National Transportation Safety Board

Synopsis

About 1504 c.d.t., May 25, 1979, American Airlines, Inc., Flight 191, a McDonnell-Douglas DC-10-10 aircraft, crashed into an open field just short of a trailer park about 4,600 feet northwest of the departure end of runway 32R at Chicago-O'Hare International Airport, Illinois.

Flight 191 was taking off from runway 32R. The weather was clear and the visibility was 15 miles. During the takeoff rotation, the left engine and pylon assembly [see fig. 16.1] and about 3 feet of the leading edge of the left wing separated from the aircraft and fell to the runway. Flight 191 continued to climb to about 325 feet above the ground and then began to roll to the left. The aircraft continued to roll to the left until the wings were past the vertical position, and during the roll, the aircraft's nose pitched down below the horizon.

Flight 191 crashed into the open field and the wreckage scattered into an adjacent trailer park. The aircraft was destroyed in the crash and subsequent fire. Two hundred and seventy-one persons on board Flight 191 were killed; two persons on the ground were killed, and two others were injured. An old aircraft hangar, several automobiles, and a mobile home were destroyed.

The National Transportation Safety Board determines that the probable cause of this accident was the asymmetrical stall and the ensuing roll of the aircraft because of the uncommanded retraction of the left wing outboard leading edge slats [see fig. 16.2] and the loss of stall warning and slat disagreement indication systems resulting from maintenance-induced damage leading to the separation of the No. 1 engine and pylon assembly at a critical point during takeoff. The separation resulted from damage by improper maintenance procedures which led to failure of the pylon structure.

Contributing to the cause of the accident were the vulnerability of the design of the pylon attach points to maintenance damage; the vulnerability of the design of the leading edge slat system to the damage which produced asymmetry; deficiencies in Federal Aviation Administration surveillance and reporting systems which failed to detect and prevent the use of improper maintenance procedures; deficiencies in the practices and communications among the operators, the manufacturer, and the FAA which failed to determine and disseminate the particulars regarding previous maintenance damage incidents; and the intolerance of prescribed operational procedures to this unique emergency.

Engine And Pylon Assembly

DC-10 Slats

The facts developed during the investigation disclosed that the initial event in the accident sequence was the structural separation of the number one engine and pylon assembly from the aircraft's left wing. Witness accounts, flight data recorder parameters, and the distribution of the major structural elements of the aircraft following the accident provided indisputable evidence that the engine and pylon assembly separated either at or immediately after rotation and about the same time the aircraft became airborne. At that time, the flight crew was committed to take off, and their decision not to attempt to discontinue takeoff was in accordance with prescribed procedures and was logical and proper in light of information available to them.

The investigation and analysis were concentrated primarily in two major areas. First, the investigation sought to identify the structural failure which led to the engine-pylon separation and to determine its cause; second, the investigation attempted to determine the effects the structural failure had on the aircraft's performance and essential systems, and the operational difficulties which led to the loss of control. In addition, the investigation went beyond these primary areas and probed such areas as the vulnerability of the DC10's design to maintenance damage, the adequacy of the DC-10's systems to cope with unique emergencies, the quality control exercised during DC-10 manufacturing and aircraft assembly, the adequacy of operator maintenance practices, the adequacy of industry communications of service and maintenance difficulties, the extent of FAA!s surveillance of overall industry practices, and the adequacy of an accepted operational procedure.

About eight weeks before the accident, the No. 1 pylon and engine had been separated from the wing of the accident aircraft in order to replace the spherical bearings in compliance with McDonnell Douglas'service bulletins 54-48 and 54-59. The four other American Airlines and two Continental Airlines aircraft, in which cracks-were detected in the aft bulkhead's upper flange, had also been subjected to the same programmed maintenance during which the engine and pylon was removed. Further corroboration that the cracks had been produced during these maintenance operations was obtained when it was learned that Continental Airlines had, on two occasions before the accident, damaged the upper flange on the aft bulkhead as pylons were being removed or reinstalled. In these two instances, the damage was detected; the bulkheads were removed and repaired in accordance with a method approved by McDonnell Douglas.

Therefore, the evidence indicated that the overstress cracks in the aft bulkhead's upper flange were being introduced during a maintenance operation used by American and Continental Airlines. Both operators had devised special programs to replace the forward and aft bulkhead's spherical bearings. The manufacturer's service bulletins recommended that the maintenance be performed during an engine removal and that the engine be removed from the pylon before the pylon was removed from the wing. Both American Airlines and Continental Airlines believed that it would be more practical to comply with the service bulletin when an aircraft was scheduled for major maintenance-maintenance which would not necessarily otherwise necessitate engine removal. Therefore, American and Continental devised a procedure which they believed to be more efficient than that recommended by McDonnell Douglas-removal of the engine and pylon as a single unit. An engine stand and cradle were affixed to the engine and the entire weight of the engine and pylon, engine stand, and cradle was supported by a forklift positioned at the proper c.g. for the entire unit. The pylon-to-wing attaching hardware was removed, and the entire assembly was lowered for access to the spherical bearings. These were replaced and the entire unit was then raised and the attaching hardware reinstalled.

A close examination of these maintenance procedures disclosed numerous possibilities for the upper flange of the aft bulkhead, or more specifically the bolts attaching the spar web to this flange, to be brought into contact with the wing-mounted clevis and a fractureproducing load applied during or after removal of the attaching hardware in the aft bulkhead's fitting. Because of the close fit between the pylon-to-wing attachments and the minimal clearance between the structural elements, maintenance personnel had to be extraordinarily cautious while they detached and attached the pylon. A minor mistake by the forklift operator while adjusting the load could easily damage the aft bulkhead and its upper flange. The flange could be damaged in an even more insidious manner; the forks could move imperceptibly as a result of either an internal or external pressure leak within the forklift's hydraulic system during pylon removal. The testimony of the mechanics who performed the maintenance on the accident aircraft confirmed that the procedure was difficult.

The number one engine and pylon assembly separated after the flightcrew was committed to continuing the takeoff. Witnesses saw the pylon and engine assembly travel up and over the left wing after it separated, and the deformation of the pylon's forward bulkhead was consistent with their observations. The left wing's leading edge skin forward of the pylon's front bulkhead was found on the runway with the pylon structure. There was no evidence that the pylon and engine assembly struck any critical aerodynamic surfaces of the aircraft or any of the flight control surfaces.

Since the loss of thrust provided by the number one engine and the asymmetric drag caused by the leading edge damage would not normally cause loss of control of the aircraft, the safety board sought to determine the effects the structural separation had on the aircraft's flight control systems, hydraulic systems, electrical systems, flight instrumentation and warning systems, and the effect, if any, that their disablement had on the pilot's ability to control the aircraft.

The severing of the hydraulic lines in the leading edge of the left wing could have resulted in the eventual loss of number three hydraulic system because of fluid depletion. However, even at the most rapid rate of leakage possible, the system would have operated throughout the flight. The extended No. 3 spoiler panel on the right wing, which was operated by the number three hydraulic system, confirmed that this hydraulic system was operating. Since two of the three hydraulic systems were operative, the Safety Board concludes that, except for the number two and number four spoiler panels on both wings which were powered by the number one hydraulic systems, all flight controls were operating. Therefore, except for the significant effect that the severing of the number three hydraulic system's lines had on the left leading edge slat system, the fluid leak did not play a role in the accident.

During takeoff, as with any normal takeoff, the leading edge slats were extended to provide increased aerodynamic lift on the wings [see fig. 16.3]. @en the slats are extended and the control valve is pulled, hydraulic fluid is trapped in the actuating cylinder and operating lines. The incompressibility of this fluid reacts against any external air loads and holds the slats extended. This is the only lock provided by the design. Thus, when the lines were severed and the trapped hydraulic fluid was lost, air loads forced the left outboard slats to retract. While other failures were not critical, the uncommanded movement of these leading edge slats had a profound effect on the aerodynamic performance and controllability of the aircraft. With the left outboard slats retracted and all others extended, the lift of the left wing was reduced and the airspeed at which that wing would stall was increased. The simulator tests showed that even with the loss of the number two and number four spoilers, sufficient lateral control was available from the ailerons and other spoilers to offset the asymmetric lift caused by left slat retraction at air-speeds above that at which the wing would stall. However, the stall speed for the left wing increased to 159 KIAS [knots indicated airspeed].

Slat Mechanical Actuation

The evidence was conclusive that the aircraft was being flown in accordance with the carrier's prescribed engine failure procedures. The consistent 14' pitch attitude indicated that the flight director command bars were being used for pitch attitude guidance and, since the captain's flight director was inoperative, confirmed the fact that the first officer was flying the aircraft. Since the wing and engine cannot be seen from the cockpit and the slat position indicating system was inoperative, there would have been no indication to the flight crew of the slat retraction and its subsequent performance penalty. Therefore, the first officer continued to comply with carrier procedures and maintained the commanded pitch attitude; the flight director command bars dictated pitch attitudes which decelerated the aircraft toward V,, and at V, + 6, 159 KIAS, the roll to the left began.

The aircraft configuration was such that there was little or no warning of the stall onset. The inboard slats were extended, and therefore, the flow separation from the stall would be limited to the outboard segment of the left wing and would not be felt by the left horizontal stabilizer. There would be little or no buffet. The flight data recorder also indicated that there was some turbulence, which could have masked any aerodynamic buffeting. Since the roll to the left began at V. + 6 and since the pilots were aware that V, was well above the aircraft's stall speed, they probably did not suspect that the roll to the left indicated a stall. In fact, the roll probably confused them, especially since the stickshaker had not activated.

The roll to the left was followed by a rapid change of heading, indicating that the aircraft had begun to yaw to the left. The left yaw-which began at a 4' left wing down roll and at 159 KIAS-continued until impact. The abruptness of the roll and yaw indicated that lateral and directional control was lost almost simultaneous with the onset of the stall on the outboard section of the left wing.

The simulator tests showed that the aircraft could have been flown successfully at speeds above 159 KIAS, or if the roll onset was recognized as a stall, the nose could have been lowered, and the aircraft accelerated out of the stall regime. However, the stall warning system, which provided a warning based on the 159 KIAS stall speed, was functioning on the successful simulator flights. Although several pilots were able to recover control of the aircraft after the roll began, these pilots were all aware of the circumstances of the accident. All participating pilots agreed that based upon the accident circumstances and the lack of available warning systems, it was not reasonable to expect the pilots of Flight 191 either to have recognized the beginning of the roll as a stall or to recover from the roll. The safety board concurs.

The safety board is also concerned that the designs of the flight control, hydraulic, and electrical systems in the DC-10 aircraft were such that all were affected by the pylon separation to the extent that the crew was unable to ascertain the measures needed to maintain control of the aircraft.

Also, the influence on aircraft control of the combined failure of the hydraulic and electrical systems was not considered. When aircraft controllability was first evaluated based on asymmetric leading edge-devices, it was presumed that other flight controls would be operable and that slat disagree and stall warning devices would be functioning. Flight 191 had accelerated to an airspeed at which an ample stall margin existed. Postaccident simulator tests showed that, if the airspeed had been maintained, control could have been retained regardless of the multiple failures of the slat control, or loss of the engine and numbers one and three hydraulic systems. On this basis alone, the Safety Board would view the design of the leading edge slat system as satisfactory. However, the additional loss of those systems designed to alert the pilot to the need to maintain airspeed was most critical. The stall warning system lacked redundancy; there was only one stickshaker motor; and the left and right stall warning computers did not receive crossover information from the applicable slat position sensors on opposite sides of the aircraft. The accident aircraft's stall warning system failed to operate because d.c. power was not available to the stickshaker motor. Even had d.c. power been available to the stickshaker motor, the system would not have provided a warning based on the slats retracted stall speed schedule, because the computer receiving position information from the left outboard slat was inoperative due to the loss of power on the No. 1 generator bus. Had power been restored to that bus, the system would have provided a warning based on the slat retracted stall speed. However, in view of the critical nature of the stall warning system, additional redundancy should have been provi ded in the design.

In summary, the certification of the DC-10 was carried out in accordance with the rules in effect at the time. The premises applied to satisfy the rules were in accordance with then accepted engineering and aeronautical knowledge and standards. However, in retrospect, the regulations may have been inadequate in that they did not require the manufacturer to account for multiple malfunctions resulting from a single failure, even though that failure was considered to be extremely improbable. McDonnell Douglas considered the structural failure of the pylon and engine to be of the same magnitude as a structural failure of a horizontal stabilizer or a wing. It was an unacceptable occurrence, and therefore, like the wing and horizontal stabilizer, the pylon structure was designed to meet and exceed all the foreseeable loads for the life of the aircraft. Therefore, just as it did not analyze the effect the loss of a wing or horizontal stabilizer would have on the aircraft's systems, McDonnell Douglas did not perform an analysis based on the loss of the pylon and engine. Logic supports the decision not to analyze the loss of the wing and horizontal stabilizer. With the loss of either of these structures, further flight is aerodynamically impossible and the subsequent effect of the loss on the aircraft's systems is academic. However, similar logic fails to support the decision not to analyze the structural failure and loss of the engine and pylon, since the aircraft would be aerodynamically capable of continued flight. The possibility of pylon failure, while remote, was not impossible. Pylons had failed. Therefore, fault analyses should have been conducted to consider the possible trajectories of the failed pylon, the possibilities of damage to aircraft structure, and the effects on the pilot's ability to maintain controlled flight. Since the capability of continued flight was highly probable, the fault analysis might have indicated additional steps or methods which could have been taken to protect those systems essential to continued flight. Therefore, the Safety Board concludes that the design and interrelationship of the essential systems as they were affected by the structural loss of the pylon contributed to this accident.

Maintenance Programs

American Airlines is a designated alteration station, as are the other major carriers that conduct heavy maintenance programs. Fursuant to that designation and the applicable regulations, carriers are authorized to conduct major maintenance in accordance with the maintenance and inspection program established by the FAA!s Maintenance Review Board when the aircraft was introduced into service. Carriers are also authorized to conduct alterations and repairs in accordance with the procedures set forth in its maintenance manuals or established by its engineering departments. The FAA, through its principal maintenance inspectors, is responsible for Su rveillance of carriers' maintenance programs. However, this surveillance is broadly directed toward insuring that the carriers comply with the established maintenance and inspection program and that their maintenance programs, including administration, general practices, and personnel qualifications, are consistent with practices acceptable to the administrator. The FAA can review the carriers' maintenance manuals, but its formal approval is not required. Carriers are permitted to develop their own step-by-step maintenance procedures for a specific task without obtaining the approval of either the manufacturer of the aircraft or the FAA. It is not unusual for a carrier to develop procedures which deviate from those specified by the manufacturer if its engineering-and maintenance Personnel believe that the task can be accomplished more efficiently by using an alternate method.

Thus, in what they perceived to be in the interest of efficiency, safety, and economy, three major carriers developed procedures to comply with the changes required in service bulletins 54-48 and 5459 by removing the engine and pylon assembl as a single unit. One carrier apparently developed an alternate procyedure which was used without incident. However, both American Airlines and Continental Airlines employed a procedure which damaged a critical structural member of the aircraft. The procedure, developed by American Airlines and issued under ECO R-2693, was within American Airlines' authority, and approval or review was neither sought nor required from the manufacturer or the FAA.

The evidence indicated that American Airlines' engineering and maintenance personnel implemented the procedure without a thorough evaluation to insure that it could be conducted without difficulty and without the risk of damaging the pylon structure. The safety board believes that a close examination of the procedure might have disclosed difficulties that would have concerned the engineering staff In order to remove the load from the forward and aft bulkhead's spherical joints simultaneously, the lifting forks had to be placed precisely to insure that the load distribution on each fork was such that the resultant forklift load was exactly beneath the center of gravity of the engine and pylon assembly. To accomplish this, the forklift operator had to control the horizontal, vertical, and tilt movements with extreme precision. The failure of the ECO to emphasize the precision this operation required indicates that engineering personnel did not consider either the degree of difficulty involved or the consequences of placing the lift improperly. Forklift operators apparently did not receive instruction on the necessity for Precision, and the maintenance and engineering staff apparently did not conduct an adequate evaluation of the forklift to ascertain that it was capable of providing the required precision.

The safety board, therefore, concludes that there were other deficiencies within the American Airlines maintenance program, some of which contributed to this accident. Among these was the failure of the engineering department to ascertain the damage-inducing potential of a procedure which deviated from the manufacturers recommended procedure, their failure to adequatel evaluate the performance and condition of the forklift to assure its capability for the task, the absence of communications between maintenance personnel and engineers regarding difficulties encountered and the procedural changes which were required in the perfon-nance of the pylon maintenance, and the failure to establish an adequate inspection program to detect maintenance-imposed damage. Although the safety board directed its investigation to American Airlines, the safety board is concerned that these shortcomings were not unique to that carrier. Since two of Continental Airlines DC-10s were found to have been flying with damaged bulkheads, similar shortcomings were also present in its maintenance program.

Industry Communications Regarding Maintenance Difficulties

The safety board is particularly concerned that because of the limitations of the current reporting system the FAA and key engineering and maintenance personnel at American Airlines were not aware that Continental Airlines had damaged two aft bulkhead flanges on two of its DC-10s until after the accident. In December 1978, after it discovered the first damaged bulkhead, Continental apparently conducted a cursory investigation and determined that the damage resulted from a maintenance error. A repair was designed for the bulkhead and was submitted to McDonnell Douglas for stress analysis approval. The repair was approved and performed, and the aircraft returned to service.

On January 5, 1979, Operational Occurrence Report No. 107901 was published by McDonnell Douglas. The publication contained descriptions of several DC-10 occurrences involving various aircraft systems, personnel injury, and the damage inflicted on the Continental Airlines DC-10. The report described the damage to the upper flange of the Continental aircraft and indicated that it occurred during maintenance procedures used at the time it was damaged. However, the way in which the damage was inflicted was not mentioned. The manufacturer had no authority to investigate air carrier maintenance practices and, therefore, accepted the carrier's evaluation of how the flange was damaged. Since the damage was inflicted during maintenance, 14 CFR 21.3 relieved McDonnell Douglas of any responsibility to report the mishap to the FAA. Although American Airlines was on the distribution list for Operational Occurrence Reports, testimony disclosed that the maintenance and engineering personnel responsible for the pylon maintenance were not aware of the report.

Continental Airlines discovered the damage to the second bulkhead in February 1979. Again the carrier evaluation indicated that the cause of the damage was related to personnel error, and that there was apparently no extensive effort to evaluate the enginepylon assembly removal and reinstallation procedures. The bulkhead was also repaired using the procedure previously approved by McDonnell Douglas.

The carrier did not report the repairs that were made to the two bulkheads to return them to service, and there was no regulatory requirement to do so. What constitutes a major repair may be subject to interpretation, but what is to be reported is not. The bulkheads were not altered; they were repaired. Even had the repairs been classified by the carrier as major, 14 CFR 121.707(b) only requires that a report be prepared and kept available for inspection by a representative of the FAA. Second, the regulation does not indicate that the contents of the required report include a description of the manner in which the damage was inflicted. The regulation and the evidence indicated that the purpose of the reports was to permit the FAA to evaluate the end-product to insure that the basic design of the repaired or altered part had not been changed.

The Mechanical Reliability Reporting criteria of 14 CFR 121.703 requires the certificate holder to report "the occurrence or detection of each failure, malfunction, or defect concerning. . .' and then lists 16 criteria to which these apply. The FAA and apparently the aviation industry have traditionally interpreted 121.703 to apply to only service-related problems, which would therefore exclude reporting-of the flange damage caused by maintenance. In view of this interpretation, the board concludes that there is a serious deficiency in the reporting requirements which should be corrected.

Therefore, the safety board concludes that neither the air carrier nor the manufacturer interpreted the regulation to require further investigation of the damages or to report the damage to the FAA. However, the safety board views the omission of such requirements as a serious deficiency in the regulations.

McDonnell Douglas did not investigate Continental Airlines' maintenance procedures and accepted its finding that the damage was due to maintenance error. However, two months later McDonnell Douglas received the report that a second bulkhead was damaged, that the location and type of damage was almost identical to the damage inflicted on the first bulkhead, and that the damage was again due to maintenance error. McDonnell Douglas then had the opportunity to question whether maintenance error was the result of a procedural problem rather than accepting personnel error as the cause. They should have investigated the procedure and perhaps discovered the flaws within the procedure. However, they accepted the company's evaluation of cause and did not pursue the matter further.

The safety board, therefore, believes that the regulatory reporting structure had and still has a serious deficiency. Damage to a component identified as 'structurally significant' must be reported in a manner which will assure that the damage and the manner in which it is inflicted is evaluated, and the results of that evaluation disseminated to the operators and airframe manufacturers. Second, damage to a component of this type should be reported regardless of whether it was incurred during flight, ground operations, or maintenance. Finally, damage suffered by these types of structures should be investigated by representatives of the operator, airframe manufacturer, and the administrator.

Surveillance of Industry Practices by Federal Aviation Administration

The Safety Board believes that the facts, conditions, and circumstances of this accident and the information obtained during the investigation illustrate deficiencies in the aviation industry ranging from aircraft design through operations. The safety board recognizes that resource limitations prohibit the FAA from exercising rigid oversight of all facets of the industry. Therefore, the FAA must exercise its authority by insuring that aircraft designs do comply with regulations, that manufacturers quality control programs are effective, that aircraft operators adhere to a proper maintenance program; and that operational procedures adopted by the carriers consider even unique emergencies which might be encountered.

In summary, the safety board recognizes that the overall safety record of the current generation of jet aircraft clearly indicates that the regulatory structure under which U.S. commercial aviation operates and the industry's commitment to safety is basically sound. The safety board, however, is concerned that this accident may be indicative of a climate of complacency. Although the accident in Chicago on May 25 involved only one manufacturer and one carrier, the safety board is concerned that the nature of the identified deficiencies in design, manufacturing, quality control, maintenance and operations may reflect an envirom-nent which could involve the safe operation of other aircraft by other carriers.

Safety Recommendations

As a result of this accident, the National Transportation Safety Board has recommended that the Federal Aviation Administration:

* Issue immediately an emergency airworthiness directive to inspect all pylon attach points on all DC-10 aircraft by approved inspection methods. (Class I, Urgent Action) (A-79-41)

* Issue a telegraphic airworthiness directive to require an immediate inspection of all DC-10 aircraft in which an engine pylon assembly has been removed and reinstalled for damage to the wing-mounted pylon aft bulkhead, including its forward flange and the attaching spar web and fasteners. Require removal of any sealant which may hide a crack in the flange area and employ eddy-current or other approved techniques to ensure detection of such damage. (Class I, Urgent Action) (A-79-45)

* Issue a maintenance alert bulletin directing FAA maintenance inspectors to contact their assigned carriers and advise them to immediately discontinue the practice of lowering and raising the pylon with the engine still attached. Carriers should adhere to the procedure recommended by the Douglas Aircraft Company service bulletin which include removing the engine from the pylon before removing the pylon from the wing. (Class I, Urgent Action) (A-79-46)

* Issue a maintenance alert bulletin to U.S. certificated air carriers, and notify States that have regulatory responsibilities over foreign air carriers operating DC-10 aircraft, to require appropriate structural inspections of the engine pylons following engine failures involving significant imbalance conditions or severe side loads. (Class I, Urgent Action)(A-79-52)

* Incorporate in type certification procedures consideration of-

(a) Factors which affect maintainability, such as accessibility for inspection, positive or redundant retention of connecting hardware and the clearances of interconnecting parts in the design of critical structural elements; and

(b) Possible failure combinations which can result from primary structural damage in areas through which essential systems are routed. (Class II, Priority Action) (A-79-98)

* Insure that the design of transport category aircraft provides positive protection against asymmetry of lift devices during critical phases of flight; or, if certification is based upon demonstrated controllability of the aircraft under condition of asymmetry, insure that asymmetric warning systems, stall warning systems, or other critical systems needed to provide the pilot with information essential to safe flight are completely redundant. (Class II, Priority Action) (A-79-99)

* Initiate and continue strict and comprehensive surveillance efforts in the following areas:

(a) Manufacturers quality control programs to assure full compliance with approved manufacturing and process specifications; and

(b) Manufacturer's service difficulty and service information collection and dissemination systems to assure that all reported service problems are properly analyzed and disseminated to users of the equipment, and that appropriate and timely corrective actions are effected. This program should include full review and specific FAA approval of service bulletins which may affect safety of flight. (Class II, Priority Action) (A-79-100)

* Assure that the maintenance review board fully considers the following elements when it approves an airline/manufacturer maintenance program:

(a) Hazard analysis of maintenance procedures which involve removal, installation, or work in the vicinity of structurally significant components in order to identify and eliminate the risk of damage to those components;

(b) Special inspections of structurally significant components following maintenance affecting these components; and

(c) The appropriateness of permitting 'On Condition" maintenance and, in particular, the validity of sampling inspection as it relates to the detection of damage which could result from undetected flaws or damage to structurally significant elements during manufacture or maintenance. (Class II, Priority Action) (A-79-101)

* Require that air carrier maintenance facilities and other designated repair stations:

(a) Make a hazard analysis evaluation of proposed maintenance procedures which deviate from those in the manufacturer's manual and which involve removal, installation, or work in the vicinity of structurally significant components; and

(b) Submit proposed procedures and analysis to the appropriate representative of the Administrator, FAA, for approval. (Class II, Priority Action) (A-79-102)

* Revise 14 CFR 121.707 to more clearly define "major' and "minor" repair categories to insure that the reporting requirement will include any repair of damage to a component identified as 'structurally significant.' (Class II, Priority Action) (A-79-103)

* Expand the scope of surveillance of air carrier maintenance by:

(a) Revising 14 CFR 121 to require that operators investigate and report to a representative of the administrator the circumstances of any incident wherein damage is inflicted upon a component identified as 'structurally significant" regardless of the phase of flight, ground operation, or maintenance in which the incident occurred; and

(b) Requiring that damage reports be evaluated by appropriate FAA personnel to determine whether the damage cause is indicative of an unsafe practice and assuring that proper actions are taken to disseminate relevant safety information to other operators and maintenance facilities. (Class II, Priority Action) (A-79-104)

1999 Peter B. Ladkin, 1999-02-08
	Last modification on 1999-06-15 by Michael Blume