The aviation industry is obsessed with techniques and processes to demonstrate safety and rightly so. It is important that the right technique is applied for each situation. However, just because a technique is the tried and trusted way of doing something doesn’t mean that there aren’t more suitable approaches available or reason to further develop existing or indeed new, techniques.

Here at Think we have noticed that there are limitations with the HAZOP techniques recommended by many national and international standards such as the CAA in CAP 760: Guidance on the Conduct of Hazard Identification, Risk Assessment and the Production of Safety Cases [1]. We have therefore branched out and used techniques that are more applicable to the large scale air traffic and airport operations we work with.  One such technique, that we outline further below, is the Geo HAZid.

 

The problem/background

The Civil Aviation Authority (CAA) suggests using three types of hazard identification techniques within the guidance published in CAP 760: historical, brainstorming, and systematic. They suggest two systematic hazard identification processes: Failure Modes Effects and Criticality Analysis (FMECA) and Hazard and Operability Analysis (HAZOP):

  • FMECA is a bottom-up approach that systematically tries to identify where failures may occur by applying a set of failure modes to systems. It can be applied at a system functional level as well as at the component level. This technique is really useful in traditional hardware safety cases as it can help identify the points of failure of systems and what the resultant effect may be.
  • HAZOP is a top-down approach that “uses an expert group to conduct a structured analysis of a system using a series of guide words to explore potential hazards”. The hazard identification part of this technique is effectively a more structured version of brainstorming.

The HAZOP technique has its limitations though. The process should work such that the group will walk through the system or procedure, apply a set of keywords, and this would result in a list of hazards. Examples of HAZOP keywords are ‘too far’ or ‘too early’. For example, an aircraft is taxiing towards the runway, it holds too far and crosses the stop bar resulting in a runway incursion. This is the theory, however, in practice having a group of experts all who want to make sure their part of the operation is accounted for, can result in the structured approach becoming derailed.

The HAZOP process is very good for small scale changes, where the remit of the hazard identification process will be for a small area or a limited number of systems or processes. As the scale of the system increases the number of possible interactions between component parts of an operation will drastically increase and therefore the number of things that may go wrong increases as well. Also, the number of experts from different parts of the operation you will need to take account of increases. This makes it difficult to ensure that the resultant list of hazards is a comprehensive one.

 

Geo-HAZid

A technique that tries to address this problem is the geometric hazard identification technique (Geo HAZid). This is a top-down systematic method for identifying the types and locations of accidents associated with airport and air traffic control operations. This technique shifts the point of view from the hazard to the accident. Rather than asking what could go wrong and what will it lead to, you start with an accident and then ask how could this accident occur? One of the main advantages of using this is it ensures that any “safety-by-compliance” regulations that have been applied have their underlying assumptions verified as applicable to the relevant operation being considered.

This method considers the nominal and non-nominal airborne or ground paths of aircraft, to identify how they interact with the airport infrastructure and with other aircraft. It was based on the HAZid method developed by the CAA [2] and updated in an academic research project at Loughborough University [3].  The output of applying HAZid or geometric HAZid is used in safety cases for airport design, airport operations, flight operations, aircraft design, ATC equipment, ATC operations, airspace, and visual/instrument flight procedure design.

If the technique is applied to flight operations, it starts with single aircraft movements and then looks at the interactions between more than one aircraft.

A summary of the staged approach to the geometric identification of hazards applied to an airport is provided below:

  1. Nominal route The first stage considers a single aircraft operating on an airport’s surface and the flightpaths in and out of the airport along the planned anticipated route;
  2. Non-nominal route The second stage considers the same aircraft but deviating from the planned route. The deviation includes items such as staying on the pavement but turning onto the wrong taxiway as well as excursions from the main pavement intended for operational use or for flightpaths it could be in any of the geometric dimensions, axes of rotation and speed. These deviations can be generated considering historic cases of aircraft deviations;
  3. Interaction path The third stage considers multiple aircraft operating on an airport’s surface or along the flightpaths. First operating along their nominal routes and then including deviations to find where they may interact.

The GIF below illustrates the nominal, non-nominal, and multiple aircraft interaction scenarios:

A gif illustrating the nominal, non-nominal, and multiple aircraft interaction scenarios

 

Application to an Airport Safety Case

A recent Think project was concerned with an airport seeking to bring some new airfield infrastructure into operation. As part of the development process they wanted to ensure that the future operation was going to meet the expected safety standards and we conducted the safety assessment. The purpose of this was to investigate what may need to be addressed to ensure the operation is safe and to then present the findings to the CAA when seeking approval.

The initial approach to this activity was to follow the recommended practices within CAP760. However, as mentioned above we found the process had limitations. A full HAZOP was conducted, and a list of hazards produced in a Hazard Log. However, whilst gap checking the hazards, we ultimately could not state that the list of hazards that had been produced was a comprehensive list given we were attempting to assess the whole of the operation. We therefore chose to also apply the Geo HAZid technique.

The Geo HAZid technique changed our focus to the accident. Once this technique had been applied it gave us a list of scenarios that may occur and where interactions could happen. The Hazard Log, which was created as part of the HAZOP, was mapped onto to this new list of interactions and we were able to systematically spot where there were gaps that needed to be filled.

If you would like to learn more about what was discussed in this article or are planning on making changes to your operation and want to find out how we can help you ensure that safety is maintained then please get in touch.

James Lewis- Think ATM Consultant

Author: James Lewis, ATM Consultant

 


References

[1]  Civil Aviation Authority UK, “CAP 760: Guidance on the Conduct of Hazard Identification, Risk Assessment and the Production of Safety Cases: For Aerodrome Operators and Air Traffic Service Providers,” 2010.

[2] D. P. Gleave and M. Humphries, “Civil Aviation Authority Report number CS9314 – Hazard analysis of an arrivals only runway—issue 1”.

[3] W. KA, “PhD thesis: The modelling of accident frequency using risk exposure data for the assessment of airport safety areas,” 2007 .