Development of a military Operating Safety Case Report - Adelard

UNCLASSIFIED 

Development of a military 

Operating Safety Case Report 

Mark Templeton 

A presentation to: The ASCE User Group 

Thursday 6 th December 2012 

Ref: QINETIQ/TIS/S&AS/PUB1203018/1 

All example data and screenshots in this presentation 

were developed by QinetiQ under contract to the UK 

Defence Evaluation & Support organisation 

© Copyright QinetiQ Limited 2005-2012 QinetiQ Proprietary 

1

UNCLASSIFIED 

Contents slide 

1 The task – an outline 

2 Initial GSN 

3 Initial tuning 

4 Colour scheme 

5 Evidence capture 

6 Traffic lights 

7 Automating the export 

8 The last minute 

9 The result 


2

UNCLASSIFIED 

1 The task – an outline 

Customer requirements 

• Safety Case Report 

− Primarily to demonstrate Operation of the fleet will be acceptably safe 

− Demonstrate progress to the men in long trousers 

− Manage a staged Release To Service 

− Identify missing evidence 

− Identify “critical path” evidence 


3

UNCLASSIFIED 

2 Initial GSN 

Initial safety argument 

• Developed pre-contract 

• Massive – 645 nodes 

Figure 1: Initial safety argument 


4

UNCLASSIFIED 

3 Initial tuning 1/3 

Wall charts 

• Four A0 charts 

• Single plot 2.1m long 

Issues 

• Very hard to navigate 

• Easy to get lost 

• Where can I find X? 

• Have we already considered Y? 

• Hard to manage “split” issues 

− Certified equipment, 

− maintained well, 

− risks to maintainers, operators and public 


5

UNCLASSIFIED 


Figure 2: Key to safety argument 


6

UNCLASSIFIED 


New argument – supporting 

User Views 

• Easy to maintain 

• Hard to get lost 

• Only 436 nodes now! 

• Example… 

Figure 3: Initial Top Level view 


7

UNCLASSIFIED 

4 Colour scheme 1/3 

Too much red! 

Figure 4: Embarrassingly red Top Level view 


8

UNCLASSIFIED 


New schema: 

C1.1 

C1.7 

• Swap spectra and status 

Safety 

Regulatory 

Authorities 

Definition of 

required RAF 

Military Roles 

• Better ownership 

• Add second status 

C1.2 

Definition of 

Tolerably Safe 

C1.3 

[>] 

G1 

XXX is tolerably safe to operate 

C1.8 

Definition of XXX 

Service 

− Status now and at RTS 

• Example… 

Defining 

document: XXX 

Safety 

Management 

Plan" 

M1.6 

C1.9 

KURs, SOIU 

Definition of XXX 

system 

C1.5 

Secretary of 

State's Safety & 

Environmental 

Protection Policy 

[>] 

[>] 

G1.4 

G1.10 

The aircraft is 

safe 

Operations are 

carried out safely 

[>] 

G1.11 

XXX SMS is effective in 

managing safety of the 

service 

[>] 

G1.12 

All assumptions and 

prerequisites are 

discharged 

Figure 5: Enhanced Top Level view 


9

UNCLASSIFIED 


One level down 

• Project Team responsible to ensure aircraft is safe… 

• Retain airworthiness responsibility 

• Delegate some responsibility to Design Organisation… 

• …and some to Operator 

Figure 6: Colour denotes ownership 


10

UNCLASSIFIED 

5 Evidence capture 1/3 

Plugin: GSN Status of Evidence 

• Identify: 

− evidence, 

− expected date of arrival, 

− contracted date, 

− owner 

Process 

• Create spreadsheet from table of ASCE Solutions 

• Manual reconciliation took around two days 

• Developed Status of Evidence plugin 

− Press “Create” and… 

Figure 7: Dialog box for plugin 


11

UNCLASSIFIED 


Create spreadsheet 

• New Excel spreadsheet created 

• Keys 

− Column A 

− Row 1 

• Other fields all editable 

Figure 8: Spreadsheet created by plugin 


12

UNCLASSIFIED 


Synchronise 

• “Synchronise” button on plugin 

• For each changed Solution node 

− Display text 

− Select action 

• Result 

− Model updated 

− New spreadsheet 

Figure 9: Data comparison by plugin 


13

UNCLASSIFIED 

6 Traffic lights 

Plugin: Update twin status fields 

• 436 nodes x 2 traffic lights = 872 data items 

• A manual nightmare 

• Modified Goal Completed plugin 

G1 

− Support for second status field 

− New logic 

• Around 2 seconds to update all fields 

G1.1 G1.2 G1.3 

G1.1.1 

G1.1.2 G1.2.1 G1.2.2 G1.3.1 

S1.1.1.1 S1.1.1.2 S1.1.2.1 S1.1.2.2 S1.2.1.1 S1.2.1.2 S1.2.2.1 S1.2.2.2 S1.3.1.1 S1.3.1.2 

Figure 10: Traffic light demo 


14

UNCLASSIFIED 

7 Automating the export 1/2 

Plugin: One click export 

• Simplistic approach 

− Use ACSE as a graphical editor 

− Copy and paste diagrams to word processor 

− Missies the point of ASCE 

• Intermediate approach 

− Create an output path 

− Export a Word document and modify it 

− Updates difficult 

• Educated approach 

− Maintain argument in ASCE 

− NEVER modify Word document 

− Use Word Macros 

ASCE 

Word 

Word 

Word 

ASCE 

ASCE 

ASCE 

Word 

Word 

Word 

Figure 11: Maintenance processes (old and new) 


15

UNCLASSIFIED 

7 Automating the export 2/2 

Word macros 

• ASCE does not rely on Word macros – so do what you want 

• Issue 1 – Appendices 

− Create magic token 

− From that point on, change all headings to appendix headings 

− Adjust Table of Contents heading levels 

− Regenerate TOC twice 

• Issue 2 – Front pages 

− Front few pages differ – but outside of ASCE 

− Test for FrontPages.doc 

− Prepend if found 


16

UNCLASSIFIED 

8 The last minute 

Evidence always arrives late… 

• Three days to delivery and evidence arrives, but not as expected 

• Meeting with customer to adjust the safety argument 

• Generation of new report took under one minute 


17

UNCLASSIFIED 

9 The result 

We made it! 

• Safety case delivered when required 

• The argument matched the evidence 

• Now updating for next phase of programme 

Lessons learned 

• Well worth using ASCE as intended 

• Develop plugins or schemas 

Further work 

• Collaborative working 

• Extra traffic light – differentiate “not relevant” from “not set” 


18

UNCLASSIFIED 

Questions? 


19

www.QinetiQ.com 


20

Development of a military Operating Safety Case Report - Adelard

Create successful ePaper yourself

Delete template?

Save as template?