[201] Plenary Keynote Lecture: Wider use of sensing capabilities in safety analysis to minimise dormant failures
M Türkaslan Rolls-Royce Deutschland Ltd & Co KG, Germany
Dormant (latent) failures of some aero engine components create a burden on Rolls-Royce, its customers and operators. They impose additional challenges in terms of having a system design and architecture that meet safety objectives. Dormant failures may require periodic maintenance to limit the dormancy to values cleared in safety analysis and certification of the engines.
Condition monitoring technology on aero engines is not a new application. Equipment health management (EHM) is widely used for minimising the downtime and lifecycle cost, but so far it has not been used for safety assessment. There are protection devices on the engines with sensing capabilities, but these are qualified as safety devices and developed to required integrity levels.
This paper examines the opportunity of using EHM systems to minimise dormant failures. It compares the current safety analysis with a theoretical one, where EHM systems are used as safety devices. As a consequence, safety and integrity requirements on these devices are identified.
