Zonal Safety Analysis (ZSA) is one of three analytical methods which, taken together, form a Common Cause Analysis (CCA) in

aircraft An aircraft is a vehicle that is able to fly by gaining support from the air. It counters the force of gravity by using either static lift or by using the dynamic lift of an airfoil, or in a few cases the downward thrust from jet engine ...

safety engineering Safety engineering is an engineering discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety engineering. Safety eng ...

under SAE ARP4761. The other two methods are Particular Risks Analysis (PRA) and Common Mode Analysis (CMA). Aircraft system safety requires the

independence Independence is a condition of a person, nation, country, or state in which residents and population, or some portion thereof, exercise self-government, and usually sovereignty, over its territory. The opposite of independence is the statu ...

of failure conditions for multiple systems. Independent failures, represented by an

AND gate The AND gate is a basic digital logic gate that implements logical conjunction (∧) from mathematical logic AND gate behaves according to the truth table. A HIGH output (1) results only if all the inputs to the AND gate are HIGH (1). If not al ...

in a

fault tree analysis Fault tree analysis (FTA) is a type of failure analysis in which an undesired state of a system is examined. This analysis method is mainly used in safety engineering and reliability engineering to understand how systems can fail, to identify ...

, have a low probability of occurring in the same flight. Common causes result in the loss of independence, which dramatically increases probability of failure. CCA and ZSA are used to find and eliminate or mitigate common causes for multiple failures.

General Description

ZSA is a method of ensuring that the equipment installations within each zone of an aircraft meet adequate

safety standards Safety standards are standards designed to ensure the safety of products, activities and processes, etc. They may be advisory or compulsory and are normally laid down by an advisory or regulatory body that may be either voluntary or statutory. In ...

with respect to design and installation standards, interference between systems, and maintenance errors. In those areas of the aeroplane where multiple systems and components are installed in close proximity, it should be ensured that the zonal analysis would identify any failure or malfunction which by itself is considered sustainable but which could have more serious effects when adversely affecting other adjacent systems or components

Aircraft manufacturers divide the airframe into zones to support

airworthiness In aviation, airworthiness is the measure of an aircraft's suitability for safe flight. Initial airworthiness is demonstrated by a certificate of airworthiness issued by the civil aviation authority in the state in which the aircraft is register ...

regulations, the design process, and to plan and facilitate maintenance. The commonly used aviation standard ATA

iSpec 2200 ATA Spec 100 and iSpec 2200 are information standards for aviation maintenance and flight operations published by Airlines for America (formerly Air Transport Association). These standards provide recommended specifications for the content, struct ...

, which replaced ATA Spec 100, contains guidelines for determining airplane zones and their numbering. Some manufacturers use ASD

S1000D S1000D is an international specification for the procurement and production of technical publications. It is an XML specification for preparing, managing, and publishing technical information for a product. It was initially developed by the AeroSpa ...

for the same purpose. The zones and subzones generally relate to physical barriers in the aircraft. A typical zone map for a small transport aircraft is shown. File:ZoneMapOfAircraft.jpg, Zone Map of an Aircraft Aircraft zones differ in usage,

pressurization {{Wiktionary Pressurization or pressurisation is the application of pressure in a given situation or environment. Industrial Industrial equipment is often maintained at pressures above or below atmospheric. Atmospheric This is the process by ...

temperature Temperature is a physical quantity that expresses quantitatively the perceptions of hotness and coldness. Temperature is measurement, measured with a thermometer. Thermometers are calibrated in various Conversion of units of temperature, temp ...

range, exposure to

severe weather Severe weather is any dangerous meteorological phenomenon with the potential to cause damage, serious social disruption, or loss of human life. Types of severe weather phenomena vary, depending on the latitude, altitude, topography, and atmos ...

and lightning strikes, and the hazards contained such as ignition sources, flammable fluids, flammable vapors, or rotating machines. Accordingly, installation rules differ by zone. For example, installation requirements for wiring depends on whether it is installed in a fire zone, rotor burst zone, or cargo area. ZSA includes verification that a system's equipment and interconnecting wires, cables, and hydraulic and pneumatic lines are installed in accordance with defined installation rules and segregation requirements. ZSA evaluates the potential for equipment interference. It also considers failure modes and maintenance errors that could have a cascading effect on systems, such as: * Flailing torque shaft * Oxygen leak * Accumulator burst * Fluid leak * Rotorburst * Loose fastener *

Bleed air Bleed air is compressed air taken from the compressor stage of a gas turbine upstream of its fuel-burning sections. Automatic air supply and cabin pressure controller (ASCPCs) valves bleed air from high or low stage engine compressor sections. Lo ...

leak * Overheated wire * Connector keying error Potential problems are identified and tracked for resolution. For example, if redundant channels of a

data bus In computer architecture, a bus (shortened form of the Latin '' omnibus'', and historically also called data highway or databus) is a communication system that transfers data between components inside a computer, or between computers. This e ...

were routed through an area where rotorburst fragments could result in loss of all

channels Channel, channels, channeling, etc., may refer to: Geography * Channel (geography), in physical geography, a landform consisting of the outline (banks) of the path of a narrow body of water. Australia * Channel Country, region of outback Austral ...

, at least one channel should be rerouted.

Case Studies

On July 19, 1989,

United Airlines Flight 232 United Airlines Flight 232 was a regularly scheduled United Airlines flight from Stapleton International Airport in Denver to O'Hare International Airport in Chicago, continuing to Philadelphia International Airport. On July 19, 1989, the DC ...

, a

McDonnell Douglas McDonnell Douglas was a major American aerospace manufacturing corporation and defense contractor, formed by the merger of McDonnell Aircraft and the Douglas Aircraft Company in 1967. Between then and its own merger with Boeing in 1997, it pro ...

DC-10-10, experienced an uncontained failure of its No. 2

engine An engine or motor is a machine designed to convert one or more forms of energy into mechanical energy. Available energy sources include potential energy (e.g. energy of the Earth's gravitational field as exploited in hydroelectric power ...

stage 1 fan rotor disk assembly. The engine fragments severed the No. 1 and No. 3

hydraulic Hydraulics (from Greek: Υδραυλική) is a technology and applied science using engineering, chemistry, and other sciences involving the mechanical properties and use of liquids. At a very basic level, hydraulics is the liquid counte ...

system lines. Forces from the engine failure fractured the No. 2 hydraulic system line. With the loss of all three hydraulic-powered flight control systems, safe landing was impossible. The lack of independence of the three hydraulic systems, although physically isolated, left them vulnerable to a single failure event due to their close proximity to one another. This was a zonal hazard. The aircraft crashed after diversion to

Sioux Gateway Airport Sioux Gateway Airport , also known as Colonel Bud Day Field, is a public and military use airport in Woodbury County, Iowa, United States. It is located six nautical miles (7 mi, 11 km) south of the central business district of Sioux ...

Sioux City, Iowa Sioux City () is a city in Woodbury and Plymouth counties in the northwestern part of the U.S. state of Iowa. The population was 85,797 in the 2020 census, making it the fourth-largest city in Iowa. The bulk of the city is in Woodbury County ...

, with 111 fatalities, 47 serious injuries and 125 minor injuries. On August 12, 1985,

Japan Air Lines Flight 123 Japan Air Lines Flight 123 (JAL123) () was a scheduled domestic Japan Air Lines passenger flight from Haneda Airport in Tokyo to Itami International Airport in Osaka. On August 12, 1985, the Boeing 747SR operating this flight suffered a sudde ...

, a

Boeing The Boeing Company () is an American multinational corporation that designs, manufactures, and sells airplanes, rotorcraft, rockets, satellites, telecommunications equipment, and missiles worldwide. The company also provides leasing and p ...

747-SR100, experienced cabin decompression 12 minutes after takeoff from

Haneda Airport , officially , and sometimes called as Tokyo Haneda Airport or Haneda International Airport , is one of two international airports serving the Greater Tokyo Area, the other one being Narita International Airport (NRT). It serves as the primary ...

Tokyo Tokyo (; ja, 東京, , ), officially the Tokyo Metropolis ( ja, 東京都, label=none, ), is the capital and List of cities in Japan, largest city of Japan. Formerly known as Edo, its metropolitan area () is the most populous in the world, ...

, Japan, at 24,000 feet. The decompression was caused by failure of a previously repaired

aft pressure bulkhead The aft pressure bulkhead or rear pressure bulkhead is the rear component of the pressure seal in all aircraft that cruise in a tropopause zone in the earth's atmosphere. It helps maintain pressure when stratocruising and protects the aircraft from ...

. Cabin air rushed into the unpressurized

fuselage The fuselage (; from the French ''fuselé'' "spindle-shaped") is an aircraft's main body section. It holds crew, passengers, or cargo. In single-engine aircraft, it will usually contain an engine as well, although in some amphibious aircraf ...

cavity, overpressurizing the area and causing failure of the

auxiliary power unit An auxiliary power unit (APU) is a device on a vehicle that provides energy for functions other than propulsion. They are commonly found on large aircraft and naval ships as well as some large land vehicles. Aircraft APUs generally produce 115& ...

(APU)

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spr ...

and the supporting structure for the vertical fin. The vertical fin separated from the airplane. Hydraulic components located in the aft body were also severed, leading to a rapid depletion of all four hydraulic systems. The loss of the vertical fin, coupled with the loss of all four hydraulic systems, left the airplane extremely difficult, if not impossible, to control in all three axes. Lack of independence of four hydraulic systems from a single failure event was a zonal hazard. The aircraft struck a mountain at forty-six minutes after takeoff with 520 fatalities and 4 survivors.

References

External links

EASA CS-25 Appendix 1

Lessons Learned From Transport Airplane Accidents Library
{{DEFAULTSORT:Zonal Safety Analysis Handbooks and manuals Engineering literature

General Description

Case Studies

See also

References

External links