engineer(retard):
When did the human numbers drop out of 00-56, as I have seen them used recently
As S/W mentions there were numbers in 00-56 and they have been used. The appropriateness of use is where my original question was aimed. The reason I asked when the change came about, is because I have seen the numbers recently.
I'm not sure whether you mean:
1. you've seen quantitative human error rates assigned
2. you've seen quantitative human error rates assigned in a way that's either in tune with, or explicitly justified by reference to the scheme in Def Stan 00-56, Issue 2, Part 2
If 1, there's nothing wrong, imo, with assigning quantitative failure rates to humans performing specific tasks in specific contexts. You just have to be very careful not to underestimate the true failure rates . So, the use of quantitative human error rates in a Safety Case prepared in accordance with 00-56 (any issue) is not surprising or necessarily a concern (imo).
If 2, then that might be more worrying if the numbers had been used without validating them (this could just be demonstrating that they are not underestimates) but that may have been done. If it has been done then, again, it's not necessarily a concern (imo).
Additionally, because the guidance has disappeared, I think that some later safety cases are reaching back and still using the Issue 2 numbers because it is assumed that they are legitimate.
I certainly see this happen from time to time. In the same way that some projects are "reaching back" and using the obsolescent Def Stan 00-55 (software safety) because since it was made obsolescent there's otherwise been very little MoD guidance material on software safety (this has changed more recently).
I agree pretty much with everything BigGreenGilbert says in his post 153 (though I'll note that "actual experience" is often not available for the kinds of novel situations and scenarios that MoD often encounters). I'll give my answer to his/her implicit question:
the table [of human error rates] in [Def Stan 00-56, Issue 2, Part 2] is an example, and its inclusion highlights the problems with providing examples. The same way as the HRI tables provided in issue 2 have been misused over the years. Whether this through laziness, ignorance, just plain stupidity, or some combination thereof is open to discussion.
Assuming BigGreenGilbert is referring to the "example" risk matrix and associated definitions in 00-56, Issue 2, I think ignorance is at the heart of its repeated misuse. Ignorance of what a risk matrix (and associated definitions) represents, ignorance of what it means, ignorance of what it should be applied to (given that there are often multiple possibilities) and, most particularly, ignorance of how one might construct an appropriate risk matrix (or matrices, as often more than one is needed).
As it goes, I don't think it's particularly easy to construct an appropriate risk matrix. But if a risk matrix is to be used (it doesn't always have to be), it is such an absolutely fundamental part of safety management that it is totally unacceptable that safety managers, in general, should not have the necessary skills to construct an appropriate one. I think MoD are trying to address this as a particularly aspect of their drive to increase the competence of their safety-responsible staff (not that this will address the issue for industry, of course).
Safeware:
eg lets say in the case of the 43 Sqn Tornado there was a piece of kit that could provide a warning that CFIT was an increasing risk. Lets say it provided warnings to both crew, but had a probability of failure of 1E-3.
It would not be uncommon to see safety arguments that said that this was ok as it required the kit to fail, AND the nav to fail to notice AND the pilot to take notice and take appropriate action. Hence the prob of CFIT would be shown as of the order of 1E-9. The risk of CFIT would therefore be within the airworthiness limit. Right?
Wrong, see my #72:
I think there are potentially any number of issues with the argument Safeware critiques above but I'm not sure what it's got to do with post 72. Are you suggesting, Safeware, that in demonstrating adherence to the JSP 553 cumulative risk target, it's not legitimate to take (quantitative) account of the ability of the aircrew to recover safety from hazards or technical failures (e.g., your CFIT warning failure)?
Safeware again:
As regards the assertion that [safety] arguments are also based on average training and competence, yes I agree with what you say.
I disagree. I think safety arguments should be based on the lowest level of training and competence reasonably foreseeable, for the reasons given in my post 131.