engineering safe systems

Carl's CV

News

Papers for Download

Home

Curriculum Vitae for Carl Sandom

(click to download PDF version)

Résumé

Carl is a Chartered Engineer with over 25 years practical experience in high-integrity systems and software engineering, human factors and training within the Aerospace and Defence domains. He has developed and delivered Safety Management, Human Factors Integration and Training programmes within the UK, Central Europe and North America. He has a thorough knowledge of managing the programme and technical risks associated with implementing Safety Management and Human Factors programmes compliant with international and European safety standards such as IEC61508 and Def Stan 00-56..

Current safety engineering roles include: Independent Safety Advisor to the NATO Air Command and Control System Management Agency (NACMA); Software Safety Engineer for Westland Helicopters Ltd.; Independent Safety Advisor to NATO Programming Centre; Programme Safety Advisor to Thales Air Operation and for the development and delivery of an ESARR3 Safety Survey training course for the EUROCONTROL Institute of Air Navigation Services. Carl also has considerable practical experience in developing Safety Management Systems for both Civil and Military Aerospace and Defence agencies.

Carl is currently involved in Safety Management and Human-Factors training activities including the design and delivery of courses on: ESARR3 Safety Survey; Safety Management in Air Traffic Services and an IET training course entitled Human Factors for Engineers. He has also designed, developed and delivered UK Royal Air Force Safety Management training courses for senior executives, system operators and systems maintainers.

Carl has been a Safety and Human Factors Consultant with the UK Royal Air Force's Air Defence Safety and Standards Unit, where he was instrumental in developing a comprehensive Safety Management System and was responsible for all Human Factors activities and their impact on Safety in all Air Defence systems. He has been an Engineering Manager with Thales Defence (UK) where he established and managed a team of systems engineers offering specialist-engineering services including Safety Management, Human Factors and Training. He has also been a Chief Programmer at the NATO Programming Centre, Belgium, where he managed the activities of a multinational team of software engineers responsible for the development of safety-related software for real-time command and control systems.

Carl specialises in the fields of Safety Management and Human Factors, a subject area in which he has carried out research for Brunel University and was awarded a PhD. Carl has also presented and published numerous human factors and safety papers and has contributed to and published books on the subject.

Education and Qualifications

1997 – 2000       PhD in Safety and Human Factors, Brunel University

1996 – 1997       MSc (Distinction) in Information Systems, Brunel University

1987 – 1990       BEng (Hons) Upper Second in Information Technology, Cranfield University

Professional Affiliations

Chartered Engineer (CEng); European Engineer (EurIng); Member of the Institution of Engineering and Technology (MIET); Executive Committee Member IET Functional Safety Technical & Professional Network.

Employment Summary

2003 – Present   Principal Consultant with iSys Integrity

2002 – 2003       Principal Consultant with Praxis Critical Systems Limited

2000 – 2002       Speciality Engineering Manager with Thales Defence Information Systems

1980 – 2000       Communications Engineer Officer with the UK Royal Air Force

Career History

iSys Integrity

Principal Consultant (August 2003 - Present)

Carl is the proprietor of iSys Integrity; an independent consultancy specialising in systems and software safety engineering, human factors and training. Current and recent projects include the following:

UK IBS, Thales Air Operations Programme Safety Advisor (December 2006 - Ongoing)

UK Integrated Broadcast Service (IBS) is a £110M programme, currently in the Capture Phase, to provide a networked distribution of intelligence information throughout the UK mainland and deployed forces through to 2016. iSyS Integrity has been subcontracted to provide Thales Air Operations (TAO) with Programme Safety Advisor support to the UK IBS programme.

MCSP- Westland Helicopter Ltd Software Safety Engineer (July 2005 - Ongoing)

Support to Westland Helicopter Ltd. with the Merlin Capability Sustainment Programme (MCSP). This task involves providing significant Software Safety Engineering support to WHL with the development and implementation of a full Defence Standard 00-56/3 compliant Software Safety Plan for the MCSP Avionic System which comprises of a significant quantity of software and firmware currently assessed as SIL3 and SIL4 and developed to RTCS/DO-178B and RTCS/DO-254 standards.

MASE - NATO Programming Centre Independent Safety Advisor (June 2005 - Ongoing)

Support with the development of a Software Safety Assessment for a major upgrade to the Multi-Site AEGIS Site Emulator (MASE) software. The Safety Advisor task involves an analysis of the existing MASE software and the provision of specialist safety advice to the NATO Programming Centre (NPC) Software Safety Engineer. The task will also require an independent review of any MASE safety analysis work undertaken by NPC.

ESARR3 Safety Survey (November 2004 - Ongoing)

Development of Safety Survey Guidelines and delivery of associated Training courses for EUROCONTROL Institute of Air Navigation Services. The task involves development of guidelines as an Acceptable Means of Compliance to meet ESARR 3 survey requirements within the European Civil Aviation Conference region and the development and delivery of a training package for a specialist ATM Safety Survey Course at The Institute of Air Navigation Services.

NATO Air Command and Control System (September 2003 - Ongoing)

Safety Management and Human Factors consultant for the NATO Air Command and Control System Management Agency (NACMA). Involves the development and implementation of an ESARR3 compliant Safety Management System for this NATO management agency to cover both procurement and CLS activities. Providing independent advice and review of all safety and human factors analyses undertaken by the implementation contractor of the NATO ACCS programme. Involves detailed review of all implementation contractor safety management activities and ensuring that the programme risks involved in safety activities are minimised.

Human Factors for Engineers Training Course (September 2004 - Ongoing)

Design, development and delivery of a training course providing an introduction to Human Factors for Engineers. The initial course was held in Leamington Spa and delegates attended from numerous systems engineering establishments. This training course is an ongoing commitment and is based on a published IET book of the same title edited by Carl.

Safety Management in Air Traffic Services Training Course (December 2003 - Ongoing)

Design, development and delivery of a training course dealing with the management of safety vide ESARR3 for organisations and individuals involved in the provision of Air traffic services. Tailored courses have been held in London, Norway and Bath and attended by various organisations including senior delegates from the Norwegian CAA and BAe. This training course is an ongoing commitment.

TACCL16 (May - August 2005)

Safety Management support to Thales Air Operation for a Tactical Air Control Centre Link16 (TACCL16) based upon the existing UKTACC system with a major upgrade to include Link 16 functionality. Specific deliverables included the provision of a Def Stan 00-56 compliant Safety Programme Plan and a Preliminary Safety Case including an initial hazard analysis.

Hebrides Ranges Operational Voice Network (November 2004 - January 2005)

Safety Management support to Thales Communications for an Operational Voice Network proposal and presentation in response to an invitation to Tender from QinetiQ PLC. Specific deliverables included the provision of a UK Defence Standard 00-56 compliant Safety Programme Plan and a Preliminary Safety Case including an initial hazard analysis.

Royal Navy Voice Communications Control System (October 2004)

Safety Management support to Thales Communications for a Voice Communications System proposal and presentation in response to an invitation to Tender from the Defence Logistic Organisation's AOS-IPT. Specific deliverables included the provision of a Def Stan 00-56 compliant Safety Programme Plan and a Preliminary Safety Case including an initial hazard analysis.

Praxis Critical Systems

Principal Consultant (January 2002 to August 2003)

Carl was a Principal Consultant with Praxis Critical Systems Limited contributing to the Aerospace and Defence business. Carl developed CONTEXT, a framework for integrating Human Factors and Functional Safety. Specific projects have included the following:

NATO Air Command and Control System Safety Management (May 2002 to August 2003)

Safety management and human factors capability to Air Command Systems International (ACSI) responsible for the implementation of the NATO Air Command and Control System (ACCS). ACSI is a joint venture consortium between BAE Systems (UK), TAO (UK), EADS (Germany), AMS (Italy), TRS-LLC and TRS-SAS. ACCS Level of Capability 1 (LOC1) will provide a semi automated system designed to support the operational and tactical command and control of air forces, Command and Control (C2) centres, and sensors assigned to NATO and to NATO nations. The system safety programme is required to fulfil the requirements of ESSAR4, ESSAR4, Mil-Std 882C and UK Def Stan 00-56. Specific deliverables include the provision of: System Safety Programme Plan, Safety Criteria Report, System Hazard Report, Safety Review and Audit, Hazard Log and holding regular Safety Management Review Meetings.

CVF - Future Carrier Air Operations Safety (April 2003 to July 2003)

Safety Authority for the Safety Management of the Future Carrier Air Combat capability Air Operations for the Alliance Consortium comprising BAE Systems (UK) and Thales Defence (UK). The system safety programme is required to comply with the emerging Eurocontrol safety requirements namely ESSAR4 within an ESSAR3 Safety Management framework. In addition the programme must adopt an approach to fulfil the requirements of Def Stan 00-56.

European Rail Traffic Management System (January 2003)

Assessment of Human Factors in ERTMS Data Management. Carried out an analysis of human factors contributing to data management-related ERTMS hazards such as specific human errors that occur during data handling, or wider issues related to the cultural and organisational aspects of the rail industry and ERTMS. From an initial ERTMS Data Report a qualitative analysis was performed, based on a recognised classification for human error, to identify human factors issues related to data handling. These issues were placed in the context of the ERTMS Data Items that are affected and the stages of the Data Management Lifecycle when they may occur. Assessment documented in Praxis report: S.P1217.41.12, Issue: 1.0, dated 17th January 2003.

Nuclear, Biological and Chemical Battlefield Information System Application (February 2002 to September 2003)

Safety management and human factors capability to Fujitsu Services Limited for their Nuclear, Biological and Chemical Battlefield Information System Application (NBC BISA) proposal and subsequent contract for UK MoD CSIS IPT. The system safety programme fulfilled the requirements of Def Stan 00-56 for safety and Def Stan 00-25 for human factors in the context of the MoD BOWMAN project. Specific deliverables included the provision of a System Safety Programme Plan, including a provisional Hazard Log, and a Human Engineering Programme Plan.

Ground Based Air Defence System (February 2002 to February 2003)

Safety management capability to Thales Defence Limited for their Ground Based Air Defence (GBAD) bid for UK MoD GBAD IPT. The system safety programme fulfils the requirements of Def Stan 00-56 for safety and Def Stan 00-25 for Human Factors. Specific deliverables included the provision of a System Safety Programme Plan, including a provisional Hazard Log, and a Preliminary Safety Case.

NATO Air Command and Control System PHA (January 2002 to May 2002)

Safety and human factors capability to ACSI responsible for a Preliminary Hazard Analysis (PHA) of NATO ACCS for the Health & Safety and the Functional Safety aspects and specifically the role of safety-related software. The objective of the PHA was to identify all the potential hazards generated by the ACCS LOC1 system and to quantify the associated programme and safety risks and to propose a safety programme to 2006.

WATCHKEEPER Tactical Unmanned Air Vehicle (January 2002 to June 2003)

Independent Safety consultant to a consortium bidding for down-selection on the UK MoD WATCHKEEPER programme. WATCHKEEPER will provide Situation Awareness information to land manoeuvre commanders using Tactical Unmanned Air Vehicles (TUAV). The work involved production of System Safety Management Plans, Preliminary Safety Cases and Preliminary Accident Models for proposed operation of TUAVs on the range, in tactical situations and in Civilian Airspace. The work involved collaboration between UK and US companies and the development of a common safety engineering approach to suit all parties whilst meeting UK MoD requirements.

Thales Defence Information Systems

Speciality Engineering Manager (March 2000 – January 2002)

Established and managed an internal consultancy offering specialist engineering services in the disciplines of Safety Engineering, Human Factors, Information Security, ILS, Customer Training and Configuration Management. Specific responsibilities included the following:

·          Provide the Division with value added advice, products and sub-contract management as required in the specialist engineering disciplines of Safety, Human Factors, Information Security, Training, Configuration Management and Integrated Logistics Support.

·          Manage all on-site Speciality Engineering consultancy activities and budgets in excess of £2.5M

·          Promote the adoption of engineering policy and ensure the coherent application of related company procedures within all business areas of the Division

·          Provide the Technical Group with engineering support and advice relating to all prospects and bids

·          Provide Marketing with specialist engineering support and advice to assist with the development and implementation of strategy in all business areas

·          Independent Safety Advisor (ISA) for Product Safety Certification activities in support of the Technical Director

·          Facilitate enabling agreements with sub-contractors to support engineering activities through outsourcing of specialist tasks

·          Support the Technical Director with specialist engineering advice for bids reviews

·          Support Internal Phase Reviews providing technical advice relating to specialist engineering

·          Authorise all Project Plans relating to specialist engineering disciplines

·          Ensuring work packages are accurately scoped, encourage innovative solutions and are implemented within cost and schedule

Royal Air Force

Safety and Human Factors Consultant (September 1997 – March 2000)

Instrumental in the development of the Air Surveillance and Control System (ASACS) Safety Management System compliant with the UK Defence Standard 00-56 and based upon the National Air Traffic Services SMS. Carried out a major Human Factors study of the UK Air Defence system on behalf of the Defence Procurement Agency. Designed, developed and delivered Safety Management training courses for senior executives, system operators and systems maintainers. Directly responsible for providing independent safety auditing and advice for the UK Defence Procurement Agency on a number of ASACS projects including UK Tactical Air Control Centre, UKADGE Capability Maturity Programme, Falklands Remoting System, T101 Radar Sensor and the NATO Air Command and Control System. This involved monitoring project safety activities, undertaking detailed reviews of the resultant safety documentation and constant liaison with the Implementation Contractors, Operational Authority, Support Authority and the Ministry of Defence Operational Sponsors. Influential in specifying safety management requirements of future NATO Air Command and Control System. Responsible for all ASSU activities concerning Human Factors and their impact on Operational Safety.

Postgraduate Student, Brunel University (September 1997 – March 2000)

Carried out postgraduate research for Brunel University in the area of Human Factors and System Safety and was awarded a PhD in 2000.

Postgraduate Student, Brunel University (September 1996 - September 1997)

Awarded a Master of Science Degree with Distinction in Information Systems and Computing. Awarded Institution of Management Prize for best dissertation on IT-Enabled Change Management.

Chief Programmer, NATO Programming Centre, Belgium (January 1993 - September 1996)

Technical and Programme management of a multinational team of software engineers and systems analysts responsible for a major safety-related, real-time software development projects and other safety-significant off-line software development projects. Successfully implemented and managed all software development and maintenance programmes for C++, Windows API and Ada projects. Instrumental in implementing a Software Quality Management System to achieve CMM Level 2 accreditation.

Engineering Manager (December 1990– January 1993)

Responsible for the safe engineering activities and personal development of a large number of airfield maintenance engineers and operators specialising in navigation and communications equipment. Provided expert advice on radiation safety and was responsible for ensuring compliance with Health and Safety directives. Personal responsibility for management of Telecommunications and IT budget in excess of £1M. Effectively directed installation of various major communication facilities including: BT Meridian Digital PBX, ATC Tower communications re-engineering and Cossor Secondary Surveillance Radar. 

Practical Experience

Standards

 ISO15288, ESARR3, ESARR4, CAP670 SW01, CAP 670 (UK Civil Aviation Authority), IEC61508, DO178B, UK Def Stan 00-54, UK Def Stan 00-55, UK Def Stan 00-56, UK Def Stan 00-58, UK Def Stan 00-25, US MIL-Std 882C.

Software Tools

FaultTree+, Cassandra Hazard Management System, Microsoft Office, Microsoft Project, Visio, Sage Accounting.

Programming Languages

Assemblers (Intel 80x86, M68000, 6502), Ada 95, C++, Jovial, Pascal, MS Windows API

Methods

Safety assessment techniques, including:HAZOPS, FFA, FTA, FMECA, ETA, ZHA, OHHA and OSHA

Human Factors assessment techniques, including: Task Analysis, Human Error Identification, HRA and SAPAT (Situational Awareness Process Analysis Technique), Goal Structuring Notation.