Search Results

Avionics equipment, especially for safety-critical systems, is developed by means of a series of design steps, propagating and refining requirements through a number of hierarchical levels, from the aircraft level, through system and sub-system levels, down to equipment, subassemblies and individual components (see SAE ARP4754A [11]). At each development level, accompanying safety assessments (e.g. per SAE ARP4761 [12]) are performed to derive safety requirements which ensure compliance to the overall safety requirements determined by the aircraft and systems functional hazard assessments (FHAs). The safety related requirements of all development levels flow through the process down into the individual equipment specifications and are ultimately implemented in the equipment design where the design data is approved for the certificated aircraft (or engine) type. The equipment production process builds the equipment according to this approved design data.

Fault tree analyses and the associated safety assessment process plays an essential role in demonstrating acceptable avionic system compliance to the system safety requirements derived from safety related regulations associated with the civil aircraft certification process (e.g. 14CFR/CS §25.1309). SAE ARP4754A and SAE ARP4761 are established industry guidelines for the safety process and fault tree methodology applicable to civil aircraft certification based on techniques which have now been in use for decades. System model-based techniques, used for some time in system and software development, are now being applied in the safety assessment process. These system behavior models of functions with their associated dependencies and assignments have been supplemented with failure modes and effects to “automatically” generate fault tree like outputs. These system model-based fault trees are intended to become integral to the safety assessment process.

The system dependency analysis for complex aircraft systems is a model-based methodology and tool for analyzing availability and minimum acceptable control requirements for failures or event scenarios to support the aircraft and system safety analyses (SAE ARP4761) required to show compliance to 14CFR/CS §25.1309, §25.671 and other, related requirements. Aspects of the system such as functional interaction and dependencies to supply systems, physical items (equipment, wiring and tubing) and installation aspects are included in the analysis. This paper describes additional steps to enable the search for potential common cause failure conditions for the system of interest or airplane level systems based on the system model. Common cause analysis (CCA) procedures using the system dependency analysis rely on a systematic and checklist-based approach to determine potential common cause failure conditions.

The system dependency analysis for complex aircraft systems is a model-based methodology and tool for analyzing availability and minimum acceptable control requirements for failures or event scenarios to support the aircraft and system safety analyses (SAE ARP4761) required to show compliance to 14CFR/CS §25.1309, §25.671 and others. Aspects of the system such as functional interaction and dependencies to supply systems, physical items (equipment, wiring and tubing) and installation aspects are included in the analysis. The SAE paper “System Dependency Analysis for Complex Aircraft Systems” (2007-01-3852) describes the modeling approach and the analysis of system dependencies supporting the aircraft and system safety analyses. This paper provides examples for using the system dependency analysis to support the common cause analyses (SAE ARP4761) for complex aircraft systems.

This paper presents a method for analyzing complex aircraft system availability and minimum acceptable control requirements for multiple failures or event scenarios considering multiple relevant system properties. Aspects such as functional relationships and interdependencies, and system properties such as equipment, wiring, installation and (power) supply are included in the analysis. The method covers most aspects of a system level common cause analysis (sourced in 14CFR/CS §25.1309 “Equipment, Systems and Installation” referencing ARP4761 (e.g. “Rotor/Tire Burst”)) and analyses required to show compliance to 14CFR/CS §25.671 “Control Systems”, especially for supply system failures (e.g. “single plus probable failure” and “all engine out”). The method generates a system model from functional block diagrams. The interdependencies of resources that support functions are evaluated by the integrated analysis to determine if a function is operational.