The project coordinator
Project map
Russian version
English version
Write the mail
Safety Assessment Process

Up-to-date design process of avionics/Supporting processes/Safety Assessment Process/

Fig. 3.4. Aircraft systems and equipment safety assessment.
Fig. 3.4. Aircraft systems and equipment safety assessment.
To ensure the new civil aircraft compliance to the reliability and fail-safe requirements (AP25, NLGS and foreign counterparts) you need to carry out the aircraft (AC) systems and equipment safety analysis for all the life cycle stages. The analysis process and safety evaluation methods of AC systems and equipment are determined by the R4761 guidance (ARP4761).

Safety assessment process starts at the AC conceptual design stage for which safety requirements are formed both for AC itself and its components. Safety assessment process ends with review of on-board equipment (OBE) as a part of AC.

The relationship between the main safety assessment processes and system design processes is shown at fig. 3.4.

The main OBE safety assessment processes include:

1.  Functional Hazard Assessment — FHA.

In the FHA course AC functions and systems are reviewed in order to determine their possible failures, as well as the hazards classification of the associated failure conditions is carried out.

AC level FHA is carried out at the initial design level and reconsidered as the new functions and failure conditions are emerging.

After AC functions were allocated in the system design process, each system or systems combination (which unites several aircraft functions) must be reviewed with system level FHA process. FHA will be repeated during single failure or AC level function failures combination which will be performed by such system. >>>
>>>  Each AC FHA result and their combinations are:
  • the relevant failure conditions identification;

  • failure conditions consequences identification;

  • each failure condition classification depending on its consequences and allocation the required safety rate;

  • required DAL identification.
2.  Preliminary System Safety Assessment — PSSA.

FHA results are implemented as the input data for PSSA conducting. During PSSA the certain requirements are set on the system and its components safety and also the preliminary confirmation that the proposed architecture could satisfy these requirements. Preliminary System Safety Assessment is being specified during the system design process.

PSSA could be held in a form of:
  • fault tree analysis (FTA);

  • dependence diagram (DD);

  • Markov analysis (MA).
3.  System Safety Assessment — SSA.

During SSA evidences that the implemented system satisfies quantitative and qualitative safety requirements stated during FHA and PSSA are gathered, analyzed and recorded.

SSA unites different system safety analyses and reviews results in broader terms with a glance to all specific safety features stated in PSSA. SSA record process if needed includes the appropriated analyses evidences and results. >>>
>>>  The output SSA document may include the following data on each OBE system:
  • the list of earlier approved possible external failure conditions;

  • system description;

  • failure conditions list (FHA, PSSA);

  • failure conditions classification (FHA, PSSA);

  • failure conditions qualitative analysis (FTA, DD, MA);

  • failure conditions quantitative analysis (FTA, DD, MA, FMES);

  • common cause analysis (CCA);

  • safety goals and time duration (FTA, DD, MA, FMES);

  • DAL for HW and SW (PSSA);

  • verification that the requirements on safety from PSSA are considered in the construction and/or during tests;

  • safety requirements implementation tests, demonstrations, reviews results (FHA, PSSA).
4.  Common Cause Analysis — CCA.

To satisfy of requirements and safety it’s possible that independence between functions systems and OBE may be required. Thus, commitments shall be provided that this independence exists and the any dependence risk is not allowed. CCA analysis provides methods for this independence test. During CCA requirements on physic and functional partitioning/isolation of OBE components are set and assessed (including functional IMA SW separation goals). Also the way how these requirements are implemented is checked. >>>
>>>  In particular CCA sets the certain types of failures and external events that may cause catastrophic, incident or combined failure conditions levels. These failures (events) shall be prevented for catastrophic conditions levels and shall have allocated probability for incident or combined failure conditions levels.

CCA analysis includes the following safety assessment:
  • Zonal Safety Analysis (ZSA);

  • Particular Risks Analysis (PRA);

  • Common Mode Analysis (CMA).
Elaboration level of different safety assessments depends on the function failure condition or AC function class, integration level and system implementation complicity. In particular, during the process of safety assessment all the interdependencies of the chosen architecture or joint complicated components application in intersystem integration shall be considered. Safety assessment process shall be planned and managed in a way to provide the guarantees of all failure conditions and all failures combinations that cause these failure conditions. Safety assessment process has got the highest priority for the relevant system safety performances provision.

Human factor has also a huge influence on the flight safety. Researches conducted by Airbus Company reveal that skilled crew in normal conditions make 3-5 errors in an hour (invalid data reception, invalid buttons choice, radio paging missing). That’s why OBE developer shall think more about tests results conducted to reveal possible errors:
  • communication troubles «aircraft — pilot»;

  • constant and variable errors;

  • reversible and non-reversible mistakes;

  • passes, misses and errors;

  • behavior based on skills, rules, knowledge and associated errors. >>>
>>>  There violations arising because of pilot’s desire to do a good job or because of incompetence and laziness in flight practice in addition to the errors and passes.

There are three types of violations which shall be considered by OBE developers:
  • Chronic — violations that have become the norm (the crew decides that the procedure is too complicated and deliberately violating its order to simplify the problem).

  • Situational — come under the influence of specific factors, such as lack of time, the high workload or poor cockpit ergonomics. In this case, the pilots are violating rules for flight task execution.

  • Optimizing — the rejection of all rules. Sometimes they are not related to the current task (for example, the use of pilot’s capabilities to meet his/her needs).
Search on the project
© 2021 State Research Institute of Aviation Systems. All rights reserved. Terms of Use.