Safety – Page 4 – John Vincent

Trust in Voluntary Reporting

Hard data is immensely useful. Now there’s a surprise. That’s facts and figures. That’s accurate descriptions of occurrences. That’s measurements and readings of important factors. From this kind of data, a picture can be painted of events good and bad. However, this picture is not complete. It’s certainly not complete for any system that involves the interactions of humans and machines.

What’s often less visible is the need for what I might call – soft data. As such it’s not “soft”. I’m just using that loose term to distinguish it. Fine, you could say that social media is littered with the stuff. Vast qualities of instant judgements and colourful opinions. An array of off-the-shelf solutions to life’s ills. That’s all well and good for entertainment. It’s not so useful as a means of getting to the truth.

In civil aviation voluntary reporting systems have been around for several decades. They are not always successful, mainly because there’s a fair amount of trust required to use them when something major happens. When volunteering information there needs to be a level of assurance that the information will not be misused.

The human inclination to seek to blame is intrinsic. We wake-up in the morning, look out the window, and if it’s rainy and windy then someone is to blame. Probably a weather reporter for not warning us of a coming storm. Blame is a way of making sense of negative events without having to do lot of tedious investigation and analysis.

Don’t get me wrong. Accountability is vital. If someone does something unspeakably bad, they must be held accountable. That is a form of blame. Tracing the bad event back to the root cause. If that cause is found to be negligence or malicious intent, then blame can be assigned.

Where a good safety culture exists, as it often the case in civil aviation, then it is wrong to assume that undesirable outcomes can always be linked to a bad actor of some kind.

Human error is forever with us. Even with the absolute best of intent no one is immune from this pervasive creature. It can be illusive. There are environments where owning up to making mistakes is fine. Sadly, I’m sure it’s not uncommon to have worked in environments where such openness is punished. The difference between a good culture and a bad one.

One of my past jobs involved negotiation with a contactor. Every change that we made to a complex contact had a cost attracted to it. So, there was an understandable sensitivity to making changes. At the same time our customer for the product kept asking for changes. There’s nothing worse than being in a tense meeting with a contactor and having my boss pull the rug from under my feet. Seeking to blame a change on my error rather than a customer request. Introducing a voluntary reporting system in such an environment is pointless.

My message here is clear. Voluntary reporting in aviation is a powerful tool. Reports submitted by employees can offer insights that are not available by just looking at hard data. These reporting systems maybe required by regulation or company policy. However, without a good sound safety culture they can be all but useless. A safety culture that is defended and supported by employees and the senior management of an organisation.

Shifting Perspectives

Daily writing prompt

What’s a topic or issue about which you’ve changed your mind?

View all responses

If you write the perfect rule, you will get the desired outcome. Authoring a specification that is robust and watertight will assure success. Having the best possible plan will deliver the best possible results. All sounds reasonable – doesn’t it? It’s not surprising that someone like me, having been schooled in project management, and working in engineering, would have a rational and systematic approach to problem solving. A proven highly successful way of implementing complex technical projects and delivering successful outcomes.

As an analogy I’ll start with mathematics. Nature is a curious beast. What we lean about complex systems is that what happens is highly dependent upon a start point. The initial conditions. Graduate level mathematics about control systems with feedback show that their behaviour changes a lot with a change of initial conditions. So, it’s reasonable to extend that to a systematic approach to just about anything. It’s often true.

Fail to plan – plan to fail. That idiom is a simple few words to sum up this cause and effect. Used by famous names and often quoted. Management training books are littered with this notion.

20-years ago, my team introduced the first European Aviation Safety Plan[1]. This initiative was built around the idea that to achieve a common objective a plan is the best and quickest way to get there. A roadmap, a pathway, a strategy, call it what you will.

Start by identifying problems and then propose a fix for each one. Not all problems but the ones that fit that awkward Americanism – the low hanging fruit. Namely, the biggest problems (fruit) that can be solved with the least effort (easily picked).

Here’s where I’ve changed your mind. Maybe not changed in a dramatic sense but shifted perspective. It’s essential to have a plan, even if it’s just in my head, but it can be overstated as the most important part of a process of change.

The Plan, Do, Check, and Act (PDCA) cycle, starts with a plan. It must start that way. However, each of the four steps is equally important. Seems obvious to say. Even so, it’s often the case that a press release, or alike, will state – we have a plan, roadmap, pathway, strategy, as if that’s the job done.

Management teams will smile with a sense of achievement and show off their plans. A decade down the line that celebration might seem less momentous as the “do” part of the process turns out to be harder than anticipated.

This basic model for systematic change is a good one. Where I’ve changed my emphasis is in the distribution of effort. Don’t put all available energies into constructing the perfect plan. Yes, the initial conditions are important but they are not everything. The key part of the process is the cycle. Going around it with regularity is a way of delivering continuous improvement. Afterall, when it comes to a subject like aviation safety, that’s what’s needed.

[1] 2005 – DECISION OF THE MANAGEMENT BOARD ADOPTING THE 2006 WORK PROGRAMME OF THE EUROPEAN AVIATION SAFETY AGENCY

Events, my dear boy

It’s strange that with all the bumps, bruises and grazes that I’ve had so far, that I’ve never broken a bone. I’ve fallen off motorcycles, had bales of hay dropped on my head, almost drowned in rivers, damaged cars and had a couple of workshop accidents. I guess I am extremely fortunate, let’s say lucky, when I think on a couple of past accidents.

Of all the events that I can recount only a couple have left their mark. That indelible mark that’s a sign of life’s travels and travails. One finger wouldn’t be graded ten out of ten in a finger competition. My forehead has a small mark, could call it a dent, hardly noticeable by anyone other than me. That’s the list. Thankfully a tiny list.

I’m not counting a botch job of a hospital scare that a boyhood appendicitis left me. Images of that time don’t stack up to a big pile but one of rolling in agony on a living room sofa, I’ll never forget. A colourful children’s ward and unendingly cheerful nurses stick too. And a clown.

There are those near misses that leave no physical signs. Rich selection of memories. An acute compression in time. The electrical shocks I’ve had have no legacy other than my great respect of high voltages. Vivid recollections too.

Yes, if it wasn’t for a wide-awake race marshal at a grass track meeting[1], I’d probably have been run over you a Laverda sidecar outfit. Thankfully someone grabbed me from behind and pulled me to safety behind the straw bales that made up the ring. This was the 1970s in a bowl-shaped field outside a small town called Mere. Perfect for that crazy kind of bike racing.

At the time a mate of mine was a keen amateur photographer. He’d get a pass to photograph the action. We’d go to grass track and road race Auto-Cycle Union (ACU) meetings around the West Country. It was always interesting to read the disclaimer on our marshalling race tickets. Anything bad happens – not our fault.

My finger damage is much more recent. It’s the dumb stuff that caught me out. Moving plant pots around doesn’t usually result in any great consequence. Most of them don’t weigh a lot. In this case a large square fiberglass pot needed moving. I had tried pushing it. That didn’t move it far as it scraped slowly along the patio. Next tactic was to pull it. Getting some momentum going it seemed to move more easily as I pulled it. What I didn’t count on was the fragility of the material of the pot. It had aged. I pulled hard and surprise, surprise, it broke. I went flying across the patio at speed. Naturally, I put my hand out to save me tumbling down a flight of stairs. Sadly, my finger took the first impact. That was painful.

Life without one or two bumps, bruises and grazes is unimaginable. Maybe, I’ve got a little bit more risk averse with age. However, like the back garden plant pot incident there’s always an opportunity to be foolish. Having a story to tell about my father falling off a ladder while fixing a gutter, I’m particularly careful around those potential death traps.

I’m happy to admit that I haven’t got nine lives. Or at last I’ve used up a few.

[1] Example: https://youtu.be/ZqC2Hc43a3w

Evolving Communication

What happens when only a small percentage of the population can read and write? A historical perspective on that question gives the answer: feudalism. If texts are all in Latin and only the priesthood can read Latin, then it’s obvious what the results will be. That the priesthood acquires a superior power to that of the ordinary citizen.

Our interactions are what gives us our freedom. It’s difficult to challenge authority if that authority is holding all the cards. The means to communicate, and the willingness to do so, are integral to a free society. A democratic society.

Speculation about a future where humans spend most of their time interacting with machines is reasonable. In the last couple of decades, the increase in the number of machines that occupy more of our time is notable. Every trip to the supermarket[1] there’s the opportunity to enter a shop and leave without a single word to anyone. Not even a simple greeting or snippet of small talk. This is often sold as a benefit, faster, easier, less hassle.

If life can be conducted without the need for human communication, there are those who will take that path. Some will be by default and others willingly walk that path. If a majority do this then the balance of power shifts to advantage those who control the machines.

Before I go off on some dystopian movie plot, it may be as well to say that lot of new forms of communication have sprung up too. Those who play computer games and interact with other players all over the world. Such capabilities never existed until relatively recently.

What’s most concerning is the gradual distancing that is happening in politics. This might account for some of the disillusion that’s now evident. Gone are the days of major names addressing crowds directly. The idea that a political candidate would stand on a soapbox[2] in a public place and drum out their views and beliefs is getting remote. Such old-fashioned grass-roots campaigning methods are seen as dangerous and riddled with pitfalls.

Better a short video on a social media site is seen to be the substitute. Certainly, safer than standing up to a protest group or alternatively standing with them. Although, to be accurate, security has always been a matter of concern for public speakers. Taking onboard changes, verbal human to human communication is far from dead. It’s taking different forms. Mediated by the digital world we now act and speak differently. Post-COVID a degree of social etiquette has been lost.

Maybe this is why the UK Liberal Democrats are making so little impact on the national stage. With so many more elected members than one of their right-wing adversaries they still command less newspaper column inches (another old-fashioned term).

Like King Cnut[3], it’s foolish to think that the digital tide can be stopped. People must roll with it. If that means having a virtual pet or an artificial friend that will all become part of life’s colourful pageant. Small talk at a bus stop will never go away. However new ways of talking about the things that matter are happening – better adapt.

[1] https://www.theguardian.com/global/commentisfree/2025/aug/24/are-we-heading-for-a-world-where-no-one-ever-needs-to-talk-to-another-human-being

[2] http://news.bbc.co.uk/onthisday/hi/dates/stories/march/30/newsid_3739000/3739176.stm

[3] https://www.historic-uk.com/HistoryUK/HistoryofEngland/King-Cnut-The-Great/

Regulatory Insights

I can’t remember if my teacher was talking about maths or physics. His scholarly advice has stuck with me. When things get complex, they can seem overwhelming. Problems seem insolvable. So, it’s good to take a deep breath, step back and see if it’s possible to reduce the problem to its most basic elements. Do what could be called helicopter behaviour. Try to look at the problem top-down, in its simplest form. Break it into parts to see if each part is more easily comprehended.

Today’s international aviation regulatory structure, for design and production, follows the arrow of time. From birth to death. Every commercial aircraft that there ever was started as a set of ideas, progressed to a prototype and, if successful, entered service to have a life in the air.

This elementary aircraft life cycle is embedded in standards as well as aviation rules. Documents like, ARP4754(), Aerospace Recommended Practice (ARP) Guidelines for Development of Civil Aircraft and Systems are constructed in this manner. There are as many graphs and curves that represent the aircraft life cycle as there are views on the subject, but they all have common themes.

That said, the end-of-life scenarios for aircraft of all kinds is often haphazard. Those like the Douglas DC-3 go on almost without end. Fascinatingly, this week, I read of an Airbus A321neo being scrapped after only 6-years of operations. Parts being more valuable than the aircraft.

Generally, flight-time lives in operational service are getting shorter. The pace of technology is such that advances offer commercial and environmental advantages that cannot be resisted. Operating conditions change, business models change and innovation speeds forward.

My earlier proposition was that our traditional aviation regulatory structure is out of date. Well, the detail is ever evolving – it’s true. Some of the fundamentals remain. The arrow of time, however fast the wheels spin, mixing my metaphors, remains an immobile reality.

In airworthiness terms an aircraft life cycle is divided into two halves. Initial airworthiness and continuing airworthiness. This provides for a gate keeper. A design does not advance into operational service, along the aircraft life cycle, until specified standards have been demonstrated as met. An authority has deemed that acceptable standards are met.

I’m arguing, this part of the aviation regulatory structure is far from out of date. However much there’s talk of so called “self-regulation” by industry it has not come into being for commercial aviation. I think there’s good reason for retaining the role that a capable independent authority plays in the system. A gate keeper is there to ensure that the public interest is served. That means safety, security and environmental considerations are given appropriate priority.

To fulfil these basic objectives there’s a need for oversight. That is the transparency needed to ensure confidence is maintained not just for a day but for the whole aircraft life cycle. And so, the case for both design and production approvals remain solid. The devil being in the detail.

Aviation Regulations Outdated?

Machines, like aircraft started life in craft workshops. Fabric and wood put together by skilful artisans. Experimentation being a key part of early aviation. It’s easy to see that development by touring a museum that I’d recommend a visit. At Patchway in Bristol there’s a corner of what was once a huge factory. In fact, somewhere where I worked in the early 1980s. Aerospace Bristol[1] is a story of heritage. A testament to the thousands who have worked there over decades.

Fabric and wood played part in the early days. The factory at Filton in Bristol started life making trams. An integral part of turn of the century city life. Carriage work brought together skilled workers in wood, metal and fabrics. It was soon recognised that these were just the skills needed for the new and emerging aircraft industry. The Bristol Aeroplane Company (BAC) was born.

It’s war that industrialised aviation. Demonstration of the value of air power led to ever more technical developments. Lots of the lessons of Henry Ford were applied to aircraft production. Factories grew in importance, employing a large workforce.

My time at the Filton site was in a building next to a hanger where the Bristol Bulldog[2] was originally produced. This was a single engine fighter, designed in the 1920s, in-service with the Royal Air Force (RAF).

Right from the start orderly processes and regulatory oversight formed part of aircraft design and production. The management of production quality started as a highly prescriptive process. As aviation grew into a global industry, the risks associated with poor design or faulty production became all too apparent.

In the civil industry, regulatory systems developed to address the control of design and production as two different worlds. Airworthiness, or fitness to fly, depended on having a good design that was produced in a consistent and reliable manner. So, now we have a regulatory framework with two pivotal concepts: DOA (Design Organisation Approval) and POA (Production Organisation Approval). It took about a century to get here. Now, these concepts are codified within EASA Part 21, FAA regulations, and other national aviation authorities’ frameworks.

Here’s my more controversial point. Is this internationally accepted regulatory model, that has evolved, conditioned by circumstances, the right one for the future? Are the airworthiness concepts of DOA and POA out of date?

This is a question that nobody wants to hear. Evolution has proved to be a successful strategy. At least, to date. What I’m wondering is, now the world of traditional factories and large administrative workforces is passing, how will regulation adjust to meet future needs?

Maybe I’ll explore that subject next.

[1] https://aerospacebristol.org/

[2] https://en.wikipedia.org/wiki/Bristol_Bulldog

Desperate Politics

I’ll be generous and say that I don’t think Jenrick knows what he is doing. I’m taking about the Conservative British politician Robert Jenrick[1] who is, or has been by the time this gets out, the Shadow Lord Chancellor. Desperately ambitious politicians do all sorts of foolish things to get a headline. With the Conservatives in the doldrums the word desperate is truly applicable.

When looking at his published CV it’s reasonable to think that he might know something, at least the basics. At least some history. Yes, he’s just another well to do lawyer with an Oxbridge education but that’s so typical of Conservative British politicians. At least, he had some kind of working life before taking on parliamentary politics. Today, in Westminster he’s still a Johnny-come-lately having been first elected as a Member of Parliament in 2014.

Jenrick embraced social media to the extent that the right-wing of politics see him as a sort of top-ranking pinstriped influencer. Even if his amateur video antics look like an humourless Benny Hill dressed in a business suit and tie.

Today, he’s crossed a line. Stirring up hate at a time when problems need solutions not mindless rhetoric, is despicable. To say that “British women and girls[2]” are unsafe because of small boats is offensive propaganda designed to drive political debate into ever more nasty territory.

Yes, we have been here before in Britain. Conservative politician, Enoch Powell’s fiery “rivers of blood[3]” speech did a lot of harm, but it got him in the text books. Some do believe that the heart of the Conservative Party is English Nationalism. Wrapped up in the red and white flag of St George as an exclusive club of aggressive narrow-minded men and their followers.

I’ll be generous and say that’s not the conventional Conservative Party. At times of its greatest success, and let’s face it, that political party has been highly successful in winning elections, it’s been a broad church. A diverse party that has encompassed a wide range from woolly liberals to traditional imperialists.

If Jenrick thinks that jumping on bandwagons and stirring up hatred is the way to go he’s foolish. We are not in the 1930s, or even the 1960s, this is a new age and a challenging one at that. Social media was supposed to be a great educator and liberator. In some ways it is but within its walls are pits of despair and stinking wells of polarisation and Xenophobia.

Addressing the public disillusionment that exists by pointing the finger at one group or other as being the root of all our problems is totally mindless. It only seeks to elevate the profile of minor demigods and snake oil salesman (conmen).

Inflammatory speeches get headlines; there’s no doubt about that sad fact. For a moment eyes turn to the speaker, but history turns away from them. In comparison with the 21^st century challenges the country faces the so called “small boats” are a small one. Real solutions to real problems are needed not hideous grandstanding.

POST: Xenophobia is the fear or dislike of anything that is perceived as being foreign or strange

[1] https://www.gov.uk/government/people/robert-jenrick

[2][2] https://www.gbnews.com/news/robert-jenrick-britains-women-girls-endangered-migrant-crisis

[3] https://www.theguardian.com/world/2018/apr/14/enoch-powell-rivers-blood-legacy-wolverhampton

Why 12,500 Pounds?

Regulation is a strange business. It often means drawing lines between A and B. Bit like map making. Those lines on a map that mark out where you are and the features of the landscape. You could say that’s when all our troubles start but it’s been proven unavoidable. As soon as our vocabulary extends to words like “big” and “small” someone somewhere is going to ask for a definition. What do you mean? Explain.

For a while you may be able to get away with saying; well, it’s obvious. That works when it is obvious for all to see. An alpine mountain is bigger than a molehill. When you get to the region where it’s not clear if a large hill is a small mountain, or not then discussion gets interesting. Some say 1000 ft (about 300 m) others say much more. There’s no one universal definition.

[This week, I drove through the Brecon Beacons. Not big mountains but treeless mountains, nevertheless. Fine on a clear day but when it rains that’s a different story. This week Wales looked at its best].

Aviation progressed by both evolution and revolution. Undeniably because of the risks involved it’s a highly regulated sector of activity. Not only that but people are rightly sensitive about objects flying over their heads.

For reasons that I will not go into, I’ve been looking at one of these lines on a regulatory map. One that’s been around for a long time.

I cannot tell you how many discussions about what’s “minor” and what’s “major” that have taken place. That’s in terms of an aircraft modification. However, these terms are well documented. Digging out and crewing over the background material and rationale is not too difficult, if you are deeply interested in the subject.

The subject I’m thinking about is that difference between what is considered in the rules to be a “large” aeroplane and a “small” aeroplane. Or for any American readers – airplane. So, I set off to do some quick research about where the figure of weight limit: maximum take-off weight of 12,500 pounds or less originated for small airplanes (aeroplanes).

I expected someone to comment; that’s obvious. The figure came from this or that historic document and has stuck ever since. It seems to work, most of the time. A confirmation or dismissal that I wanted addressed the question, is the longstanding folklore story is true. That the airplane weight limit was chosen in the early 1950s because it’s half the weight of one of the most popular commercial transport aircraft of that time.

There is no doubt that the Douglas DC-3[1] is an astonishing airplane. It started flying in 1935 and there are versions of it still flying. Rugged and reliable, this elegant metal monoplane is the star of Hollywood movies as well as having been the mainstay of the early air transport system is the US. Celebrations are in order. This year is the 90th anniversary of the Douglas DC-3[2].

What I’ve discovered, so far, is that the simple story may be true. Interestingly the rational for the weight figure has more to do with economic regulation than it has with airplane airworthiness. The early commercial air transport system was highly regulated by the State in matters both economic and safety. Managing competition was a bureaucratic process. Routes needed approval. Thus, a distinction established between what was commercial air transport and what was not.

POST 1: There is no mention of 12,500 pounds in the excellent reference on the early days of civil aviation in the US. Commercial Air Transportation. John H. Frederick PhD. 1947 Revised Edition. Published by Richard D. Irwin Inc. Chicago.

POST 2: The small aircraft definition of 12,500 pounds max certificated take-off weight first appears in US CAB SPECIAL CIVIL AIR REGULATION. Effective February 20, 1952. AUTHORIZATION FOR AIR TAXI OPERATORS TO CONDUCT OPERATIONS UNDER THE PROVISIONS OF PART 42 OF THE CIVIL AIR REGULATIONS. This was a subject of economic regulation in the creation of the air taxi class of operations.

[1] https://airandspace.si.edu/collection-objects/douglas-dc-3/nasm_A19530075000

[2] https://www.eaa.org/airventure/eaa-airventure-news-and-multimedia/eaa-airventure-news/2025-07-17_dc3_society_celebrate_90_years_douglas_dc3_airventure25

Aircraft Safety and Fuel Starvation

Unsafe. In common language it’s the opposite to being safe. So, take a definition of “safe” and reverse it. Let’s say to be safe is to be free from harm (not a good definition). That would lead to “unsafe” being subject to harm or potentially being subject to harm. The probabilistic element always creeps in since it’s the future that is of concern. Absolute safety is as mercurial or unreal as absolute certainty.

Let’s apply this to an aircraft. The ultimate harm is that of a catastrophic event from which there is no escape. Surprisingly, taking a high-level view, there are few of these situations that can occur.

Flying, and continuing to fly, involves four forces. Lift, Weight, Thrust and Drag. It’s that simple. An aircraft moves through the air with these in balance. Flying straight and level, lift opposes weight and thrust opposes drag.

Yes, there are other safety considerations. If there are people on-board. For example, it’s important to maintain a habitable environment. At higher altitudes that requirement can be demanding. Structural integrity is important too. Otherwise flying is a short-lived experience.

In the recent Air India fatal accident, the four forces of flight were not maintained so as to make a continued safe flight possible. The wings provided lift but the force that was deficient was thrust.

Two large powerful engines, either of which could have provided enough thrust, were unable to do so. The trouble being fuel starvation. Fuel starvation occurs when the fuel supply to the engine(s) is interrupted. This can happen even when there is useable fuel on board an aircraft[1].

Sadly, in the records there are numerous aircraft incidents and accidents where this has happened. Quite a few fuel starvation incidents and accidents occur because of fuel mismanagement. This can result from a pilot selecting an incorrect, or empty, fuel tank during a flight.

Now and then, it is the aircraft systems that are at fault. The pilot(s) can be misled by a faulty fuel indication system[2]. In one notable case, a major fuel leak drained the aircraft’s fuel supply[3].

When there is useable fuel on-board an aircraft, the imperative is to restart and recover. It is not uncommon or unreasonable for there to be a delay in restarting engine(s), especially when a fuel starvation event is entirely unexpected. Diagnosis takes time given the numerous potential causes of a starvation event.

In cruise flight there is time available to perform a diagnosis and take appropriate corrective action. Both take-off and landing have their hazards. Both are busy times in the cockpit. When looking at the worldwide safety numbers, less fatal accidents occur on take-off than landing. The numbers Boeing provide put take-off at 6% and landing at 24% of fatal accidents. Each one only occupies about 1% of the total flight time.

Although these are the numbers, my view is that, even though take-offs are optional and landings are mandatory, the requirements for adequate thrust are most critical during take-off. This is arguable and it reminds me that safety assessment is never simple.

[1] https://www.faa.gov/lessons_learned/transport_airplane/accidents/G-YMMM

[2] https://asn.flightsafety.org/asndb/322358

[3] https://asn.flightsafety.org/asndb/323244

Understanding Boeing 787 Avionics

In what I’ve written so far, I’ve taken the humancentric view much as most commentators. The focus of interest being on what the two Air India crew members were doing during the critical moments of this tragic flight. Let’s shift perspective. It’s time to take an aircraft level view.

On the Boeing 787-8 “Dreamliner”, the flight deck has two crew seats and two observer seats. One observer seat is directly behind and between the two crew seats. Since these observer seats are not mentioned in the preliminary report, it’s responsible to assume that they were unoccupied.

In my days working on civil aircraft certification, it was often as a part of a multidisciplinary team. I suppose one of the privileges of working on aircraft avionic systems is that they touch every part of a modern civil aircraft. That meant working with highly experienced specialist in every technical field, including flight test pilots and engineers.

When it came to reviewing aircraft system safety assessments, we’d often put it like this, you look at the aircraft from the inside out and well look at the aircraft from the outside in. Meaning that the flight test team looked at how the aircraft flew and performed. Systems engineering specialists focused on how the aircraft functioned. What was the detailed design, the means and mechanisms. It was by putting these differing perspectives together that a comprehensive review of an aircraft could be established.

Here’s where I need to be careful. Although, I worked on the technical standards¹ for complex aircraft systems, I did not work on the Boeing 787 at initial certification.

If I go back 25-years, a major change that was happening with respect to aircraft systems. It was the move to apply Integrated Modular Avionics (IMA). This was a move away from federated systems, where just about every aircraft function had its own box (autopilot, autothrottles, instruments, etc.) There was a fundamental architectural difference between federated and IMA systems.

The Boeing 787 has what is called a Common Core System (CCS). As an analogy let’s think of a time before the smart phone became universal. I had a Nokia mobile phone, a Canon camera, a HP calculator, a Dell lap-top, lots of connectors and pen and paper. Now, the only one that has survived the passage of time is the pen and paper.

So, it is with modern civil aircraft. An Integrated Modular Avionics (IMA) hosts the applications that are necessary for safe flight and landing. The IMA hosts functions that provide, Environmental Control, Electrical, Mechanical, Hydraulic, Auxiliary Power Unit (APU), Cabin Services, Flight Controls, Health Management, Fuel, Payloads, and Propulsion systems.

Information is digitised (sensors, switches and alike), processed and then acted upon. General Processing Modules (GPM) inside the aircraft CCS perform the functions needed. There’s an array of these GPMs and redundancy to provide a high integrity aircraft system.

An aircraft’s Fuel Shutoff Valve Actuator depend on the above working as intended in all foreseeable circumstances. No doubt the accident investigators are undertaking an analysis of the Boeing 787 avionics architecture to gain assurance that it worked as intended.

Standards: EUROCAE started a working group (Number 60) in September 2001, which was tasked to define guidance. Later, in November 2002, there was a merge with an RTCA steering committee (Number 200). ↩︎