Abstract :
There is a view that safety stems largely from reliability of systems. Whilst that view may be appropriate for systems that are simply inherently dangerous (nuclear power plants for example), it would be far too narrow for the more general case of safety-related systems, since it would exclude consideration of the positive contribution that such systems are required to make to the safety of their operational environment, host system etc. The paper discusses the implications of this issue for Air Traffic Management (ATM) and, whilst acknowledging that this limitation may not have been a major problem for the evolutionary developments of the past, it cannot be sustained in the face of more radical changes being considered for ATM over the next 20+ years. The paper then presents a new framework, in the form of a "template" Safety Argument, for a broader approach to ATM safety assessment, covering what are known as success and failure approaches. The framework is illustrated with a (relatively) simple worked example from a recent EUROCONTROL safety assessment of a new ATM operational concept related to landing in low- visibility conditions. Although this paper is based on ATM, there may also be lessons for other safety-related sectors as well.
