In recent years there have been developments in guidance materials for system development processes and research into new approaches for system safety assessments. However, there has been limited research that has systematically evaluated how design engineers and safety analysts conduct their evaluations of systems, and how the design of their tasks, tools, training and guidance material can be improved so that the likelihood of design errors is minimised.
For the data-spike failure mode, the built-in test equipment of the LTN 101 air data inertial reference unit was not effective, for air data parameters, in detecting the problem, communicating appropriate fault information, and flagging affected data as invalid.
One of the aircraft’s three air data inertial reference units (ADIRU 1) exhibited a data-spike failure mode, during which it transmitted a significant amount of incorrect data on air data parameters to other aircraft systems, without flagging that this data was invalid. The invalid data included frequent spikes in angle of attack data. Including the 7 October 2008 occurrence, there have been three occurrences of the same failure mode on LTN-101 ADIRUs, all on A330 aircraft.
The existing take-off certification standards, which were based on the attainment of the take-off reference speeds, and flight crew training that was based on monitoring of and responding to those speeds, did not provide crews a means to detect degraded take-off acceleration.
The failure of the digital flight data recorder (DFDR) rack during the tail strike prevented the DFDR from recording subsequent flight parameters.
A number of operators of the PZL M-18 Dromader aircraft had not applied the appropriate service life factors to the aircraft’s time in service for operations conducted with take-off weights greater than 4,700 kg, as required by the aircraft’s service documentation. Hence the operators could not be assured that their aircraft were within their safe service life.
The operator’s training and processes in place to enable flight crew to manage distractions during the pre-departure phase did not minimise the effect of distraction during safety critical tasks.
The lack of a designated position in the pre-flight documentation to record the green dot speed precipitated a number of informal methods of recording that value, lessening the effectiveness of the green dot check within the loadsheet confirmation procedure.
Operation of the M-18A in accordance with Civil Aviation Safety Authority exemptions EX56/07 and EX09/07 at weights in excess of the basic Aircraft Flight Manual maximum take-off weight (MTOW), up to the MTOW listed on the Type Certificate Data Sheet, may not provide the same level of safety intended by the manufacturer when including that weight on the Type Certificate.
The lack of a requirement for a charter-specific risk assessment in this case meant that the risks associated with the charter were not adequately addressed.
The procedural and guidance framework for commercial balloon operations generally, did not provide a high level of assurance in regard to the safe conduct of low flying.
The Society of Automotive Engineers specification AS7477 was ambiguous in relation to the requirement to cold roll the head-to-shank fillet radius of MS9490-34 bolts.
A number of non-cold rolled bolts were installed on PT6A-67 series engines during manufacture and overhaul
The scheduled maintenance requirements for ex-military UH-1 series helicopters may not adequately address the increased risk of fatigue failures associated with repetitive heavy lifting operations that were not considered in the original design fatigue calculations.
There were no soft and hard triggers in the operator’s Flight Operational Quality Assurance system to monitor the selection of the aircraft’s landing gear during an approach.
There was no correlation between the results of the operator’s Flight Operational Quality Assurance and Air Safety Incident Report investigations.
The conflicting requirements and definitions in the operator’s publications in relation to the pilot not flying role had the potential to diminish the importance of monitoring as an essential element in an aircraft’s safe operation.
Windshields manufactured with terminal block fittings containing polysulfide sealant (PR1829) have been shown to be predisposed to premature overheating failure that could lead to the development of a localised fire.
The aircraft maintenance manuals did not include the operating specifications of the replacement cabin altitude warning pressure switch hampering the required verification of switch serviceabilty.
The cabin altitude warning pressure switch maintenance manual wiring diagram did not provide a clear indication of the wiring connections for the superseded switch.
