• Order now

      Toll-Free Numbers

      Call me back Live Support
Free «System Safety in Concorde Aircraft» Essay Sample


System safety refers to the analysis of systems for hazards and identification of (the hazards’) potential risks. Once identified, hazardous components are modified so as to eliminate the potential risk(s). System safety has been applied in different fields such as the chemical processing industry and mechanical engineering. Application of system safety in Concorde aircraft is of significant relevance because it takes into account risks and failures that are expected in a whole lifetime as opposed to those that may occur during the production and operational phases. The other main advantage of adopting system safety in designing Concorde aircraft is the fact that it is based on expert analysis, as opposed to industrial safety plans that rely on past failures. This paper explains how system safety can be applied in the design and operation of Concorde aircraft.


In the past, safety in aviation was improved through analysis of mishaps and accidents. Thorough aviation accident investigations were carried out with the intent of finding out the cause of the accident. Experts then relied to improve the design of aircrafts on this information. This has evidently resulted in reduced accident rates, more especially those that arise from system failure or malfunction. According to the Department of Defense (DoD), the resulting low accident rates have made it difficult to make any further improvements on system safety (DoD, 2002). Older models, referred to as event-based models, relied on industrial safety procedures which were developed on the basis that accidents result from a chain of events. However, such models are ineffective in current times because systems are more complex than before and because on new hazards that were not thought of before.

Safety System Models

Buy System Safety in Concorde Aircraft essay paper online

Title of your paper
Type of assignment
Academic level

* Final order price might be slightly different depending on the current exchange rate of chosen payment system.

  • Total price
Continue to order

Since the event-based models are best suited to address accidents or system failures where one component fails, leading to an accident, they may not be adequate in the contemporary environment where human factors and software errors lead to accidents. The complexity of systems brought about by technological advancement led to the development of the safety system model; which “is the application of engineering and management principles, criteria, and techniques to achieve an acceptable level of safety throughout all phases of a system” (DoD, 2002,  p. 2).

According to Leveson (2002), the following goals necessitated the development of the system safety model:

  • The need for accident analysis to include other factors apart from component failure and human error
  • The need for a model that scientifically analyzes accidents without being subjective and that gives a broader understanding why an accident occurred and how would be avoided.
  • A model that takes into account design errors and dysfunctional interactions among system components.
  • Development of hazard analyzes and risk assessments that can deal with complex software and human interactions with systems.
  •    The need for a model that does not just focus on the role of human error in accidents, but also the factors that shape human behavior as well as the contexts in which human error is likely to occur.
  • The need for a model that does not just focus on the cause of an accident, but also on the reasons why the events that led to the accident occurred.
  • The need for a model that examines the processes that control the sequence of events that leads to system failure.
  • The need for a system that allows for various appropriate views and interpretations.
  • The need for a model that provides directions for appropriate safety metrics and operational auditing procedures that would help determine whether controls put in place during system design and development is adequate in controlling hazards. 

System safety takes into account the whole system as a unit instead of its components. In this approach, the components provide a means of studying the organized complexity. Safety cannot be evaluated by examining separate components, but is rather treated as an emergent property of the systems (Leveson, 2002). The main aim of system safety is to reduce risks to acceptable levels since it is accepted that total risk elimination is not possible.

The MIL-STD-882 Standard

This safety system design was first established in 1969, and it was named MIL-STD-882A. This system introduced the concept of management and full life-cycle approach to safety system. According to O’keeffe (2002, p. 10), MIL-STD-882 was upgraded to MIL-STD-882A in June 1977. The new standard introduced “the concept of risk acceptance as a criterion for developing system safety programs.” In March 1984, the standard was upgraded to MIL-STD-882B. In this new standard, software tasks as system safety elements were introduced. MIL-STD-882B was upgraded to MIL-STD-882C in January 1993. Improvements in this version were the integration of hardware and software tasks in system safety (O’keeffe, 2002). MIL-STD-882D was introduced in January 2000; where system safety developers not only specified system performance requirements, but were also made responsible for specific system details.

The following are the safety system tasks employed in designing an MIL-STD-882 (A-D) safety system design.  

Identification of Hazards and Risk Analysis

This is the first step in the development of any safety system design. It involves the identification of hazards in an aircraft’s operational environment. According to the DoD (2002), a hazard is any condition that can lead to an accident. At this stage, all possible hazards are listed, and each one of them is analyzed in order to come up with ways of eliminating it or mitigating the risks associated with it to tolerable levels.

Risk Mitigation

Risk assessment is done with the aim of determining likely consequences that may stem from it. After the consequences have been determined, they are listed in order of their severity. Risks are also assessed in terms of their likelihood to occur. Once hazard identification and risk analysis is completed, various actions of mitigating or eliminating the risks are analyzed. Analysis of these actions is done on the basis of cost and effectiveness.

System Development and Analysis

After all potential risks have been analyzed; the best model that eliminates or mitigates them to desirable levels is chosen.  The system is then tested on various mishaps that are likely to occur. If the model shows desirable results, it can then be implemented. System evaluation is an ongoing process where the model is monitored after implementation. This is carried out with the intent of ascertaining whether the developed system meets the desired objectives fully or if and when it can be modified to meet new challenges.

Want an expert to write a paper for you
Talk to an operator now

Application of the MIL-STD-882 (A-D) standard in Concorde Aircraft 

Concorde Pressurization System

Cabins of commercial aircraft are normally pressurized to between 6000 feet to 8000 feet even though the plane flies at higher altitudes. This is done because sudden reduction of pressure can be risky to passengers and crew in the sense that it may lead to lack of oxygen; which has the consequence of unconsciousness, leading to death. Concorde flies at much higher altitudes than subsonic commercial aircraft; therefore, meaning that it has to have a comprehensive pressurization system to control the pressure in the cabin. The system is automatic, and it consists of a pressure regulating selector, an amplifier, electro pneumatic regulators, vacuum pumps and safety valves. Other than the pressure control system, Concorde’s website Heritage Concorde provides the following information on other approaches used to maintain favorable pressure levels:

At Concorde’s altitude, the air density is very low; a breach of cabin integrity would result in a loss of pressure severe enough so that the plastic emergency oxygen masks installed on other passenger jets would not be effective, and passengers would quickly suffer from hypoxia despite quickly donning them. Concorde, therefore, was equipped with smaller windows to reduce the rate of loss in the event of a breach, a reserve air supply system to augment cabin air pressure, and a rapid descent procedure to bring the aircraft to a safe altitude (p. 1).

Fire Detection System

Fire detection and prevention in aircraft is of utmost importance since it helps mitigate the risk of injury and/or loss of lives of passengers and crew as well as the destruction of the aircraft. Concorde’s fire detection and protection are elaborate in the sense that it encompasses an engine bay, fire detection system, an ultra-violet flame detection system, engine internal overheat detectors, nacelle/wing overheat detectors, engine fire protection system, and a number of fuselage smoke detectors (Heritage Concorde,  2011).

Airframe Design

The construction and design of aircraft has been found significantly to affect the survivability of passengers and crew during an accident (Shanahan, 2004). Transmission of forces to aircraft occupants and the ability of the aircraft to maintain its structural integrity in the event of a crash are determined by its design and materials. Previously, it was thought that the construction of aircraft using tougher materials would increase survivability. Research has shown that the truth is contrary to that earlier belief. To increase survivability, the container should be able to absorb some of energy from the crash impact and distribute it in a way that reduces injury to the occupant. It should be noted that improvement in a single area alone cannot significantly increase survivability. Rather, small enhancements made in areas of concern lead to the overall achievement of significantly reducing the number of lives lost or of those who suffer fatal injuries.

One of the main factors that influence survivability of a plane crash is the structural properties of the cabin floor. A strong cabin floor enables the cabin to maintain a safe and protective space around the occupant(s) during a crash. It also influences the ability of seats and to remain attached to it and provide the passenger with adequate restraint support. According to Concorde Heritage, Concorde’s passenger cabin floor is constructed in the following way:

The passenger cabin floor, this consists of aluminium alloy and balsa sandwich panels supported by cross beams set on the same pitch centers as the hoop frames. These beams are supported by tubular struts also, which are in turn pin jointed to the keel structure of the fuselage except over the main land gear bay, where special machined beams are used. The floor is built in a number of sections free to expand longitudinally to minimize thermal stress caused by differential expansion of the fuselage shell and the fore and aft floor members. Each floor section carries fore and aft seat rails of standard cross section (p. 1)

Another crucial aspect is the use of composite materials to construct aircraft. Even though, they have been mostly used in smaller aircraft construction, these materials are now being used in the construction of the Concorde.

The major concern over the use of composite materials in aircraft construction, more especially commercial aircraft, is their rigid mechanical properties which become a serious disadvantage during crashes. These structures have limited impact absorption capabilities, meaning the passenger is exposed to high, crash loads that should have otherwise been attenuated.

Restraint Systems

Special offer for new customers!
Get 15% OFF
your first order

Restraint systems to a larger extent determine aircraft occupants' accident survivability. The human body might be able to absorb large amounts of the energy without fatal injury if they are well restrained. Restraint refers to how well an individual is guarded and supported by his/her seat. This will determine how loads will be distributed to their body surface and consequently the level of injuries sustained in the event of a crash. According to Shanahan (2004), the main functions of the restraint system are:

  1. To prevent the ejection of individuals from the seat and/or aircraft.
  2. To prevent collision with other objects in the immediate environment such as other seats, and personal entertainment gadgets.
  3. To spread the crash loads over wide parts of the body, especially in forward- facing seats. Effective restraint systems are designed in such a way that the loads are directed to those parts of the body that are most able to withstand them. These parts include the pelvic girdle, chest and the shoulder girdle.
  4. Prevention of dynamic overshoot by tightly attaching the occupant’s body to his/her seat. The dynamic overshoot refers to the magnification of forces due to development of relative velocities between the decelerating aircraft and its occupants.

Preventing collision with objects within the aircraft (secondary collision) can increase chances of crash survivability tremendously. Several restraint systems have been developed, but the most common and widely used are those that involve pelvic restraint, upper body restraint or a combination of both. However, it has emerged that restraint systems that only involve the pelvis are not entirely effective as they allow the upper body to flail in the event of a crash (Shanahan, 2004). Other than permitting the injury of parts on the upper torso, the lap belt can lead to injury of the pelvic region due to the immense pressure sustained.

To address this weakness, Concorde uses the three-point shoulder harness with upper torso restraint systems. Other than preventing the upper torso from flailing, this system allows the distribution of the crash load to a wider surface area of the occupant's body. This significantly reduces the magnitude of injury likely to be sustained in the crash. Another advantage provided by the upper torso restraint system is that it prevents the lap belt from moving up and compressing the soft abdominal tissues. According to Shanahan (2004), compression of these tissues can lead to serious abdominal and spinal injury.

Another restraint system used in Concorde, but less commonly used in other aircraft is the use of air-bags. As observed from their application in automobiles, air-bag systems are effective in protecting the occupant from severe injury, which can be sustained from either the crash impact or objects within the immediate environment. Airbags can be effective especially in protection against head strike against bulkheads and other interior surfaces.

Physics of Impact

An impact refers to the shock applied over a brief period. It is not in all cases that proper restraint will protect aircraft occupants from injury. This is because, in severe cases, the accelerations cannot be tolerated by the human body. It has been observed that occupants restrained via means of a lap belt only sustain head and neck injuries from the flailing action of the upper torso during a crash. Even though, injury to the pelvis and lower body is minimal, its effects are serious since they may disable the affected individual from evacuating the aircraft in time. The ability of the aircraft and /or its components to absorb the energy from crash impact determines to what extent occupants will be injured. A study carried out by Cherry (1995) reveals that reducing the effects of impact can significantly increase chances of survivability. The following table adapted from cherry's study shows the expected percentage reduction in avoidable impact fatalities and overall fatalities from various measures.

Table 1: Expected Percentage Reduction in Avoidable Impact Fatalities and Overall Fatalities.

Safety Measure

% Reduction in Avoidable   Impact Fatalities

% Reduction in Overall Fatalities

Seat-floor strength



Rearward facing seats



   Occupant restraint



Strength of overhead stowage



Head strike adequacy



Structural strength of cabins



Infant seats


< 1

Note: Adapted from Analysis of Factors Influencing the Survivability of Passengers in Aircraft Accidents by Cherry, R. and Associates Ltd. (1995). Copyright 1995, by Cherry, R. and Associates Ltd, adapted with permission.

For an accident to be survivable, the airframe should be constructed in such a way that the space surrounding the occupant can withstand the force from collision, failure to which the occupant might be injured from objects that may pierce into the compartment or other projectiles within the space. Concorde’s airframe is constructed in consideration of the above facts and is, therefore, relatively safe.

In designing crashworthy airframes, human tolerance to abrupt acceleration should be put into consideration. In this regard, there are five factors that are considered: magnitude of acceleration, direction of acceleration, duration of the acceleration, the rate of onset and the restraint or support of the occupants (Shanahan, 2004). Concorde airframes are designed to absorb considerable energy. The area surrounding the occupant(s) is reinforced to survive crashes while parts of the outer airframe are constructed using materials that can crumple progressively and hence absorb much of the shock before it reaches the occupant.

Interior Environment

This refers to those objects within the occupant's environment that can turn to be potentially injurious in the case of a crash. For instance, personal in-flight entertainment systems like T.V. Screens. These objects may be fixed such that the occupant will get injured when they hit them, or they may be movable such that they can be thrown about and injure the occupant. To make the Concorde’s interior environment safer, such objects have been minimized, and the indispensable ones are padded or made frangible to render them non-injurious (FAA, 2009).

Overhead stowage structures can also cause injury during crashes. Unlike in previous years, passengers are being allowed to bring more carry-on luggage on board. This has the implication that the overhead luggage bins have to support more weight than before. During a crash, overhead luggage bins or their attachment fittings may fail structurally. To address this in Concorde aircraft, it is required that stowage compartments be closed so as to prevent contents from being thrown about in the event of a crash.


The MIL-STD-882 (A-D) system safety was developed to improve safety in military operations, but was later adopted in other fields including commercial aviation. This model is of significant importance considering the risks exposed to high-speed aircraft such as the supersonic Concorde. The relevance of this system is shown by its application in the design of Concorde aircraft; which makes one of the safest aircraft to fly. Implementation of this system is justified since losses resulting from system failure surpass the cost incurred in developing and implementing it. The older models did a terrific job in reducing aircraft accident rates. However, emerging technology used in developing new systems that the older models could not address satisfactorily. Engineers should conduct analysis, however,to determine the feasibility of adopting and implementing any system.


What our Clients say

Read all testimonials
Get 15%OFF   your first custom essay order Order now Prices from $12.99 /page
Click here to chat with us