tucumseh

There is clearly a lot more to this than this rather simplistic statement in MAA documentation. The subtleties of safety, airworthiness and fitness for purpose must be considered.


Firstly, it rather bodyswerves the concept of functional safety. Tornado ZG710 would, probably, have passed this test, yet was functionally unsafe because its IFF failure warning systems were not integrated and the failure to reply to the Patriot interrogation was not notified to the crew. (See BoI report, ACM Burridge’s comments and recommendations – which were ignored). That failure left them with a Build Standard that “COULD result in loss of life”; which is the definition of Safety Critical. The regulations decreed the aircraft, at that Build Standard, could not be put to the use for which it was intended. It was “airworthy” in the sense it could be flown in a very benign environment, with restrictive limitations. However, the management rulings of the day (by DGAS2 and XD5) decreed that the IPT need NOT integrate the warnings. DE&S and the MAA continue to support these rulings. Ministers continue to uphold them. Sort that one out and you’re half way to fixing the systemic failures that plague MoD.

The last bit is important.... “when operated within the conditions used for the airworthiness demonstration.” What is that? The initial “airworthiness demonstration” is typically carried out in the Proof Installation aircraft, very often without systems that would be considered operationally “No Go”. That is partly why you have a Part 2 (Service Deviations) in the RTS. Each subsequent change to the Build Standard MUST be tested and trialled and the subject of an update to the Safety Case. This last is where the system falls down, especially when the change is a Service Modification. Again, the same 2 Stars ruled that this regulation, mandated upon MoD by Secy of State, could be waived. Worse, that a false declaration could be made that it had been complied with. (See Chinook HC Mk2 RTS). It is this lack of a valid Safety Case which compromises any current airworthiness declaration. Without it, the RTS cannot be validated. The RTS is the Master Airworthiness Reference.



Part of the above ruling and practice upheld by the Nimrod/Chinook 2 Star (DGAS2) was that “if it works on the bench, it will work and be safe in the aircraft”, so testing and trialling at the new Build Standard was, and is, often waived. That is, the “airworthiness demonstration” baseline often omits complete systems. That was the case with IFF, for example. So, this definition, combined with extant rulings and practice, is very restrictive and could, and often does, produce an aircraft that is unsafe and not fit for purpose. (Remember that during the XV179 C130 inquest, the IPTL claimed he did not know how to achieve and maintain fitness for purpose. I am always reminded of a young civilian clerical officer who supported me in the late 80s. He knew, and could be trusted to manage the administrative side of such routine work. Billy, I hope you read this!)



Now, as Engines says, try applying that retrospectively to a 50 year old airframe. The chances of the OEMs having the relevant evidence, and a robust audit trail of every change (and Change, if you know the difference!), is very remote indeed. But we (UK) cannot complain. We can’t produce such evidence for our newest aircraft, never mind 50 year old ones. And that is why the IPT would have had a problem seeking funding to attempt to reconcile these conflicts (the risk reduction activity I mentioned). Requirement Scrutiny would immediately reveal that the same issue applied Pan-MoD, opening up a can of worms. Which is why conducting Requirement Scrutiny can be an offence in MoD, despite being a legal obligation. Another ruling by the same people.