Available: http://www.eurocontrol.int/eec/public/standard_page/safety_docs_Munich_2009.htmlInternational audienceThis paper describes a safety assessment study of the Minimum Safety Altitude Warning system (MSAW) using resilience engineering principles. The purpose of the MSAW system is to alert Air Traffic Controller (ATCO) of potential Controlled Flight Into Terrain and Controlled Flight Into Obstacles with sufficient warning time for appropriate instructions to be issued to pilot. The first step of the safety assessment is to identify and describe the MSAW functions by means of the Functional Resonance Analysis Method (FRAM). The impact of the introduction of MSAW in the Air Traffic Management (ATM) system is evaluated by incorporating the MSAW functions into an existing FRAM model of ATCO activities. The resulting FRAM model is then used to evaluate two scenarios to identify possible risks emerging from the introduction of MSAW. Risk identification is based on the evaluation of functions' performance variability and on the occurrence of unexpected combinations. The advantages of this approach are discussed in the conclusion of the paper
