Re: [SystemSafety] 2012 Super Puma Ditchings

From: Andrew Rae < >
Date: Fri, 13 Jun 2014 10:21:58 +0100


Peter,
Thanks for drawing attention to this. Did you notice that the accident report has a huge volume of analysis looking at why the original finite element modelling of the lubrication shaft underestimated the stresses, but seems to accept the incorrectly wired switch as just one of those things that happens? The EuroCopter response to the issue even refers to the mismatch as the "root cause" of the issue.

No recommendations are made about change management, or obsolescence management. There had to be at least three things go wrong here:

I'd be highly surprised if there weren't processes supposed to address all three of these, so there's a step back again to ask why they didn't happen or didn't work.

Is this one of those cases where some use of accident modelling would really help the investigators? A simple AcciMap or Why-Because Graph of the causes mentioned in the report
would find two nodes connecting into the outcome (the lubrication failure and the backup system "failure"), one with a long web of causes, and the other barely investigated.

(No slight intended on other accident models. You could equally-well try to draw a STAMP here and quickly realise "I haven't investigated any of the controls that were supposed to manage these issues").

Drew

My system safety podcast: http://disastercast.co.uk My phone number: +44 (0) 7783 446 814
University of York disclaimer:
http://www.york.ac.uk/docs/disclaimer/email.htm

On 13 June 2014 05:43, Peter Bernard Ladkin <ladkin_at_xxxxxx wrote:

> >From Ian Chard in today's Risks 28.02
>
> [begin quote]
>
> Date: Wed, 11 Jun 2014 08:47:55 +0100
> From: Ian Chard <ian_at_xxxxxx > Subject: `Switch incompatibility' leads to two helicopter ditchings
>
> In 2012, two Super Puma helicopters with a total of 33 people on board were
> forced to ditch in the North Sea when both the primary and emergency main
> router lubrication systems failed. Everyone survived with only minor
> injuries.
>
> The main router lubrication system in both aircraft failed due to fatigue
> cracking in a critical part, and the pilots activated the emergency
> lubrication system, which sprays glycol into the rotor and gives the
> aircraft 30 minutes' safe flying time. However, on both helicopters a
> warning light illuminated indicating that this emergency system failed as
> well, forcing them to ditch immediately (per their procedures).
>
> It turns out that the emergency lubrication systems were working fine, but
> the switch that was supposed to detect its failure was wired incorrectly,
> meaning that the warning light would *always* illuminate shortly after the
> system's activation. The aircraft manufacturer made an early design change
> affecting the switch's pin assignments but, when it re-ordered the
> switches,
> it used the original specification by mistake. This was compounded by the
> fact that 'the emergency lubrication sub-systems were tested individually,
> [but] no test was carried out on the complete system during certification,
> either on a test rig or installed on a helicopter'.
>
> The full Air Accident Investigation Bureau report is available as a PDF:
> http://www.aaib.gov.uk/publications/formal_reports/2_2014_g_redw_g_chcn.cfm
>
> Ian Chard <ian_at_xxxxxx >
> [end quote]
>
> The significant part is the gearbox failure. This has happened on other
> Super Puma ditchings with
> less happy outcomes.
>
> The bit about the switch is deja vu. First, switch parts: recall Air
> Transat, where the connector
> between tank lead and fuel pump was replaced with a part for a slightly
> different model engine,
> instead of the correct redesigned part which avoided the chafing that
> later caused the failure.
> Second, lack of integration tests: recalls Ariane 5.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of
> Bielefeld, 33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Jun 13 2014 - 11:22:11 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST