Monitoring safety during airline operations : a systems approach

Abstract

Thesis: S.M., Massachusetts Institute of Technology, Department of Aeronautics and Astronautics, 2017.Cataloged from PDF version of thesis.Includes bibliographical references (pages 81-83).Flight Operation Quality Assurance (FOQA) programs are today customary among major airlines. Technological progress has made it possible to monitor more than 1000 parameters per flight. Given the limited amount of resources an airline can allocate to analyze this amount of data, a need has emerged for more effective approaches to extract useful information out of FOQA programs. A new approach to flight data monitoring and analyzing is presented in this thesis, with the intent to help air carriers identify unsafe system behavior during operations. This new approach builds on two main concepts: hazard analysis based on system theory (STPA - System Theoretic Process Analysis) and hazard management through assumptions identification and leading indicators. STPA is a new hazard analysis technique that allows taking into account not only hardware failures, but also human behavior, requirement flaws, organizational aspects and non-linear component interactions. Once hazard scenarios are identified, mitigation actions are put in place to deal with these hazards, and the assumptions that lie behind these mitigation measures are made explicit. The objective is to define key parameters that allow monitoring the validity of the assumptions through the use of FOQA data. These parameters are called leading indicators. The use of the flight data monitoring approach presented in this thesis is particularly beneficial when it comes to monitoring human behavior since humans are the part of the system on which the greatest number of assumptions is made (respect of procedures, knowledge of automation, situational awareness etc.). Moreover, by linking assumptions identification to FOQA data it is possible to continuously monitor whether the mitigation measures put in place are really effective or not. In other words the loop between the design phase of a system and its operations is closed.by Andrea Scarinci.S.M