200 likes | 319 Views
SAFETY REGULATION COMMISSION. EUROCONTROL. ESARR 1 IMPLEMENTATION WORKSHOP. The agenda…. Tuesday afternoon: ESARR 1 and SES working together and some basic things (e.g. definitions) Wednesday morning: Safety Regulatory Audit Process Wednesday afternoon: Safety Oversight of Changes
E N D
SAFETY REGULATION COMMISSION EUROCONTROL ESARR 1 IMPLEMENTATION WORKSHOP
The agenda… Tuesday afternoon: • ESARR 1 and SES working together • and some basic things (e.g. definitions) Wednesday morning: • Safety Regulatory Audit Process Wednesday afternoon: • Safety Oversight of Changes • Safety Directives Thursday morning: • A national perspective (France) • Certification Process
SAFETY REGULATION COMMISSION EUROCONTROL ESARR 1 IMPLEMENTATION WORKSHOP ESARR 1 IMPLEMENTATION WORKSHOP Safety Oversight of Changes
CE-1 Primary Aviation Legislation CE-3 CE-2 Organisation Regulations ESTABLISH Technical Guidance Qualification and Training CE-5 CE-4 IMPLEMENT Authorization and Approval Obligations Surveillance Obligations Resolution of Safety Issues CE-6 CE-7 CE-8
verification SAFETY AUDITING SAFETY OVERSIGHT OF CHANGES SAFETY REGULATORY CAPABILITIES (Section 9) MONITORING OF SAFETY PERFORMANCE (Section 4) VERIFY SAFETY REGULATORY RECORDS (Section 11) SAFETY OVERSIGHT ANNUAL REPORT (Section 12) SAF. OVERSIGHT OF NEW SYS & CHANGES HOW Use of Recognised Organisations (Section 8) SAF. REG.AUDITING SAFETY DIRECTIVES (Section 10)
verification SAFETY AUDITING SAFETY OVERSIGHT OF CHANGES VERIFY SAF. OVERSIGHT OF NEW SYS & CHANGES HOW SAF. REG.AUDITING
VERIFY (Section 5.1) • Compliance before issuing/renewing a Certificate • Compliance before issuing/renewing a Designation • Continuous compliance • Implementation of safety argument of new systems and changes SAFETY OVERSIGHT OF NEW SYSTEMS AND CHANGES REVIEW SAFETY ARGUMENT (Sections 7.3, 7.5, 7.6) HOW DO YOU VERIFY (Section 5.2) Major Minor ACCEPTANCE Additional Safety conditions CLASSIFY CHANGES (Sections 7.1, 7.2) Accepted through ATM provider procedures (Section 7.4) SAFETY REGULATORY AUDITING (Section 6)
Safety Oversight of Changes TWO SUBJECTS: ACCEPTANCE OF CHANGES BY THE NSA VS. ACCEPTANCE OF THE SERVICE-PROVIDER’S PROCEDURES TO IMPLEMENT CHANGES • LINKS WITH CONFORMITY ASSESSMENT • Basic concepts • Possible approach in detail • (how the review of safety arguments would look like • in relation to conformity assessment)
Allways ! Change associated with hazards with effects on aircraft safety classified with severity 1 to 2 (hazards with potential to lead to an accident of serious incident) the ANSP runs its Risk Assessment & Mitigation Process Change (new system or change to existing system) • IF THE CHANGE IS PUT IN THIS BASKET: • The ANSP can decide whether the system can be implemented without any indication from the NSA • To that end, the ANSP follows procedures previously accepted by the NSA • IF THE CHANGE IS PUT IN THIS BASKET: • Its safety argument (safety case) is • reviewed by the NSA • The change can only be implemented by the ANSP if the NSA says the safety argument is OK
Change associated with hazards with effects on aircraft safety classified with severity 3 to 5 the ANSP runs its Risk Assessment & Mitigation Process Change (new system or change to existing system) HOWEVER the NSA has discretion to put the change in the other basket if the NSA wants In principle • IF THE CHANGE IS PUT IN THIS BASKET: • The ANSP can decide whether the system can be implemented without any indication from the NSA • To that end, the ANSP follows procedures previously accepted by the NSA • IF THE CHANGE IS PUT IN THIS BASKET: • Its safety argument (safety case) is • reviewed by the NSA • The change can only be implemented by the ANSP if the NSA says the safety argument is OK
VERIFY (Section 5.1) • Compliance before issuing/renewing a Certificate • Compliance before issuing/renewing a Designation • Continuous compliance • Implementation of safety argument of new systems and changes SAFETY OVERSIGHT OF NEW SYSTEMS AND CHANGES REVIEW SAFETY ARGUMENT (Sections 7.3, 7.5, 7.6) HOW DO YOU VERIFY (Section 5.2) Major Minor ACCEPTANCE Additional Safety conditions CLASSIFY CHANGES (Sections 7.1, 7.2) Accepted through ATM provider procedures (Section 7.4) SAFETY REGULATORY AUDITING (Section 6)
“For the purpose of this requirement” ... The classification is only intended as a step of an internal NSA process MAJOR = as a minimum, those changes whose assessment of the potential effects of hazards on the safety of aircraft, conducted in accordance with ESARR 4, identifies hazards with potential to lead to an accident of serious incident • Implementation of safety argument of new systems and changes SAFETY OVERSIGHT OF NEW SYSTEMS AND CHANGES REVIEW SAFETY ARGUMENT (Sections 7.3, 7.5, 7.6) Major Minor ACCEPTANCE Additional Safety conditions CLASSIFY CHANGES (Sections 7.1, 7.2) Accepted through ATM provider procedures (Section 7.4) SAFETY REGULATORY AUDITING (Section 6) As a minimum, the NSA’s acceptance is required for all changes classified as major These provider procedures must be accepted by the NSA ... and its operation will be subject to NSA auditing
QUESTIONS ? • COMMENTS ? • VIEWS ?
Safety Oversight of Changes TWO SUBJECTS: TWO SUBJECTS: ACCEPTANCE OF CHANGES BY THE NSA VS. ACCEPTANCE OF THE SERVICE-PROVIDER’S PROCEDURES TO IMPLEMENT CHANGES ACCEPTANCE OF CHANGES BY THE NSA VS. ACCEPTANCE OF THE SERVICE-PROVIDER’S PROCEDURES TO IMPLEMENT CHANGES • LINKS WITH CONFORMITY ASSESSMENT • Basic concepts • Possible approach in detail • (how the review of safety arguments would look like • in relation to conformity assessment) • LINKS WITH CONFORMITY ASSESSMENT • Basic concepts • Possible approach in detail • (how the review of safety arguments would look like • in relation to conformity assessment)
WHAT ABOUT THE LINKS BETWEEN: • EC VERIFICATION OF (TECHNICAL) SYSTEMS • EC ASSESSMENT OF CONFORMITY OR SUITABILITY FOR USE OF CONSTITUENTS • ESARR 4 RISK ASSESSMENT AND MITIGATION PROCESS
INTEROPERABILITY REGULATION For a system (a technical system in ESARR 1): ANSP is responsible for an “EC Verification” and issues an EC Declaration of Verification of System For constituents: Manufacturer is responsible for an assessment of conformity or suitability for use of constituents and issues an EC Declaration of Conformity or Suitability The tasks of these activities will be determined in the interoperability implementing rules that will be developed. These two activities and their outputs may need to be considered as part of the safety argument to be reviewed in relation to the introduction of changes to the ATM system
ESARR 1 • Safety Oversight of Changes • (Review of Safety Argument) NSA • ESARR 4 / Common Requirements • Risk Assessment and Mitigation • Interoperability Regulation • Issue Declaration of Verification of System ANSP • Interoperability Regulation • Issue Declaration of Conformity or • Suitability for Constituents Manufacturer HOW DO WE FIT ALL THIS ?
TF 552/2004 Overall design TF 552/2004 Development integration of the system TF TF 552/2004 Operational system integration TF TF Declaration of verification NSA ANSP development industry Common requirements ESARR1 Specification of a change / impact analysis Classification Decision for a Review process Design Task A… milestones for NSA verification procedure Development Task B… EC d. Integration Task C… Installation Third part verification … Validation Test report NSA acceptance operation
Common Requirements + ESARR1 Safety related conditions in IR EATMN « EFDP» Safety related conditions in IR Change in ATM Safety related conditions in IR Safety Acceptance Plan Identification of Tasks and milestones for verification of safety applied to the change EATMN« SDPS » EATMN « HMI » Safety related conditions in IR EATMN : European air Traffic management network
QUESTIONS ? • COMMENTS ? • VIEWS ?