DIRECTIONS FOR ADDING IMAGES

1. Click placeholder box to add picture from file, or select placeholder box and paste image directly. 2. After image has been added, right-click it and select “Send to Back” in the menu option.

THIS WILL ENSURE THAT THE GRAPHIC ELEMENTS STAY ABOVE THE IMAGE

Steve Beland Associate Technical Fellow – BCA Flight Controls; Authorized Representative (FAA) March 27, 2014

The statements contained herein are based on good faith assumptions are to be used for general information purposes only. These statements do not constitute an offer, promise, warranty or guarantee of performance. left right margin center margin

title title line Aircraft and Systems Development and Safety Assessment Committee line subtitle subtitle line line content top S-18 content top margin ADDITIONALSafety Assessment DOCUMENTS::of Aircraft in margin Safety Assessment Process Guidelines & Methods Commercial Service (ARP 4761) ARP5150(ARP 5 –15 0Safety / 5151) Assessment of Intended Transport Airplanes in Commercial Service Function, Failure System Aircraft & Safety Design Function Information Information ARP5151 – Safety Assessment of General Aviation Airplanes and Rotorcraft in Functional Aircraft & System Development SCommercialystem Service Processes S-18 Operation center center (ARP 4754 / ED-79) AIR6110 – Contiguous Aircraft/System Development Process Example

AIR6218 – Constructing Development Guidelines for Integrated Assurance Plan for Integrated Systems Modular Avionics (DO-297/ED-124) AIR6219 – Incorporation of Atmospheric Neutron Single Event Effects Analysis into Safety Assessment (balloted)

Electronic Hardware Software Development Life-Cy cle AIR6276 - Use Of Modeling And Tools For content bottom Development Life-Cycle content bottom margin (DO-254 / ED-80) (DO-178B/ED-12B) Aircraft Systems Development (in work) margin

SAE ARP4754A Figure 1 March 27, 2018 2

Development Phase In-Service/Operational Phase left center right margin margin AIRCARirAcFrTaft SYSTEM ITEM ITEUMnit SYSSTyEsMtem AIRCARirAcFrTaft REQUIREMENTS REQUIREMENTS REQUIREMENTS ITEM DESIGN VERVIFeICriAficTaIOtiNon VERVIFeICriAficTaIOtiNon VERVIFeICriAficTaIOtiNon IDENIdTIeFnICtiAfiTcIaOtiNon IDENIdTIeFnICtiAfiTcIaOtiNon IDENTIFICATION 4.1.4 4.1.5 & 4.3 4.1.7 & 4.5 4.6.2 & 4.6.3 5.5 5.5 5.5

S AircrAafitr cVrearfitf iVceartiifoicnation A y s AirAcriracftr aFfHt FAHA l s m n lo t te io ASA c e ms t a m e y rna t t S iog PASA io s te Aircraft FTA n y rat S gIn Aircraft CCA te n n AirAcriracftr aCftC CACA I

Validation of requirements at System FHA SySstyesmtesm Vse Vriefirciafitcioatnion the next highest System SSA level A I PSSA l te Alo Um it n lc n nio System CCA loa i mU iot ct t te tra aio I rag SysStyesmte CmC CACA ti n gte System FMEA/FMES o en Bottom Up Top Down n t I Validation of In Safety Safety requirements at Item Verification Requirements Requirements the next highest I level Verification Development & System FTA Validation System FTA SystemCMA System CMA System FMEA/ FMES Validation of requirements at the next highest level Software Design

Hardware Design SAE ARP4754A Figure 5

DO-178B/DO-254 Process DsA Process ADRvPA47P5r4oAce Pssrocess ED-12B/ED-80 Process

March 27, 2018 3 left right margin center margin

title title line line subtitle subtitle line 1. Scope 5. Safety Related Maintenance Tasks & Intervals line content top content top margin 2. References 6. Master Minimum Equipment List margin 3. Safety Assessment Process 7. Time Limited Dispatch 4. Safety Analysis Methods 8. In-service Safety Assessment

SAFETY ASSESSMENTS: App A Aircraft Functional Hazard Assessment (AFHA) App B Preliminary Aircraft Safety Assessment (PASA) May use STPA in App C System Functional Hazard Assessment (SFHA) App D Preliminary System Safety Assessment (PSSA) PASA & PSSA center App E System Safety Assessment (SSA) center App F Aircraft Safety Assessment (ASA) ANALYSIS METHODS: App G Fault Tree Analysis (FTA) App K Zonal Safety Analysis (ZSA) App H Dependence Diagrams (DD) App L Particular Risks Analysis (PRA) App I Markov Analysis (MA) App M Common Mode Analysis (CMA) App J Failure Modes & Effects Analysis App N Model Based Safety Analysis (MBSA) (FMEA) App O Cascading Effects Analysis (CEA) App P FDAL/IDAL Assignment

App Q Contiguous Safety Assessment Process Example content bottom (Wheel Braking System) content bottom margin margin Blue = New for Rev A March 27, 2018 4

left center right margin margin left right margin center margin

title title line line subtitle Asks if proposed architecture can meet objectives & captures safety requirements subtitle line line content top content top margin Preliminary System Safety Assessment margin

PSSA Failure Condition Evaluation (Sec D.4)

PSSA Input Data FDAL/IDAL Assignment (Sec D.2) (Sec D.4.1) Failure Condition · Failure Conditions and PSSA INPUTS Functional Classifications from SFHA Mapping Evaluate Design Against Safety · Requirements Requirements and SFHA Objectives (Sec D.4.2) center · Proposed System Architecture (Sec D.3) center including System Interfaces PSSA Safety Requirements and Assumptions PSSA Outputs (Sec D.4.3) (Sec D.6)

· FTA Results · Updated FC List (feedback) · Assumptions (feedback) · Derived Safety Requirements Development Process · FDALs & IDALs Revisions · Architectural Constraint PSSA Complete Requirements Feedback safety issues to NO (Architecture meets Safety YES development process Objectives?) · Independence Requirements (Sec D.5)

content bottom content bottom margin margin SAE ARP4761A Draft, Figure D-1 March 27, 2018 5

left center right margin margin left right margin center margin

title title line line subtitle Layers of safety assessments interact with the development process subtitle line line content top content top margin margin

center center

SAE ARP4761A Draft, Figure 2 content bottom content bottom margin margin March 27, 2018 6

left center right margin margin left right margin center margin

title title line line subtitle subtitle line line content top content top margin margin The ARPs have included benefits similar to those in STAMP STPA may fill an open area in these ARPs for some aspects such as complex automation and human interactions Use of STPA is not (yet) deemed mature enough to include in these ARPs

center Enable STPA as another tool in the overall safety assessment process: center • Create requirements, catch missing/incorrect requirements in development • Anticipate safety issues in early stages of design / concept • Improve effectiveness of safety analysis for preliminary architectures Authorities and companies are independently evaluating STPA for potential means of compliance with regulations (e.g. 14 CFR 25.1309) An AIR will help standardize the usage and provide a common understanding of STPA relationship to ARP4761 & 4754. content bottom content bottom margin margin March 27, 2018 7

left center right margin margin left right margin center margin

title title line line subtitle subtitle line Recognizing role for STPA use with ARP4754A and ARP4761 line content top content top margin margin Goal: capture how STPA can be applied to the development and safety assessment of civil aircraft: • Show how STPA relates to the ARP4754 and ARP4761 framework • Provide a basic understanding of STPA and its strengths and limitations for aerospace industry and the potential uses of STPA for certification credit • Same intended audience as ARP4761 and ARP4754 (system & engineers) center center • Will assume working knowledge of these ARPs • Provide the STPA basics to achieve AIR goals, referring out to detailed sources Describe how STPA can be used and include an example; an AIR is generally not used to provide “guidance” New Aerospace Information Report charted by S-18 for STPA (Jan 2018) S-18’s main ARPs are about to be updated, so will tie to these updates content bottom content bottom margin Plan is to have the AIR closely follow release of ARP4761A & ARP4754B margin March 27, 2018 8

left center right margin margin left right margin center margin

title title line line subtitle subtitle line Using STPA During Development and Safety Assessment of Civil Aircraft line content top content top margin 1) Introduction margin a) Purpose b) Definitions 2) STPA Overview (keep short, few pages) a) STPA High-Level Overview i. STPA Inputs / Outputs b) STPA Strengths / Limitations center c) STPA Steps center i. Defining STPA Scope ii. Control Structure iii. Identify Unsafe Control Actions iv. Identify Scenarios v. Creating Objectives & Requirements 3) Relationship between STPA and ARP4761 4) Relationship between STPA and ARP4754 5) STPA Example Application content bottom a) Example of STPA in aircraft development and safety assessment context content bottom margin margin March 27, 2018 9

left center right margin margin S18 Committee Website: http://www.sae.org/servlets/works/committeeHome.do?comtID=TEAS18 EUROCAE: http://www.eurocae.net/ More Questions? [email protected]

March 27, 2018 10

left four-column three-column two-column three-column four-column right margin gutter gutter gutter gutter gutter margin

title overflow title overflow line line title title line line subtitle subtitle line line content top content top margin margin

center center

Callout box top edge (three-row text)

Callout box top edge (two-row text)

Callout box top edge (one-row text)

Title block bottom edge content bottom content bottom margin margin copyright line copyright line

left four-column three-column two-column three-column four-column right margin gutter gutter gutter gutter gutter margin