lml@lancaironline.net Mailing List Archive

Hi Valin,

I'm glad you are on the case as well….. Hope following helps a little?

As you know, there has been a fair bit of dialogue on the canopy issue on the forum. And a while back, I invited forum members to join in a working group to look at the issue and, in particular, look at a safety latch. The outcome was no takers other than colleagues here in Oz. Whilst a few of us already had dual micro switch warning systems installed in our Legacy's, but sadly not the Gerladton or Shepparton Legacys, myself and a few colleagues have been feverishly working on a safety latch design to further reduce risk of the canopy open event.

Cutting straight to where I, and no doubt others may have already got to, but quite likely not all…….

IMHO I believe everyone should have / could easily implement following with substantial benefit to pilots and their passengers in the order of 100 times less risk than the historical average risk of a fatal canopy open event:-

Make sure you have check lists that include the canopy status at run-up, and then again at the holding point / line-up – and use them
Develop and acknowledge canopy open on ground and in air procedures

if on the ground and it opens, whatever – do not proceed to airborne
If it opens in the air – above all else, do not attempt to close the canopy, keep the ball centered

Add a pair of warning switches in series to check for latch position and canopy seat position – wire so fail safe – audible + big visual warning

Next – look at a safety latch, or something similar or identical to Don Barnes' solution – this sort of device offers the potential to reduce the risk to zip – so why not do it?

A bit more detail below…..particularly around the risk assessment. Read on if you're still interested!

As far as a safety latch is concerned, our group here would have between us come up with dozens of different designs, some of which were sufficiently well developed that one could almost start building the CAD drawings / CNC machine inputs files for fabrication of components. The goal was of course to design something that will operate safely and reliably, not hinder egress or external emergency access, and be simple to install both during a build and after build. We short listed a few options, but all required some penetrations in the structure - so I passed these options to Lancair to see if they could provide guidance as to which would be acceptable from a structural point of view – to date no response (I must follow up…). Once we get that guidance, I will most likely build a prototype and install on my Legacy. I fully intend to publish / share whatever we come up with.

Above said, I had forgotten about Don Barnes' solution where I understand the canopy sits up a little bit unless the canopy latch is in the closed position – that may well largely obviate the need for a safety latch, as I'd presume the noise with even with a slightly open canopy (and even with noise cancelling headsets) would be hard to miss – but may be not 100% fool proof. Anyone know how high the canopy sits up with this mod? 1/2"? 1"?

In order to try and bring a bit of rigour and quantification to the understanding of risk and what measures are useful or not and so forth, I have also done a fair bit of work with event tree analysis to assess how various combinations of check lists, procedures, warning devices and a safety latch effect the risk of a fatal canopy open event. The event tree input assumptions around probabilities of various actions were tuned to match the actual historical risk of a fatal canopy open event. I found it a powerful way to explore what might happen if one does or does not do or have something… Very interesting, and not entirely or always intuitive. There is no doubt that a secondary latch gets straight to a really good outcome – provided such mechanism does not present unintended additional risk or compromise structural integrity. I am happy to share in the detail of this "model" if anyone is interested, but the bottom line messages - and noting the inherent uncertainty around many of the inputs and assumptions - of this work were:-

At the time I did the work, there had I believe been 3 fatal canopy open events - this equates to a risk factor in the order of 3 x 10-5 (unacceptable cf. a generally understood overall risk target for GA of 10-6)

This is expressed as risk of a fatal canopy open event per take-off (you can see basis below)

A dual microswitch warning system (latch position and canopy position) with audible and visual annunciation - in the case of VH-XTZ and VH-ZYA, we have ~3" x 1/2" flashing red warnings in centre of each EFIS screen, combined with the check lists and defined canopy open event flight procedures, get one into the 10-7 event frequency region (again expressed as frequency per take-off) for a canopy related fatal. If it were expressed as a frequency per hour, the number probably wouldn't look different – if avg. flight times were around 1 hour
So - in theory a Legacy with a decent warning system operated with a decent (and practiced) canopy related check list and acknowledged emergency procedures, may offer the opportunity to reduce the risk by 2 orders of magnitude (100 times less) compared to aircraft without these measures in place
A big assumption in all this, is that the historical fatal canopy open event aircraft did not have safety switch systems installed – if anyone knows the answer to that question, I'd appreciate it
A secondary latch (without an alarm) gets one straight into the 10–8 region or better (albeit this is quite sensitive to the secondary latch reliability assumption)
With a warning system AND a secondary latch, the risk goes to zip

Rolling this up, the picture seems to be:-

Historical risk of a fatal canopy open event is in the order 10-5
Add warning devices, check lists for canopy status at run-up and again at holding point => order of 10-7 risk (~ 100 times improvement)
Add a safety latch alone => order of 10-8 risk (~ 1000 times improvement)
Add the lot……=> extremely low risk

I'm sure there will be many a clamour about how useful check lists are, or how useful alarms are and how responsive pilots are to alarms… and the work I have done reflects that check lists will not always be done, and that alarms will not always be noticed, and that even if alarms are noticed pilots may not respond or indeed cancel them….. But, in combination – if just some of the measures hit the spot – just one of them alone may well avert a tragedy. Putting it the other way – if none of these things were done – then….?

For what its worth, I have pasted in my check lists below if useful for anyone – again I'm sure there will be differences of opinion around these, but just focus on the canopy related items. I have also included my emergency procedures around a canopy open event "on the ground" and "in the air".[Note: in the case of the Gerladton accident, the canopy was observed open before take-off and smoke was observed coming from the tyres, yet the take-off proceeded]. I honestly do not know if canopies have opened after becoming airborne, or whether they have always opened prior to becoming airborne – so, I like to have both covered!

So – I hope this dicitation helps in some way to place the canopy open event risk into context, provide some ideas on measures that can be relatively easily employed to reduce the risk or at least promote more awareness / development of even better risk prevention measures.

Canopy Open event procedures

Event = "Flight occurs with canopy unlocked and leads to a fatality"

No. recorded events	3
No. Legacy's flown	350
Years in operation	10
Flight years	1925
Avg. take-off/yr	50
Total take-off to date	96250
Frequency of canopy open fatalties	3.12E-05	REF

This is a "Reference event frequency"(REF) assuming all past events occurred with aircraft / pilots:-
- no alarm system
- critical check lists not used
- abort procedure not acknowldged
- no predefined / rehearsed canopy open flight procedure
- no proven flight procedure "available"

Typical Legacy / Pilot - No defined "Canopy Open Flight Procedure", No Alarm System, No Secondary Latch
		Entry guidance
Close before engine start / taxi (CBT)	70.0%	Typical, or specific pilot practice - presumes optional action
Open before Run-Up (OBRUR)	50.0%	Typical, or specific pilot practice - presumes optional action
Cancel alarm (CANC)	0.0%	Typical, or specific pilot practice or 0% if "No Alarm System"
Close on Run-Up Check (CRUC)	98.0%	Typical, or specific pilot practice
Open before Pre-Line-Up (OBPLUC)	30.0%	Typical, or specific pilot practice - presumes optional action
Close on Pre-Line-Up Check (CPLUC)	98.0%	Expectation of a typical pilot
Informally remember to Close (IFRC)	90.0%	Expectation of a typical pilot
Respond to Alarm & Close (RTAC)	0.0%	Expectation of a typical pilot or 0% if "No Alarm System"
Secondary Latch Operates (SLO)	0.0%	If "No secondary latch" = 0%; otherwise 99.9% or higher
Take-Off Aborted (TOA)	90.0%	Expectation of a typical pilot
Safe Fight Canopy Open (SFCO)	80.0%	Expectation of a typical pilot

Probility of a fatal	4.4E-05	cf. actual data interpretation per REF = 0.0000312


Typical Legacy / Pilot - No defined "Canopy Open Flight Procedure", No Alarm System, Secondary Latch
		Entry guidance
Close before engine start / taxi (CBT)	70.0%	Typical, or specific pilot practice - presumes optional action
Open before Run-Up (OBRUR)	50.0%	Typical, or specific pilot practice - presumes optional action
Cancel alarm (CANC)	0.0%	Typical, or specific pilot practice or 0% if "No Alarm System"
Close on Run-Up Check (CRUC)	98.0%	Typical, or specific pilot practice
Open before Pre-Line-Up (OBPLUC)	30.0%	Typical, or specific pilot practice - presumes optional action
Close on Pre-Line-Up Check (CPLUC)	98.0%	Expectation of a typical pilot
Informally remember to Close (IFRC)	90.0%	Expectation of a typical pilot
Respond to Alarm & Close (RTAC)	0.0%	Expectation of a typical pilot or 0% if "No Alarm System"
Secondary Latch Operates (SLO)	99.9%	If "No secondary latch" = 0%; otherwise 99.9% or higher
Take-Off Aborted (TOA)	90.0%	Expectation of a typical pilot
Safe Fight Canopy Open (SFCO)	80.0%	Expectation of a typical pilot

Probility of a fatal	4.4E-08	cf. actual data interpretation per REF = 0.0000312


John & Gary / VH-XTZ & VH-ZYA Current Status
		Entry guidance
Close before engine start / taxi (CBT)	100.0%	Typical, or specific pilot practice - presumes optional action
Open before Run-Up (OBRUR)	50.0%	Typical, or specific pilot practice - presumes optional action
Cancel alarm (CANC)	10.0%	Typical, or specific pilot practice or 0% if "No Alarm System"
Close on Run-Up Check (CRUC)	98.0%	Typical, or specific pilot practice
Open before Pre-Line-Up (OBPLUC)	10.0%	Typical, or specific pilot practice - presumes optional action
Close on Pre-Line-Up Check (CPLUC)	98.0%	Expectation of a typical pilot
Informally remember to Close (IFRC)	90.0%	Expectation of a typical pilot
Respond to Alarm & Close (RTAC)	90.0%	Expectation of a typical pilot or 0% if "No Alarm System"
Secondary Latch Operates (SLO)	0.0%	If "No secondary latch" = 0%; otherwise 99.9% or higher
Take-Off Aborted (TOA)	90.0%	Expectation of a typical pilot
Safe Fight Canopy Open (SFCO)	80.0%	Expectation of a typical pilot

Probility of a fatal	4.4E-07	cf. actual data interpretation per REF = 0.0000312


John & Gary / VH-XTZ & VH-ZYA current Status + Secondary Latch
		Entry guidance
Close before engine start / taxi (CBT)	100.0%	Typical, or specific pilot practice - presumes optional action
Open before Run-Up (OBRUR)	50.0%	Typical, or specific pilot practice - presumes optional action
Cancel alarm (CANC)	10.0%	Typical, or specific pilot practice or 0% if "No Alarm System"
Close on Run-Up Check (CRUC)	98.0%	Typical, or specific pilot practice
Open before Pre-Line-Up (OBPLUC)	10.0%	Typical, or specific pilot practice - presumes optional action
Close on Pre-Line-Up Check (CPLUC)	98.0%	Expectation of a typical pilot
Informally remember to Close (IFRC)	90.0%	Expectation of a typical pilot
Respond to Alarm & Close (RTAC)	90.0%	Expectation of a typical pilot or 0% if "No Alarm System"
Secondary Latch Operates (SLO)	99.9%	If "No secondary latch" = 0%; otherwise 99.9% or higher
Take-Off Aborted (TOA)	90.0%	Expectation of a typical pilot
Safe Fight Canopy Open (SFCO)	80.0%	Expectation of a typical pilot

Probility of a fatal	4.4E-10	cf. actual data interpretation per REF = 0.0000312

Regards,

John

John N G Smith
Tel / fax:    +61-8-9385-8891
Mobile:      +61-409-372-975
Email:         john@jjts.net.au