Zonal safety analysis
Encyclopedia
Zonal Safety Analysis is one of three analytical methods which, taken together, form a Common Cause Analysis (CCA) in aircraft
safety engineering
under SAE ARP4761
. The other two methods are Particular Risks Analysis (PRA) and Common Mode Analysis (CMA). Aircraft system safety
requires the independence of failure conditions for multiple systems. Independent failures, represented by an AND gate in a fault tree analysis
, have a low probability of occurring in the same flight. Common causes result in the loss of independence, which dramatically increases probability of failure. CCA and ZSA are used to find and eliminate or mitigate common causes for multiple failures.
with respect to design and installation standards, interference between systems, and maintenance errors. In those areas of the aeroplane where multiple systems and components are installed in close proximity, it should be ensured that the zonal analysis would identify any failure or malfunction which by itself is considered sustainable but which could have more serious effects when adversely affecting other adjacent systems or components. http://www.easa.eu.int/agency-measures/docs/agency-decisions/2010/2010-013-R/CS-25%20Amdt%2010.pdf
Aircraft manufacturers divide the airframe into zones to support airworthiness
regulations, the design process, and to plan and facilitate maintenance. The commonly used aviation standard ATA
iSpec 2200, which replaced ATA Spec 100, contains guidelines for determining airplane zones and their numbering. Some manufacturers use ASD S1000D
for the same purpose. The zones and subzones generally relate to physical barriers in the aircraft. A typical zone map for a small transport aircraft is shown.
Aircraft zones differ in usage, pressurization, temperature range, exposure to severe weather and lightning strikes, and the hazards contained such as ignition sources, flammable fluids, flammable vapors, or rotating machines. Accordingly, installation rules differ by zone. For example, installation requirements for wiring depends on whether it is installed in a fire zone, rotor burst zone, or cargo area.
ZSA includes verification that a system's equipment and interconnecting wires, cables, and hydraulic and pneumatic lines are installed in accordance with defined installation rules and segregation requirements. ZSA evaluates the potential for equipment interference. It also considers failure modes and maintenance errors that could have a cascading effect on systems
, such as:
Potential problems are identified and tracked for resolution. For example, if redundant channels of a database were routed through an area where rotorburst fragments oculd result in loss of all channels, at least one channel should be rerouted.
, a McDonnell Douglas DC-10-10, experienced an uncontained failure of its No. 2 engine stage 1 fan rotor disk assembly. The engine fragments severed the No. 1 and No. 3 hydraulic system lines. Forces from the engine failure fractured the No. 2 hydraulic system line. With the loss of all three hydraulic-powered flight control systems, safe landing was impossible. The lack of independence of the three hydraulic systems, although physically isolated, were vulnerable to a single failure event due to their close proximity to one another. Thiz was a zonal hazard. The aircraft crashed after diversion to Sioux Gateway Airport in Sioux City, Iowa, with 111 fatalities, 47 serious injuries and 125 minor injuries.
On August 12, 1985, Japan Air Lines Flight 123, a Boeing 747-SR100, experienced cabin decompression 12 minutes after takeoff from Haneda Airport in Tokyo, Japan, at 24,000 feet. The decompression was caused by failure of a previously repaired aft pressure bulkhead. Cabin air rushed into the unpressurized fuselage cavity, overpressurizing the area and causing failure of the auxiliary power unit (APU) firewall and the supporting structure for the vertical fin. The vertical fin separated from the airplane. Hydraulic components located in the aft body were also severed, leading to a rapid depletion of all four hydraulic systems. The loss of the vertical fin, coupled with the loss of all four hydraulic systems, left the airplane extremely difficult, if not impossible, to control in all three axes. Lack of independence of four hydraulic systems from a single failure event was a zonal hazard. The aircraft struck a mountain at forty-six minutes after takeoff with 520 fatalities and 4 survivors.
Air Safety
ARP4761
Aircraft
An aircraft is a vehicle that is able to fly by gaining support from the air, or, in general, the atmosphere of a planet. An aircraft counters the force of gravity by using either static lift or by using the dynamic lift of an airfoil, or in a few cases the downward thrust from jet engines.Although...
safety engineering
Safety engineering
Safety engineering is an applied science strongly related to systems engineering / industrial engineering and the subset System Safety Engineering...
under SAE ARP4761
ARP4761
ARP4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment is a standard from the Society of Automotive Engineers . In conjunction with SAE ARP4754, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S...
. The other two methods are Particular Risks Analysis (PRA) and Common Mode Analysis (CMA). Aircraft system safety
System safety
The system safety concept calls for a risk management strategy based on identification, analysis of hazards and application of remedial controls using a systems-based approach...
requires the independence of failure conditions for multiple systems. Independent failures, represented by an AND gate in a fault tree analysis
Fault tree analysis
Fault tree analysis is a top down, deductive failure analysis in which an undesired state of a system is analyzed using boolean logic to combine a series of lower-level events...
, have a low probability of occurring in the same flight. Common causes result in the loss of independence, which dramatically increases probability of failure. CCA and ZSA are used to find and eliminate or mitigate common causes for multiple failures.
General Description
ZSA is a method of ensuring that the equipment installations within each zone of an aircraft meet adequate safety standardsSafety standards
Safety standards are standards designed to ensure the safety of products, activities or processes, etc. They may be advisory or compulsory and are normally laid down by an advisory or regulatory body that may be either voluntary or statutory...
with respect to design and installation standards, interference between systems, and maintenance errors. In those areas of the aeroplane where multiple systems and components are installed in close proximity, it should be ensured that the zonal analysis would identify any failure or malfunction which by itself is considered sustainable but which could have more serious effects when adversely affecting other adjacent systems or components. http://www.easa.eu.int/agency-measures/docs/agency-decisions/2010/2010-013-R/CS-25%20Amdt%2010.pdf
Aircraft manufacturers divide the airframe into zones to support airworthiness
Airworthiness
Airworthiness is a term used to describe whether an aircraft has been certified as suitable for safe flight. Certification is initially conferred by a Certificate of Airworthiness from a National Airworthiness Authority, and is maintained by performing required maintenance actions by a licensed...
regulations, the design process, and to plan and facilitate maintenance. The commonly used aviation standard ATA
Air Transport Association
Airlines for America , formerly known as Air Transport Association of America, Inc. , is America's oldest and largest airline trade association. A4A member airlines and their affiliates transport more than 90 percent of U.S. airline passenger and cargo traffic. Based in Washington, D.C., the...
iSpec 2200, which replaced ATA Spec 100, contains guidelines for determining airplane zones and their numbering. Some manufacturers use ASD S1000D
S1000D
S1000D is an international specification for the procurement and production of technical publications. It is an XML specification for preparing, managing, and using equipment maintenance and operations information. It was initially developed by the for use with military aircraft...
for the same purpose. The zones and subzones generally relate to physical barriers in the aircraft. A typical zone map for a small transport aircraft is shown.
Aircraft zones differ in usage, pressurization, temperature range, exposure to severe weather and lightning strikes, and the hazards contained such as ignition sources, flammable fluids, flammable vapors, or rotating machines. Accordingly, installation rules differ by zone. For example, installation requirements for wiring depends on whether it is installed in a fire zone, rotor burst zone, or cargo area.
ZSA includes verification that a system's equipment and interconnecting wires, cables, and hydraulic and pneumatic lines are installed in accordance with defined installation rules and segregation requirements. ZSA evaluates the potential for equipment interference. It also considers failure modes and maintenance errors that could have a cascading effect on systems
, such as:
- Flailing torque shaft
- Oxygen leak
- Accumulator burst
- Fluid leak
- Rotorburst
- Loose fastener
- Bleed air leak
- Overheated wire
- Connector keying error
Potential problems are identified and tracked for resolution. For example, if redundant channels of a database were routed through an area where rotorburst fragments oculd result in loss of all channels, at least one channel should be rerouted.
Case Studies
On July 19, 1989, United Airlines Flight 232United Airlines Flight 232
United Airlines Flight 232 was a scheduled flight from Stapleton International Airport in Denver, Colorado, to O'Hare International Airport in Chicago, with continuing service to Philadelphia International Airport...
, a McDonnell Douglas DC-10-10, experienced an uncontained failure of its No. 2 engine stage 1 fan rotor disk assembly. The engine fragments severed the No. 1 and No. 3 hydraulic system lines. Forces from the engine failure fractured the No. 2 hydraulic system line. With the loss of all three hydraulic-powered flight control systems, safe landing was impossible. The lack of independence of the three hydraulic systems, although physically isolated, were vulnerable to a single failure event due to their close proximity to one another. Thiz was a zonal hazard. The aircraft crashed after diversion to Sioux Gateway Airport in Sioux City, Iowa, with 111 fatalities, 47 serious injuries and 125 minor injuries.
On August 12, 1985, Japan Air Lines Flight 123, a Boeing 747-SR100, experienced cabin decompression 12 minutes after takeoff from Haneda Airport in Tokyo, Japan, at 24,000 feet. The decompression was caused by failure of a previously repaired aft pressure bulkhead. Cabin air rushed into the unpressurized fuselage cavity, overpressurizing the area and causing failure of the auxiliary power unit (APU) firewall and the supporting structure for the vertical fin. The vertical fin separated from the airplane. Hydraulic components located in the aft body were also severed, leading to a rapid depletion of all four hydraulic systems. The loss of the vertical fin, coupled with the loss of all four hydraulic systems, left the airplane extremely difficult, if not impossible, to control in all three axes. Lack of independence of four hydraulic systems from a single failure event was a zonal hazard. The aircraft struck a mountain at forty-six minutes after takeoff with 520 fatalities and 4 survivors.
External links
See also
Aerospace EngineeringAerospace engineering
Aerospace engineering is the primary branch of engineering concerned with the design, construction and science of aircraft and spacecraft. It is divided into two major and overlapping branches: aeronautical engineering and astronautical engineering...
Air Safety
Air safety
Air safety is a term encompassing the theory, investigation and categorization of flight failures, and the prevention of such failures through regulation, education and training. It can also be applied in the context of campaigns that inform the public as to the safety of air travel.-United...
ARP4761
ARP4761
ARP4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment is a standard from the Society of Automotive Engineers . In conjunction with SAE ARP4754, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S...