Risk Management for Remotely Piloted Aircraft Systemsaaus.org.au/resources/Documents/CIVSEC... ·...
Transcript of Risk Management for Remotely Piloted Aircraft Systemsaaus.org.au/resources/Documents/CIVSEC... ·...
Risk Management for Remotely Piloted Aircraft Systems Dr Reece Clothier
CivSec 2016, 1st June 2016 Melbourne, Australia
Overview • Safety risk management
– The requirement for risk management – What is it and where is it used
• Risk Management and RPAS – What are the hazards – Assessing the risks – Available controls – Ongoing management
• Summary
Copyright © 2016 Aegis Aerospace Pty Ltd 2
The requirement for risk management
• “RPAS will have to be as safe as, or safer than, present manned operations” [1,2]
• “Safety” is the state where accepted processes have been adopted to ensure risks are appropriately managed
• RPAS operators must provide a detailed risk assessment – As part of their application for a RPAS Operator’s Certificate (ReOC) – For approvals (e.g., for operations > 400ft or BVLOS)
• Risk management is also a requirement under WH&S regulations
• Regulations aside – You have a social/moral obligation – You want to be viable (economic losses, reputation, insurance…)
3 Copyright © 2016 Aegis Aerospace Pty Ltd
What is risk management?
• Risk management describes “coordinated activities to direct and control an organization with regard to risk” [3]
• The risk management process describes and “formalises” the very process you use in everyday decision making: – Whether to cross the road? – Whether to send your credit card details to claim your winnings in a
Nigerian lottery?
4 Copyright © 2016 Aegis Aerospace Pty Ltd
Risk management process
• CASA and ICAO follow the ISO/IEC 31000:2009 Risk Management Process [3]
• Outcome should show how risks are being reduced – To a level As Low As
Reasonably Practicable (ALARP)
– So Far As Is Reasonable Practicable (SFAIRP)
5 Copyright © 2016 Aegis Aerospace Pty Ltd Image from [8]
Risk management process
• One of the key outcomes of this process is the risk register
6 Copyright © 2016 Aegis Aerospace Pty Ltd
CASA (2012) SMS for Aviation - A Practical Guide to Safety Risk Management, Book 3
How do we use it?
• But it’s more than just the generation of a risk register
• The risk management process directly supports the development of organisational and operational procedures – Documented in your operations, flight, and maintenance manuals – Basis for your job safety assessment
• It helps you to determine: – the stakeholders you must engage with – what safety equipment you need – what procedures and processes you should follow – what training should be undertaken
7 Copyright © 2016 Aegis Aerospace Pty Ltd
Identifying the causes and contributing factors
• There are numerous causes for the primary hazards – Not just technical failures
• A mishap is often the result of numerous interacting factors
Copyright © 2016 Aegis Aerospace Pty Ltd 11
Identifying the causes and contributing factors
• Man, Machine, Mission, Management, Social and Physical Mediums
• Investigate risks for all phases of flight – From launch through to
recovery
• And not just while you are flying – Before, during and after an
operation
Copyright © 2016 Aegis Aerospace Pty Ltd 12
5M Model first described in Harris & Smith [4]
Identifying the causes and contributing factors
• “Humans” are a key cause or contributing factor to RPA mishaps – 68% of US DoD mishaps involved “operations or maintenance
organizational, supervisory, or individual human factors” [9].
• Errors and poor decision making often arising due to – Inadequate training, fatigue, unawareness of autonomous modes,
spatial disorientation, loss of situational awareness, poor communication (CRM), client or management pressure, poor interface design…
• Go beyond the remote pilot, consider ALL the humans involved: – Maintenance, launch and recovery personnel – Observers and payload operators – Management and clients – Members of the public
Copyright © 2016 Aegis Aerospace Pty Ltd 13
Assessing risk
• You can only manage what you can measure
• Data to support risk assessments for commercial RPA are scarce – Use of commercial off the shelf componentry – Changing components and system configurations – No requirement for data collection – No reliability on components – Limited understanding of what data needs to be collected
• Recent review of RPAS accidents and incidents by Wild et al. [10] for insight
Copyright © 2016 Aegis Aerospace Pty Ltd 14
Recommendations when assessing risk
• Set up a comprehensive data collection system – Don’t just focus on mishaps, try to capture all safety related events – If you operate a standard type, then request information from the
manufacturer
• Use quality components with reliability / testing data
• Build heritage in your system by – Maintaining a static RPAS configuration – Securing your supply lines
• Initially, assume it will fail and put the protections in place to manage the risk – With data and experience you can look to relax the assumption
Copyright © 2016 Aegis Aerospace Pty Ltd 15
Treating risks
• Any process, device, practice, or other action which modifies risk [3]
– Comprehensive lists of controls are available (refer to [5,6])
• Strategic and tactical controls – Before and during the flying takes place
• Technical and operational controls – Devices, equipment – Procedures, exposure, time, location, terrain
• Management of the risk will require the implementation of numerous controls
– Layers of an onion
Copyright © 2016 Aegis Aerospace Pty Ltd 16 Insitu Pacific Ltd ScanEagle with collision risk mitigation controls
Treating risks – Hierarchy of controls 1. Eliminate risks so far as is reasonably practicable. 2. If there are no available or suitable ways to eliminate a hazard or
risk, then you must consider all available and suitable ways to minimise risks, so far as is reasonably practicable by: a. substituting a hazard with something, or a number of things, that gives
rise to a lesser risk b. isolating the hazard from any person exposed to it c. implementing engineering controls
3. If there is remaining risk, it must be minimised so far as is reasonably practicable by implementing administrative controls,
4. If a risk still remains, then suitable personal protective equipment must be provided and used.
Copyright © 2016 Aegis Aerospace Pty Ltd 17
Considerations in the choice of controls
• Effectiveness - How effective are they in mitigating risk and how can you ensure they will remain effective?
• Reliability – How can the controls fail or be overcome and what can you do to prevent this?
• Availability – Are the controls usable for all missions or phases in a mission?
• Implementation – What needs to be done to implement the controls? (e.g., training and testing)
• Verifiability – How can I show that they have been implemented correctly?
• Integrity – How do I know they are working correctly? • Introduced risks - Do the controls introduce new risks? Copyright © 2016 Aegis Aerospace Pty Ltd 18
Safety management - an ongoing responsibility
19
• You don’t just do it once and forget about it! – There can be changes in:
• Technologies • Stakeholder needs and expectations • Regulatory requirements • Organisational environment
• Leads to questions such as:
– Have new risks emerged? – Are we still meeting stakeholder objectives / safety
criteria? – Are existing assumptions still valid? – Are the existing treatments/controls still effective? – Are there new risk controls available? – Were treatments implemented as intended?
Copyright © 2016 Aegis Aerospace Pty Ltd
Risk Management is a Living Process
Summary
20
• Risk management is required for the safe, efficient, socially responsible, and commercially viable operation of any RPAS – Irrespective of your organisation’s size or category of operation, you
are required to manage the risks
• It is a requirement for: – ReOC and area approvals – Provides the basis for defining operational procedures / manuals
• It is a key component of a broader safety management system
– SMS is a framework for the effective implementation and support of risk management practices, and the development of a positive safety culture within an organisation
Copyright © 2016 Aegis Aerospace Pty Ltd
References [1] Doc 10019 AN/507 “Manual on Remotely Piloted Aircraft Systems (RPAS)” International Civil Aviation Organization (ICAO), Montreal, Canada.
[2] ICAO (2011) “CIR 328 AN/190 Unmanned Aircraft Systems” International Civil Aviation Organization (ICAO), Montreal, Canada [3] AS/NZS ISO 31000:2009 (2009) “Risk Management Principles and Guidelines” International Standard. [4] Harris, D. and Harris, F.J. (2004) “Predicting the successful transfer of technology between application areas; a critical evaluation of the human component in the system”. Technology in Society, Vol. 26, pp. 551-565.
[5] Clothier, R. A., Williams, B. P., and Washington, A., (2015) “Development of a Template Safety Case for Unmanned Aircraft Operations Over Populous Areas” in “Proceedings of the SAE AeroTech 2015 Conference and Exhibit,” SAE International, Seattle. [6] Clothier, R. A., Williams, B. P., and Fulton, N. L., (2015) “Structuring the safety case for unmanned aircraft system operations in non-segregated airspace," Safety Science , Vol. 79, 2015, pp. 213-228. [7] WHS Regulation (2011) http://www.comlaw.gov.au/Details/F2011L02664/Html/Text#_Toc309803930 [8] Clothier, R. A. and Walker, R. A. (2014) “The Safety Risk Management of Unmanned Aircraft Systems”, Springer Science + Business Media B.V., Dordrecht, Netherlands, chap. 92, pp. 2229-2275.
[9] Tvaryanas, A. P., W. T. Thompson, et al. (2005). "The U.S. Military Unmanned Aerial Vehicle (UAV) Experience: Evidence-Based Human Systems Integration Lessons Learned". Strategies to Maintain Combat Readiness during Extended Deployments – A Human Systems Approach. NATO Research and Technology Organisation. Neuilly-sur-Seine, France. [10] Wild G, Murray J, Baxter G (2016) “Exploring Drone Accidents and Incidents to Help Prevent Potential Air Disasters“ Aerospace, Accepted and in Press
21 Copyright © 2016 Aegis Aerospace Pty Ltd
Dr Reece Clothier [email protected] www.aegisaero.com M: +61 (0)421 873 608
Job safety assessment
23
• You do not need to repeat a detailed risk management plan for every operation – However, every operation can be different
• Job safety assessment is a “checklist style“ assessment activity undertaken for a particular mission and environment – It is driven by your initial risk management plan – Risk controls are listed and checked off – Focus on the identification of any new risks specific to the job/
location – Flight approval process
Copyright © 2016 Aegis Aerospace Pty Ltd