What Is Maintenance?
By Jack Hessburg
What kind of a question is this for readers of a magazine devoted to maintenance? Everybody knows what it is. Well, I don't think so. There are many definitions of maintenance, but most define the wrong issue. They focus on "finding failure and fixing failed stuff."
Consider this commonly accepted definition. As certain items of the airplane and its systems deteriorate, it becomes necessary to assure that the design remains airworthy. Maintenance is the action necessary to sustain or restore the airworthy integrity and performance of the airplane. It includes inspection, overhaul, repair, preservation and replacement of parts. Well, finding failure and fixing stuff is not maintenance. Rather it is the consequence of maintenance. Maintenance is nothing more than "the management of failure." Machines fail. The primary consideration of all maintenance decisions is neither the failure of a given item nor the frequency of its occurrence, but rather the consequences of that failure upon the airplane and its operation.
In order to better manage failure, it helps to understand that there are two consequences of failure: those affecting safety and those affecting availability (economics).
Safety related — Failure that jeopardizes the safety of the airplane or places in peril its occupants must be prevented. Flying machines can not be of such design that any single failure of the device will have catastrophic results. This is aeronautical dogma. Today's airplanes are subject to very few critical failure modes. This safety-related reliability is attributed to the design requirements of the relevant governmental regulations as well as the specifications of operating organizations and manufacturers. Current design practice ensures that vital functions are protected by redundancy, fault tolerance, fail tolerance, and fail safe features. This assures that, if there is failure, a given function will remain available from other sources to insure a safe completion of flight.
Economic — If, the loss or deterioration of a particular function neither endangers the equipment nor its occupants, then the consequences of that failure are economic. Examples include systems, components, or features in a design that are not specifically required to demonstrate conformity to the basis of certification.
Safety-related failure can be managed. Consider that if the design only addresses the avoidance of single catastrophic failures, the airplane and its occupants will not be placed in peril. But, single failures of components or systems can cause the loss of availability of the equipment once the airplane lands. Once a single failure occurs, a "no go" condition arises until repair or replacement is accomplished.
There are three design solutions for avoiding the "no go."
1. The components and systems are designed to an exceptional degree of reliability. This is an inordinately costly strategy. Cost-effective design trades must be made between the loss of availability arising from "no go" situations and the cost of exceptionally reliable components.
2. If a high degree of reliability is not cost effective, then the design should include a high degree of deferability, i.e. a good Minimum Equipment List (MEL). Traditionally all installed equipment specified by the airworthiness and operating regulations must be operative. However, experience indicates that, with varying levels of redundancy designed into airplanes, operation of every system or installed component was not necessary when the remaining operative equipment provided an acceptable level of safety. This was recognized in the mid-1950s. Consequently, regulatory agencies granted permission to operate with certain items of equipment inoperative; the intent being to permit revenue operations to a station where repairs or replacements could be made. This permits economic airplane utilization as well as offering a reliable flight schedule to the flying public without compromising flight safety. The concept of an MEL arose out of the excess capability in the design that just "happened." Contemporary practice demands that consideration be given to deferability in the design as a conscious activity when defining system architecture and functionality.
However, this will not totally eliminate "no go" conditions. Thus the third design strategy arises:
3. Assume a scheme that assures "no go" can be minimized. The design approach embraces the incorporation of features that are extra to those required for certification. These include redundancy, fault tolerance and fail safe, fail passive features, but, beyond that required to certify the design.
This is not without its price, however. It increases the number of failure possibilities, adds more items that can fail, and results in equipment that is more complex and integrated — making fault isolation more difficult. It adds to the cost of the airplane, so it must be done carefully to keep costs under control.
This approach, judiciously applied, greatly reduces the consequences of any single failure. Excess features in the design put initial failures of a system into the economic rather than the safety related failure category.
So if you find yourself wondering about the complexity of a system, or wondering why something is designed the way it is, remember that these three strategies went into giving the design a depth of equipment reliability. This assures airplane availability. I call it a "belt and suspenders" solution toward keeping the tin moving. That's maintenance!