Curriculum Vitae
for Carl Sandom
(click
to download PDF version)
Résumé
Carl is the Director and Principal
Consultant of iSys Integrity Limited an independent System Safety consultancy
operating in Europe and North America and specializing in systems and
software safety certification within the Aerospace and Defence domains.
Carl has developed and delivered numerous Safety Management Systems
and Safety Training programmes and he has a thorough knowledge of managing
the programme and technical risks associated with the implementation
of safety programmes compliant with international and European safety
standards such as ARP 4761, ARP 4754, DO-178B, DO-254, MIL-STD 882,
IEC61508 and UK Defence Standard 00-56.
Current safety consultancy roles include: Independent Safety Advisor
to the NATO Air Command and Control System Management Agency, Belgium;
Independent Safety Advisor to the NATO Active Layer Theatre Ballistic
Missile Defence Project Office, Belgium; Software Safety Engineer on
the Merlin Capability Sustainment Programme for Westland Helicopters
Ltd, UK, and the development and ongoing presentation of the EUROCONTROL
Safety Survey training course for The Institute of Air Navigation Services,
Luxembourg.
Carl has been a Safety Consultant with the UK Royal Air Force's Air
Defence Safety and Standards Unit, where he was instrumental in developing
a comprehensive Safety Management System and was responsible for all
Human Factors activities and their impact on Safety in Air Defence systems.
He has been an Engineering Manager with Thales Defence (UK) where he
established and managed a team of systems engineers offering specialist-engineering
services including Safety Management, Human Factors and Training. He
has also been a Chief Programmer at the NATO Programming Centre, Belgium,
where he managed the activities of a multinational team of software
engineers responsible for the development of safety-related software
for real-time command and control systems.
Carl is a Chartered Engineer and a Registered Ergonomist specializing
in the fields of system safety and human factors, a subject for which
he was awarded a PhD. He also holds an MSc in Information Systems and
a BEng in Information Technology. Carl is a Member of the Institution
of Engineering and Technology (IET) and he is also the current Chairman
of the IET International Conference on System Safety. Carl has published
and presented numerous peer-reviewed papers and has edited and contributed
to books on Human Factors Engineering and System Safety.
Education and Qualifications
1997 –
2000 PhD in Safety and Human
Factors, Brunel University
1996 – 1997 MSc
(Distinction) in Information Systems, Brunel University
1987 – 1990 BEng
(Hons) Upper Second in Information Technology,
Cranfield University
Professional Affiliations
Chartered Engineer (CEng)
European Engineer (EurIng)
Member of the Institution of Electrical Engineers (MIET)
Registered Member of the Institution of Ergonomics and Human Factors
(MIEHF)
2001-present Member of IET Functional Safety Technical and Professional
Network Technical Advisory Panel
2007-present Chairman of IET International Conference on System Safety
Employment Summary
2003 - Present Director and Principal
Consultant with iSys Integrity Limited
2002 - 2003 Principal Consultant with Praxis Critical Systems Limited
2000 - 2002 Speciality Engineering Manager with Thales Defence Information
Systems
1980 - 2000 Communications Engineer Officer with the UK Royal Air Force
Career History
iSys Integrity
Director
and Principal Consultant (August 2003 - Present)
Carl is the Director and
Principal Consultant with iSys Integrity Limited; an independent consultancy
specialising in systems and software safety engineering, human factors
and training. Current and recent projects include the following:
NATO Active Layer Theatre
Ballistic Missile Defence System (July 2009 - Ongoing)
Safety Consultant for the
NATO Active Layer Theatre Ballistic Missile Defence Programme Office
(ALTBMD PO). Developing a Preliminary Hazard Analysis for the ALTBMD
software-intensive system to determine credible accidents, hazards and
accident sequences based upon the ALTBMD Concept of Operations. Providing
independent advice and review of all safety analyses undertaken by C3I,
Sensor and Shooter implementation contractors of the ALTBMD programme.
Involves detailed review of all implementation contractor safety management
activities and ensuring that the programme risks involved in safety
activities are minimised.
NATO Programming Centre
Independent Safety Advisor (June 2005 - Ongoing)
Support with the development
of a Software Safety Assessment for a major upgrade to the Multi-Site
AEGIS Site Emulator (MASE) software. The Safety Advisor task involves
an analysis of the existing MASE software and the provision of specialist
safety advice to the NATO Programming Centre (NPC) Software Safety Engineer.
The task will also require an independent review of any MASE safety
analysis work undertaken by NPC.
Development and delivery of a one day Software Safety Course for NPC
programmers and management to raise awareness of software safety issues
and to promote safety culture as required by the NPC Safety Management
System. As well as some theoretical material, the course provides practical
examples of how programmers could improve software safety throughout
the software development life-cycle.
ESARR3 Safety Survey (November 2004 - Ongoing)
Development of Safety Survey Guidelines and the ongoing delivery of
associated the Training course for EUROCONTROL Institute of Air Navigation
Services. The task involves development of guidelines as an Acceptable
Means of Compliance to meet ESARR 3 survey requirements within the European
Civil Aviation Conference region and the development and delivery of
a training package for a specialist ATM Safety Survey Course at The
Institute of Air Navigation Services.
NATO Air Command and Control System (September 2003 - Ongoing)
Safety Management and Human Factors consultant for the NATO Air Command
and Control System Management Agency (NACMA). Involves the development
and implementation of an ESARR3 compliant Safety Management System for
this NATO management agency to cover both procurement and CLS activities.
Providing independent advice and review of all safety and human factors
analyses undertaken by the implementation contractor of the NATO ACCS
programme. Involves detailed review of all implementation contractor
safety management activities and ensuring that the programme risks involved
in safety activities are minimised.
Human Factors for Engineers Training Course (September 2004 - Ongoing)
Design, development and delivery of a training course providing an
introduction to Human Factors for Engineers. The initial course was
held in Leamington Spa and delegates attended from numerous systems
engineering establishments. This training course is an ongoing commitment
and is based on a published IET book of the same title edited by Carl.
Safety Management in Air Traffic Services Training Course (December
2003 - Ongoing)
Design, development and delivery of a training course dealing with
the management of safety vide ESARR3 for organisations and individuals
involved in the provision of Air traffic services. Tailored courses
have been held in London, Norway and Bath and attended by various organisations
including senior delegates from the Norwegian CAA and BAe. This training
course is an ongoing commitment.
MCSP- Westland Helicopter Ltd Software/Firmware Safety Engineer (July
2005 - April 2010)
Support to Westland Helicopter Ltd. with the Merlin Capability Sustainment
Programme (MCSP). This task involves providing significant Software
& Firmware Safety Engineering support to WHL with the development
and implementation of a full Defence Standard 00-56/3 compliant Software
Safety Plan for the MCSP Avionic System which comprises of a significant
quantity of SIL3 and SIL2 software and firmware developed to RTCS/DO-178B
and RTCS/DO-254 standards.
UK IBS, Thales Air Operations Programme Safety Advisor (December 2006)
UK Integrated Broadcast Service (IBS) is a £110M programme, currently
in the Capture Phase, to provide a networked distribution of intelligence
information throughout the UK mainland and deployed forces through to
2016. iSyS Integrity has been subcontracted to provide Thales Air Operations
(TAO) with Programme Safety Advisor support to the UK IBS programme.
TACCL16 (May - August 2005)
Safety Management support to Thales Air Operation for a Tactical Air
Control Centre Link16 (TACCL16) based upon the existing UKTACC system
with a major upgrade to include Link 16 functionality. Specific deliverables
included the provision of a Def Stan 00-56 compliant Safety Programme
Plan and a Preliminary Safety Case including an initial hazard analysis.
Hebrides Ranges Operational Voice Network (November 2004 - January
2005)
Safety Management support to Thales Communications for an Operational
Voice Network proposal and presentation in response to an invitation
to Tender from QinetiQ PLC. Specific deliverables included the provision
of a UK Defence Standard 00-56 compliant Safety Programme Plan and a
Preliminary Safety Case including an initial hazard analysis.
Royal Navy Voice Communications Control System (October 2004)
Safety Management support to Thales Communications for a Voice Communications
System proposal and presentation in response to an invitation to Tender
from the Defence Logistic Organisation's AOS-IPT. Specific deliverables
included the provision of a Def Stan 00-56 compliant Safety Programme
Plan and a Preliminary Safety Case including an initial hazard analysis.
Praxis Critical Systems
Principal
Consultant (January 2002 to August 2003)
Carl was a Principal Consultant with Praxis Critical Systems
Limited contributing to the Aerospace and Defence business. Carl developed
CONTEXT, a framework for integrating Human Factors and Functional Safety.
Specific projects have included the following:
NATO Air Command and Control
System Safety Management (May 2002 to August 2003)
Safety management and human
factors capability to Air Command Systems International (ACSI) responsible
for the implementation of the NATO Air Command and Control System (ACCS).
ACSI is a joint venture consortium between BAE Systems (UK), TAO (UK),
EADS (Germany), AMS (Italy), TRS-LLC and TRS-SAS. ACCS Level of Capability
1 (LOC1) will provide a semi automated system designed to support the
operational and tactical command and control of air forces, Command
and Control (C2) centres, and sensors assigned to NATO and to NATO nations.
The system safety programme is required to fulfil the requirements of
ESSAR4, ESSAR4, Mil-Std 882C and UK Def Stan 00-56. Specific deliverables
include the provision of: System Safety Programme Plan, Safety Criteria
Report, System Hazard Report, Safety Review and Audit, Hazard Log and
holding regular Safety Management Review Meetings.
CVF - Future Carrier Air Operations
Safety (April 2003 to July 2003)
Safety Authority for the Safety Management of the Future Carrier Air Combat
capability Air Operations for the Alliance Consortium comprising BAE Systems
(UK) and Thales Defence (UK). The system safety programme is required
to comply with the emerging Eurocontrol safety requirements namely ESSAR4
within an ESSAR3 Safety Management framework. In addition the programme
must adopt an approach to fulfil the requirements of Def Stan 00-56.
European Rail Traffic Management
System (January 2003)
Assessment of Human Factors in ERTMS Data Management. Carried out an
analysis of human factors contributing to data management-related ERTMS
hazards such as specific human errors that occur during data handling,
or wider issues related to the cultural and organisational aspects of
the rail industry and ERTMS. From an initial ERTMS Data Report a qualitative
analysis was performed, based on a recognised classification for human
error, to identify human factors issues related to data handling. These
issues were placed in the context of the ERTMS Data Items that are affected
and the stages of the Data Management Lifecycle when they may occur.
Assessment documented in Praxis report: S.P1217.41.12, Issue: 1.0, dated
17th January 2003.
Nuclear, Biological and Chemical Battlefield Information System Application
(February 2002 to September 2003)
Safety management and human factors capability to Fujitsu Services
Limited for their Nuclear, Biological and Chemical Battlefield Information
System Application (NBC BISA) proposal and subsequent contract for UK
MoD CSIS IPT. The system safety programme fulfilled the requirements
of Def Stan 00-56 for safety and Def Stan 00-25 for human factors in
the context of the MoD BOWMAN project. Specific deliverables included
the provision of a System Safety Programme Plan, including a provisional
Hazard Log, and a Human Engineering Programme Plan.
Ground Based Air Defence System (February 2002 to February 2003)
Safety management capability to Thales Defence Limited for their Ground
Based Air Defence (GBAD) bid for UK MoD GBAD IPT. The system safety programme
fulfils the requirements of Def Stan 00-56 for safety and Def Stan 00-25
for Human Factors. Specific deliverables included the provision of a System
Safety Programme Plan, including a provisional Hazard Log, and a Preliminary
Safety Case.
NATO Air Command and Control System PHA (January 2002 to May 2002)
Safety and human factors capability to ACSI responsible for a Preliminary
Hazard Analysis (PHA) of NATO ACCS for the Health & Safety and the
Functional Safety aspects and specifically the role of safety-related
software. The objective of the PHA was to identify all the potential
hazards generated by the ACCS LOC1 system and to quantify the associated
programme and safety risks and to propose a safety programme to 2006.
WATCHKEEPER Tactical Unmanned Air Vehicle (January 2002 to June 2003)
Independent Safety consultant to a consortium bidding for down-selection
on the UK MoD WATCHKEEPER programme. WATCHKEEPER will provide Situation
Awareness information to land manoeuvre commanders using Tactical Unmanned
Air Vehicles (TUAV). The work involved production of System Safety Management
Plans, Preliminary Safety Cases and Preliminary Accident Models for
proposed operation of TUAVs on the range, in tactical situations and
in Civilian Airspace. The work involved collaboration between UK and
US companies and the development of a common safety engineering approach
to suit all parties whilst meeting UK MoD requirements.
Thales Defence Information Systems
Speciality
Engineering Manager (March 2000 – January 2002)
Established
and managed an internal consultancy offering specialist engineering
services in the disciplines of Safety Engineering, Human Factors, Information
Security, ILS, Customer Training and Configuration Management. Specific
responsibilities included the following:
·
Provide the Division
with value added advice, products and sub-contract management as required
in the specialist engineering disciplines of Safety, Human Factors,
Information Security, Training, Configuration Management and Integrated
Logistics Support.
·
Manage all on-site Speciality
Engineering consultancy activities and budgets in excess of £2.5M
·
Promote the adoption
of engineering policy and ensure the coherent application of related
company procedures within all business areas of the Division
·
Provide the Technical
Group with engineering support and advice relating to all prospects
and bids
·
Provide Marketing with
specialist engineering support and advice to assist with the development
and implementation of strategy in all business areas
·
Independent Safety Advisor
(ISA) for Product Safety Certification activities in support of the
Technical Director
·
Facilitate enabling
agreements with sub-contractors to support engineering activities through
outsourcing of specialist tasks
·
Support the Technical
Director with specialist engineering advice for bids reviews
·
Support Internal Phase
Reviews providing technical advice relating to specialist engineering
·
Authorise all Project
Plans relating to specialist engineering disciplines
·
Ensuring work packages
are accurately scoped, encourage innovative solutions and are implemented
within cost and schedule
Royal Air Force
Safety and Human Factors Consultant (September 1997 – March 2000)
Instrumental
in the development of the Air Surveillance and Control System (ASACS)
Safety Management System compliant with the UK Defence Standard 00-56
and based upon the National Air Traffic Services SMS. Carried
out a major Human Factors study of the UK Air Defence system on behalf
of the Defence Procurement Agency. Designed, developed and delivered
Safety Management training courses for senior executives, system operators
and systems maintainers. Directly responsible for providing independent
safety auditing and advice for the UK Defence Procurement Agency on
a number of ASACS projects including UK Tactical Air Control Centre,
UKADGE Capability Maturity Programme, Falklands Remoting
System, T101 Radar Sensor and the NATO Air Command and Control System.
This involved monitoring project safety activities, undertaking detailed
reviews of the resultant safety documentation and constant liaison with
the Implementation Contractors, Operational Authority, Support Authority
and the Ministry of Defence Operational Sponsors. Influential in specifying safety management requirements of future
NATO Air Command and Control System. Responsible
for all ASSU activities concerning Human Factors and their impact on
Operational Safety.
Postgraduate
Student, Brunel University
(September 1997 – March 2000)
Carried
out postgraduate research for Brunel University in the area of Human Factors and System Safety and was awarded
a PhD in 2000.
Postgraduate
Student, Brunel University
(September 1996 - September 1997)
Awarded a Master of Science Degree with Distinction in Information
Systems and Computing. Awarded Institution of Management Prize for best dissertation on IT-Enabled
Change Management.
Chief Programmer, NATO Programming Centre, Belgium (January 1993 - September 1996)
Technical and Programme management of a multinational team
of software engineers and systems analysts responsible for a major safety-related,
real-time software development projects and other safety-significant
off-line software development projects. Successfully implemented and managed all software development
and maintenance programmes for C++, Windows API and Ada projects. Instrumental in implementing
a Software Quality Management System to achieve CMM Level 2 accreditation.
Engineering
Manager (December 1990– January 1993)
Responsible
for the safe engineering activities and personal development of a large
number of airfield maintenance engineers and operators specialising
in navigation and communications equipment. Provided expert advice
on radiation safety and was responsible for ensuring compliance with
Health and Safety directives. Personal responsibility for management
of Telecommunications and IT budget in excess of £1M. Effectively
directed installation of various major communication facilities including:
BT Meridian Digital PBX, ATC Tower communications
re-engineering and Cossor Secondary Surveillance
Radar.
Practical
Experience
Standards
ISO15288, ESARR3, ESARR4, CAP670 SW01, CAP 670 (UK Civil
Aviation Authority), IEC61508, RTCA/DO-178B, RTCA/DO-254, US MIL-Std
882C, UK Def Stan 00-54, UK Def Stan 00-55, UK Def Stan 00-56, UK Def
Stan 00-58, UK Def Stan 00-25, JSP533, JSP454 and UK MOD POSMS
Software
Tools
FaultTree+, Cassandra Hazard Management System, Microsoft
Office, Microsoft Project, Visio, Sage Accounting.
Programming
Languages
Assemblers
(Intel 80x86, M68000, 6502), Ada 95, C++,
Jovial, Pascal, MS Windows API
Methods
Safety
assessment techniques, including:HAZOPS,
FFA, PSSA, FTA, FMECA, ETA, ZHA, OHHA and OSHA
Human Factors
assessment techniques, including: Task Analysis, Human Error Identification,
HRA and SAPAT (Situational Awareness Process Analysis Technique), Goal
Structuring Notation.
Contact:
Dr Carl Sandom PhD CEng MIEHF
iSys Integrity Limited, 10 Gainsborough
Drive, Sherborne, Dorset, DT9 6DR, UK.
Tel: +44 (0) 7967 672560 or email: Carl@iSys-Integrity.com
iSys Integrity Limited,
Registered in England under No. 6979406
Registered Office: One The Centre, High Street, Gilingham, Dorset SP8
4AB
VAT Registration No. 826057627
