Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
20 October 2010
© Det Norske Veritas AS. All rights reserved. 2
PBN Manual and AMC 20-26
PBN Manual
- A FOSA should be conducted for RNP AR APCH procedures where aircraft specific
characteristics, operational environment, obstacle environment, etc., warrant an additional
review to ensure operational safety objectives are still achieved. The assessment should
give proper attention to the interdependence of the elements of design, aircraft capability,
crew procedures and operating environment.
AMC 20-26
- A FOSA should be conducted for each RNP AR approach procedure where:
- More stringent aspects of the nominal procedure design criteria are applied (e.g. RF legs, RNP final
approaches less than 0.3 and missed approaches less than 1.0)
- The application of the default procedure design criteria is in an operating environment with special
challenges or demands
They do not say that a FOSA is needed for every RNP AR APCH procedure
20 October 2010
© Det Norske Veritas AS. All rights reserved. 3
Why is a FOSA needed?
Procedure design – no buffers or
4 RNP
tapering of obstacle clearance
areas 2 RNP
20 October 2010
© Det Norske Veritas AS. All rights reserved. 4
Guidance on FOSA – How to conduct one?
When the PBN manual and AMC
20-26 were being drafted there
was not much guidance on FOSA
2-3 pages of helpful hints
A number of stakeholders were
asking “what do we need to do?”
ICAO’s Instrument Flight
Procedures Panel (IFPP)
expressed concern about lack of
guidance
EUROCONTROL took action to
address this concern in the
absence of any other willing
organisation at the time
20 October 2010
© Det Norske Veritas AS. All rights reserved. 5
Overall Approval Package
FOSA is part of the overall documentation package, including:
- Aircraft qualification and capability;
- Procedure and airspace design;
- Navigation data base validation programme;
- Maintenance procedures;
- Training (flight crew, dispatch, ATC);
- MEL revision (as required);
- Operational procedures requirements;
- Conditions or limitations for approval;
- Air traffic environment and operations; and
- RNP monitoring programme.
20 October 2010
© Det Norske Veritas AS. All rights reserved. 6
Objectives of a FOSA
The FOSA should ensure that for
Aircraft
each specific set of operating Performance Navigation/
Information
conditions, aircraft and Services
environment, all failure conditions
are assessed and, where Flight Crew
necessary, mitigations are Operations
FOSA Infrastructure
implemented to meet the safety
criteria. Aircraft
Failures
The assessment should give
ATC
proper attention to the inter- Operating Operations
dependence of the elements of Conditions
procedure design, aircraft
capability, crew procedures and
operating environment.
FOSA acts as the glue,
ensuring all these elements add
up to a safe whole
20 October 2010
© Det Norske Veritas AS. All rights reserved. 7
Examples of Dependencies - 1
If there are aircraft failures or
Aircraft
extreme operating conditions – do Performance Navigation/
Information
the flight crew know how to Services
respond?
Flight Crew
Operations
FOSA Infrastructure
Aircraft
Failures
ATC
Operating Operations
Conditions
20 October 2010
© Det Norske Veritas AS. All rights reserved. 8
Examples of Dependencies - 2
If there are aircraft failures or
Aircraft
extreme operating conditions – do Performance Navigation/
Information
the flight crew know how to Services
respond?
Flight Crew
Operations
FOSA Infrastructure
If ATC provides a clearance for
an RNP AR APCH to an aircraft/ Aircraft
crew not suitably equipped/ Failures
approved do the flight crew know ATC
Operating Operations
what to do?
Conditions
20 October 2010
© Det Norske Veritas AS. All rights reserved. 9
Examples of Dependencies - 3
If there are aircraft failures or
extreme operating conditions – do Aircraft
Performance Navigation/
the flight crew know how to Information
respond? Services
Flight Crew
If ATC provides a clearance for Operations
Infrastructure
an RNP AR APCH to an aircraft/ FOSA
crew not suitably equipped/
approved do the flight crew know Aircraft
what to do? Failures
ATC
Operating Operations
Conditions
If there is an infrastructure
problem, what information needs
to be provided, does ATC know
how to react, do flightcrew know Such dependencies in context
what the impact will be? of a specific, potentially
challenging, procedure where
timely decisions could be critical
20 October 2010
© Det Norske Veritas AS. All rights reserved. 10
EUROCONTROL Project Case Study 1 - Bastia
Bastia, Corsica, France
Working group members - DGAC/
DSNA/ Air France/ Airbus/ Thales
Several iterations on the procedure
design – all flown in simulator,
Airbus A320
Series of safety workshops –
informal optimisation of design +
formal FOSA sessions
20 October 2010
© Det Norske Veritas AS. All rights reserved. 11
EUROCONTROL Project Case Study 2 - Tromsø
Tromsø, Norway
Working group members -
Luftfartstilsynet/ Avinor/ SAS
Design submitted to ANSP and carrier at
end of November 2008
Simulator trials carried out in Jan 2009,
Boeing 737NG
Safety workshop in May 2009
Test flights completed in Aug 2009
20 October 2010
© Det Norske Veritas AS. All rights reserved. 12
Key FOSA Characteristics
Primarily an aircraft centred qualitative assessment
However, needs to take account of factors outside the aircraft, e.g. ATC,
procedure design, specific navigation infrastructure, etc.
Historic reliance on subject mater expert assessment
Relies on aircraft airworthiness certification process
FOSA extends examination of hazards and mitigations
20 October 2010
© Det Norske Veritas AS. All rights reserved. 13
FOSA Steps - Overview
1. System
definition
2. Setting safety
criteria
3. Identification
of hazards
6. Determination of
potential mitigations
Risk reduction
7. Risk acceptability
Fails to measures
meet criteria
Meets
criteria
8. Documentation
of FOSA
20 October 2010
© Det Norske Veritas AS. All rights reserved. 14
FOSA Step 1
1. System
Step 1 System Definition definition
- Information to be gathered:
2. Setting safety
- Procedure design criteria
- Aircraft, e.g. compliance against
AMC 20-26 3. Identification
- Flight crew & dispatch procedures of hazards
and training
- Proposed MEL 5. Causal analysis &
4. Consequence analysis
- Nav infrastructure likelihood estimation
- ATC facilities
- Airport and airspace environment 6. Determination of
potential mitigations
- Etc.
- Assumptions checklists (e.g. against
Risk reduction
AMC 20-26, section 4) 7. Risk acceptability
Fails to measures
meet criteria
Meets
criteria
8. Documentation
of FOSA
20 October 2010
© Det Norske Veritas AS. All rights reserved. 15
FOSA Step 2
1. System
Step 2 Setting Safety Criteria definition
8. Documentation
of FOSA
20 October 2010
© Det Norske Veritas AS. All rights reserved. 16
FOSA Step 3
Hazard Hazard Hazard Reference / Step 3 Hazard ID
Grouping Ref. Source - Group based
ATC ATC 01 Procedure assigned to PBN / AMC 20- workshops are an
Operations incapable aircraft 26 effective method
ATC 02 Inappropriate vectoring or PBN / AMC 20- - Mix of skills and
“Direct To” 26 knowledge
ATC 03 Separation or sequencing Previous - Supported by
errors Eurocontrol checklists
Safety Case
ATC 04 Provision of incorrect Previous
pressure and/or temperature Eurocontrol
data Safety Case
ATC 05 Lost communications Previous
Eurocontrol
Safety Cases
Flight FC 01 Erroneous barometric PBN / AMC 20-
Crew altimeter settings 26
Operations
2. Setting safety
criteria
Hazard Navigation database errors (NS 01)
3. Identification
Consequences • Vertical or lateral deviation from of hazards
intended route
• Loss of obstacle / terrain clearance
Risk reduction
7. Risk acceptability
Fails to measures
Example Table meet criteria
Meets
criteria
8. Documentation
of FOSA
20 October 2010
© Det Norske Veritas AS. All rights reserved. 18
FOSA Step 5
1. System
Step 5 Causal analysis definition
2. Setting safety
criteria
Hazard: Navigation database errors (NS 01)
Risk reduction
7. Risk acceptability
Fails to measures
Example Table meet criteria
Meets
criteria
8. Documentation
of FOSA
20 October 2010
© Det Norske Veritas AS. All rights reserved. 19
FOSA Steps 6 & 7
Step 6 Mitigations
ATC Operations Hazards - Document planned
Hazard Planned Causal Planned Potential Extra mitigations
Mitigations Consequential Mitigations - Identify potential
Mitigations
extra mitigations
Procedure - Flight Crew are Go-around if In trial and early
assigned responsible for declining approach is not operations, flight
to inappropriate clearance fully prepared crew will ask ATC
incapable for RNP AR Step 7 Risk
aircraft or - Flight crew check of AR approach. Will not
crew equipment availability be offered always
Acceptability
(ATC 01) prior to approach on request. - Look at hazard v
- Approach specific Special
mitigations
training for ATC (PBN phraseology to be balance
6.2.6) developed.
- Determine
mitigations which
are required
Example Table
20 October 2010
© Det Norske Veritas AS. All rights reserved. 20
FOSA Step 7 (cont’d)
20 October 2010
© Det Norske Veritas AS. All rights reserved. 21
FOSA Step 8
1. System
Step 8 Documentation of FOSA definition
20 October 2010
© Det Norske Veritas AS. All rights reserved. 22
Linkage to AMC 20-26
AMC 20-26
RNP System
Analysis in context of Reqts.
Performance Analysis demanding environment/
procedure
Normal Aircraft Aircraft Failures Failures based on existing
Performance Analysis SSAs
OEM
Flightdeck procedures and
Certification
RNP norm RNP non norm Ops Package recommended training
FOSA
ATC Operations
Aircraft Aircraft Flight Crew Aircraft
Performance Failures Operations + Nav Services
Operator
Infrastructure
In context of specific environment & procedure Approval
Operating Conditions
20 October 2010
© Det Norske Veritas AS. All rights reserved. 23
Scale of FOSA
1. Potential for
e.g. 0.20 RNP non norm less detailed
FOSA
3. Not
e.g. 0.10 RNP norm
Achievable
20 October 2010
© Det Norske Veritas AS. All rights reserved. 24
Typical Participants in a FOSA
FOSAs are often initiated by an Aircraft Operator (AO) wishing to obtain
approval to fly an RNP AR procedure.
In conducting the FOSA the AO will obtain inputs from:
- Aircraft and Avionics Manufacturers; and
- Air Navigation Service Provider (Procedure Designer, Air Traffic Controllers,
Airspace Planners, Navaid Infrastructure Specialists, AIM Department, etc.).
20 October 2010
© Det Norske Veritas AS. All rights reserved. 25
FOSA and the ANSP Safety Case
When the RNP AR procedure is a new implementation this will
represent an ATM change and an Air Navigation Service Provider
(ANSP) may also be expected to undertake a safety risk assessment.
For example a European ANSP will be expected to undertake a safety
risk assessment compliant with ESARR4 or Commission Regulation No.
2096/ 2005.
ANSP safety case for the RNP AR operation will draw on FOSA findings
and will have to validate any ANSP-specific assumptions made during
the FOSA (ATC phraseology, ATC contingency procedures etc)
20 October 2010
© Det Norske Veritas AS. All rights reserved. 26
Approval Process – Seeking Efficiencies
An approval is specific to a given combination of RNP AR approach, aircraft type
and AO.
This presents organisational challenges in the case of a foreign AO wanting to
conduct an RNP AR APCH.
It would be expected that the foreign AO liaise with the relevant European ANSP to
ensure that their respective safety studies are consistent and to ensure that they will
be allowed to use the RNP AR approach.
This liaison may involve the ANSP or relevant regulator supplying information about
what is required in the FOSA and what special safety requirements have been
applied to other AOs using that particular RNP AR procedure.
It would clearly be helpful if the FOSA conducted by the first AO to fly the RNP AR
procedure was available to subsequent AOs, although it must be ensured that each
AO complete the RNP AR implementation process fully.
20 October 2010
© Det Norske Veritas AS. All rights reserved. 27
Lessons Learnt
20 October 2010
© Det Norske Veritas AS. All rights reserved. 28
Value of Early Iterations
Before
After
20 October 2010
© Det Norske Veritas AS. All rights reserved. 29
Conclusions
FOSA is a valuable tool in establishing the safety of RNP AR
APCH operations and in facilitating approval.
FOSA provides a systematic process for checking that risks
are adequately mitigated across the range of hazards.
EUROCONTROL’s FOSA guidance fills a gap and provides a
tested basis for further development.
Future guidance planned looking at RNP AR traffic separation
applications and departures.
20 October 2010
© Det Norske Veritas AS. All rights reserved. 30
Safeguarding life, property
and the environment
www.dnv.com
20 October 2010
© Det Norske Veritas AS. All rights reserved. 31