CHAIN Preliminary Safety Case
From SKYbrary Wiki
<protect> Important notice This article is a demonstration of functionality under development, do not consider its contents as valid yet.
|Category:||Hazard Identification Documents|
Document Title: CHAIN Preliminary Safety Case, EUROCONTROL, October 2006
The aim of this document is to set out the safety argument, and present the supporting evidence currently available, to show that Controlled and Harmonised Aeronautical Information Network (CHAIN) will deliver a net safety benefit, i.e.:
- significantly reduce the probability of critical and essential data errors in published Aeronautical Information (AI)
- Note: Although formally out of scope for CHAIN a positive effect on routine data is expected as well)
- increase the confidence that the required level of integrity in published AI is achieved; and
- further reduce the probability of data errors as far as reasonably practicable (AFARP)
The purpose of the preliminary CHAIN safety activity is two-fold:
- to document the safety argument, available evidence and identified shortfalls in substantiation of the claim that CHAIN will deliver a net safety benefit; and
- to provide the basis for each State to develop its own Safety Case(s) for the CHAIN improvements to the Upstream Data Chain and to facilitate that process by carrying out much of the required safety analysis, although on a generic basis.
Current and future navigation and other ATM systems are data dependent and reliant upon the provision of timely, accurate and correct Aeronautical Information (AI). However, it is well known that the integrity of AI in use today does not provide the level of quality required and does not always conform to either the requirements laid down by ICAO Annex 15 or the needs of the users.
The EUROCONTROL Controlled & Harmonised Aeronautical Information Network (CHAIN) Activity has a high level aim to enable interoperability in the Aeronautical Information Services (AIS) environment. CHAIN’s primary objective is to improve the accuracy and quality of the originated data and its management from the point of origination through publication to States’ distribution of Aeronautical Information Publications (Aeronautical Information Publications (AIPs)) and to subsequently enable enhanced processing throughout the entire Aeronautical Data Chain.
CHAIN has and will propose a series of improvements to the Upstream Data Chain aimed at addressing ICAO Annex 15 compliance issues, improving data integrity and providing users in the ATM domain with the data quality they require for current and future needs. States can choose which improvements to implement to support their Data Chain enhancement activities.
This Preliminary Safety Case presents the results of the safety assessment activity carried out for the current Upstream Data Chain as scoped by CHAIN.
The analysis and conclusions presented herein cover the current Upstream Data operation, i.e. from the point of origination (excluding Data Origination and its processes but including the transfer of AI from Data Origination to Data Publication) through to the publication and distribution of the Integrated Aeronautical Information Package (IAIP) by the State.
The analysis does not consider:
- Origination of Raw Data or Procedures
- Downstream Data Chain activities, i.e. Data Application/Integration and Data End Use
- The regulation of Data Chain, although the impact that regulation could have on the achievement of a net safety benefit is considered. The issues raised in relation to regulation are to be considered as part of the development of the Aeronautical Data Integrity (ADI) Mandate.
- Security aspects of the Data Chain, where they do not relate to safety. It is recognised that the integrity of aeronautical data can only be fully addressed by considering the whole of the Data Chain from source origination through to application integration and end use. As such the safety assessment has identified but not addressed those issues that can only be dealt with holistically such as the apportionment of Data Integrity Levels.
Top Level Claim
This Preliminary Safety Case captures the safety argument, available evidence and current shortfalls in the substantiation of the argument to support the claim that CHAIN will deliver a net safety benefit to ATM and other users. The CHAIN Safety Argument is based on four principal arguments as they apply to the scope of the CHAIN activity.
- Safety Requirements are defined to ensure the safety benefit is achieved
- Guidance is provided on their implementation and the changes required
- States show that the Safety Requirements are met in the implementation of the changes to Upstream Data Chain
- Safety monitoring is in place to ensure that the safety benefit is maintained in the ongoing operation of Upstream Data Chain.
This Safety Case focuses on the evidence for the first two arguments and thus the conclusions are subject to full satisfaction of the other two arguments by individual States who implement CHAIN improvements. However, based on the evidence that is currently available and considering the number of open safety issues, it is concluded that the first two arguments are not yet fully substantiated.
Safety benefit is defined as:
- significantly reduces the probability of critical, essential or routine data errors in published AI;
- increases the confidence that the required level of integrity in published AI is achieved; and
- further reduces the probability of data errors as far as reasonably practicable (AFARP).
- Data integrity as defined in ICAO Annex 15, Appendix 7 is sufficient to meet the needs of users
- Downstream data chain activities and checking mechanisms will remain the same following the implementation of safety requirements
- Regulation will focus on certifying the processes used in the data chain
rather than the product
- The Data Quality Properties defined in ICAO Annex 15 and ED-76 capture all credible general error scenarios for Aeronautical Information
- Corrupt Data in Distributed Integrated Aeronautical Information Package (Hz13)
- Inconsistent Aeronautical Information (Hz16)
- Missing Change(s) in Distributed Aeronautical Information (Hz15)
- Total Loss of Aeronautical Information (Hz14)
Related Regulations and Standards
- ESARR 3 - Use of Safety Management System by ATM Service Providers, Edition 1.0, 17 July 2000
- ESARR 4 - Risk Assessment and Mitigation in ATM, Edition: 1.0, 05 May 2001
- ESARR 6 - Software in ATM Systems, Edition 1.0, 06 November 2003
- International Standards and Recommended Practices - Aeronautical Information ICAO Annex 15, Edition 12, July 2004
- Standards for Processing Aeronautical Data, RTCA DO-200A/EUROCAE ED76
- Industry Requirements for Aeronautical Information, RTCA DO- 201A/EUROCAE ED-77
- Aeronautical Information Services Manual, ICAO Doc 8126
- CHAIN Overview, Technical Note, EUROCONTROL, DAP/NET/CHAIN/007
- Single European Sky (SES) Regulations, Regulatory Approach for the Aeronautical Data Integrity, EUROCONTROL, Released Edition 1.1, January 2006
- AEEC, ARINC Specification 424, Navigation System Data Base
- CHAIN Preliminary Safety Case</protect>