Sofema Aviation Services (SAS) considers System Safety Assessment in relation to the Arsenal Draft of AC 1309–1.
Introduction – System Safety Assessment
In 2002, the FAA provided a Notice of Proposed Rulemaking (NPRM) relevant to 14 CFR Part 25. Accompanying this notice is the Arsenal Draft of AC 1309–1.
Existing definitions and rules in 25.1309 and related standards have posed certain problems to the certification of transport category airplanes.
The FAA proposed revisions to several related standards in order to eliminate such problems and to clarify the intent of these standards. In some proposed changes, definitions or conventions developed in lower-level regulations or standards were adopted or revised within the subsequent Advisory Circular.
Boeing referenced the guidance of the Arsenal Draft in its 2004-2009 type certification program for the B787.
Refinement of Failure Condition Classifications
One of the outcomes of this adjustment was the adjustment of the Major failure condition into two conditions (for example, Hazardous-severe/Major and Major).
Additionally, this experience recognized the existence of failure conditions that have no effect on safety, which could be so classified and thereby assigned no safety objectives.
Catastrophic Failure Condition was previously defined as “any failure condition which would prevent continued safe flight and landing”; but is now defined as “Failure conditions which would result in multiple fatalities, usually with the loss of the airplane.”
Extension of qualitative controls to aircraft functions
The FAA Fail-Safe Design Concept and design principles or techniques for safe design are maintained.
- However, owing to the increasing development of Highly Integrated Systems in aircraft, qualitative controls previously considered necessary for safe software development are extended to the aircraft function level.
Catastrophic Failure Condition: a failure condition that would result in multiple fatalities, usually with the loss of the airplane.
Error: an omission or incorrect action by crewmember or maintenance personnel, or a mistake in requirements, design, or implementation.
Event: an occurrence that has its origin distinct from the airplane, such as atmospheric conditions (e.g., gusts, temperature variations, icing, and lightning strikes); runway conditions; conditions of communication, navigation, and surveillance services; bird-strike; cabin and baggage fires; etc. The term does not cover sabotage.
Extremely Improbable Failure Condition: a failure condition that is so unlikely that it is not anticipated to occur during the entire operational life of airplanes of one type.
Extremely Remote Failure Condition: a failure condition that is not anticipated to occur to each airplane during its total life, but which may occur a few times when considering the total operational life of all airplanes of the type.
Failure: an occurrence that affects the operation of a component, part, or element such that it can no longer function as intended (this includes both loss of function and malfunction). (NOTE: Errors and events may cause failures or influence their effects, but are not considered to be failures.)
Failure Condition: a condition, caused or contributed to by one or more failures or errors, that has either a direct or consequential effect on the airplane, its occupants and/or other persons considering:
- flight phase; and
- relevant adverse operational or environmental conditions; and
- external events.
Hazardous Failure Condition: one that would reduce the capability of the airplane or the ability of the flight crew to cope with adverse operating conditions to the extent that there would be:
- a large reduction in safety margins or functional capabilities;
- physical distress or excessive workload such that the flight crew cannot be relied upon to perform their tasks accurately or completely; or
- serious or fatal injuries to a relatively small number of persons other than the flight crew.
Major Failure Condition: a failure condition that would reduce the capability of the airplane or the ability of the flight crew to cope with adverse operating conditions to the extent that there would be, for example:
- a significant reduction in safety margins or functional capabilities;
- a significant increase in flight crew workload or in conditions impairing the efficiency of the flight crew;
- discomfort to the flight crew; or
- physical distress to passengers or cabin crew, possibly including injuries.
Minor Failure Condition: a failure condition that would not significantly reduce airplane safety, and involve flight crew actions that are well within their capabilities. Minor failure conditions may include, for example:
- A slight reduction in safety margins or functional capabilities;
- A slight increase in flight crew workload, such as routine flight plan changes; or some physical discomfort to passengers or cabin crew.
- Remote Failure Condition: a failure condition that is not anticipated to occur to each airplane during its total life, but which may occur several times when considering the total operational life of a number of airplanes of the type.
- Single Failure: any occurrence, or set of occurrences that cannot be shown to be independent from each other, that affect the operation of components, parts, or elements such that they can no longer function as intended (see definition of “Failure,” above).
Next Steps
Follow this link to our Library to find & Download related documents for Free.
Sofema Aviation Services & Sofema Online provide Classroom, Webinar & Online EASA Regulatory Compliant & Vocational Training. Please see the websites or email us at Team@sassofia.com
Tags:
aviation, Sofema Aviation Services, FAA, Regulatory Compliance, CS25, Failure Condition Classification, System Safety Assessment, System Safety Assessment (SSA), NPRM, Arsenal Draft