ARP 4761 revision A Snapshot for aircraft level activities Content

ß Context for new safety activities to be conducted at aircraft level ß Aircraft Functional Hazard Assessment (AFHA) • Objective • Flowchart and main tasks description • Results ß Preliminary Aircraft Safety Assessment (PASA) • Objective • Flowchart and main tasks description • Results ß Aircraft Safety Assessment (ASA) • Objective • Flowchart and main tasks description • Results ß Conclusion

2 Snapshot for aircraft level activities Context

ß ARP4754 Guidelines for development of civil aircraft and systems revision A issued in December 2010 • Common work between SAE S-18 and EUROCAE WG-63 • Industry feedback on previous version application • Industry evolution over 10 past years

ß Main changes between ARP 4754 original version and revision A • Design assurance extension to aircraft & system function development, • Aircraft level safety activities: AFHA, PASA, ASA

3 Snapshot for aircraft level activities SAE S-18 & EUROCAE WG-63 members

Engine Aircraft manufacturers Airborne manufacturers systems manufacturers

Airworthiness Helicopters Authorities manufacturers

4 Snapshot for aircraft level activities ARP4761 revision A

ß Extended guidelines and methods for accomplishing the safety assessment process on civil aircraft, system and equipment ß Safety assessment process • Aircraft level AFHA, PASA, ASA • System level SFHA, PSSA, SSA ß Safety assessment analysis method • Failure Condition modeling (FTA, DD, MA, MBSA) • Failure modes and effects analysis / summary (FMEA/FMES) • Cascading effect analysis (CEA) • Common cause methods (PRA, ZSA, CMA) ß Revision A will be issued in 2018

5 Snapshot for aircraft level activities Aircraft safety activities purpose

ß Support aircraft function development

ß Define top level safety requirements for aircraft system design

ß Provide the aircraft status of compliance with applicable certification requirements

6 Snapshot for aircraft level activities ARP 4761A Aircraft level activities Aircraft Functional Hazard Assessment (AFHA)

7 Snapshot for aircraft level activities Purpose

ß Identification and evaluation of potential hazards related to an aircraft regardless of the details of its design • Aircraft functional breakdown • Effects on the aircraft, crew and occupants • Consideration of flight phases, environmental and operation conditions • Independent of the allocation of aircraft functions to systems

ß Establishment of the safety objectives for aircraft functions to achieve a safe design • Classification of AC Failure Conditions • Allocation of safety objectives according regulation

8 Snapshot for aircraft level activities AFHA process

9 Snapshot for aircraft level activities AFHA activities

ß Aircraft functions • Functions common to all aircraft designed to perform similar missions • Decomposition up to two or more levels, • Independent from system design and complete ß Failure Conditions • Failed state of the aircraft function (loss or malfunction) • Combined failures for related functions ß Failure Condition effects • Immediate and subsequent effects on the aircraft, crew and occupants, for each basic flight phase • Effects may depend on specific flight phases, environmental or operation conditions ß Failure Condition classification ß Assumptions capture and track

10 Snapshot for aircraft level activities ARP 4761A Aircraft level activities Preliminary Aircraft Safety Assessment (PASA)

11 Snapshot for aircraft level activities Purpose

ß Examination of a proposed aircraft architecture • Interactions and dependencies between AC systems • AC system failure assessment vs AFHA Failure Conditions • Common resources consideration

ß Identification of aircraft level safety requirements to address AFHA Failure Conditions • Failure Condition involving multiple systems • • Qualitative and quantitative safety requirements for systems

12 Snapshot for aircraft level activities PASA process

13 Snapshot for aircraft level activities PASA activities

ß Interdependence analysis • Selection of an AC function and associated Failure Conditions to analyze • List of all systems in the aircraft architecture including resource systems • Identification of systems that could contribute to the Failure Condition ß FDAL assignment • To AC functions, based on associated Failure Conditions severity • To system function which are dependent to an AC function based on FC evaluation ß Multifunction and Multi system analysis • Identify how system functional failure combine to lead to the Failure Condition • Allocate availability and integrity probability to systems in order to meet classification criteria of the Failure Condition. • Identify independence requirements for systems whose failure combine to produce a Failure Condition • Identify single failures that can result into CATASTROPHIC Failure Conditions

14 Snapshot for aircraft level activities Supporting analyses

Cascading Effects ß Combined Functional Failure Effects Common Causes Support the identification of system failure Common Resources combination that contribute to a Failure Condition. Combined Functional ß Common resources consideration Failure Effects Analyze the effects of common resources system on systems involved in a Failure Condition. ß Common Cause Considerations Consider common cause methods result with respect to independence principles identified in PASA ß Cascading Effect Analysis consideration Bottom up analysis which evaluates an initiating condition and captures the total effect on the aircraft.

15 Snapshot for aircraft level activities ARP 4761A Aircraft level activities Aircraft Safety Assessment (ASA)

16 Snapshot for aircraft level activities Purpose

ß Confirmation that safety activities from aircraft safety program plan have been completed ß Confirmation that aircraft architecture satisfies safety requirements • Verification of applicable aircraft safety requirements basis • Verification of AFHA Failure Conditions allocated to systems • Verification of AFHA Failure Condition evaluated at aircraft level

17 Snapshot for aircraft level activities ASA process

18 Snapshot for aircraft level activities ASA activities

ß AFHA Failure Conditions evaluation • Multi-function / multi-system analysis review considering - Additional system failures that should contribute to the Failure Condition - Availability & integrity results from SSA • Common resource system contribution • Cascading effects analysis results ß FDAL/IDAL assignment verification To confirm that assigned FDAL/IDAL satisfies each of the Aircraft Failure Condition and follow FDAL/IDAL assignment rules defined by the ARP 4754A ß Common Cause methods results To confirm that independence requirements are satisfied.

19 Snapshot for aircraft level activities ASA activities

ß Applicable aircraft safety requirements • Confirm safety assumptions are correct • Confirm AFHA and PASA processes are completed • Confirm supporting verification activity is complete • Confirm concurrence with open / deferred problem reports • Confirm safety related aircraft operating procedure ß AFHA Failure Conditions verification • For Failure Condition allocated to system, confirm they are addressed in their respective SSA • For Failure Conditions evaluated at aircraft level, confirm aircraft implementation satisfies the safety requirements.

20 Snapshot for aircraft level activities Thank you for your attention!

21 Snapshot for aircraft level activities Acronyms

AC Aircraft AFHA Aircraft Functional Hazard Assessment ARP Aerospace Recommended Practice ASA Aircraft Safety Assessment CEA Cascading Effect Analysis CMA Common Mode Analysis DD Dependence Diagram FDAL Function Development Assurance Level FTA Fault Tree Analysis IDAL Item Development Assurance Level MA Markov Analysis MBSA Model Based Safety Analysis PASA Preliminary Aircraft Safety Assessment PRA Particular Risk Analysis PSSA Preliminary System Safety Assessment SFHA System Functional Hazard Assessment SSA System Safety Assessment ZSA

22 Snapshot for aircraft level activities