risk management for remotely piloted aircraft systemsaaus.org.au/resources/documents/civsec... ·...

Risk Management for Remotely Piloted Aircraft Systems Dr Reece Clothier

CivSec 2016, 1st June 2016 Melbourne, Australia

Overview •  Safety risk management

–  The requirement for risk management –  What is it and where is it used

•  Risk Management and RPAS –  What are the hazards –  Assessing the risks –  Available controls –  Ongoing management

•  Summary

Copyright © 2016 Aegis Aerospace Pty Ltd 2

The requirement for risk management

•  “RPAS will have to be as safe as, or safer than, present manned operations” [1,2]

•  “Safety” is the state where accepted processes have been adopted to ensure risks are appropriately managed

•  RPAS operators must provide a detailed risk assessment –  As part of their application for a RPAS Operator’s Certificate (ReOC) –  For approvals (e.g., for operations > 400ft or BVLOS)

•  Risk management is also a requirement under WH&S regulations

•  Regulations aside –  You have a social/moral obligation –  You want to be viable (economic losses, reputation, insurance…)

3 Copyright © 2016 Aegis Aerospace Pty Ltd

What is risk management?

•  Risk management describes “coordinated activities to direct and control an organization with regard to risk” [3]

•  The risk management process describes and “formalises” the very process you use in everyday decision making: –  Whether to cross the road? –  Whether to send your credit card details to claim your winnings in a

Nigerian lottery?


Risk management process

•  CASA and ICAO follow the ISO/IEC 31000:2009 Risk Management Process [3]

•  Outcome should show how risks are being reduced –  To a level As Low As

Reasonably Practicable (ALARP)

–  So Far As Is Reasonable Practicable (SFAIRP)

5 Copyright © 2016 Aegis Aerospace Pty Ltd Image from [8]

Risk management process

•  One of the key outcomes of this process is the risk register


CASA (2012) SMS for Aviation - A Practical Guide to Safety Risk Management, Book 3

How do we use it?

•  But it’s more than just the generation of a risk register

•  The risk management process directly supports the development of organisational and operational procedures –  Documented in your operations, flight, and maintenance manuals –  Basis for your job safety assessment

•  It helps you to determine: –  the stakeholders you must engage with –  what safety equipment you need –  what procedures and processes you should follow –  what training should be undertaken


What are the primary risks?


9


Copyright © 2016 Aegis Aerospace Pty Ltd

10



Identifying the causes and contributing factors

•  There are numerous causes for the primary hazards –  Not just technical failures

•  A mishap is often the result of numerous interacting factors



•  Man, Machine, Mission, Management, Social and Physical Mediums

•  Investigate risks for all phases of flight –  From launch through to

recovery

•  And not just while you are flying –  Before, during and after an

operation


5M Model first described in Harris & Smith [4]


•  “Humans” are a key cause or contributing factor to RPA mishaps –  68% of US DoD mishaps involved “operations or maintenance

organizational, supervisory, or individual human factors” [9].

•  Errors and poor decision making often arising due to –  Inadequate training, fatigue, unawareness of autonomous modes,

spatial disorientation, loss of situational awareness, poor communication (CRM), client or management pressure, poor interface design…

•  Go beyond the remote pilot, consider ALL the humans involved: –  Maintenance, launch and recovery personnel –  Observers and payload operators –  Management and clients –  Members of the public


Assessing risk

•  You can only manage what you can measure

•  Data to support risk assessments for commercial RPA are scarce –  Use of commercial off the shelf componentry –  Changing components and system configurations –  No requirement for data collection –  No reliability on components –  Limited understanding of what data needs to be collected

•  Recent review of RPAS accidents and incidents by Wild et al. [10] for insight


Recommendations when assessing risk

•  Set up a comprehensive data collection system –  Don’t just focus on mishaps, try to capture all safety related events –  If you operate a standard type, then request information from the

manufacturer

•  Use quality components with reliability / testing data

•  Build heritage in your system by –  Maintaining a static RPAS configuration –  Securing your supply lines

•  Initially, assume it will fail and put the protections in place to manage the risk –  With data and experience you can look to relax the assumption


Treating risks

•  Any process, device, practice, or other action which modifies risk [3]

–  Comprehensive lists of controls are available (refer to [5,6])

•  Strategic and tactical controls –  Before and during the flying takes place

•  Technical and operational controls –  Devices, equipment –  Procedures, exposure, time, location, terrain

•  Management of the risk will require the implementation of numerous controls

–  Layers of an onion

Copyright © 2016 Aegis Aerospace Pty Ltd 16 Insitu Pacific Ltd ScanEagle with collision risk mitigation controls

Treating risks – Hierarchy of controls 1.  Eliminate risks so far as is reasonably practicable. 2.  If there are no available or suitable ways to eliminate a hazard or

risk, then you must consider all available and suitable ways to minimise risks, so far as is reasonably practicable by: a.  substituting a hazard with something, or a number of things, that gives

rise to a lesser risk b.  isolating the hazard from any person exposed to it c.  implementing engineering controls

3.  If there is remaining risk, it must be minimised so far as is reasonably practicable by implementing administrative controls,

4.  If a risk still remains, then suitable personal protective equipment must be provided and used.


Considerations in the choice of controls

•  Effectiveness - How effective are they in mitigating risk and how can you ensure they will remain effective?

•  Reliability – How can the controls fail or be overcome and what can you do to prevent this?

•  Availability – Are the controls usable for all missions or phases in a mission?

•  Implementation – What needs to be done to implement the controls? (e.g., training and testing)

•  Verifiability – How can I show that they have been implemented correctly?

•  Integrity – How do I know they are working correctly? •  Introduced risks - Do the controls introduce new risks? Copyright © 2016 Aegis Aerospace Pty Ltd 18

Safety management - an ongoing responsibility

19

•  You don’t just do it once and forget about it! –  There can be changes in:

•  Technologies •  Stakeholder needs and expectations •  Regulatory requirements •  Organisational environment

•  Leads to questions such as:

–  Have new risks emerged? –  Are we still meeting stakeholder objectives / safety

criteria? –  Are existing assumptions still valid? –  Are the existing treatments/controls still effective? –  Are there new risk controls available? –  Were treatments implemented as intended?


Risk Management is a Living Process

Summary

20

•  Risk management is required for the safe, efficient, socially responsible, and commercially viable operation of any RPAS –  Irrespective of your organisation’s size or category of operation, you

are required to manage the risks

•  It is a requirement for: –  ReOC and area approvals –  Provides the basis for defining operational procedures / manuals

•  It is a key component of a broader safety management system

–  SMS is a framework for the effective implementation and support of risk management practices, and the development of a positive safety culture within an organisation


References [1] Doc 10019 AN/507 “Manual on Remotely Piloted Aircraft Systems (RPAS)” International Civil Aviation Organization (ICAO), Montreal, Canada.

[2] ICAO (2011) “CIR 328 AN/190 Unmanned Aircraft Systems” International Civil Aviation Organization (ICAO), Montreal, Canada [3] AS/NZS ISO 31000:2009 (2009) “Risk Management Principles and Guidelines” International Standard. [4] Harris, D. and Harris, F.J. (2004) “Predicting the successful transfer of technology between application areas; a critical evaluation of the human component in the system”. Technology in Society, Vol. 26, pp. 551-565.

[5] Clothier, R. A., Williams, B. P., and Washington, A., (2015) “Development of a Template Safety Case for Unmanned Aircraft Operations Over Populous Areas” in “Proceedings of the SAE AeroTech 2015 Conference and Exhibit,” SAE International, Seattle. [6] Clothier, R. A., Williams, B. P., and Fulton, N. L., (2015) “Structuring the safety case for unmanned aircraft system operations in non-segregated airspace," Safety Science , Vol. 79, 2015, pp. 213-228. [7] WHS Regulation (2011) http://www.comlaw.gov.au/Details/F2011L02664/Html/Text#_Toc309803930 [8] Clothier, R. A. and Walker, R. A. (2014) “The Safety Risk Management of Unmanned Aircraft Systems”, Springer Science + Business Media B.V., Dordrecht, Netherlands, chap. 92, pp. 2229-2275.

[9] Tvaryanas, A. P., W. T. Thompson, et al. (2005). "The U.S. Military Unmanned Aerial Vehicle (UAV) Experience: Evidence-Based Human Systems Integration Lessons Learned". Strategies to Maintain Combat Readiness during Extended Deployments – A Human Systems Approach. NATO Research and Technology Organisation. Neuilly-sur-Seine, France. [10] Wild G, Murray J, Baxter G (2016) “Exploring Drone Accidents and Incidents to Help Prevent Potential Air Disasters“ Aerospace, Accepted and in Press


Dr Reece Clothier [email protected] www.aegisaero.com M: +61 (0)421 873 608

Job safety assessment

23

•  You do not need to repeat a detailed risk management plan for every operation –  However, every operation can be different

•  Job safety assessment is a “checklist style“ assessment activity undertaken for a particular mission and environment –  It is driven by your initial risk management plan –  Risk controls are listed and checked off –  Focus on the identification of any new risks specific to the job/

location –  Flight approval process


risk management for remotely piloted aircraft systemsaaus.org.au/resources/documents/civsec... ·...

Documents