PRNAV

1
P-RNAV Safety Assessment Safety
Argument September 2007 Ed Smith DNV
2
Background to Safety Studies

• Over last 5-10 years EUROCONTROL produced a
  series of P-RNAV safety studies
• Last safety assessment (FHA/ PSSA) was completed
  in May 2004 and safety argument (v2.0) in March
  2005
• These documents received a lot of peer review and
  comment
• As a result EUROCONTROL commissioned a project in
  late 2006 to review, re-verify and re-validate
  these documents
• Also extended scope, primarily to cover Non-Radar
  environment and below MRVA/ MSA
• That project has produced draft updates of the
  FHA/ PSSA and the safety argument

3
Overall Approach
Safety Targets
Top Down Review Are targets robust? Does FHA/
PSSA process make sense etc.
Bottom Up Review Are SRs achievable? Are they
consistent with TGL10, TSO C129a etc.?
FHA/ PSSA

• Safety Requirements (SRs)
• FSRs
• SIRs

4
Key Tasks

• WHAT
• Set single consistent TLS
• Review hazard identification
• Expand to cover non-radar and below MRVA/ MSA
• Update severity/ frequency analysis
• Validate quantification
• Link quantification to mitigations under
  stakeholder control
• Address GNSS stand-alone navigation (GA focus)

• HOW
• ANSP stakeholder steering group
• Safety workshop multidisciplinary
• Review against documentation (TGL 10, TSO C129a
  etc)
• Review against other safety projects (TLS
  setting, RNAV approach safety assessment etc.)
• Review of all available data sources (RNAV track
  keeping studies, database integrity etc.)

5
Draft FHA/ PSSA Main Outputs

• Under review by ANSP stakeholders
• Preliminary main outputs
• All Functional Safety Requirements reviewed and
  updated to address stakeholder concerns
• All Safety Integrity Requirements (SIRs) updated
  to reflect latest data sources
• SIRs linked to practical risk mitigations
• Together all the above clearly show what is
  needed to meet safety criteria

6
Draft Safety Argument Main Outputs

• Addresses risk under failure conditions and
  fault-free conditions
• As before uses Goal Structured Notation (GSN) to
  lay out key arguments and evidence
• Slimmed down format
• Updated based on FHA/ PSSA latest
• Shows more clearly what EUROCONTROL has
  demonstrated concerning P-RNAV safety and what
  stakeholders need to do at a local level
• The review activities have indicated that the
  revised safety requirements are practicable and
  realistic
• Fulfilment of the requirements and/or the
  mitigations that support the safety requirements,
  are all capable of direct verification by
  stakeholders

7
Draft Safety Argument Structure
Arg 1
P
-
RNAV in TA has
been specified to be
acceptably safe
Arg 1.8
Arg 1.1
Backing evidence is
The underlying concept
available to show that
is intrinsically safe
direct evidence is
trustworthy
Arg 1.2
Arg 1.7
The system design is
complete
All safety issues have been
resolved or actions
identified to resolve
Arg 1.3
Arg 1.6
The system design functions
correctly and coherently under
That which has been
all expected conditions
specified is realistic
Arg 1.5
Arg 1.4
All risks from internal
The system design is
system failure have been
robust against external
mitigated sufficiently
abnormalities
8
Summary

• Latest P-RNAV safety assessment activities have
  addressed all the issues raised by stakeholders
  at TERA and other fora
• This has led to significant update of the safety
  requirements to bring them more into line with
  TGL10 and other available guidance/ data sources
• Once comments from the ANSP steering group on the
  draft deliverables have been received, the safety
  assessment and safety argument documents will be
  finalised
• These should then facilitate the production of
  local safety assessments/ safety cases