Название: Aircraft engineering (Морозова М. А.)
Жанр: Авиационные технологии и управление
MAINTAINABILITY DESIGN PRINCIPLES FOR AIRCRAFT MAINTENANCE ERROR AVOIDANCE
Mirce Engineering, Woodbury Park, Woodbury, Exeter EX5 1JJ, United
Kingdom E-Mail: enquiries(a),mirceengineering.com accepted August 2, 2007
1. Maintenance error
The aircraft maintenance process consists of a flow of tasks designed to maintain the safe and effective operation of the aircraft in service. Maintenance tasks typically include removal, installation, servicing, rigging, inspection, cleaning and other maintenance activities.
The execution of any maintenance task involves the possibility of error. Error in aircraft maintenance is the consequence of a complex interaction of many factors including system and maintenance task design, maintenance per- sonnel and other resources, maintenance organization, and the physical envi- ronment in which the maintenance occurs.
Maintenance error can be formally defined as the unintentional act of per- forming a maintenance task incorrectly that can potentially degrade the perfor- mance of the aircraft. For example, if a maintainer working in limited condi- tions of visual access fails to connect a component correctly the resulting main- tenance error could be an incorrect installation leading to potential failure of the component.
Human behavior is variable and is determined by a considerable range of factors that can vary significantly in different conditions and environments. Common factors can produce different responses and effects. Individual beha- viors do not display uniformity and the designer would find it difficult to gener- ate a design solution that would be applicable to the individual behaviors of maintainers. However, when designing an aircraft system or component the de- signer can address common patterns of behavior manifest in reasonably fore- seeable maintenance errors.
Empirical evidence indicates that there are common maintenance errors that tend to reoccur. Frequently occurring maintenance errors include:
■ Wrong part installed,
■ Fault not found by inspection,
■ Incomplete installation,
■ Cross connection,
■ Fault not detected,
■ Wrong orientation,
■ Access not closed,
■ Wrong fluid,
■ Servicing not performed,
■ Fault not found by test,
■ System not deactivated,
■ Material left in aircraft.
Most errors in aircraft maintenance are the result of unintentional or inap- propriate actions that lead to maintenance error in a particular set of circums- tances. There are also intentional actions on the part of the maintainer when, for some reason, it is either considered to be the correct action or a better way of performing a maintenance task. It should be recognized that maintenance error does not necessarily result in degradation of the aircraft.
An error can be recovered or corrected, before it results in consequential degradation. The consequence of maintenance error may be relatively insignifi- cant or largely economic and recoverable. However, maintenance error can po- tentially lead to catastrophic consequences with loss of both aircraft and of life.
2. Design impact
The correct completion of an aircraft maintenance task depends upon the interaction and interrelationships of the design characteristics of the aircraft and its operation in a particular environment. Design characteristics of the aircraft include technical systems and components. They also include the consequent design of maintenance tasks, procedures, manuals, tools, equipment and initial training of maintainers. Operation will include the characteristics of mainten-
ance personnel, the maintenance organization and the physical environment within which they work.
The potential for maintenance error arises where the maintainer and the aircraft interact through the maintenance task. The purpose of the aircraft is to provide a set of functions that enable its operation to deliver a safe flight that departs and arrives on schedule. The aircraft's ability to deliver safe and effec- tive flights is sustained through maintenance to ensure that it functions as and when required.
The operation, maintenance and support of an aircraft are made up of re- lated processes, which consist of tasks carried out by humans using physical re- sources.
A maintenance task can be described in the following terms:
A maintenance task is any specified set of maintenance actions that is per- formed to maintain the required function of an aircraft component or system;
■ The set of maintenance actions is related by their task requirement and their sequential occurrence in time;
■ The execution of maintenance tasks involves human actions that com- prise of some combination of cognitive («thinking») and physical action («doing»);
■ Each task requires an expected level of maintenance performance to be complete each action and the task as a whole.
The successful completion of a maintenance task as specified therefore involves:
■ The human performance and limitations (e.g. vision, hearing, physique, perception, memory, fatigue, etc.);
■ System and process design – the demands placed on human perfor- mance that are the result of design (e.g. operation, maintenance and support task and resource demands);
■ System and process operation – the demands placed on human perfor- mance that are a result of operation (e.g. organization, procedures, etc.);
■ Physical environment – the demands placed on human performance that are a result of the physical environment in which the task is performed (e.g. climate, temperature, noise, illumination, etc.).
Aircraft designers are not in a position to control or directly influence all these factors. Nevertheless, the design of aircraft systems and components can have a significant impact on maintenance performance. System and component design characteristics can promote correct performance of the maintenance task. Importantly, design characteristics can potentially reduce the likelihood and consequences of maintenance errors and hazards to the maintainer safeguarding both the aircraft and the maintainer.
As previously stated, the maintainer and the aircraft interact through the maintenance task. It is through the maintenance task that the aircraft affects the performance of the maintainer and the maintainer affects the performance of the aircraft. The design of the system or component will influence the type, fre- quency and duration of maintenance tasks carried out in operation.
Key questions for the designer to consider are:
■ what types maintenance tasks does the design generate and what actions do they involve?
■ how often is the maintenance task needed and how long will it take?
■ what demands does the design place upon the capabilities of the main- tainer to complete maintenance task?
■ can the demands of the task exceed the possible limitations of the main- tainer?
The complexity of design configuration, physical form, weight, location, and access, method of installation, visual information and similar factors play an important part in determining the demands placed upon the level of mainten- ance performance required to successfully complete a maintenance task. Differ- ent designs will have different effects on maintenance performance. For exam- ple, the use of fewer parts may influence how easy it is to do the task – improv- ing maintenance performance and reducing the likelihood of maintenance error.
Aircraft maintenance often involves complex processes that place consi- derable demands upon the maintainer to perform at the level required by the
maintenance task. Maintenance often occurs in environments that also often place considerable demands upon the maintainer.
It is important to recognize the human capabilities and limitations of the maintainer and the capabilities and limitations that are inherent in any aircraft design. It involves the design of aircraft so that the relationship between the air- craft design and the maintainer affected through the maintenance task will result in optimal maintenance performance that minimizes demands on maintainers that could lead to maintenance error.
The design of aircraft systems and components and the operational envi- ronment in which that design functions will influence the behavior of the main- tainer – for example, how easy it is to complete the task. Design characteristics can generate tasks that are within the capabilities and limitations of the main- tainer that have a potentially positive effect on maintenance performance. Equally, design characteristics can challenge the capabilities and limitations of the maintainer and have a potentially negative effect on maintenance perfor- mance. Amongst other consequences, such as decreased maintenance efficien- cy, this could lead to error or personal injury during maintenance.
Design can therefore affect the vulnerability of an aircraft to maintenance error and the consequences of that error. By actively integrating general prin- ciples that address maintenance error into the design process, it is possible to create design characteristics that can possibly prevent or reduce maintenance error (e.g. sealed units or colour coding), or, eliminate or mitigate the conse- quences of maintenance error (e.g. isolation or partial operation).
3. General design principles
In developing design strategies and principles that enable the practical realization of these strategies through physical design characteristics, it is im- portant to recognize that error is an integral and important part of fundamental human behavior – it is part of the normal cognitive and learning processes of the human. Indeed, error in itself is not inherently problematic. It is only prob- lematic when its consequences bring about unwanted or negative consequences. Design strategies should therefore attempt to avoid errors or to contain the con-
sequences before they become negative. Error in maintenance is a normal part of maintenance operations that can be addressed during the design process.
Design strategies may revolve around two basic approaches. The first is avoidance of error. Here the error may be completely avoided by prevention. Examples of this type of strategy include designing out operation significant maintenance tasks, the design of components that are physically impossible to assemble or install incorrectly and the use of staggered part positions that re- quire a specific configuration or sealed units that do not require intervention.
It is also possible to reduce the frequency of occurrence of error. Exam- ples of error frequency reduction include the use of different part numbers, co- lour coding, shaped switch tops, locking switches, standard display formats, standard direction of operation, convenient access panels, reduction of servicing frequency, protection against accidental damage, or lubrication points that do not require disassembly.
The second is tolerance of error. Here mechanisms to detect error, to re- duce the impact of error, and to recover error may be employed. Mechanisms to detect error may include built-in tests, functional tests, illuminated test points, functionally grouped tests or warning lights. Detection error can also include initial training of the maintainer for system state recognition.
Reduction of the impact of error can be achieved through strategies such as isolation of the consequences of error, the ability for partial operation or the use of redundancy in systems or components. Recovery of error may be achieved through self-correction, the development of recovery procedures or specific training for error recovery.
Specific design objectives can be summarized as follows:
■ Design that absolutely eliminates any possibility of an identified main- tenance error or eliminates its consequences;
■ Design that reduces the size of an identified maintenance error or re- duces the extent of its consequences;
«Design that reduces how often an identified maintenance error, or how often its consequences, are likely to occur. Design that ensures that the main-
tenance error or its consequences is evident under all maintenance conditions, easy and rapid to detect, and is detected before flight».
In practice, the strategies of avoidance and tolerance are complementary and it may be felt necessary to design using a combination. An error tolerant design may be combined with error avoidance mechanisms to produce a robust design. Total avoidance of error may be considered to be an ideal given the na- ture and variability of human performance – error tolerance will capture and contain errors that fail avoidance mechanisms.
The general design principles discussed below provide practical means by which these strategies can be realized.