Re: [SystemSafety] 2012 Super Puma Ditchings

From: Rolle, Ingo < >
Date: Mon, 16 Jun 2014 08:46:21 +0000

what about another conclusion? Each fall-back level, redundany, degradation mechanism or however you may call it is worthwhile only if tested and exercised well. But how to test such facility? Or in other words

a fall-back postion without easy testing facility and trained procedure wouldn't help very much if it is demanded in real life

Ingo Rolle

-----Ursprüngliche Nachricht-----
Gesendet: Freitag, 13. Juni 2014 23:38
An: systemsafety_at_xxxxxx Betreff: Re: [SystemSafety] 2012 Super Puma Ditchings

Something I forgot to say.

I posted a similar note to a closed mailing list about aviation, and received a note from a colleague who used to fly intercontinentally for a major NA airline and who was instrumental in setting up its Flight-Operations Quality Control System.

He noted an incident which happened to him in which he made a judgement that things weren't quite as they were being displayed, and was right (and thereby handled the flight more safely). Ultimately because of what I would call an ambiguous connector - someone had plugged in a plug the wrong way round.

There are plugs you can plug in to sockets for which it doesn't matter which pins connect to which receptors. Such as electric circuits in buildings in NA or Germany. There are plugs you can plug in to sockets, for which it does matter which way they connect. It can easily be guaranteed that the pins are connected to the female connectors as they should be, usually accomplished by externally visible plug geometry, for example trapezoidal housing, as with RS232, mini-USB or micro-USB, sometimes by externally-invisible plug geometry, such as USB (where try, and then invert if the first attempt doesn't work). Or the new European-standard 7-pin connector for charging electric road vehicles.

Then there are plug-connector combinations which are ambiguous, such as the Super Puma case, and the case leading to the incident in which my colleague was involved. Somebody installed a plug the "wrong way round".

This isn't any case to be referred to a flight provider's SMS. This is a design flaw. There are simple ways known to ensure that connections which require a specific configuration can only be made in that configuration, such as RS232, RJ45, USB, mini-USB, micro-USB and so on. Then apparently there are critical contact connection designs of the same nature which allow that a plug-type connection can be incorrect. Why? Does one have to quote Norman on affordances once again, or can one just say out loud that this is an inexcusable design flaw?

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319

The System Safety Mailing List

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Jun 16 2014 - 10:47:13 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST