曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
Services (ATS) supported by communications [R5.7].
Key issues for the application of hazard analysis techniques include the need for an end-toend
system definition, as well as development of a detailed operational concept for the
system applications. The methodology requires allocation of requirements across air,
ground, and satellite systems to achieve high-level performance requirements, including
airspace use accuracy, system availability, and integrity. The ATS Safety and Interoperability
analysis for SC-189/WG-53 includes the development of “Characteristics of
the CNS/ATM Operational Environment for ATS that Use Data Communications” [R5.8].
The document is intended to provide a template for regional planning groups, CAAs (civil
aviation authorities), ATS providers, and airspace users to assemble the needed
information and definition of safety objectives. Environment characteristics are identified;
airspace characteristics enumerated; required functions and capabilities characterized; and
operational scenarios developed. This document provides a framework for application of
hazard analysis techniques to communications systems.
It may be worthwhile to use hazard analysis to attempt to develop a probability
distribution for deviations resulting from the “unexpected” events mentioned previously.
Great care will be needed to include all significant events and to accurately determine the
probabilities of these events. Existing data may, of course, make this impossible, so that
use of a hazard analysis to produce a probability distribution of deviations may result in a
distribution that is no more accurate than one developed from empirical data.
A range of hazard analysis tools have been developed and applied to complex system risk
evaluation. These are described in Section 5.2.1. Applications of hazard analysis
methods, such as fault and event tree analyses to air traffic separation risk evaluation, is
summarized in Section 5.2.2.
5.2.1 A Brief Review of Existing Hazard Analysis Techniques
Hazard analysis techniques are divided into four families: the Hazard Identification Family,
the Static Assessment Family, the Dynamic Assessment Family, and the Human Reliability
Family. Each of these families have techniques which can be applied to the safety
evaluation of particular subsystems of the collision risk analysis system for a given
application. The right methodology to perform a collision risk analysis may, in fact, be
based on a combination of several of these techniques.
The Hazard Identification Family consists of techniques used to systematically identify
hazards. These techniques can be employed in the context of collision risk to predict,
identify, and/or diagnose what in the system or the procedures may create a collision risk.
All the techniques in this family are qualitative and deductive, and do not take
dependencies into account. However, their application will be useful preparatory work for
applying techniques from the other families. In particular, Preliminary Hazard Analysis
(PHA) identifies hazardous conditions or accident scenarios, as well as hazard causes,
SEPARATION SAFETY MODELING
5-4
effects, and corrective actions. It is, thus, a good starting point in a collision risk analysis.
Failure Modes and Effects Analysis (FMEA) provides a systematic approach for analyzing
failure modes and their effects. It is usually applied after a PHA and before more
sophisticated techniques. This technique could clearly be applied in the equipment portion
of a collision risk model/analysis. While FMEA applies to component (both hardware and
software), Functional Hazard Analysis (FHA) assesses the effects of functional failures on
the system. Finally Hazard and Operability Study (HazOp) takes into account human
operations, and could be applied to the human factors part of a collision risk
model/analysis.
The Static Assessment Family includes qualitative and quantitative techniques which do
not incorporate any dynamics. The most famous techniques in this family are Fault Tree
Analysis (FTA) and Event Tree Analysis (ETA).
In a Fault Tree Analysis, a failure or fault of interest (top event) is defined, and faults or
failures of components or subsystems which lead to the top event are identified. The
failure is often that of a complex system, comprised of sub-systems, components, and
human operators. The top event may also be the failure of a single component or even the
degradation of performance of an operator or human error. The cause sequence(s)
leading to the top event are modeled through a graph where links between failures and/or
operational errors are Boolean operators, such as logical AND/OR gates. At any level, an
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
a concept paper for separation safety modeling(20)
