Menu between 2 options View Current Risk Picture 1 SET THE TOP EVENT PROBABILITY TO THE DESIRED VALUE AND IGNORE THE CUT SET OF THE ELEMENT Click here to set the Top Event probability and ignore the cut set of the Analysis Safety design element Future risk 2 MANUALLY UPDATE THE PROBABILITIES OF THE CUT SET ELEMENTS Supporting Documents Click here to manually update the probabilities of the cut set elements Change user Information Administrator Menu Administration menu Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 33 Analysis Fault tree
10. Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 24 Issue 1 2 Classification Public Home page Disclaimer Aecos 2E safety certification Home Model master FT element Uncontrollable User Menu Title Uncontrollable View Current Risk Picture Description Analysis Safety design Fi Probability 1 148E 07 Future risk uture risk Type BaseEvent Supporting Documents Gate variant Fault tree Flight crew does not regain control Change user Information Su Child Elenents Back to the ASCOS website Uncontrollable ASC38b11 1 148E 07 Logout Back to Fault Tree Flight crew does not regain control Back to Fault Tree element list SEVENTH FRAMEWORK PROGRAMME Figure 9 View current risk picture Fault tree base event 2 3 5 List and filter fault tree elements If you click on the link List fault tree elements in the initial screen of the explore current risk picture mode section 2 3 you will access the screen shown in Figure 10 This screen is divided in 2 sections a Search and filter In this section you can 1 Search the list of fault tree elements 2 Filter fault tree elements by stakeholder 3 Apply the search and filter to the list of fault tree elements b List of fault tree elements In this list you can 1 Access the details of a fault tree element If you click on the link show you will be redirected to the faul
11. back to the list of all safety barriers Figure 11 2 3 7 Manage associations to element categories As explained in section 2 3 6 elements in the risk model can be grouped together and associated to element categories In this section it is explained how to manage associations between elements and element categories Associations for all element categories are managed the same way In the following section the category safety barrier is used as example Overview If you follow the link Associate elements to safety barrier in the Overview screen of the View current risk picture mode see section 2 3 you will access a screen with an overview of all the associations between safety barriers and elements that are defined The screen will look similar to Figure 13 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 29 Issue 1 2 Classification Public Home page Disclaimer Aecos ZE safety certification Home Listing safety _barrier_element_ associations User Menu i i esd_element 262 ASCO1b19 Example Show Edit Destroy View Current Risk Picture safety barrier Analysis Safety design esd_element 263 ASCOlc1 9 Example Show Edit Destroy Future risk safety barrier supporting Documents New Safety barrier element association L3 Change user Information Administrator Menu A
12. stop on runway ASCO2c2 Aircraft continues take off ASCO2d1 Runway excursion Change user Information ASCO2d2 Aircraft stops on runway ASCO3al Aircraft directional control by flight crew inappropriate during take off Administrator Menu ASCO3b1 Flight crew rejects take off ASCO3c1 aircraft does not stop on runway Administration menu ASCO3d1 Runway excursion ASCO3d2 Aircraft stops on runway ASCO3c2 Flight crew does not maintain control Back to the ASCOS ASCO3d3 Runway excursion website ASCO3d4 Aircraft continues take off ASCO4al Aircraft directional control related system failure during take off ASCO4b1 Flight crew rejects take off ASCO4c1 aircraft does not stop on runway ASCO4d1 Runway excursion ASCO04d 2 Airc ops on runway Continue Logout SEVENTH FRAMEWORK PROGRAMME Figure 16 Associations Safety barrier New Step 3 4 To select the element that you want to associate to the safety barrier you must 1 Select the element from the list 2 Click on the button continue to continue to step 4 4 Confirm the new association Figure 16 shows the last step step 4 of the wizard where you confirm the association between the element and the safety barrier ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 33 Issue 1 2 Classification Public Home pag
13. the user to associate elements of the model to certain stakeholders For each stakeholder all associated elements can be listed Elements can be filtered by stakeholder This enables the user to show and trace the influence of stakeholders in parts of the model 3 20 Modify Elements probabilities The tool for risk assessment implements the risk model and accident scenarios developed within the ASCOS initiative The element probabilities in the risk model can be modified The user can start an analysis see section 2 4 1 and add modifications to all elements of the risk model These modifications are incorporated in the modified model which can be accessed within the analysis see section 2 4 5 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 63 Issue 1 2 Classification Public 4 Conclusions and recommendations The objective of this study is the development of a software tool for risk assessment The tool embodies the ASCOS risk model and representation of accident scenarios which are based on CATS The tool allows the user to access explore and modify the ASCOS risk model and accident scenarios It allows the user to utilize the safety risk method developed to support the new proposed certification approach The tool for risk assessment is a web based software tool that can be used by a safety practitioner as support in the risk assessment process
14. to tap down bottom model master up Edit show Enter analysis details modification name description Add modification Store analysis Add element Start and store Explore model analysis Export print analysis Explore model master Model master screen List E5Ds Access ESDs Access fault tree list Access element list Add ESD analysis mode Access fault tree list Access ESDs Fault tree list screen Show selected ESD List Fault trees Access ESD elements Access fault trees Add modification Add fault tree a aT erm analysis mode analysis mode parameters List affected elements Edit modification parameters in edit mode Save modification Modification description Select base event for modification Enter modification modification factor absolute value Save modification Access ESD element Access fault tree Show selected ESD Show Fault tree element details Access fault tree Show link to Fault tree elements Add modification Add modification analysis mode analysis mode Add modification screen top down mode Modification description Select Top event for modification Access fa jn tree Enter desired Contributing elements element probability screen top down mode Fault tree element screen Show Fault tree element details Show link to Fault tree Show contr
15. Certification of new Operations and Systems Grant Agreement No 314299 a Ref ASCOS_WP3_TUD_D3 3 Page 12 Issue 1 2 Classification Public Figure 39 Functional flow diagram of the software tool neee eeeeenenannensserrsersserensennnenneennnnenn 65 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 mm Ref ASCOS WP3 TUD D3 3 Page 13 Issue 1 2 Classification Public This page is intentionally left blank ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 14 Issue 1 2 Classification Public 1 Introduction 1 1 Background and scope In the ASCOS project the goal is to develop aviation certification process adaptions Within work package 3 a total aviation safety assessment methodology is developed for handling of current emerging and future risks through the use of safety based design systems and tools 1 This document presents the results of sub work package 3 3 tool for risk assessment 1 2 Objectives The objective of this study is the development of a software tool for risk assessment The tool should embody the ASCOS risk models and representation of accident scenarios which are based on CATS The tool should allow the user to access explore and modify the ASCOS risk models and accident scenarios It should allow the user to utilize the safety risk method d
16. Classification Public 3 Confirm changes If the current value probability of the top event sufficiently matches your desired value you can confirm the changes to the cut set elements These will be stored in your analysis and you can find them in the analysis overview see section 2 4 4 2 4 14 Show fault tree element in an analysis If you click on the title of a fault tree element in the show fault tree screen of an analysis see section 2 4 11 you access a screen similar to the one shown in Figure 35 Home page Disclaimer Aecos LE safety certification Home Analysis Example Analysis Modified FT element Uncontrollable User Menu Title Uncontrollable View Current Risk Picture Description Analysis Safety design Probability 1 148E 07 Fut isk uture risk Type BaseEvent Supporting Documents Gate variant Fault tree Flight crew does not regain control Change user Information Parent 500 Back to the ASCOS Back to Fault Tree Flight crew does not regain control website Back to Analysis Example Analysis Logout SEVENTH FRAMEWORK PROGRAMME Figure 35 Analysis Fault tree element Show In this screen you see the details of the fault tree element e Title The title of the fault tree element e Descriptions A description of the fault tree element e Probability The probability of the fault tree element e Type The type of the fault tree element ASCOS Aviation Safety a
17. Ds of the ASCOS risk model are associated to operational issues of the European Aviation Safety plan EASp These associations are implemented in the tool and the tool allows filtering of ESDs by EASp categories 3 6 Develop a safety picture of the future The tool for risk assessment enables the user to make an analysis to develop a safety picture of the future The tool provides a model master that represents current risk Within an analysis the user can make modifications to the model master and create new elements fault trees and event sequence diagrams see section 2 4 to develop a safety picture of the future 3 7 Anticipate future risks based on existing precursors Within the ASCOS initiative precursors of base events in the fault tree have been identified The tool enables the user to link these precursors to base events The base events can be filtered by precursors For each precursor all associated base events are listed 3 8 Assess necessary changes resulting from desired safety performance levels The tool supports analyses starting from the final element and shows all elements that contribute to the probability of the final element This top down for an analysis enables the user to assess necessary changes resulting from desired safety performance levels Section 2 4 13 of this manual explains how to perform a top down analysis starting from the top event of a fault tree 3 9 Derive safety objectives and safety req
18. The tool will be validated within ASCOS WP5 Validation The software tool has now reached a stable prototype level It supports the following functionalities g Create safety risk picture for the current and future aviation system h Support safety analysis for the certification process i Support analysis of future and emerging risk j Create precursors and safety barriers k Represent safety culture and safety management I Classify and filter results by EASp AoC and stakeholder The tool for risk assessment supports an initial proposed methodology developed in the context of an agreement between ASCOS and the EASp Action EME1 2 which seeks to develop a possible picture of the future by establishing a foresight cell This would help to prioritize safety improvements efforts on the basis of foresight incorporating emerging and future risk However it should be noted that EASA and or other CAA s have not yet tested or evaluated the current version of the tool Follow up activities in the ASCOS WP5 should dedicate some efforts towards evaluating the usability of the tool in the context of the EASp Action EME1 2 For future work it is recommended to seek opportunities to widen the scope of the tool for risk assessment This could be achieved by opening up access to the tool for risk assessment to more users and collect their feedback on which functionalities of the tool are useful to them and from which additional functionalities they could ben
19. _D3 3 Page 34 Issue 1 2 Classification Public Home page Disclaimer Aecos 2 safety certification Home List of your analyses In this screen you see and overview of all your analyses User Menu You can add a new analysis and edit existing ones View Current Risk Picture Example Analysis Show Edit Destroy Share Analysis Safety design Shared Analysis Shared by Heiko Udluft Future risk New Analysis lt e Supporting Documents Change user Information Back to the ASCOS website ETET PN VEE a nT ee eee gS ee Se ee TE NE KT EE SEVENTH FRAMEWORK PROGRAMME Figure 18 Analysis overview This screen gives an overview of all your analyses in a list Each analysis you can a Show Show the details of the analysis and add modifications If you click on this link you will be redirected to the screen shown in Figure 22 see section 2 4 4 b Edit Edit the Analysis details such as title and description If you click on this link you will be redirected to the screen shown in Figure 19 see section 2 4 1 c Destroy Delete the analysis and all modifications of the analysis If you click on this link you will be asked to confirm that you want to delete the analysis d Share Share the analysis with other users In this screen you can also start a new analysis if you click on the link e New Analysis Start a new analysis ASCOS Aviation Safety and Certification of new Operations a
20. afety design analysis 33 2 4 1 Start new analysis 35 2 4 2 Share the analysis 35 2 4 3 Share analysis with new user 36 2 4 4 Access analysis 37 24 5 View modified model and add modifications 40 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 9 Issue 1 2 Classification Public 2 4 6 Modify remove Create an event sequence diagram ESD in an analysis 41 2 4 7 Show ESD in an analysis 43 2 4 8 Modify remove Create an ESD element in an analysis 44 2 4 9 Show ESD element in an analysis 46 2 4 10 Create a fault tree in an analysis 48 2 4 11 Show fault tree in an analysis 49 2 4 12 Modify remove Create fault tree element in an analysis 51 2 4 13 Modify probability of top event 52 2 4 14 Show fault tree element in an analysis 55 2 5 Access supporting documents 56 2 6 Change user information 57 3 Example functionalities of the tool for risk assessment 59 3 1 Support safety based design of technologies operations and systems 59 3 2 Handle current emerging and future risks 59 3 3 Representation of risk for the certification process 59 3 4 Represent current risk in accident and accident avoidance scenarios 60 3 5 Identify accident scenarios linked to EASp operational issues 60 3 6 Develop a safety picture of the future 60 3 7 Anticipate future risks based on existing precursors 60 3 8 Assess necessary changes resulting from desired safety performance le
21. ails of the analysis Figure 22 shows an example of an analysis ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 38 Issue 1 2 Classification Public Home page Disclaimer Aecos 2E safety certification Home Analysis Example Analysis Analysis Details User Menu l Title Example Analysis View Current Risk Picture Description This is an example analysis to illustrate the functionality of the tool Analysis Safety design Future risk Edit Supporting Documents view and modify model EEZ gt View modified model and add modifications lt 68 Change user Information Modifications within the analysis Back to the ASCOS website Modifications to Event Sequence Diagrams Logout Example Example ESD Show Edit Destroy event Ewent Example 1 sequence Sequence Ca Diaaram Diaaram Export Options gt Printable Report PDF Excel version of safety ers Leb Excel version of modified Event Sequence Diagrams XLS Manage Associatio 2 Area of change Area of change associations to element Edit EASP categories Associate EASP categories to elements Comments gt Example User September 05 2014 14 48 This is an example for a comment for an analysis New Comment Kia Back to list of Analyses SEVENTH FRAMEWORK PROGRAMME Figure 22 Analysis
22. aintained by the TU Delft based on a set of required functionalities established by NLR 6 Initial testing was performed by APSYS JRC and NLR resulting in software updates It should be noted that the tool is still being validated User feedback and comments may still be processed until the end of ASCOS WP5 Validation The current version of the tool which is hosted on the NLR server can be accessed through the URL http www ascos project eu risk tool To get access and use the tool an account and login data can be requested from the ASCOS coordinator lennaert speijker nlr atsi nl or directly from the TU Delft h udluft tudelft nl or r curran tudelft nl ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 15 Issue 1 2 Classification Public Figure 1 shows an overview of the general structure of the screens of the tool Navigation Content area area Figure 1 General structure of the tool In the navigation area you can access the various functional part of the tool which are described in section 2 of this document The content area displays content and allows interacting with various part of the tool ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 16 Issue 1 2 Class
23. as well as the fault tree diagram The fault tree diagram is made up of fault tree elements For each fault tree element you see the element title code and probability You can click on 3 different links a Element title Click on the element title to access the screen with details of the fault tree element see section 2 4 14 b Edit Modify the fault tree element see section 2 4 12 c Delete Remove the fault tree element from the analysis see section 2 4 12 If the fault tree does not yet have any elements yet you see a screen similar to 2 4 12 Home page Disclaimer Aecos lt safety certification Home Analysis Example Analysis Modified Fault Tree Example Fault Tree User Menu Title Example Fault Tree View Current Risk Picture Probability of top event Please add Fault Tree Elements Analysis Safety design Code Example 1al Fut isk VEE ROR Description Supporting Documents ESD element Example ESD element Diagram New fault tree element L Change user Information Back to ESD element Example ESD element Back to the ASCOS Back to Analysis Example Analysis website Logout ENNE EEN EC EEN PEN ENE RTT EEEN ET IE EERE EIT EEE ETEN CCVE TELEF SEVENTH FRAMEWORK PROGRAMME Figure 31 Analysis Fault tree Show empty fault tree In this screen you see details of the fault tree The fault tree diagram is still empty You can click on the link a New fault tree element Create a n
24. b arenes woo hd deense oapeuh ENE hiddink 16 Figure 3 Welcome SEI CEI arns A EE 17 Figure 4 View current risk picture Overview screen unsnnsersrenenenereeennersennerreennnnsessennnsereeennnnnervennnn 18 Figure 5 View current risk picture View event sequence diagram naan soanseennnersennnersrvennners ennn ersvernnnn 20 Figure 6 View current risk picture ESD GISMENE zorssreenernaatsnethseden tekenenden 21 Figure 7 View current risk picture Fault WOS tomv TTEN E AA 22 Figure 8 View current risk picture Fault tree top event oa annenenerevensnersennserersnnnerreennnsers vennen venen 23 Figure 9 View current risk picture Fault tree base event usann sers enensnernennereevennnerseennnere vennen eenen 24 Figure 10 View current risk picture list search and filter fault tree elements nanne eennn ere enenenn 25 Figure 11 Element categories Safety barrier OVErViCW ccccccssesecccsessececcceaeeecesseeeeeceseseceesaueeeeesauseseeessaees 26 Figure 12 Element categories Safety barrier Details uunanen sneven ersennersenennnerseennneseennennnerve sens 27 Figure 13 Associations Safety barrier Overview csccccccsssssccceaeeeccecceeseecccseueceseuesceessueeeeseseuseeeesausneseeseaees 29 Figure 14 Associations Safety barrier New Step 1 4 nanne neen eereeenenvvenserveersnenvvenvverssrsenverenens 30 Figure 15 Associations Safety barrier New S
25. cation in 2 steps 1 Enter the details of the modification a Modification name Type in the name of the modification b Modification description Type in a description of the modification c Modification event sequence diagram Type in the id of the event sequence diagram that you want to modify d Title Type in the modified title of the ESD e Code Type in the modified code of the ESD ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 43 Issue 1 2 Classification Public f Description Type in the modified description of the ESD 2 Create event sequence diagram modification Click on this button to save the ESD modification in the analysis and apply it to the modified model 2 4 7 Show ESD in an analysis If you follow the link to show an event sequence diagram ESD in the show model screen of an analysis see section 2 4 5 you access a screen similar to the one shown in Figure 25 Home page Disclaimer A2ecos ZA safety certification Home Analysis Example Analysis Modified ESD Loss of control due to poor airmanship User Menu Title Loss of control due to poor airmanship View Current Risk Picture Code ESD ASC 38 Analysis Safety design Description Future risk Diagram Supporting Documents Loss of control due to Flight crew does not Collision with the poor airman
26. ciation List of all Safety barriers User Menu lt i Example safety barrier View Current Risk Picture Example safety barrier 2 Example safety barrier 3 Example safety barrier 4 Analysis Safety design Example safety barrier 5 Future risk lt 2 ontinue Back Supporting Documents Change user Information Administrator Menu Administration menu Back to the ASCOS website Logout en TT a So SS SEVENTH FRAMEWORK PROGRAMME Figure 14 Associations Safety barrier New Step 1 4 To select the safety barrier for the association you must 1 Select a safety barrier from the list 2 Click on the button continue to continue to step 2 2 Select the element type for the new association Figure 15 shows step 2 of the wizard where you select the type of the element that you want to associate to the safety barrier that you selected in step 1 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 31 Issue 1 2 Classification Public Home page Disclaimer A2C0S lt safety certification Home Select the Type of the element that you want to associate to Example safety barrier User Menu Please select the element type you want to modify View Current Risk Picture Event Sequence Diagram ESD Element lt 1 Fault Tree Analysis Safety design Fault Tree Element Fu
27. ctionalities of the tool are useful to them and from which additional functionalities they could benefit However it should be noted that the ASCOS tool for risk assessment is recommended to be used only by aviation safety experts with sufficient and relevant aviation safety expertise and knowledge ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 mm Ref ASCOS WP3 TUD D3 3 Page 7 Issue 1 2 Classification Public This page is intentionally left blank ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 8 Issue 1 2 Classification Public Table of Contents Document Change Log 1 Review and Approval of the Document 1 Document Distribution 2 Acronyms 4 Executive Summary 6 List of Figures 11 1 Introduction 14 1 1 Background and scope 14 1 2 Objectives 14 1 3 Structure of the document 14 1 4 General structure of the screens of the tool for risk assessment 14 2 Description of the functions of the tool for risk assessment 16 2 1 Login screen 16 2 2 Welcome screen 16 2 3 Explore current risk picture 17 2 3 1 Access ESDs 19 2 3 2 Access ESD elements 20 2 3 3 Access Fault trees 21 2 3 4 Access fault tree elements 22 2 3 5 List and filter fault tree elements 24 2 3 6 Manage element categories 25 2 3 7 Manage associations to element categories 28 2 4 Start s
28. dministration menu Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 13 Associations Safety barrier Overview In this screen you see a list of all associations between elements and safety barriers that are defined For each associations you can a Show View details of the association b Edit This will open a 4 step wizard to help you edit the association c Destroy This will remove the association You will be asked to confirm that you want to remove the association You can create a new association if you click on d New Safety barrier element association This will open a 4 step wizard to help you create a new association ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 30 Issue 1 2 Classification Public Create edit an association This section explains how to create a new or edit and existing association between an element of the model and an element category Association are created in 4 steps All associations are created the same way In the following section an ESD element is associated to a safety barrier as an example 1 Select the safety barrier Figure 14 shows step 1 of the wizard where you select one of the safety barrier that you defined Home page Disclaimer Aecos safety certification Home New safety_barrier_element_asso
29. e and frequency per flight Administrator Menu bai This document shows relates each of the initiating events of the event sequence diagrams Administration menu reference ASCOS CATS and to one ore more of me European a Safety D3 2 EAS Plan EASP categories Runway excursion Mod Back to the ASCOS P air collision CFIT LOC I and Ground collision website Logout SEVENTH FRAMEWORK PROGRAMME Figure 36 Supporting documents Index In this screen you see a list of all the supporting documents available You can follow the link a Title of the document Open the supporting document in a new window ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 57 Issue 1 2 Classification Public 2 6 Change user information If you click on change user information in the welcome screen section 2 2 you will see the screen shown in Figure 37 Home page Disclaimer Ky safety certification Username test_user lt a User Menu Full Name Test User View Current Risk Picture E Mail test user ascos project eu Edit Back Analysis Safety design Future risk Supporting Documents Change user Information Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 37 Show user information screen In section a you see the user information If you click on
30. e mode see section 2 3 you will access a screen with an overview of all the safety barriers that are defined The screen will look similar to Figure 11 Home page Disclaimer Aecos LE safety certification Home pith En rriers User Menu Example This is an example safety barrier that wiEdit Destroy safety demonstrates how safety barriers can be o View Current Risk Picture i barrier used to track groups of elements Analysis Safety design New Safety barrier lt 3 Future risk Supporting Documents Change user Information Administrator Menu Administration menu Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 11 Element categories Safety barrier Overview In this screen you see a list of all the safety barriers that are defined Each safety barrier you can a Show View details of the safety barrier and a list of associated elements ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 27 Issue 1 2 Classification Public b Edit Change the name and description of the safety barrier c Destroy Delete the safety barrier You have to approve that you want to delete the safety barrier You can create new safety barriers if you click on d New Safety barrier Create a new safety barrier Details of safety barrier If you fol
31. e Disclaimer Aecos ZE safety certification Home Please confirm that you want to generate the following association User Menu Safety barrier Example safety barrier View Current Risk Picture Element ASCO1b1 Confirm lt 2 Analysis Safety design Future risk Supporting Documents Change user Information Administrator Menu Administration menu Back to the ASCOS website Logout nn ae a a ae Sa SEVENTH FRAMEWORK PROGRAMME Figure 17 Associations Safety barrier New Step 3 4 To confirm the association 1 Click on the button confirm You will see the screen with the overview of the associations Figure 13 2 4 Start safety design analysis A key component of the tool for risk assessment is to perform safety analyses based on the current risk picture To perform a safety analysis you can make modifications to the current risk picture You can both modify existing elements of the risk picture and add new elements You can make modifications on all levels of the risk picture including event sequence diagrams ESD ESD elements fault trees and fault tree elements If you follow the link Analysis Safety design Future risk in the navigation area see section 1 4 you access the screen shown in Figure 18 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD
32. e implemented in this list For each ESD you can click on links to a Show View the ESD and make modifications to ESD elements see section 2 4 7 b Edit Make changes to the ESD see section 2 4 6 c Delete Remove the ESD from the analysis see section 2 4 6 You can also add new ESDs Click on the link at the bottom of the page d New Event sequence diagram Add a new ESD to the analysis see section 2 4 6 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS WP3 TUD D3 3 Page 41 Issue 1 2 Classification Public Home page Disclaimer Aecos ZA safety certification Home Analysis Example Analysis Listing ASCOS risk model Event Sequence Diagrams User Menu ESD View Current Risk Picture Analysis Safety design Aircraft system ESD 6 373E 05 Show Edit Delete Future risk failure during ASC 1 take off E ATC event during ESD 1 789E 05 S E el take off ASC 2 Aircraft ESD 4 571E 06 Show Edit Delete directional ASC 3 Change user Information contral by flight crew Back to the ASCOS inappropriate website during take off New Event sequence diagram lt 4 Back to Analysis Example Analysis Logout SEVENTH FRAMEWORK PROGRAMME Figure 23 Analysis List of event sequence diagrams 2 4 6 Modify remove Create an event sequence diagram ESD in an analysis As mentioned before you can make changes t
33. edit b you can edit your user information You will be presented with the screen shown in Figure 38 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 58 Issue 1 2 Classification Public Home page Disclaimer Aecos 2 safety certification Home Editing user Enter user details User Menu Name View Current Risk Picture test_user Full name Analysis Safety design Test User Future risk Email test user ascos project eu Supporting Documents Password Change user Information Pascword confirmation Back to the ASCOS Update User website el en Logout aise SEVENTH FRAMEWORK PROGRAMME Figure 38 Edit user information screen You can update your user information in 2 steps 1 Enter the changed user information a Input your desired user name b Enter your full name c Enter your E Mail address d Enter your changed password optional e Enter your changed password again for verification optional 2 Click on the button Update User You will be redirected to the screen shown in Figure 37 which now shows your updated user details ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 59 Issue 1 2 Classification Public 3 Example functionalities of
34. ee in an analysis If you follow the link of the title of the linked fault tree in the show ESD element screen of an analysis see section 2 4 9 you access a screen similar to the one shown in Figure 30 Home page Disclaimer Aecos ZE safety certification Home Analysis Example Analysis Modified Fault Tree Flight crew does not regain control Jour Fana Title Flight crew does not regain control View Current Risk Picture Probability of top event 4 590E 07 Analysis Safety design Code ASC38b1 Fut isk RT Description Supporting Documents ESD element Flight crew does not regain control Diagram Change user Information regain control Back to the ASCOS ASC38b1 website 4 590E 07 OR Logout Edit Delete Uncontrollable Lack of control Incorrect control Insufficient control ASC38b11 ASC38b12 ASC38b13 ASC38b14 1 148E 07 1 148E 07 1 148E 07 1 148E 07 Edit Delete Edit Delete Edit Delete Edit Delete Back to ESD element Flight crew does not regain control Back to Analysis Example Analysis SEVENTH FRAMEWORK PROGRAMME Figure 30 Analysis Fault tree Show fault tree ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 50 Issue 1 2 Classification Public In this screen you see the details of the fault tree such as title code description and the linked ESD element
35. eee SS me SEVENTH FRAMEWORK PROGRAMME Tool for risk assessment User Manual H Udluft TUD P C Roling TUD R Curran TUD AclOs Safety certification The software tool described in this document embodies the ASCOS risk models and representation of accident scenarios Coordinator L J P Speijker NLR Work Package Manager S Bravo Mu oz APS Grant Agreement No 314299 Document Identification D3 3 Status Approved Version 1 2 Date of Issue 16 10 2014 Classification Public mmm This page is intentionally left blank ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 1 Issue 1 2 Classification Public Document Change Log 10 H Udluft 24 03 2014 First TEETE version H Udluft 03 09 2014 All Updated document to match latest version of the tool L J P Speijker 16 10 2014 1 Appendix B Conclusions Made consistent with D3 6 and recommendations Conclusions Section 4 added Appendix B with changes for CATS shifted to internal note Review and Approval of the Document ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 2 Issue 1 2 Classification Public Document Distribution NLR L Speijker A Rutten M A Piers U Dees P van der Ge
36. efit However it should be noted that the ASCOS tool for risk assessment is recommended to be used only by aviation safety experts with sufficient and relevant aviation safety expertise and knowledge ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS Cy safety certification Ref ASCOS WP3 TUD D3 3 Page 64 Issue 1 2 Classification Public References A swennen OOOO 2 eos makna monden 08 OOO http en wikipedia org wiki MoSCoW_ Method last accessed on November 20 2013 http en wikipedia org wiki Ruby_on_Rails last accessed on November 20 2013 S Ruby D Thomas D H Hansson Agile web development with rails 4 0 2013 http www nlr atsi nl fast CATS CATS 20final 20report pdf last accessed on September 1 2014 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 65 Issue 1 2 Classification Public Appendix A Functional flow diagram Login te toal Request login data Login to tool List analyses Access supporting documents Explore model master Open existing analysis Start new Analysis Supporting documents screen List supporting documents Open supporting documents analysis Vn New analysis screen Analysis overview screen Select analysis mode List modifications
37. element Edit top event probability Screen 1 In this screen you have to choose one of 2 options 1 Set the top event probability to the desired value and ignore the cut set of the element If you choose this option the cut set of the element is ignored the top event is changed to a base event and the probability is set to your desired value 2 Manually update the probabilities of the cut set elements As mentioned before the probability of a top event is determined by combining the probabilities of the cut set of the element according to the gate variant If you choose this option you will access a screen where you can modify the probabilities of all elements from the cut set The screen to modify the cut set probabilities looks similar to Figure 34 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 54 Issue 1 2 Classification Public Home page Disclaimer Aecos ZE safety certification Home Modify cut set of Aircraft does not stop on runway Here you can modify the probabiltiy of the cut set to match the desired User Menu probability you defined for the modification View Current Risk Picture Name Probability Original value 0 3439 Desired walue 0 6 Current value 0 3439 Analysis Safety design Future risk Title e Probability Supporting Documents Aircraft does not stop on ru
38. ereeneineder 44 Figure 27 Analysis ESD element Modify remove Create nnn nennen neee vennvenservsenvvenvsersververenevens 45 Figure 28 Analysis ESD Show ESD element ananas oenseeneneerrennnenerennnerersnnnersvennnnerseennnsessersennenseennns 47 Fig re 29 Analysis Fault tree CHSALOisinerssaesserninnlre nenten 48 Figure 30 Analysis Fault tree Show fault tree nsssnnnnsseennsssssensssreessssrresssresssserrsserresssrrerssserresssserrsssrerrsses 49 Figure 31 Analysis Fault tree Show empty fault tree unnunenssssenns ereen errenennnerseennnnerseensnnerevennnn 50 Figure 32 Analysis Fault tree element Modify remove Create nnn nnen nnen nnennvenvservservervveven 51 Figure 33 Analysis Fault tree element Edit top event probability Screen 1 anna anenoen enen en eenen 53 Figure 34 Analysis Fault tree element Edit top event probability Screen 2 unu anannens ern enennn erve nenn 54 Figure 35 Analysis Fault tree element SOW esiewertettannstekenen sortidserndormenrentknddaor osrudadanthdersddindke 55 Figure 36 Supporting document INGEN sarsma E N E A eha eseriatineens 56 Figure 37 Show user information SCVE CM anness bidarsetseniaidiaart inte midhikdertedeatederdiind eben intentertidends 57 Figure 38 Edit user information Serem i055 scxsinccsa sn dissovsnnsadaasgandensiesejncndncwiunedentasdodaensanenscarsisasodeian sau sbeseinsavejuindace 58 ASCOS Aviation Safety and
39. erent functions of the tool ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 17 Issue 1 2 Classification Public Home page Disclaimer A2COS ZEB safety certification Home Welcome This is the overview page for the tool for risk assessment of ASCOS User Menu tool provides you with 3 basic operations modes View Current Risk Picture Explore the model 5 1 Analysis Safety design lt b 2 Start Analyses Future risk 3 Access Supporting documents Supporting Documents Change user Information Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 3 Welcome screen As a user you can access the following 4 parts of the tool a View past and current risk picture described in section 2 3 b Start an Analysis Safety design Future risk described in section 2 4 c Access supporting documents described in section 2 5 d Change user information described in section 2 6 2 3 Explore current risk picture In this mode you can explore the current risk picture Figure 4 shows the initial screen when entering the View Current Risk Picture mode ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 18 Issue 12 Classification Public
40. est A Roelen J J Scholte J G Verstraeten A D Balk E van de Sluis ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 mmm Ref ASCOS WP3 TUD D3 3 Page 3 Issue 1 2 Classification Public ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification ASCOS_WP3_TUD_D3 3 Page Issue 1 2 Classification Public Acronyms Event sequence diagram Work package ASCOS Aviation safety and certification of new operations and systems ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 mm Ref ASCOS WP3 TUD D3 3 Page 5 Issue 1 2 Classification Public This page is intentionally left blank ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 6 Issue 1 2 Classification Public Executive Summary The objective of this study is the development of a software tool for risk assessment The tool embodies the ASCOS risk model and representation of accident scenarios which are based on CATS The tool allows the user to access explore and modify the ASCOS risk model and accident scenarios It allows the user to utilize the safety risk method developed to support the new proposed certification approach The tool for risk assessment is a web based softwa
41. eveloped to support the new proposed certification approach The tool for risk assessment is a web based software tool that can be used by a safety practitioner as support in the risk assessment process It uses the Event Sequence Diagram ESD and Fault Tree logic to represent the total aviation system risk model that was developed in the WP3 2 study 2 The user can use the tool to explore the risk model developed in ASCOS and to assess the impact of modifications in the Total Aviation System in order to support the certification process The tool is being validated within ASCOS WP5 Validation 1 3 Structure of the document In the first part of the user manual the various functions of the software are explained Each function is presented with screenshots and explanations of the different ways the user can interact with every screen The general structure of the tool is shown section 1 4 Section 2 describes the functions of the tool for risk assessment Section 3 explains the example functionalities of the tool for risk assessment Section 4 gives some conclusions Appendix A provides the functional flow diagram for the developed tool for risk assessment 1 4 General structure of the screens of the tool for risk assessment The tool for risk assessment is a web based tool It requires a computer connected to the internet with a web browser such as Internet Explorer Safari or Mozilla Firefox The software tool has been developed and is m
42. ew fault tree element see section 2 4 12 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 51 Issue 1 2 Classification Public 2 4 12 Modify remove Create fault tree element in an analysis As mentioned before you can make changes to all elements in the current risk picture These changes are represented by modifications If you follow one of links to Edit Delete or create a New fault tree element in the show fault tree screen of an analysis see section 2 4 11 you access a screen similar to the one shown in Figure 32 Home page Disclaimer A2COS safety certification Home Analysis Example Analysis Modified Fault Tree Example Fault Tree User Menu New FT element modification Modification Details View Current Risk Picture Modification name Analysis Safety design Future risk Modification description Supporting Documents Modification ft element Change user Information Modification type Back to the ASCOS add_to_modification website Modification analysis Example Analysis Logout FT Element Details Title p Description 0 JO variant Parent Type Select the Type of the element lt i Fault tree Example Fault Tree Create Ft element modification Back to Fault Tree Examp
43. generates a printable PDF report d b EXCEL version This creates an EXCEL version of the current analysis e Manage Associations The tool for risk assessment supports the classification of elements by different categories Each category can be associated to an element through an association There are 6 different categories available Area of change EASP category Risk type Safety barrier Precursors Stakeholder For each category there are 2 links e a Ifyou click on the category name you will access the overview screen of the category See section 2 3 6 e b If you click on this link e b you access the overview screen of the associations within a category See section 2 3 7 f Comments In this section you see a list of the comment you or other users made to your analysis f a Click on the link New Comment to add a comment to the analysis ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 40 Issue 1 2 Classification Public 2 4 5 View modified model and add modifications If you follow the link to View modified model and add modifications on the details screen of an analysis see section 2 4 4 you access the screen shown in Figure 23 In this screen you see the list of modified event sequence diagrams ESD Any modifications that you make in the analysis that affect an ESD ar
44. ibuting elements that need change to match probability List contributing elements and their contribution Modify contributing elements probability Save modification Add modification analysis mode Figure 39 Functional flow diagram of the software tool ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299
45. ification Public 2 Description of the functions of the tool for risk assessment In this section the functions of the tool for risk assessment are described The tool is a web based application The functions of the tool are distributed over various screens An overview over the structure of the screens is represented in the functional flow diagram which can be found in Appendix A of this document 2 1 Login screen The first screen you will see when you access the tool is the login screen Figure 2 shows a screenshot of the login screen Home page Disclaimer ae Ba PEEN MI AclOs safety certification Home Login to the ASCOS tool for risk assessment Please Log In Name lt 1 Password Forgot Password D Login D SEVENTH FRAMEWORK PROGRAMME Figure 2 Login screen To login to the tool you have to follow the following 3 steps 1 Enter your username in the field name 2 Enter your password in the filed password 3 Click on the link Forgot Password to set a new password 4 Click on the button Login After this you will be redirected to the welcome screen which is described in section 2 2 2 2 Welcome screen The Welcome screen is the first screen you will be presented with after you login to the tool From the login screen you can access the functions of the tool Figure 3 shows a screenshot of the welcome screen which highlights the links to the diff
46. ique identification code of the element and the probability of the element Each element of the ESD is linked to a fault tree and inherits the probability from the fault tree see section 2 3 3 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS WP3 TUD D3 3 Page 20 Issue 1 2 Classification Public Home page Disclaimer safety certification Home Model master User Menu View Current Risk Picture Analysis Safety design Future risk Supporting Documents Change user Information Back to the ASCOS website Logout ESD Loss of control due to poor airmanship Title Loss of control due to poor airmanship Code ESD ASC 38 Description Changes from original CATS Change protoco lt a Diagram Loss of control due to Flight crew does not poor airmanship regain control ASC38al ASC38b1 1 000E 03 4 590E 07 Back to Current Risk Picture overview Collision with the ground ASC38c1 4 590E 10 Aircraft continues flight ASC38c2 1 000E 03 SEVENTH FRAMEWORK PROGRAMME Figure 5 View current risk picture View event sequence diagram You can access a screen with details of each ESD element see section 2 3 2 by clicking on the ESD element title a 2 3 2 Access ESD elements The screen in Figure 6 shows an ESD element Each ESD element is linked to a fault tree The ESD element
47. le v Back to Analysis Example Analysis a 2 ne a MEE EE ETT ERE ER ODE SEVENTH FRAMEWORK PROGRAMME Figure 32 Analysis Fault tree element Modify remove create In this screen you will add a modification of a fault tree element to the analysis You add a modification in 2 steps ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 52 Issue 1 2 Classification Public 3 Enter the details of the modification a Modification name Type in the name of the modification b Modification description Type in a description of the modification c Modification event sequence diagram Type in the id of the event sequence diagram that you want to modify d Title Type in the modified title of the fault tree element e Code Type in the modified code of the fault tree element f Description Type in the modified description of the fault tree element g Gate variant Select the gate variant of the fault tree element OR XOR AND only for top events h Parent Parent element of the ESD element i Probability Type in the probability of the fault tree element Only for base events j Type Select the type of the fault tree element Base event top event 4 Create fault tree element modification Click on this button to save the fault tree element modification in the analysis and apply it to the modified model 2 4 13
48. lement title the unique identification code of the element and the element probability For top events the element also shows the gate variant You can access the screen with details of each fault tree element by clicking on the link a ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 22 Issue 1 2 Classification Public Home page Disclaimer Aecos 2 safety certification Home Model master Fault Tree Flight crew does not regain control User Menu Title Flight crew does not regain control View Current Risk Picture Probability of top event 4 590E 07 Analysis Safety design Code ASC38b1 Future risk Description Supporting Documents ESD element Flight crew does not regain control Diagram Change user Information Flight crew does not Back to the ASCOS regain control website ASC38b1 4 590E 07 OR Logout ee Uncontrollable Lack of control Incorrect control Insufficient control ASC38b11 ASC38b12 ASC38b13 ASC38b14 1 148E 07 1 148E 07 1 148E 07 1 148E 07 Back to ESD element Flight crew does not regain control SEVENTH FRAMEWORK PROGRAMME Figure 7 View current risk picture Fault tree 2 3 4 Access fault tree elements If you click on the link to a top event in the fault tree explained in section 2 3 3 you will see the screen in Figure 8 In this screen you see the de
49. lowed the link show in the safety barrier overview Figure 11 you will access a screen with details of the safety barrier Home page Disclaimer hen Bl PEREN AclQOS Safety certification Home Name Example safety barrier User Menu Description This is an example safety barrier that demonstrates View Current Risk Picture how safety barriers can be used to track groups of elements Associated elements stuns NE Future risk ASCO1b1 Flight crew rejects take off 0 1 ASCO1cl1 aircraft does not stop on runway 0 344 Supporting Documents Sum 0 444 Edit Back Change user Information A A Administrator Menu Administration menu Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 12 Element categories Safety barrier Details ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 28 Issue 1 2 Classification Public In this screen you see the name and description of the safety barrier You also see a table of the elements associated to the safety barrier In the example in Figure 12 there are 2 elements associated to the safety barrier For each associated element code title and probability are listed The probabilities of all associated elements are summed to give the total rate of the safety barrier There are two links on this screen a Edit Edit the safety barrier b Back Go
50. nd Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS WP3 TUD D3 3 Page 56 Issue 1 2 Classification Public e Gate variant The gate variant of the fault tree element only top events e Fault tree The fault tree which the fault tree element belongs to e Parent The parent element of the fault tree element 2 5 Access supporting documents In this mode you can access supporting documents to use the tool Figure 36 shows the initial screen when entering the access supporting documents mode Home page Disclaimer Aecos ZE Safety certification Home Supporting Documents This is a list of documents to support Analysis User Menu Name Description Source View Current Risk Pictu annul This document gives an overview of the Areas of ASCOS Change Change and associated aneh A total of 274 D3 1 areas of change have been identified Analysis Safety design PEREP This document shows the relation of each Future risk identified Area of Change to the domains ASCOS Change vs ATM ANS Aircraft amp Airworthiness Operations amp D3 1 FCL and Aerodrome This document shows the baseline risk picture for the risk model developed in ASCOS For each Domains Supporting Documents Total aviation stem ASCOS sy initiating Evenet of the event sequence diagram baseline risk D2 2 Change user Information i this document shows the number of occurences pictur
51. nd Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 35 Issue 1 2 Classification Public 2 4 1 Start new analysis If you click on the link New Analysis in the initial screen of the analysis mode section 2 4 you will access the CD screen shown in Figure 19 Home page Disclaimer Aecos 2 safety certification Home New analysis User Menu lt a View Current Risk Picture Description Analysis Safety design lt b Future risk Create Analysis Supporting Documents Back to list of MO Change user Information Back to the ASCOS website SS end EE ITE EE SEVENTH FRAMEWORK PROGRAMME Figure 19 Analysis Create new analysis You can create a new analysis in 2 steps 1 Fill in the form with the details of the new analysis you want to create a Title Type in the title of the analysis b Description Type in the description of the analysis 2 Create analysis Click on this button to create the analysis 2 4 2 Share the analysis If you follow the link Share of an analysis in the analyses overview screen see section 2 4 you access the screen that shows an overview of the users that you share the analysis with ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 36 Issue 1 2 Clas
52. nt of the ESD element h Final Select whether or not the ESD element represents a final event 2 Create ESD element modification Click on this button to save the ESD element modification in the analysis and apply it to the modified model 2 4 9 Show ESD element in an analysis If you click on the title of an ESD element in the ESD screen of an analysis see section 2 4 7 you access a screen similar to the one shown in Figure 28 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 47 Issue 1 2 Classification Public Home page Disclaimer A2COS safety certification Home Analysis Example Analysis Modified ESD element Flight crew does not regain User Menu control View Current Risk Picture Title Flight crew does not regain control Probability 4 590E 07 Analysis Safety design Future risk Event sequence diagram Loss of control due to poor airmanship Parent 147 Supporting Documents Linked fault tree Flight crew does not regain control Change user Information Back to ESD Loss of control due to poor airmanship Back to Analysis Example Analysis Back to the ASCOS website Logout mnd nd ff fn dn en dn na in id ndr en re Aad SEVENTH FRAMEWORK PROGRAMME Figure 28 Analysis ESD Show ESD element In this screen you see the details of the ESD element e Title The ti
53. nway ASCO1c1 0 344 Maximum braking not accomplished Brakes not applied correctly ASCO1c131465 ASCO1c13 462 Change user Information Administrator Menu Brakes not functioning Administration menu correct PEARES Update changes Confirm changes Back to the ASCOS website B Logout ENT ENC ENNE EEE ENNE PEER EP E E e SEVENTH FRAMEWORK PROGRAMME Figure 34 Analysis Fault tree element Edit top event probability Screen 2 This screen is divided in 2 sections In the first section you see the values e Original value The probability of the top event before you made any modification e Desired value The desired value of your modification e Current value The current value of the top event taking into account the modifications you made to the cut set You can modify the cut set of the top event and confirm your modifications in three steps 1 In this section of the screen enter the probabilities for the cut set to match your desired value of the top event probability a Enter the probability for each cut set element that you want to change 2 Update changes Modify the probabilities of the cut set elements to change the probability of the top event The current value see above of the top event will change ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 55 Issue 1 2
54. o all elements in the current risk picture These changes are represented by modifications If you follow one of links to Edit Delete or create a New Event sequence diagram in the show model screen of an analysis see section 2 4 5 you access a screen similar to the one shown in Figure 24 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 42 Issue 1 2 Classification Public Home User Menu View Current Risk Picture Analysis Safety design Future risk Supporting Documents Change user Information Back to the ASCOS website Logout Analysis Example Analysis New ESD modification Modification Details Modification name 1 Modification description Modification event sequence diagram o lt Modification type add Modification analysis Example Analysis Event Sequence Diagram Details Home page Disclaimer iy Ea PERIAM NYI AcCOS safety certification Title Code Description Create Event sequence diagram modification Back to ESD list Back to Analysis Example Analysis EEEN RE OT RE ET a ER Tg OE ETS EN EEE EE I a EE EK EE I SEVENTH FRAMEWORK PROGRAMME Figure 24 Analysis ESD Modify remove create In this screen you will add a modification of an ESD to the analysis You add a modifi
55. on other elements All elements within the model can be classified by the Risk type current emerging future risk that they are associated to 3 3 Representation of risk for the certification process Within an analysis existing elements in the model can be modified and new elements fault trees and event sequence diagrams can be added The tool for risk assessment can provide resulting changes to probabilities of final events in event sequence diagrams based on changes to base elements in fault trees The tool allows the safety practitioner to perform a top down analysis starting at the Top events of Fault trees see section 2 4 13 The results of the analysis can be exported to EXCEL and in a PDF summary report which can be used to support the certification process ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 60 Issue 1 2 Classification Public 3 4 Represent current risk in accident and accident avoidance scenarios The tool for risk assessment implements the risk model and accident scenarios developed within the ASCOS initiative Within the Model master of the tool the current risk is represented in accident and accident avoidance scenarios Section 2 3 explains how to access and explore the current risk picture 3 5 Identify accident scenarios linked to EASp operational issues Within the ASCOS initiative all ES
56. orting Documents Modification esd element an Change user Information Modification type Back to the ASCOS Add to existing modification website Modification analysis Example Analysis Logout ESD Element Details Title lt A Code Description DO Final p Event sequence diagram Example event sequence Diagram Type Select the Type of the element InitiatingEvent Create Esd element modification Back to ESD Example event seq Diagram Back to Analysis Example Analysis SEVENTH FRAMEWORK PROGRAMME Figure 27 Analysis ESD element Modify remove create In this screen you will add a modification of an ESD element to the analysis You add a modification in 2 steps 1 Enter the details of the modification a Modification name Type in the name of the modification b Modification description Type in a description of the modification ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 46 Issue 1 2 Classification Public c Modification event sequence diagram Type in the id of the event sequence diagram that you want to modify d Title Type in the modified title of the ESD element e Code Type in the modified code of the ESD element f Description Type in the modified description of the ESD element g Parent Parent eleme
57. ow Door Systems Failure ASCO1a112 BaseEvent5 014E 06 Show Other Systems Failure ASC01a113 BaseEvent4 407E 05 Show Flight crew rejects take off ASCO1b1 BaseEvent0 59 Show Aircraft does not stop on runway ASCOic1i TopEvent 5 822E 04 Show Flight crew does not maintain directional control Insufficient runway length ASCO1c12 BaseEvent4 852E 04 Show Maximum braking not accomplished Brakes not applied correctly ASCO1c131 BaseEvent4 852E 05 Show Previous 123456789 29 30 Next ASCOlc11 BaseEvent0 000E 00 Show ASCO1c13 TopEvent 9 704E 05 Show Back to Current Risk Picture overview SEVENTH FRAMEWORK PROGRAMME Figure 10 View current risk picture list search and filter fault tree elements 2 3 6 Manage element categories Associations allow to group elements of the risk model together You can create groups of elements for specific e _Safety barriers e Stakeholders e Areas of change ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 26 Issue 1 2 Classification Public e EASP categories e _Risk types e Precursors All associations are created the same way so in the following section it is explained how to group elements of the model together to a safety barrier Overview of safety barriers If you follow the link Safety barriers in the Overview screen of the View current risk pictur
58. re tool that can be used by a safety practitioner as support in the risk assessment process The tool will be validated within ASCOS WP5 Validation The software tool has now reached a stable prototype level It supports the following functionalities a Create safety risk picture for the current and future aviation system b Support safety analysis for the certification process c Support analysis of future and emerging risk d Create precursors and safety barriers e Represent safety culture and safety management f Classify and filter results by EASp AoC and stakeholder The tool for risk assessment supports an initial proposed methodology developed in the context of an agreement between ASCOS and the EASp Action EME1 2 11 which seeks to develop a possible picture of the future by establishing a foresight cell This would help to prioritize safety improvements efforts on the basis of foresight incorporating emerging and future risk However it should be noted that EASA and or other CAA s have not yet tested or evaluated the current version of the tool Follow up activities in the ASCOS WP5 should dedicate some efforts towards evaluating the usability of the tool in the context of the EASp Action EME1 2 For future work it is recommended to seek opportunities to widen the scope of the tool for risk assessment This could be achieved by opening up access to the tool for risk assessment to more users and collect their feedback on which fun
59. s 2 4 7 and 2 4 10 of this manual explain how to access the visualizations of ESDs and Fault tress within an analysis ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 62 Issue 1 2 Classification Public 3 17 Represent changes to the total aviation system by modifying Event Sequence Diagrams Fault Trees The tool for risk assessment enables the user to represent changes to the total aviation system by modifying ESDs and Fault trees Modifications can be added to the current risk picture within an analysis see section 2 4 The effects of a modification are implement immediately to the modified model within an analysis See section 2 4 5 3 18 Calculate accident probabilities The tool for risk assessment implements the risk model and accident scenarios developed within the ASCOS initiative The tool incorporates Fault Tree and Event Sequence Diagram logic and covers the total aviation system Accident probabilities are calculated based on the probabilities of all elements that contribute to the probability of the accident Accidents are represented by some of the final events of ESDs see section 2 3 1 The probability of ESD final events is calculated based on the probabilities of preceding ESD elements which are linked to Fault trees 3 19 Show the influence of stakeholders on parts of the model The tool for risk assessment enables
60. ship regain control ground ASC38al ASC38b1 ASC38c1 Edit Delete Edit Delete L Edit Delete Back to the ASCOS a ae website flight ASC38c2 1 0 Logout Edit Delete Back to ESD list Back to Analysis Example Analysis LE PNI WIE Ep EET VT LT WOT EN KDE EN A 2 Ea EEE EEEN EEN EDT PEN ESE NE SEVENTH FRAMEWORK PROGRAMME Figure 25 Analysis ESD Show ESD In this screen you see the details of the ESD such as title code and description and the event sequence diagram The event sequence diagram is made up of ESD elements For each ESD element you see the element title code and probability You can click on 3 different links a Element title Click on the element title to access the screen with details of the ESD element see section 2 4 9 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 44 Issue 1 2 Classification Public b Edit Modify the ESD element see section 2 4 8 c Delete Remove the ESD element from the analysis see section 2 4 8 If the ESD does not yet have any elements yet you see a screen similar to Figure 26 Home page Disclaimer Aecos 2 safety certification Home Analysis Example Analysis Modified ESD Example event sequence Diagram User Menu Title Example event sequence Diagram View Current Risk Picture Code ESD Example 1
61. sification Public Figure 20 shows an example where the analysis is shared with one user Home page Disclaimer Home Shared access to analysis Example Analysis User name Access type User Menu Heiko Udluft read Edit Destroy View Current Risk Picture Share with new user Analysis Safety design Future risk Supporting Documents Change user Information Back to the ASCOS website Logout dn nn end nn dn nn cnc nnn mms entend SEVENTH FRAMEWORK PROGRAMME Figure 20 Analysis Share an analysis overview On this screen you see a list of all the users that you share the analysis with and can follow 3 links a Edit Edit the access rights a user has for this analysis b Destroy Revoke access rights of a user to this analysis c Share with new user Share the analysis with a new user If you click on this link you access a new screen where you specify the user that you want to share the analysis with Section 2 4 3 2 4 3 Share analysis with new user If you follow the link Share with new user in the screen showing all the users that have access to your analysis see section 2 4 2 You access a screen that allows you to grant access to your analysis to another user see figure Figure 21 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 37 Issue 1 2 Classification Public
62. t tree element screen section 2 3 4 2 Switch between pages of fault tree elements ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 25 Issue 12 Classification Public Home page Disclaimer I Ac COS safety certification Home Listing Fault Tree elements Search for element by title ription or code User Menu View Current Risk Picture Filter by stakeholder Select a stakeholder lt 2 Search and Filter Analysis Safety design Future risk Title Code Type Probability Supporting Documents Aircraft system failure during ASCOla1 TopEvent 6 3 Shae take off Autoflight Failure ASCO1a11 BaseEvent4 714E 07 Show Communications Failure ASCOlal BaseEvent1 266E 07 Show Change user Information Electrical Power Failure ASCOial BaseEvent3 019E 06 Show Fire Protection Failure ASCOlal4 BaseEvent4 303E 07 Show Back to the ASCOS k ase Hydraulic Power Failure ASCO01a15 BaseEvent1 555E 06 Show Indicatin d Recording System aril gen 9 YS ASC0lal6 BaseEvent1 216E 06 Show Logout Navigation System Failure ASCOlal7 BaseEvent3 996E 06 Show Auxiliary Power Unit Failure ASCO1a18 BaseEvent3 018E 07 Show Flap Systems Failure ASCO1a19 BaseEvent1 481E 06 Show Drag Control Systems Failure ASCO01a110 BaseEvent1 181E 06 Show Pneumatic Systems Failure ASCO1a111 BaseEvent8 611E 07 Sh
63. tails of the top event as well as the cut set of the top event The calculation of the probability of the top event is based on the probabilities of the cut set ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 23 Issue 12 Classification Public Home page Disclaimer AcCOS ZE Safety certification Home Model master FT element Flight crew does not regain control User Menu Title Flight crew does not regain control View Current Risk Picture Description Analysis Safety design Probability 4 590E 07 Fut isk uture risk Type TopEvent Supporting Documents Gate variant OR Fault tree Flight crew does not regain control Change user Information Parent Child Elenents ala Title Code Relatedness Probability website Uncontrollable ASC38b11 1 148E 07 teenie Lack of control ASC38b12 1 148E 07 Incorrect control ASC38b13 1 148E 07 Insufficient control ASC38b14 1 148E 07 Back to Fault Tree Flight crew does not regain control Back to Fault Tree element list rr SEVENTH FRAMEWORK PROGRAMME Figure 8 View current risk picture Fault tree top event If you click on the link to a base event in the fault tree explained in section 2 3 3 you will open the screen in Figure 9 In this screen you see the details of the base event ASCOS Aviation Safety and Certification of new
64. tep 2 4 nanne enen een neren evenvsenvervservvervvervversverenvevevens 31 Figure 16 Associations Safety barrier New Step 3 4 nanne nennen eenen enennvensersvenvservvensversservsvevnvens 32 Figure 17 Associations Safety barrier New Step 3 4 naaar e eee enennvensersvervnenvvervservsevenvevevens 33 Figure 18 ANSIVSIS OVC VIEW sami bent ATS sadeana a 34 Figure 19 Analysis Create new analysis cccccccsssseccccsesececcsaseseccessesececseeseeecsessccessueuecessueuseeseseugaeceessaaeseeseaees 35 Figure 20 Analysis Share an analysis OVErViGW ccccsssseccccsessseccecsseccccseeseecessaeceessuaceessseseceeseseceeessuaeeessaees 36 Figure 21 Analysis Share an analysis Share with new user svsvunssrrrrenerseennnnerrennnnsererennnerse eenen 37 Figure 22 Analysis Details of the analysis vsissncssaseesvansssdsedevidasadsnxvedshinaseis edenders4 dia toiasindavess baassiadiadaieavavesdelaeine 38 Figure 23 Analysis List of event sequence diagrams cccccsssseccceeescccecceeseeccssaueecceueceessaeeseesessuseeeesaaseeeeessaees 41 Figure 24 Analysis ESD Modify remove create src cccisceccitecerancertzaciscndeqasaitis naadnedauedeimbeadenansiadeonwennlaendeaesiatineed 42 Figure 25 Analysis ESD ShoW ESD nsii narar ia R i Aa E E ENN E a ARIA 43 Figure 26 Analysis ESD SHOW empty ESD iersnsnastorsvnnererdrotoitendinerseordenikeesenkosssobententbkankadndbentiakesonnikhe
65. the tool for risk assessment In this section example applications that represent functionalities of the tool for risk are presented 3 1 Support safety based design of technologies operations and systems The tool for risk assessment implements the risk model and accident scenarios developed within the ASCOS initiative The methodology which the tool is based upon incorporates Fault Tree and Event Sequence Diagram logic and covers the total aviation system By implementing the risk model and accident scenarios mentioned above the tool enables the safety practitioner to model the system wide impact of changes and supports safety based design of technologies operations and systems The ASCOS risk model that is provided with the tool is called the Model Master Within an analysis the user can make changes to the model master by adding modifications The modifications within an analysis and the model master result in the modified mode Section 2 3 and 0 explain how to access the model master and carry out a safety analysis 3 2 Handle current emerging and future risks The tool for risk assessment implements the risk model and accident scenarios developed within the ASCOS initiative This model can be used to handle current emerging and future risk The safety practitioner can add modifications to the model that represent emerging and future risk These changes propagate through the model and have a system wide impact
66. tle of the ESD element e Probability The probability of the ESD element This is inherited from the top event of the linked fault tree e Event sequence diagram The event sequence diagram which the ESD element belongs to e Parent The parent element of the ESD element Linked fault tree The title of the link fault tree You can click on the title to linked fault tree to access the linked fault tree a Title of the linked fault tree Click on tis link to access the screen of the linked fault tree see section 2 4 11 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 48 Issue 1 2 Classification Public 2 4 10 Create a fault tree in an analysis As mentioned before you can make changes to all elements in the current risk picture These changes are represented by modifications If you follow the link to Associate new fault tree in the show ESD element screen of an analysis see section 2 4 9 you access a screen similar to the one shown in Figure 29 Home page Disclaimer Aecos ZE safety certification Home Analysis Example Analysis Modified ESD element Example ESD element User Menu New Fault Tree modification Modification Details Modification name lt Analysis Safety design Future risk Modification description Supporting Documents lt Modification fault tree
67. ture risk Continue Supporting Documents Change user Information Administrator Menu Administration menu Back to the ASCOS website Logout SEVENTH FRAMEWORK PROGRAMME Figure 15 Associations Safety barrier New Step 2 4 To select the type of the element which you want to associate to the safety barrier you must 1 Select the type of the element from the list 2 Click on the button continue to continue to step 3 3 Select the element for the new association Figure 16 shows step 3 of the wizard where you select the element that you want to associate to the safety barrier that you selected in step 1 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS safety certification Ref ASCOS_WP3_TUD_D3 3 Page 32 Issue 1 2 Classification Public AcCOS safety certification Home page Disclaimer Home Select the elements that you want to associate to Example safety barrier User Menu List of elements View Current Risk Picture ASCOial Aircraft system failure during take off lt ASCO1b1 Flight crew rejects take off ASCOicl aircraft does not stop on runway Analysis Safety design ASCO1c2 Aircraft continues take off Future risk ASCO1di1 Runway excursion ASCO1d2 Aircraft stops on runway ASCO2al ATC event during take off Supporting Documents ASCO2b1 Flight crew rejects take off ASCO2c1 aircraft does not
68. uirements for new technologies operations and systems The tool can give input to the safety practitioner to derive requirements for new technologies operations and systems including products It allows the safety practitioner to view the current risk picture see section 2 3 and add or modify elements of fault trees and event sequence diagrams within an analysis see section 2 4 Changes to the current risk picture are tracked within an analysis and can be output in a PDF report or EXCEL file ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 Ref ASCOS WP3 TUD D3 3 Page 61 Issue 1 2 Classification Public 3 10 Model new Event Sequence Diagrams for scenarios unique to new technologies systems products or operations The tool enables the user to model new event sequence diagrams for scenarios unique to new technologies systems products or operations Section 2 4 6 of this manual explains how to add new event sequence diagrams to an analysis 3 11 Modify and update ESDs The tool for risk assessment enables the user to modify and update event sequence diagrams ESD and ESD elements Sections 2 4 6 and 2 4 8 explain how to modify ESDs within an analysis 3 12 Modify Fault Trees The tool for risk assessment enables the user to modify and update Fault trees and Fault tree Sections 2 4 10 and 2 4 12 of this manual explain how to modify Fault trees within an analysis
69. vels 60 3 9 Derive safety objectives and safety requirements for new technologies operations and systems 60 3 10 Model new Event Sequence Diagrams for scenarios unique to new technologies systems products or operations 61 3 11 Modify and update ESDs 61 3 12 Modify Fault Trees 61 3 13 Identify the impacts of future emerging and current risks 61 3 14 Identify future and emerging risks resulting from precursors 61 3 15 Show and overview of all base events 61 3 16 Visualize ESDs and Fault trees 61 3 17 Represent changes to the total aviation system by modifying Event Sequence Diagrams Fault Trees 62 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS gt safety certification Ref ASCOS_WP3_TUD_D3 3 Page 10 Classification Public Issue 1 2 3 18 Calculate accident probabilities 62 3 19 Show the influence of stakeholders on parts of the model 62 3 20 Modify Elements probabilities 62 4 Conclusions and recommendations 63 References 64 Appendix A Functional flow diagram 65 ASCOS Aviation Safety and Certification of new Operations and Systems Grant Agreement No 314299 AcCOS Cy safety certification Ref ASCOS WP3 TUD D3 3 Page 11 Issue 1 2 Classification Public List of Figures Figure 1 General structure of the TOOL ssersarsonssetesstreasnetd on veteianiaietiadhbevehdentoikikddetesbaderdasdddemein sin derman did ende 15 ISP 2 EO SCP Seend neo sa
Download Pdf Manuals
Related Search