曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
operational environment could be described by the type of operation (air traffic control, air carrier,
general aviation, etc.) and phase (ground taxiing, takeoff, approach, enroute, transoceanic, landing, etc.).
Ambient conditions are those involving temperature, humidity, lightning, electromagnetic effects,
radiation, precipitation, vibration, etc.
FAA System Safety Handbook, Chapter 3: Principles of System Safety
December 30, 2000
3-
18
Figure 3-6: The SHELL Model
In the SHELL model, the match or mismatch of the blocks (interface) is just as important as the
characteristics described by the blocks themselves. These blocks may be re-arranged as required to
describe the system. A connection between blocks indicates an interface between the two elements.
H
S L
L
E
S= Software (procedures, symbology, etc.
H= Hardware (machine)
E= Environment (operational and ambient)
L= Liveware (human element)
SHELL Model of a system
FAA System Safety Handbook, Chapter 3: Principles of System Safety
December 30, 2000
3-
19
Each element of the system should be described both functionally and physically if possible. A function is
defined as
An action or purpose for which a system, subsystem, or element is designed to perform.
Functional description: A functional description should describe what the system is intended to do, and
should include subsystem functions as they relate to and support the system function. Review the FAA
System Engineering Manual (SEM) for details on functional analysis.
Physical characteristics: A physical description provides the audience with information on the real
composition and organization of the tangible system elements. As before, the level of detail varies with the
size and complexity of the system, with the end objective being adequate audience understanding of the
safety risk.
Both models describe interfaces. These interfaces come in many forms. The table below is a list of
interface types that the system engineer may encounter.
Interface Type Examples
Mechanical Transmission of torque via a driveshaft. Rocket motor in an ejection
seat.
Control A control signal sent from a flight control computer to an actuator. A
human operator selecting a flight management system mode.
Data A position transducer reporting an actuator movement to a computer. A
cockpit visual display to a pilot.
Physical An avionics rack retaining several electronic boxes and modules. A
computer sitting on a desk. A brace for an air cooling vent. A flapping
hinge on a rotor.
Electrical A DC power bus supplying energy to an anti-collision light. A fan
plugged into an AC outlet for current. An electrical circuit closing a
solenoid.
Aerodynamic A stall indicator on a wing. A fairing designed to prevent vortices from
impacting a control surface on an aircraft.
Hydraulic Pressurized fluid supplying power to an flight control actuator. A fuel
system pulling fuel from a tank to the engine.
Pneumatic An adiabatic expansion cooling unit supplying cold air to an avionics
bay. An air compressor supplying pressurized air to an engine air
turbine starter.
Electromagnetic RF signals from a VOR . A radar transmission.
i MIL-STD-882. (1984). Military standard system safety program requirements. Department of Defense.
FAA System Safety Handbook, Chapter 4: Pre-Investment Decision Safety Assessments
December 30, 2000
4 -
1
Chapter 4:
Safety Assessments Before Investment Decision
4.0 SAFETY ASSESSMENTS BEFORE INVESTMENT DECISION...............................................2
4.1 OPERATIONAL SAFETY ASSESSMENT ...................................................................................3
4.2 COMPARATIVE SAFETY ASSESSMENT (CSA) ....................................................................10
FAA System Safety Handbook, Chapter 4: Pre-Investment Decision Safety Assessments
December 30, 2000
4 -
2
4.0 Safety Assessments Before Investment Decision
Before the investment decision at JRC 2, there are two phases of the acquisition life cycle: Mission
Analysis and Investment Analysis. The Pre-Investment phase of a program encompasses the Mission
Analysis and Investment Analysis phases of the Acquisition cycle illustrated in Figure 4-1. System
safety’s purpose during these phases is twofold. The first purpose is to develop early safety requirements
that form the foundation of the safety and system engineering efforts. The second purpose is to provide
objective safety data to the management activity when making decisions. The early assessment of
alternatives saves time and money, and permits the “decision makers” to make informed, data driven
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册上(90)
