麻省理工学院：System Safety：week3

c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a19a18a7a20 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Accident models provide the basis for Investigating and analyzing accidents Preventing accidents Hazard analysis Design for safety Assessing risk (determining whether systems are suitable for use) Performance modeling and defining safety metrics c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a19a18a7a21 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Basic Energy Model Assumes accidents are the result of an uncontrolled and undesired release of energy. Use barriers or control energy flows to prevent them. Barrier ENERGY Energy flow SOURCE OBJECT Variations: Both (1) application of energy and (2) interference in normal exchange of energy. Energy transformation vs. energy deficiency. Action systems (systems that produce energy) vs. nonaction systems (systems that constrain energy) c a15a7a6a7a16a3a6a7a14a71a11a7a8a12a17a72a18a7a18a7a73a75a74a75a76a7a76 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Heinrich’s Domino Model of Accidents People, not things, are the cause of accidents. but said third was easiest to remove. Removing any of dominoes will break sequence, person Unsafe act or condition Accident Injury Fault of environment Ancestry, Social Focus on single causes. Chain?of?Events Models Explain accidents in terms of multiple events, sequenced as a forward chain over time. Events almost always involve component failure, human error, or energy?related event Form the basis of most safety?engineering and reliability engineering analysis: e.g., Fault Tree Analysis, Probabilistic Risk Assessment, FMEA, Event Trees and design: e.g., redundancy, overdesign, safety margins, ... a68a26a51a30a29 a40 a41a3a23a59a41 a40a26a43a26a44a42a40a37a66a33a40 a64 a55a53a34a39a51a26a52a69a23a26a70a26a27a28a50 a32a26a52a33a23 a43 a41 a36a48a27a37a36a38a29a31a23a26a32a37a41a53a50 a60a26a61 a23a59a41a3a51a33a25 a40 projected Equipment damaged Personnel injured Fragments a77a42a78 metal rupture a22a24a23a26a25a28a27a30a29a31a23a33a32a26a34a35a23a37a36a38a36a31a27a26a34a39a23 a40 a36a42a41 a40a26a43a26a44a45a40a26a46 a23a37a36a48a47 Weakened Tank CorrosionMoisture Operating pressure a83a63a84a19a85 a52 a23a28a47 a40a26a46 a49a12a36a31a23a33a25a26a23a37a36a48a50 a29a2a29 a40a26a43 a41 a49a48a36a48a23a59a36a2a41 a50 a23a30a36a2a36 a57a31a23a26a34a39a25a26a23a30a36a31a50 a46a26a43 a52a33a23a37a41 a61 a49a48a36a48a23a33a60a28a27a26a34 a36a2a41a54a25a28a50 a32a26a58a28a34 a40 a40a26a46 a52 a56a54a34a39a51a30a57a31a50 a25a26a23a33a52a33a23a30a36a31a58 a62a63a23a28a23a26a32a33a32a26a23a28a34 a36a31a51 a43a26a43 a23a26a61a53a55a53a34a39a51a26a52a61 a79 a40 a43 a40 a50 a41a41a3a51 a23a26a23a28a32a33a52a33a51a26a50 a36a2a41a53a27a28a34a35a23 a36a2a41a53a23a28a23a26a61a2a51a26a34a38a29a31a51 a41a72a51a30a55 a41a3a58a26a50 a29 a44a38a43 a23a30a36a2a36a42a36a48a51 a41a3a51a33a34a35a27a28a32a30a41a3a27a26a34a35a23a33a60a28a23a30a55a3a51a26a34a35a23a59a41 a40a26a43a28a44 a36a2a29a31a34a35a23a26a23 a43 a41a53a51a59a29a31a51 a43 a41 a40 a50 a43 a57a48a50 a29a31a50 a64a65a51a30a55a28a41 a40a28a43a26a44a63a66 a58a26a50 a61 a23 a44 a40 a43 a50a41a54a50a51a26a27a37a41a54a51a30a55a26a41 a40a26a43a28a44 a47 a32a26a61 a41a53a23a59a29 a34a39a60a26a51 a29a31a51a26a34a35a34a39a51a30a36a31a50 a51 a43a59a66 a50 a61 a61 a51a30a41 a25a26a51a28a23a30a36a31a80a26a32a26a34a39a23a30a57a31a23 a41a3a50 a43a26a46 a52a33a51a28a34a35a23 a32a28a51a30a36a2a36a48a50 a60a28a61 a23a59a55a53a34 a40a26a46 a52a33a23 a41 a36a48a47 a36a65a32a28a34a35a23a30a36a2a36a31a27a26a34a35a50 a67a31a23a26a25a28a47 a40 a40 a43 a43 a43 a43 a36a2a41a53a23a28a23a26a61a53a41a53a51a33a32a28a34a35a23a30a57a31a23 a41 a34a39a23a26a25a26a27a37a29a48a23a59a36a2a41a53a34a39a23 a41a53a58a59a41a3a51 a23a30a81a2a41a3a23 a36a31a50 a57a31a23a33a25 a52 a23 a43 a43a26a46 a43 a40 a40a28a46 a50 a61a29a31a51 a41 a40 a29a2a41 a50 a41a53a58 a55 a27a26a34a39a23a33a32a26a51a26a50 a41a54a25a26a27a28a34a35a50 a43a26a46 a40a26a43 a25a59a55a53a34 a40a26a46 a52a82a23 a43 a41 a40 a41a3a50 a51 a43 a47 a43 a66 a40 a43 a52a33a51a26a50 a36a2a41a3a27a26a34a35a23a28a47 a55a3a51a26a34a39a23a30a36a48a23a28a23 a60a28a61 a23a33a61 a50 a55a53a23a37a41a53a50 a52a33a23a28a47 a40 a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a136a74 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 c Chain?of?Events Example: Bhopal E1: Worker washes pipes without inserting slip blind E2: Water leaks into MIT tank E3: Explosion occurs E4: Relief valve opens E5: MIC vented into air E6: Wind carries MIC into populated area around plant c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a137 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Limitations of Event Chain Models: Social and organizational factors in accidents a133a134a118a33a113a33a96a33a101a2a89 a106a98a95a35a118a33a117a94a96a92a112a19a96a33a101a135a106a121a108a75a96a33a105a102a91a33a118a33a104a33a89a39a104a33a117a122a106a127a95a35a97a100a87a92a108a59a89a35a96a33a87a33a97a98a108a59a104a33a118a33a96a127a128a33a87a33a97a122a95a35a105a100a97a102a105a122a95a35a96a33a118a33a105a102a96a33a116 a87a98a89a124a108a75a91a33a104a33a115a33a117a33a91a120a108a75a91a33a96a120a108a75a96a33a105a102a91a33a118a33a104a33a89a39a104a98a117a59a106a127a109a94a87a59a106a129a128a33a96a120a130a131a96a33a89a39a89a102a113a33a96a92a112a72a96a33a89a39a104a59a90a92a96a33a113a94a89a35a104a33a118a33a117a94a128a33a96a33a132a7a104a33a101a2a96a120a108a75a91a33a96 a97a102a105a102a95a39a96a33a118a33a105a102a96a94a96a33a109a94a96a33a101a2a117a33a96a33a97a102a103a120a119a100a112a72a96a33a101a2a89 a106a98a95a35a118a33a117a94a96a92a112a72a96a33a101a53a106a121a108a75a96a33a105a102a91a33a118a33a95a35a105a122a87a33a89a102a104a33a101a123a105a102a95a124a112a72a95a39a89a102a97a72a106a98a97a107a108a75a96a33a109a125a95a39a97a126a87 a97a102a104a33a105a102a95a39a87a33a89a102a97a19a106a107a97a98a108a75a96a98a109a110a108a75a91a33a87a92a108a12a90a111a101a2a104a92a112a19a95a35a113a33a96a33a97a114a90a92a115a33a101a53a90a92a104a33a97a102a96a33a116a33a117a33a104a33a87a33a89a39a97a102a116a33a87a33a118a33a113a94a113a33a96a33a105a102a95a39a97a102a95a39a104a33a118a94a105a102a101a2a95a37a108a75a96a33a101a2a95a35a87a33a103 a86a88a87a33a89 a90a92a91a94a93a94a95a35a89a39a96a98a97a100a99a102a101a2a103 Models need to include the social system as well as the technology and its underlying science. System accidents Software error c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a138 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Limitations of Event Chain Models (2) Human error Deviation from normative procedure vs. established practice Cannot effectively model human behavior by decomposing it into individual decisions and actions and studying it in isolation from the physical and social context value system in which it takes place dynamic work process Adaptation Major accidents involve systematic migration of organizational behavior under pressure toward cost effectiveness in an aggressive, competitive environment. a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a139 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Design Vessel Design Shipyard Equipment load added Harbor Design Cargo Calais Zeebrugge Traffic Vessel Management Passenger Management Scheduling Operation Berth design Berth design Operations management Captain’s planning procedure to Zeebrugge Transfer of Herald heuristics Operations management procedure Unsafe patterns docking Standing orders Operations management Excess numbers Passenger management Capsizing Change of Crew working Stability Analysis Truck companies Impaired stability Excess load routines Docking c Time pressure Operational Decision Making: Accident Analysis: Combinatorial structure Decision makers from separate of possible accidents departments in operational context can easily be identified. very likely will not see the forest for the trees. c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a178a7a73a75a74a39a76a7a179 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 STAMP (Systems Theory Accident Modeling and Processes) To effect control over a system requires four conditions: Goal Condition: The controller must have a goal or goals (e.g., to maintain a setpoint) Action Condition: The controller must be able to affect the system state. Model Condition: The controller must be (or contain) a model of the system Observability Condition: The controller must be able to ascertain the state of the system. a176a123a151a71a152a102a154a148a142a45a147a148a147a126a168a157a152a102a164a45a142a156a165 a147a126a168a144a162a54a147a148a149a102a154a148a152a156a155a72a149a53a145a107a163a75a155a102a177 a159a160a142a102a161a156a162a45a163 a151a153a142a45a164a94a151a153a142a156a165 a145a45a149a166a163 a152a107a155a54a147a167a141a102a163a75a150a157a145a156a168a169a152a156a155a54a158a144a147a148a146a63a147a148a149a3a142a156a168a171a170a148a145a156a151a153a147 a172 a162a102a151a30a151a153a142a156a155a54a149a45a147a63a149a53a145a102a149a53a142a94a173a153a170a148a145a107a165a75a162a72a142a45a147a114a152a45a174a45a147a63a146a148a147a148a149a3a142a156a168a171a170a148a145a156a151a153a147a148a175 a140a111a141a54a142a144a143a134a145a102a146a148a147a114a149a2a141a72a142a94a150a45a151a153a152a45a154a148a142a102a147a148a147a114a154a148a145a156a155a157a154a42a141a54a145a156a155a54a158a102a142a144a147a148a149a3a145a45a149a3a142 Displays Controls inputs Process outputs Process Controlled Process variables Controlled InterfacesProcess Model of Model of variables (Controller) Human Supervisor Automation Model of Process Model of Measured SensorsActuators Automated Controller Disturbances c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a20 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 outputs Process variables Controlled variables Measured inputs Controlled Process and Decision Aiding Automated Display InterfacesProcess Model of Model of Process Model of Process Sensors Actuators Model of (Controller) Human Supervisor Automation Safety and the Process Models Accidents occur when the models do not match the process Wrong from beginning Missing or incorrect feedback so not updated Must also account for time lags Explains human/machine interaction problems Pilots and others are not understanding the automation What did it just do? Why won’t it let us do that? Why did it do that? What caused the failure? Disturbances c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a21 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 What will it do next? What can we do so it does not How did it get us into this state? happen again? How do I get it to do what I want? Don’t get feedback to update mental models or disbelieve it a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a76a7a18 a0a2a1a3a1a3a4 a5a124a6a7a8a7a9a7a10a48a11a7a5a124a6a7a13 a14 c A Systems Theory Model of Accidents Accidents arise from interactions among humans, machines, and the environment. Not simply chains of events or linear causality, but more complex types of causal connections. Safety is an emergent property that arises when components of system interact with each other within a larger environment. A set of constraints related to behavior of components in system enforces that property. Accidents when interactions violate those constraints (a lack of appropriate constraints on the interactions). Software as a controller embodies or enforces those constraints. c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a7a74a75a76 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 A Systems Theory Model of Accidents (2) Safety can be viewed as a control problem e.g. O?rings did not adequately control propellant gas release Software did not adequately control descent speed of MPL Safety management is a control structure embedded in an adaptive system. Events indirectly reflect the effects of dysfunctional interactions and inadequate control Need to examine control structure itself to understand accidents Result from: Inadequate enforcement of constraints At each level of socio?technical system controlling development and operations c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a7a74a7a74a75a73a136a74a7a74a75a137 SYSTEM DEVELOPMENT Congress and Legislatures Government Reports Legislation Lobbying Hearings and open meetings Accidents Government Regulatory Agencies Industry Associations, User Associations, Unions, Insurance Companies, Courts Regulations Certification Info. Standards Change reports Certification Whistleblowers Legal penalties Accidents and incidents Case Law Company Management Safety Policy Status Reports Standards Risk Assessments Resources Incident Reports Policy, stds. Project Management Hazard Analyses Safety Standards Safety?Related Changes Standards Safety Reports Test reports Review Results Hazard Analyses Progress Reports Hazard Analyses Design Rationale Documentation Hazard Analyses a0a38a1a71a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 SYSTEM OPERATIONS Congress and Legislatures Government Reports Legislation Lobbying Hearings and open meetings Accidents Government Regulatory Agencies Industry Associations, User Associations, Unions, Insurance Companies, Courts Regulations Standards Certification Legal penalties Case Law Accident and incident reports Operations reports Maintenance Reports Change reports Whistleblowers Company Management Safety Policy Operations Reports Standards Resources Operations Management Progress Reports Design, Documentation Safety Constraints Test Requirements Implementation and assurance Manufacturing Management Work safety reports Maintenance Procedures audits and Evolution work logs Incidents inspections Change Requests Manufacturing Performance Audits Problem reports Audit reports Work Instructions Change requests Physical Actuator(s) Problem Reports Hardware replacements Software revisions Operating Process Operating Assumptions Operating Procedures Revised operating procedures Automated Human Controller(s) Controller Sensor(s) Process c a15a7a6a7a16a3a6a7a14a71a11a7a8a12a17a102a74a7a74a75a138 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 GOAL: Provide a framework for classifying factors leading to accidents and a system engineering methodology for handling them. Some causes of dysfunctional interactions: Asynchronous evolution Inconsistent models inadequate or missing feedback time lags inadequate engineering design activities etc. Inadequate coordination among controllers and decision makers Boundary areas Overlap areas c a15a7a6a7a16a3a6a7a14a71a11a7a8a12a17a102a74a7a74a75a139 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Control Flaws Leading to Hazards Inadequate control actions (enforcement of constraints) Unidentified hazards Inappropriate, ineffective, or missing control actions for identified hazards Design of control algorithm (process) does not enforce constraints Process models inconsistent, incomplete, or incorrect (lack of linkup) Flaw(s) in creation process Flaws(s) in updating process (asynchronous evolution) Time lags and measurement inaccuracies not accounted for Inadequate coordination among controllers and decision?makers (boundary and overlap areas) Inadequate Execution of Control Action Communication flaw Inadequate actuator operation Time lag Inadequate or missing feedback Not provided in system design Communication flaw Time lag Inadequate sensor operation (incorrect or no information provided) c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a7a74a75a178 a0a2a1a3a1a3a4 a5a124a6a7a8a7a9a7a10a48a11a7a5a124a6a7a13 a14 Human Error Models Categorize errors by external manifestations Categorize by type of task Simple, vigilance, emergency response, control, complex Coordinating, scanning, recognizing, problem solving, planning ... Usually consider performance?shaping factors such as task structure, stress, design of displays and controls Categorize by cognitive mechanisms Instead of focusing on task and environment characteristics, consider psychological mechanisms used by operator in performing tasks. Interaction of psychological factors with features of work environment Requires only a limited number of basic concepts c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a7a74a75a179 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Common Features of Cognitive Models Most based on Bartlett’s ‘‘schemas’’ Internal representations of regularities of the world An organized structure of knowledge Our way of understanding and dealing with world Slips vs. Mistakes (Don Norman) Mistake is an error in intention (error in planning) Slip is error in carrying out the intention Human?Task Mismatch (Rasmussen) Errors are an integral part of learning Should be considered human?task or human?system mismatches Skill?Rules?Knowledge framework (Rasmussen) Human skills needed to solve problems also lead to errors If eliminate possibility of human error, may eliminate ability to solve problems. Rasmussen Model of Human?Task Mismatch a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a7a74a75a20 c a0a2a1a3a1a3a4 a5a124a6a7a8a7a9a7a10a48a11a7a5a124a6a7a13 a14 a180a166a181a37a182 a181a37a183a7a182 a184a185a30a186 a185a37a187a30a188a135a181a30a189a135a181a30a190 a191a30a192a135a181a30a189a135a181a30a186a37a182 a188a12a185a30a190a2a187 a191a30a193a30a192 a182 a188 a194 a186a30a181a37a191a30a195a19a196a37a191a30a182 a197a26a198a153a191a37a183a7a183a135a184 a199a37a181a30a186a30a182 a191a30a192a12a182 a184a200a63a184 a186a30a201 a202 a185a37a200a63a200a63a184 a188a135a188a135a184a185a30a186a63a185a30a187a37a181a30a203a135a182 a190a191a30a186a37a181a30a185a30a193a30a188a12a191a30a183a135a182 a202 a185a37a200a63a200a63a184 a188a135a188a135a184a185a30a186a63a185a30a187a37a181a30a190 a190a185a30a186a30a181a37a185a30a193a30a188a12a191a30a183a135a182 a204a166a204a148a205 a190a185a30a186a30a201a63a182 a184 a200a63a184 a186a30a201 a204a166a204 a184a186a30a191a30a183a135a183a135a193a30a190 a191a30a182a181a63a196a30a181a30a190 a187a185a30a190a200a63a191a30a186a30a183a135a181 a194 a196a30a181a37a183a7a184 a187 a184a181a37a199a63a182a191a37a188a7a195a12a186a30a185a37a182a30a196a30a181a37a190 a187a185a37a190 a200a63a181a30a199 a204a166a204 a185a30a200a63a184 a188a135a188a135a184a185a30a186a63a185a37a187a30a191a30a183a135a182 a206a63a191a30a186a30a191a37a201a30a181a30a200a63a181a37a186a30a182 a207a28a199a30a200a63a184 a186a37a184 a188a135a182 a190a191a30a182 a184a185a30a186 a206a63a191a30a184 a186a30a182a181a30a186a37a191a30a186a30a183a135a181a26a198a35a190 a181a30a196a37a191a30a184 a190a2a192a185a37a201a30a184 a188a135a182 a184 a183a7a188 a208a38a181a37a188a135a182a30a191a30a186a37a199a148a183a135a191a37a192 a184a209a30a190 a191a30a182 a184a185a30a186 a210 a196a30a181a37a190 a191a30a182 a184a185a30a186 a180a166a181a37a183a7a184 a188a7a184a185a30a186 a211a199a30a181a37a186a30a182 a184 a187 a184 a183a7a191a37a182 a184a185a37a186 a204a166a204 a188a135a181a37a192a181a30a183a135a182a30a201a30a185a37a191a30a192 a204a166a204 a188a135a181a37a192 a181a30a183a135a182a30a182 a191a30a190a201a37a181a30a182 a204a166a204 a188a135a181a37a192 a181a30a183a135a182a30a182 a191a30a188a135a195 a207a212a183a7a182 a184a185a37a186 a204a166a204 a185a37a196a30a181a30a190 a191a30a182 a184a185a30a186a30a191a37a192 a188a7a181a37a213a30a193a30a181a37a186a30a183a135a181 a204a166a204 a181a37a203a135a181a30a183a135a193a30a182 a184a185a30a186 a204a166a204 a183a135a185a37a200a63a200a63a193a30a186a30a184 a183a135a191a37a182 a184a185a37a186 a180a166a184 a188a135a183a135a190 a184a200a63a184 a186a30a191a30a182 a184a185a30a186 a204a166a204 a188a135a182a181a37a190 a185a30a182 a214a135a196a30a181a63a187 a184 a203a135a191a30a182 a184a185a30a186 a204a166a204 a187a191a37a200a63a184 a192 a184a191a37a190a38a188a135a197a37a185a30a190 a182 a183a135a193a30a182 a204a166a204 a188a7a182a181a30a190a181a30a185a30a182 a214a135a196a30a181a63a182 a191a30a195a135a181a30a185a37a189a7a181a37a190 a215a135a191a37a209a30a190 a184 a183a135a191a37a182 a184a185a37a186 a216a37a83a218a217a19a219 a77a42a78a212a220 a83a148a216a212a216a212a221a166a217a12a219a19a222 a84a136a223 a224a225a221 a78 a216 a77a42a78a12a226 a83a148a84a212a217a59a221a225a227 a206a63a181a30a186a30a182 a191a30a192a135a192a185a30a191a37a199a26a198a153a190 a181a30a188a135a185a30a193a30a190 a183a135a181a30a188 a194 a193a30a209a37a228 a181a30a183a135a182 a184a189a7a181a63a201a37a185a30a191a30a192 a188a19a191a30a186a37a199a63a184 a186a30a182a181a30a186a30a182 a184a185a37a186a30a188 a207a28a187 a187a181a37a183a7a182 a184 a189a135a181a63a187 a191a30a183a135a182 a185a37a190 a188 a220 a222a219a19a229a212a83a225a219a19a222 a77 a84a65a216a124a83a218a217a19a219 a77a42a78a212a220 a227 a208a2a191a30a188a135a195 a202 a197a30a191a30a190 a191a30a183a135a182 a181a37a190 a184 a188a135a182 a184 a183a135a188 a230a124a197a30a214a135a188a135a184 a183a135a191a30a192a38a231a37a186a30a189a135a184 a190a185a30a186a30a200a63a181a37a186a30a182 a232a45a185a37a190 a195a19a208a2a184 a200a54a181 a202 a197a30a191a30a190 a191a37a183a135a182 a181a37a190 a184 a188a135a182 a184 a183a7a188 a211a186a30a188a135a196a37a181a30a183a135a182 a184a185a30a186 a211a186a30a188a135a182 a191a30a192 a192a191a30a182 a184a185a30a186 a230a37a190a185a30a183a135a181a37a199a30a193a30a190 a181a63a199a37a181a30a188a135a184 a201a30a186 a231a37a213a30a193a37a184a196a30a200a63a181a30a186a37a182a30a199a30a181a37a188a135a184 a201a30a186 a83a225a233a37a233a212a234 a226 a83a148a239a166a216a212a229a19a84a136a217a19a219a19a222 a77 a84a12a227 a217a19a83a148a229 a220 a221 a220a82a77 a216a42a240a19a229 a226 a83a148a84 a226 a83a63a239a2a216a212a229a12a84a212a217a12a219a19a222 a77 a84a19a227 a226 a221a241a217a122a240a136a83a148a84a19a222 a220a148a226a12a220a33a77 a216a42a240a12a229 a226 a83a148a84 a226 a83a148a239a2a216a212a229a12a84a212a217a12a219a19a222 a77 a84a19a227 a221a166a242a225a219a19a221 a78 a84a212a83a148a239 a226a12a77 a85a12a221 a77 a216a226 a83a63a239a2a216a212a229a12a84a212a217a12a219a19a222 a77 a84a19a227 a222a84a212a219a19a221 a78 a84a212a83a148a239a59a240a12a229 a226 a83a148a84 a224a225a221 a78a212a220a218a77 a84a12a84a19a221a218a239a12a219a212a83 a220a148a243 a227 a204a166a204 a187a191a37a200a63a184 a192 a184a191a30a190a2a196a37a191a30a182 a182a181a37a190a186a63a186a30a185a37a182a30a190 a181a30a183a135a185a37a201a30a186a30a184 a244a135a181a30a199 a231a37a203a135a182 a181a30a190a186a37a191a30a192a135a181a30a189a135a181a30a186a30a182 a188 a204a166a204 a188a135a196a37a191a30a182 a184a191a30a192a135a200a63a184 a188a135a185a30a190 a184a181a30a186a30a182 a191a30a182 a184a185a30a186 a204a166a204 a200a63a185a37a182 a185a37a190a2a189a7a191a37a190 a184a191a30a209a37a184 a192 a184 a182 a214 a230a124a197a30a214a135a188a135a184 a183a135a191a30a192 a202 a185a30a185a30a190 a199a30a184a186a30a191a37a182 a184a185a30a186 a183a135a185a30a186a37a188a7a184 a199a30a181a30a190 a181a30a199 a204a166a204 a183a135a185a37a186a30a199a30a184 a182 a184a185a30a186a63a185a37a190a2a188a7a184 a199a30a181a63a181a30a187 a187a181a30a183a135a182a30a186a30a185a37a182 a211a186a30a187 a181a30a190a181a37a186a30a183a135a181 a204a166a204 a185a37a182a197a37a181a30a190a2a188a135a192 a184a196a63a185a30a187a37a200a63a181a30a200a63a185a30a190 a214 a204a166a204 a200a63a184 a188a7a182a191a30a195a135a181a63a191a37a192 a182a181a37a190a186a30a191a37a182 a184 a189a135a181a37a188 a204a166a204 a187a185a30a190a201a30a181a30a182a37a184 a188a135a185a30a192 a191a30a182a181a30a199a63a191a37a183a7a182 a17a166a181a37a183a7a191a37a192 a192 a204a166a204 a191a37a188a135a188a7a193a37a200a63a196a30a182 a184a185a30a186 a204a166a204 a200a63a184 a188a7a184a186a30a182 a181a30a190 a196a30a190 a181a30a182 a191a30a182 a184a185a30a186 a204a166a204 a184a186a30a187 a185a30a190 a200a63a191a30a182 a184a185a37a186a63a186a30a185a30a182a37a190 a181a30a183a135a181a30a184 a189a135a181a37a199 a211a186a30a196a37a193a30a182a26a211 a186a30a187 a185a30a190 a200a63a191a37a182 a184a185a30a186a42a230a37a190 a185a30a183a135a181a30a188a135a188a135a184 a186a30a201 a13a199a30a184 a188a135a182 a190a191a30a183a135a182 a184a185a30a186a28a198a153a181a30a182 a183a19a18 a14 a211a186a37a182 a190 a184a186a30a188a135a184a183a12a197a30a193a30a200a63a191a37a186a63a189a7a191a37a190 a184a191a30a209a37a184 a192 a184 a182 a214 a13 a188a135a184 a183a135a195a135a186a30a181a37a188a7a188a38a198a35a181a30a182 a183a24a18 a14 a210 a196a37a181a30a190 a191a30a182 a185a30a190a31a211a186a30a183a135a191a30a196a37a191a30a183a135a184 a182a191a30a182 a181a30a199 a181a30a182 a183a19a18 a14 a13 a187a185a30a190 a183a7a181a28a198a153a182 a184a200a63a181a26a198a35a195a7a186a37a185 a205 a192a181a30a199a37a201a30a181a26a198 a231a37a203a135a183a135a181a30a188a135a188a135a184 a189a135a181a63a182a191a37a188a135a195a19a199a30a181a37a200a63a191a30a186a30a199 a235a166a236a31a237a3a238 a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a7a74a75a21 a0a2a1a3a1a3a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Skill?Rules?Knowledge Hierarchy a246 a246a221 a236a166a233a37a238 a250 a247a166a246a225a253 a234 a237a53a236a166a249 a248 a238a23a20 a247a31a252a3a255 a20a53a238a225a234 a237a12a233a37a249 a250a37a249a252 a253 a237a3a236a166a238a153a227 a223 a247 a249 a253 a250 a11 a217a12a83a148a229 a220 a83a148a239a12a217 a77 a84a12a85a19a222 a219a72a222 a77 a84 a220 a84 a77 a219a42a217 a77 a84 a220 a222 a85a12a221 a78 a221a225a85 a220 a84 a77 a219a42a217 a77 a84 a220 a222 a85a12a221 a78 a221a225a85 a61a62 a51 a23a26a25 a225a60 a1a0 a23 a43 a66 a46 a60a26a23a26a58 a57a31a50 a51a26a34 a40 a22a59a27a26a61 a225a60 a2a0 a23 a36a31a23a26a25 a40 a60a26a23a26a58 a57a48a50 a51a28a34 a40 a216a212a222a242a225a83a225a219a19a222 a77 a84 a216a124a83 a226 a222a239a166a222 a83 a78a45a220 a240 a77a42a78 a219a212a217a59a229a212a219 a246 a247a225a248 a238a249a166a250a28a251 a220 a238 a247a225a248a236a166a235 a248 a252a2a253a236a166a250 a250a124a238 a249a166a238 a236a166a254 a238 a249a166a250a28a251 a83a225a250a124a250 a247 a233a28a234 a249a166a238a153a234 a247 a237 a78 a236a166a233 a247a166a255 a237a2a234 a238a35a234 a247 a237 a194 a184a201a30a186a37a188 a194 a214a7a200a54a209a30a185a30a192a188 a40 a36a48a23a28a25 a216a124a83 a222a84a136a217 a226 a216 a7 a247 a238 a247a225a248a9a8 a249a2a238 a238 a236 a248 a237a3a250 a83 a252 a238 a247 a7 a249a2a238a236a2a235a59a250a124a236a31a237a3a250 a247a225a248 a10a12a11 a194 a184 a201a30a186a37a191a30a192 a188 a207a212a183a135a182 a184a185a37a186a30a188 a194 a181a30a186a30a188a135a185a30a190 a214a122a211 a186a30a196a30a193a37a182 a216a124a236a2a249a166a238 a252a166a248 a236 a246 a247a225a248 a7 a249a166a238a153a234 a247 a237 a13 a194 a184 a201a37a186a30a188a15a14 a220 a219a19a221 a78 a221 a77 a219a212a245a148a224a225a221a24a219a212a83 a243 a221 a77 a6a3 a221 a78 a222 a235a166a236a225a237a53a238a35a234 a246 a234 a233a124a249a2a238a35a234 a247 a237 a233 a2a20 a247 a234 a233a37a236 a247a166a246 a238a249a2a250a212a251 a85a212a236a166a233a28a234 a250a212a234 a247 a237 a22a21 a224 a253a249a225a237a166a237a2a234 a237 a255 a11 a220 a222a85a12a221a33a221a225a216a212a216a212a221a241a217a19a219 a77a167a78 a223a42a221a166a219a65a222 a220a225a77 a239a53a83a225a219a19a221a218a85a65a222 a219a19a221 a226 a222 a220 a219a212a83 a243 a221a59a83 a226a48a77 a84a136a223 a78a83a148a239a3a219a19a221 a84a212a83a225a219a19a222 a3 a221 a220 a78a77a42a78a19a78 a221a166a217a12a219 a221a241a217a19a83a148a239a166a239 a222a226 a239a166a222 a83 a78 a83 a220a225a220a225a77 a217a122a222 a83a225a219a19a222 a77 a84a45a219 a78 a83a148a224 a61a16 a50 a61 a225a60 a0 a36a48a23a28a25 a44 a40 a222a226a12a77 a219 a4a3 a77a42a78 a83 a78 a225a222 a6a5 a83 a239a166a222 a219a212a245 a60a26a23a26a58 a57a48a50 a51a28a34 a40 a78a219 a77 a224 a77 a223 a83a148a224a225a240a12a222 a217 a222 a222a226 a220a225a77a42a78 a221a225a84a136a219a28a83a218a219a19a222 a77 a84 a77a220 a219a19a221 a78 a221 a219a212a245a148a224a225a221 a216a212a222a242a225a83a225a219a19a222 a77 a84 ABSENTMINDEDNESS LOW ALERTNESS c c a15a7a6a7a16a3a6a7a14a71a11a7a8a12a17a102a74a7a74a75a18 a0a38a1a3a1a71a4 a5a7a6a7a8a7a9a7a10a12a11a7a5a7a6a7a13 a14 Social Psychology Models Engineering models: look at human behavior in terms of tasks Psychology models: relate human cognition to performance Social Psychology models: include individual value systems and sense of personal responsibility c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a137a136a74 a25a19a26 a6a7a1a71a4 a27 a4 a1a29a28 a7a9 a4 a11a7a8a7a14 Safety Information System Studies have ranked this second in importance only to top management concern for safety. Contents Updated System Safety Program Plan Status of activities Results of hazard analyses Tracking and status information on all known hazards. Incident and accident information including corrective action. Trend analysis data. Information collection Information analysis Information dissemination c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a137a7a137 a25a19a26 a6a7a1a71a4 a27 a4 a1a29a28 a7a9 a4 a11a7a8a7a14 Intent Specifications Bridge between disciplines Support for human problem solving Traceability Support for upstream safety efforts Integration of safety information into decision?making environment Assistance in software evolution c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a137a7a138 a25a19a26 a6a7a1a71a4 a27 a4 a1a29a28 a7a9 a4 a11a7a8a7a14 Intent Specifications (2) Hierarchical abstraction based on ‘‘why’’ (design rationale) as well as what and how. Design decisions at each stage mapped back to to requirements and constraints they are derived to satisfy Earlier decisions mapped to later stages of process Results in record of progression of design rationale from high?level requirements to component requirements and designs. Provides traceability of intent information c a15a7a6a7a16a3a6a7a14a3a11a7a8a12a17a122a74a75a137a7a139 a25a19a26 a6a7a1a71a4 a27 a4 a1a29a28 a7a9 a4 a11a7a8a7a14 Intent Specifications Part?Whole Intent Operations Refinement Validation Verification Environment Operator System Representation Design System Purpose System Design Principles Representation Physical Behavior Blackbox Each level supports a different type of reasoning about system. Mappings between levels provide relational info necessary to reason across hierarchical levels. c a156 a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a161a34a163 a113a19a114a34a115a34a116a29a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 a104a32a105a86a54a78a106 a107a22a108a86a105a86a109a110a52a6a105a86a111 a136a45a137a6a138 a111a34a52a37a109a140a139a6a105a86a141a110a142a6a108a86a109a110a143a86a108a135a105a86a52a6a105a86a111 a138a144 a143a135a52a37a107a22a139a6a111a34a108a86a107 a145a45a146a147a145 a72a34a73a6a91a37a48a6a73a6a65a38a67a23a65a32a64a58a73a37a67a50a79a32a80 a89a32a72a34a72a34a49a37a72a135a72a34a73a6a75a37a49a6a72a34a67a23a65a32a64a58a79a38a94a6a61a37a70a6a63a37a73 a85a135a72a34a61a37a68 a70a6a68 a70a37a63a62a47a62a61a6a67a23a73a6a72a34a68 a61a37a77 a65 a133a62a61a6a68 a70a37a67a50a73a37a70a6a61a6a70a37a79a38a73 a134 a75a37a73a6a72a34a61a6a67a23a49a6a72a86a47a62a61a6a70a37a48a6a61a6a77 a65 a75a6a72a34a49a6a79a38a73a37a84a6a48a6a72a34a73a37a65 a126a45a48a6a84a6a68 a67 a132a32a73a6a72a34a71a23a49a6a72a34a47a62a61a6a70a37a79a38a73 a47a62a49a37a70a6a68 a67a23a49a6a72a34a68 a70a6a63 a61a37a70a6a84a62a61a6a48a37a84a6a68 a67a23a65 a51a53a52a6a54a6a52a56a55a58a57 a30a32a31a34a49a58a59a60a41a6a36a38a46a6a47a62a61a37a35a6a61a6a63a37a41a6a47a62a41a6a35a37a46a6a39a6a40 a61a6a35a6a42a32a64a66a65a38a67a50a61a37a67a50a48a37a65a69a68 a70a37a71a50a49a37a72a34a47a62a61a6a67a23a68 a49a6a70a56a64a58a65a38a61a6a71a23a73a6a67a23a74a76a75a6a77 a61a37a70a78a64a58a73a37a67a50a79a32a80 a30a32a48a6a31a34a39a6a49a37a42a38a41 a43a45a44 a42a38a46a50a41a37a47 a51a53a52a6a54a6a52a56a55a6a83 a88 a49a6a70a6a65a38a67a23a72a34a61a6a68 a70a6a67a23a65 a126a45a65a38a65a38a48a6a47a62a75a37a67a50a68 a49a6a70a6a65 a97a98a2a99a100a72a34a73a6a91a6a48a37a68 a72a34a73a6a47a62a73a37a70a6a67a23a65 a101a78a73a6a91a37a48a6a68 a72a34a73a37a47a102a73a37a70a6a67a23a65 a101a56a73a6a65a38a75a6a49a37a70a6a65a38a68 a103a37a68 a77 a68 a67a23a68 a73a37a65 a79a38a49a37a70a6a65a38a67a23a72a34a61a6a68 a70a37a67a50a65a32a64a66a77 a68 a47a62a68 a67a23a61a6a67a23a68 a49a37a70a6a65 a72a34a73a6a91a6a48a37a68 a72a34a73a6a47a62a73a6a70a37a67a50a65a32a64a66a84a6a73a6a65a38a68 a63a6a70 a92 a74a38a65a38a67a50a73a37a47a93a63a37a49a6a61a6a77 a65a32a64a58a94a6a68 a63a6a94a6a95a32a77 a73a6a96a38a73a6a77 a124a78a61a37a125a38a61a6a72a34a84a62a126a45a70a6a61a37a77 a74a38a65a38a68 a65 a132a32a72a34a73a6a77 a68 a47a62a68 a70a37a61a6a72a34a74 a101a56a73a6a96a38a68 a73a37a129a130a65 a30a32a31a34a33 a35a37a36a38a33 a39a6a40 a41a6a42 a43a45a44 a42a38a46a23a41a6a47 a51a53a52a6a54a6a52a56a55a58a82 a68 a70a6a67a23a73a6a72a34a71a23a61a6a79a38a73a6a65 a89a32a90a38a67a50a73a37a72a34a70a6a61a6a77 a85a86a61a6a65a38a87a76a61a6a77 a77a49a6a79a38a61a6a67a23a68 a49a37a70 a88 a49a6a70a37a67a50a72a34a49a37a77 a65a32a64a58a84a37a68 a65a38a75a6a77 a61a37a74a38a65 a85a86a61a6a65a38a87a76a61a6a70a37a61a6a77 a74a38a65a38a73a37a65 a61a6a70a37a84a62a61a6a77 a77a49a6a79a38a61a6a67a23a68 a49a37a70 a71a50a48a37a70a6a79a38a67a23a68 a49a6a70a37a61a6a77a38a84a6a73a37a79a38a49a6a47a62a75a6a49a37a65a38a68 a67a23a68 a49a6a70 a128a6a49a37a63a6a68 a79a76a75a6a72a34a68 a70a6a79a38a68 a75a37a77 a73a6a65a32a64 a79a38a49a6a70a37a67a50a72a34a49a6a77a38a77 a61a6a129a130a65a32a64 a126a45a70a37a61a6a77 a74a38a65a38a68 a65 a92 a74a38a65a38a67a23a73a6a47a127a124a78a61a6a125a38a61a37a72a34a84 a61a6a70a37a84a62a72a34a73a6a65a38a48a6a77 a67a23a65a32a64 a131a45a61a6a77 a68a84a6a61a37a67a50a68 a49a6a70a62a75a6a77 a61a6a70 a51a53a52a6a54a6a52a56a55a58a81 a112a45a77 a61a6a79a38a87a38a103a6a49a37a90 a133a62a49a37a84a6a73a6a77 a65 a89a32a70a6a96a38a68 a72a34a49a6a70a6a47a62a73a37a70a6a67 a47a62a49a6a84a37a73a6a77 a65 a47a62a49a6a84a6a73a37a77 a65 a134 a75a6a73a37a72a34a61a6a67a23a49a6a72a86a85a135a61a37a65a38a87 a124 a88 a97a66a47a62a49a6a84a6a73a37a77 a65 a112a45a77 a61a6a79a38a87a38a103a37a49a6a90a76a71a50a48a37a70a6a79a38a67a23a68 a49a6a70a37a61a6a77 a47a62a49a37a84a6a73a6a77 a65 a97 a70a6a67a23a73a6a72a34a71a23a61a6a79a38a73a62a65a38a75a6a73a37a79a38a68 a71a23a68a79a38a61a6a67a23a68 a49a37a70a6a65 a92 a48a6a103a37a65a38a74a38a65a38a67a50a73a37a47 a124a78a61a37a125a38a61a6a72a34a84a62a126a45a70a6a61a37a77 a74a38a65a38a68 a65 a61a6a70a37a84a62a72a34a73a6a65a38a48a6a77 a67a23a65a32a64 a126a45a70a6a61a37a77 a74a38a65a38a68 a65a76a75a6a77 a61a6a70a6a65 a51a53a52a6a54a6a52a56a55a58a154 a101a56a73a6a75a78a80 a155a78a73a6a65a38a68 a63a37a70 a124 a88 a97a58a84a37a73a6a65a38a68 a63a37a70 a84a6a73a37a65a38a68 a63a6a70a62a65a38a75a37a73a6a79a38a65 a92 a49a6a71a23a67a23a129a130a61a6a72a34a73a62a61a37a70a6a84a62a94a6a61a37a72a34a84a6a129a130a61a37a72a34a73 a61a6a70a6a84a62a72a34a73a37a65a38a48a6a77 a67a23a65 a85a135a73a37a65a38a67a6a75a6a77 a61a6a70a6a65 a101a56a73a6a75a78a80 a132a32a94a6a74a38a65a38a68 a79a38a61a37a77 a51a53a52a6a54a6a52a56a55a58a153 a75a6a94a37a74a38a65a148a68 a79a38a61a6a77a38a79a38a49a6a70a37a67a50a72a34a49a37a77 a65 a149a151a150 a97a58a84a6a73a37a65a38a68 a63a6a70a56a64 a84a37a73a6a65a38a68 a63a37a70 a61a6a65a38a65a38a73a37a47a62a103a6a77 a74a76a68 a70a37a65a38a67a50a72a34a48a37a79a38a67a50a68 a49a37a70a6a65 a92 a49a37a71a50a67a23a129a130a61a37a72a34a73a62a79a38a49a6a84a6a73a56a64a58a94a6a61a37a72a34a84a6a129a130a61a37a72a34a73 a85a135a73a37a65a38a67a6a75a6a77 a61a6a70a6a65 a61a6a70a6a84a62a72a34a73a37a65a38a48a6a77 a67a23a65 a134 a75a37a73a6a72a34a61a6a67a23a68 a49a37a70a6a65 a51a53a52a6a54a6a52a56a55a58a152 Level 1: System Purpose Introduction Historical Perspective Environment Description Environment Assumptions Altitude information is available from intruders with a minimum precision of 100 feet. All aircraft have legal identification numbers. Environment Constraints The behavior or interaction of non?TCAS equipment with TCAS must not degrade the performance of the TCAS equipment. System Functional Goals Provide affordable and compatible collision avoidance system options for a broad spectrum of National Airspace System users. c a156 a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a161a34a165 a113a19a114a34a115a34a116a164a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 Level 1: System Purpose (2) High?Level Requirements [1.2] TCAS shall provide collision avoidance protection for any two aircraft closing horizontally at any rate up to 1200 knots and vertically up to 10,000 feet per minute. Assumption: Commercial aircraft can operate up to 600 knots and 5000 fpm during vertical climb or controlled descent (and therefore the planes can close horizontally up to 1200 knots and vertically up to 10,000 fpm. Design and Safety Constraints [SC5] The system must not disrupt the pilot and ATC operations during critical phases of flight nor disrupt aircraft operation. [SC5.1] The pilot of a TCAS?equipped aircraft must have the option to switch to the Traffic?Advisory?Only mode where TAs are displayed but display of resolution advisories is prohibited. Assumption: This feature will be used during final approach to parallel runways when two aircraft are projected to come close to each other and TCAS would call for an evasive maneuver. c a156 a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a161a34a166 a113a19a114a34a115a34a116a164a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 Example Level 1 Safety Constraints for TCAS SC?7 TCAS must not create near misses (result in a hazardous level of vertical separation) that would not have occurred had the aircraft not carried TCAS. SC?7.1 Crossing maneuvers must be avoided if possible. 2.36, 2.38, 2.48, 2.49.2 SC?7.2 The reversal of a displayed advisory must be extremely rare. 2.51, 2.56.3, 2.65.3, 2.66 SC?7.3 TCAS must not reverse an advisory if the pilot will have insufficient time to respond to the RA before the closest point of approach (four seconds or less) or if own and intruder aircraft are separated by less than 200 feet vertically when 10 seconds or less remain to closest point of approach. 2.52 a156 c a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a161a34a169 a113a19a114a34a115a34a116a164a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 Level 1: System Purpose (3) System Limitations L.5 TCAS provides no protection against aircraft with nonoperational or non?Mode C transponders. Operator Requirements OP. 4 After the threat is resolved the pilot shall return promptly and smoothly to his/her previously assigned flight path. Human?Interface Requirements Hazard and other System Analyses a156c a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a167a34a168 a113a19a114a34a115a34a116a164a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 Hazard List for TCAS H1: Near midair collision (NMAC): An encounter for which, at the closest point of approach, the vertical separation is less than 100 feet and the horizontal separation is less than 500 feet. H2: TCAS causes controlled maneuver into ground e.g. descend command near terrain H3: TCAS causes pilot to lose control of the aircraft. H4: TCAS interferes with other safety?related systems e.g. interferes with ground proximity warning c TCAS does not display a resolution advisory. TCAS unit is not providing RAs. <Self?monitor shuts down TCAS unit> Sensitivity level set such that no RAs are displayed. ... No RA inputs are provided to the display. No RA is generated by the logic Inputs do not satisfy RA criteria a156 a115a34a157a29a115a34a123a164a121a171a122a38a158a160a159a162a167a24a159 a113a170a114a34a115a34a116a29a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 Surveillance puts threat outside corrective RA position. Surveillance does not pass adequate track to the logic <Threat is non?Mode C aircraft> L.5 1.23.1<Surveillance failure> to be calculated> Altitude reports put threat outside corrective RA position Altitude errors put threat on ground <Uneven terrain> <Intruder altitude error> <Own Mode C altitude error> <Own radar altimeter error> 2.19 1.23.1 1.23.1 Altitude errors put threat in non?threat position. ... <Intruder maneuver causes logic to delay RA beyond CPA> 2.35 SC4.2 ... <Process/display connectors fail> <Display is preempted by other functions> <Display hardware fails> 2.22 SC4.8 1.23.1 TCAS displays a resolution advisory that the pilot does not follow. Pilot does not execute RA at all. Crew does not perceive RA alarm. <Inadequate alarm design> <Crew is preoccupied> 1.4 to 1.14 2.74, 2.76 <Crew does not believe RA is correct.> OP.1 ... Pilot executes the RA but inadequately <Pilot stops before RA is removed> OP.10 OP.4 OP.10 <Pilot continues beyond point RA is removed> <Pilot delays execution beyond time allowed> c a156 a115a34a157a29a115a34a123a164a121a34a122a38a158a135a159a162a167a34a161 a113a170a114a34a115a34a116a29a117 a118 a117 a116a164a119a34a120 a117 a121a34a122a34a123 2.19 When below 1700 feet AGL, the CAS logic uses the difference between its own aircraft pressure altitude and radar altitude to determine the approximate elevation of the ground above sea level (see Figure 2.5). It then subtracts the latter value from the pressure altitude value received from the target to determine the approximate altitude of the target above the ground (barometric altitude ? radar altitude + 180 feet). If this altitude is less than 180 feet, TCAS considers the target to be on the ground ( 1.SC4.9). Traffic and resolution advisories are inhibited for any intruder whose tracked altitude is below this estimate. Hysteresis is provided to reduce vacillations in the display of traffic advisories that might result from hilly terrain ( FTA?320). All RAs are inhibited when own TCAS is within 500 feet of the ground. OWN TCAS Barometric Airborne Declared Radar Altimeter Value Altimeter Allowance on Ground Declared on Ground Declared 180?foot a210a211 c a156 a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a167a34a167 a113a19a114a34a115a34a116a164a117 a118 a117 a116a29a119a34a120 a117 a121a34a117 a122a34a123 Example Level?2 System Design for TCAS SENSE REVERSALS Reversal?Provides?More?Separation m?301 2.51 In most encounter situations, the resolution advisory sense will be maintained for the duration of an encounter with a threat aircraft. SC?7.2 However, under certain circumstances, it may be necessary for that sense to be reversed. For example, a conflict between two TCAS?equipped aircraft will, with very high probability, result in selection of complementary advisory senses because of the coordination protocol between the two aircraft. However, if coordination communications between the two aircraft are disrupted at a critical time of sense selection, both aircraft may choose their advisories independently. FTA?1300 This could possibly result in selection of incompatible senses. FTA?395 2.51.1 [Information about how incompatibilities are handled] a156 c a115a34a157a29a115a34a123a29a121a34a122a38a158a160a159a162a167a34a192 a113a19a114a34a115a34a116a164a117 a118 a117 a116a29a119a34a120 a117 a121a34a122a34a123 Level 3 Modeling Language Example a97 a172a130a85a173a101 a150 a155a130a89a45a101a130a80 a92 a85a135a126a45a85 a150a78a92 a85a86a94a6a72a34a73a6a61a37a67 a132a32a72a34a174a37a90a148a68 a175a62a61a6a67a23a73a6a95a32a85a86a72a34a61a6a71a23a71a50a68 a79 a134 a67a23a94a6a73a6a72a34a95a32a85a86a72a34a61a6a71a23a71a23a68 a79 a132a32a174a37a67a50a73a37a70a6a67a23a68 a61a6a77 a95a32a85a135a94a37a72a34a73a6a61a6a67 a85a135a94a37a72a34a73a6a61a6a67 a134 a67a23a94a6a73a37a72a34a95a32a85a135a72a34a61a6a71a23a71a23a68 a79 a180a173a181 a132a32a174a37a67a50a73a37a70a6a67a23a68 a61a6a77 a95a32a85a135a94a37a72a34a73a6a61a6a67a23a95 a88 a174a37a70a6a84a6a68 a67a50a68 a174a6a70 a132a32a72a34a174a37a90a38a68 a175a62a61a6a67a23a73a6a95a32a85a86a72a34a61a6a71a23a71a50a68 a79a38a95 a88 a174a6a70a37a84a6a68 a67a23a68 a174a37a70 a101a56a61a6a70a6a63a37a73a6a95a32a131a45a61a6a77 a68 a84 a126a45a77 a67a50a95a45a101a56a73a6a75a6a174a37a72a34a67a50a68 a70a6a63a176a106 a105a135a177 a138 a111a34a139a6a111a34a178a179a128a6a174a6a65a38a67 a182 a182 a182a183 a183 a182 a183 a183 a112a45a73a37a61a6a72a34a68 a70a37a63a6a95a32a131a45a61a6a77 a68 a84 a182 . . . . . . . . . . . . . . a182 a184a12a185a19a186a22a187a170a188 a189 a185a19a190a22a187a170a188 a189 a185a19a190a170a187a22a190 a134 a67a23a94a6a73a6a72a34a95a32a126a45a68 a72a34a79a38a72a15a61a37a71a50a67 a134 a70a37a95 a149 a72a34a174a37a191a6a70a6a84a106 a105a86a177 a138 a111a34a139a6a111a34a178 a189 a185a19a190a22a193a170a188 a212 a194a78a178 a138 a142a6a107a58a106 a143a86a111a24a106 a108a86a105a173a195 a126a215a67a23a94a37a72a15a73a37a61a6a67a37a68 a65a216a72a34a73a37a79a38a77 a61a6a65a38a65a38a68 a71a50a68 a73a6a84a62a61a6a65a76a174a6a67a23a94a6a73a37a72a135a67a23a72a34a61a6a71a23a71a23a68 a79a76a68 a71a6a68 a67a23a65a76a61a6a77 a67a23a68 a67a23a191a6a84a37a73a62a72a34a73a6a75a6a174a37a72a34a67a50a68 a70a6a63 a94a37a61a6a65a76a103a6a73a6a73a37a70a62a77 a174a6a65a38a67 a203 a204 a80a23a206a58a207a37a208 a61a37a70a6a84a62a73a6a68 a67a50a94a37a73a6a72a86a67a50a94a37a73a62a103a6a73a6a61a37a72a34a68 a70a6a63a62a174a37a72a135a72a34a61a37a70a6a63a6a73a62a68 a70a6a75a6a191a37a67a50a65a76a61a6a72a34a73a62a68 a70a6a96a38a61a6a77 a68 a84a78a209 a68 a71a6a68 a67a23a65a216a61a37a77 a67a23a68 a67a23a191a6a84a6a73a62a72a34a73a37a75a6a174a6a72a34a67a23a68 a70a37a63a62a94a6a61a6a65a76a103a6a73a37a73a6a70a62a77 a174a6a65a38a67a6a61a37a70a6a84a62a103a6a174a37a67a50a94a62a67a23a94a6a73a62a72a34a61a37a70a6a63a6a73a62a61a37a70a6a84a62a103a6a73a37a61a6a72a34a68 a70a37a63a62a61a6a72a34a73 a68a96a38a61a37a77 a84a62a103a37a191a6a67a6a70a37a73a6a68 a67a23a94a37a73a6a72a135a67a23a94a37a73a62a75a6a72a34a174a6a90a38a68 a175a62a61a37a67a50a73a62a70a37a174a62a72a135a75a37a174a6a67a23a73a6a70a6a67a23a68 a61a37a77a38a67a50a94a37a72a34a73a6a61a6a67a37a79a38a77 a61a6a65a38a65a38a68 a71a50a68a79a38a61a6a67a23a68 a174a6a70a62a79a38a72a34a68 a67a50a73a37a72a15a68 a61 a61a37a72a34a73a62a65a38a61a6a67a23a68 a65a38a71a23a68 a73a6a84a56a209a58a174a6a72a86a67a23a94a6a73a62a61a6a68 a72a34a79a38a72a34a61a6a71a23a67a6a68 a65a76a174a6a70a62a67a23a94a6a73a62a63a37a72a34a174a6a191a6a70a37a84 a203 a204 a80a23a206 a204 a208 . a196a197a139a6a143a86a143a198a106 a105a86a199a110a111a34a108a201a200a53a178a6a202a6a178a56a55a58a82a56a195 a204 a80 a204 a207a78a64 a204 a80 a204a6a205 a196a197a139a6a143a86a143a198a106 a105a86a199a110a111a34a108a201a200a53a178a6a202a6a178a56a55a58a154a56a195 a213 a80 a214a78a80a23a206a6a64a58a85a86a72a34a61a6a71a23a71a23a68 a79a38a95a32a126a45a84a6a96a38a68 a65a38a174a37a72a34a74