PPRuNe Forums - View Single Post - Nimrod crash in Afghanistan Tech/Info/Discussion (NOT condolences)
Thread: Nimrod crash in Afghanistan Tech/Info/Discussion (NOT condolences)
View Single Post
Old 13th Apr 2008, 20:50
  #385 (permalink)  
tucumseh
 
Join Date: Feb 2003
Location: uk
Posts: 3,226
Received 172 Likes on 65 Posts
A couple of random thoughts, accompanied by direct extracts from the MoD’s own literature.

The QinetiQ report refers on a number of occasions to the Hazard Log and also to the lack of an audit trail that can demonstrate airworthiness.

A Hazard Log must contain the following;

Part 1: System data, including information of the build standard (which means it must be maintained), usage, environment etc and Safety requirements (legal, certification, safety elements of the – in this case – Air Staff Requirement and Risk Matrix). By definition, this means the Design Authority and MoD MUST have the ASR. They don’t.

Part 2: Hazard Data (a record on every identified hazard with its description, associated possible accidents, how it is analysed etc).

Part 3: Accident Data (a record on possible accidents for the aircraft, target Risk Class, how it is analysed, assessed Risk Class)

Part 4: Statement of System Safety (the assessed Risk of the aircraft)

Part 5: Journal (the running log or diary of significant events in the Safety programme).


In other words, it’s not a simple “log” but a significant body of work and a major task on a whole aircraft. All this is a through-life process – not a one-off. If you like, the Hazard Log is the heart of the Safety Case system. Like a case in law, the Safety Case is a body of evidence presented as a reasoned argument. However, unlike most areas of law the activities are not presumed safe (innocent) until proven unsafe (guilty). The Safety Case MUST prove that a system is safe. The onus is on the MoD to demonstrate they comply with all the regs and ensure Risks have been mitigated to ALARP. They can’t. This why Des Browne admitted liability.


Those who read my posts will know I bang on about maintaining the build standard. From part 1 above, you will see this is mandated. Maintaining the build standard has 17 core elements;
  • Appointment of a Design Authority.
  • Investigation of faults
  • Design of modifications
  • Submission of proposed modifications
  • Design incorporation of approved mods and changes, and maintaining configuration control
  • Holding and maintenance of master drawings
  • Management of Component replacement / unavailability (sometimes, wrongly, called obsolescence)
  • Responsibility for complete systems (as opposed to a single “black box”).
  • Provision of Technical advice to MoD and their agencies
  • Visits to User units (primarily to discuss system performance with users)
  • Packaging and handling
  • Supply of documents (to IPTs and agencies)
  • Management of sub-contractors, and monitoring their capability.
  • Preparation of amendments to Technical Publications
  • Conduct of Trials Installations
  • Holding and maintaining the Sample and Reference systems.
  • Dealing with day to day correspondence from MoD, their agencies and suppliers.

Do any Nimrod operators or maintainers see anything in the above that is not carried out? Out of date tech pubs? Drawings not available or out of date? Faults not investigated? Configuration Control not maintained? A contact number at the Design Authority and immediate access? Unavailable spares? If you do then, by definition, there has been a major failure of the Safety Management System. Both QinetiQ reports are, quite simply, a catalogue of such failures.
tucumseh is offline  
Reply