Risk Management of Technology and Maintenance Failures in the Context of Aviation Industry
Managing Processes, Systems, and Projects
Managing the Project-based Environment
Balazs B. Varga
Student id: 19700989
Word Count: 1705
Table of Contents
Incident root cause failure analysis3
A.Aircraft aging and the limitations of fail-safe design3
B.Safety by design and the failure of damage tolerance3
C.Human errors and organizational failures4
On April 28, 1988, Aloha Airlines flight 243 underwent an explosive decompression in its passenger cabin at feet 24,000. Although the aircraft underwent extensive structural damage, it was able to land safely. Investigations identified metal fatigue in the skin panel fuselage as proximate cause of accident due to poor maintenance. Nevertheless, the accident analysis revealed a more complex chain of causes, including aging of aircraft structure, structural design, maintenance methodology and safety regulatory failures that lead to the incident. This paper will provide a failure root-cause analysis of the incident within the theoretical framework of safety design and maintenance methodologies. Incident root cause failure analysis
A. Aircraft aging and the limitations of fail-safe design Aloha 243 spent 19 years of accident-free operation in short-haul service. The model was designed with 20 years economic service life, ensuring the aircraft`s structure and components operational reliability for its whole life span, without significant maintenance expenses. However, the aircraft was exposed to an operational environment that resulted in faster ageing of its structure. Firstly, fuselage of its surface panels tended to become mechanically overloaded due to pressurization during short-haul flight cycles (causing more frequent pressurization dilation than in long-haul service). Secondly, the local climate with humid and salt-laden air also exposed components to corrosion, weakening the skin panel bonding as a result. The joint processes of fatigue and corrosion then resulted in a critical level fuselage and attachment fatigue (a wear-out failure), and finally the separation of surface skin panels of the aircraft.
However, Boeing originally adopted a fail-safe design approach to avoid propagation of cracks through the airplane surface. This included component re-enforcements, secondary load paths and `tear straps` to maintain the integrity of the fuselage structure in the event of individual failure of its components. (Australian Transport Safety Bureau, 2007). Apparently, the built-in component and structural redundancies failed to stop the crack-propagation. In consequence, the Multiple Site Fatigue Damage (MSD) cascaded into a Widespread Fatigue Damage (WFD), a fatigue failure type that was identified firstly in the history of aviation (see Figure 1 in Appendix). B. Safety by design and the failure of damage tolerance
Based on early wearing tests results, Boeing was aware of the limitations of fail-safe design, therefore followed a complementary strategy, the damage tolerance approach, in the construction of 737. Damage tolerance or safety by design approach builds on the principles of fracture mechanics and starts out from acknowledging the fact that “it is not possible to eliminate all failures” (Hobbs, 2008). Instead, the key element is the implementation of a comprehensive programme of inspections to detect failures in a systematic way, before they can affect flight safety. That is, damage tolerant structures are designed to sustain component failures without catastrophic failure. Until the damage is detected in scheduled maintenance inspections and the damaged part is repaired or replaced (see Figure 1 and further details in the Appendix). (Australian Transport Safety Bureau, 2007)....