Search Results

The Safety Assessment Process, defined by SAE ARP4761 and associated regulatory guidance, is described in the context of conventional, crewed civil aircraft. While this material has been used for decades to evaluate airplanes and rotorcraft, the evolution of technology challenges it. As new entrants venture into aviation, they bring perspectives, which may not clearly align to those conventional concepts. For those skilled in the art of aviation safety assessment, the approach to new technologies might appear straight forward. Such an individual might easily perceive the accommodations for unconventional applications. Once accommodations are made, and failure conditions are established and classified to those new architectures, the rest of the process is somewhat mechanical -they flow out of these conditions. However, the context of their experience betrays the reality of the process description in the ARP and guidance.

In the last several years, technical advances and regulatory pressures have motivated the need for flexible, simple, and performance-based solutions for conducting development assurance in support of a system safety assessment process. Additionally, the affected design space for commercial vehicles has been growing beyond the conventional regulations for airplanes, rotorcraft, engines, and propellers, addressed by current Aerospace Recommended Practices (ARPs). This space is beginning to include commercial technologies such as unmanned aerial systems, multi-stage spacecraft systems, and road-able aircraft. These developing areas are each accompanied with their own development assurance expectations in support of their safety criteria. Concurrently, the industry and regulators are working to simplify guidance for system safety and development assurance, which has been foundational in the aircraft industry for decades.

Aerospace Recommended Practice (ARP) 4754 Revision A (ARP4754A), “Guidelines for Development of Civil Aircraft and Systems,” [1] is recognized through Advisory Circular (AC) 20-174 (AC 20-174) [2] as a way (but not the only way) to provide development assurance for aircraft and systems to minimize the possibility of development errors. ARP4754A and its companion, Aerospace Information Report (AIR) 6110, “Contiguous Aircraft/System Development Process Example,” [3] primarily describe development processes for an all new, complex and highly integrated aircraft without strong consideration for reused systems or simple systems. While ARP4754A section 5 mentions reuse, similarity, and complexity, and section 6 is intended to cover modification programs, the descriptions in these sections can be unclear and inconsistent. The majority of aircraft projects are not completely new Products nor are they entirely comprised of complex and highly integrated systems.

Aerospace Recommended Practice (ARP) 4754 Revision A (ARP4754A), Guidelines for Development of Civil Aircraft and Systems [1], and ARP4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment [2], together describe a complex set of intertwining processes which comprehensively prioritize development activities for a product's systems based on their safety criticality. These processes work at specific levels of detail (aircraft and system) and interact with a set of processes at lower levels of detail (item) defined by Radio Technical Commission for Aeronautics (RTCA) standards. The aircraft and system development process (ARP4754A) supplies functions, requirements, and architectural definitions to the System Safety process (ARP4761), which in turn supplies Development Assurance Levels back to the development process and on to the RTCA processes.

On September 30, 2011, certification authorities released Advisory Circular 20-174[1], Development of Civil Aircraft and Systems, which recognizes the Society of Automotive Engineers (SAE) Aerospace Recommended Practice (ARP) 4754A and the European equivalent ED-79A [2], in order to address “the concern of possible development errors due to the ever increasing complexity of modern aircraft and systems.” ARP4754A/ED-79A describes a process of development assurance which helps reduce the risk of design errors in the development of aircraft systems. This process is necessary for complex systems not easily comprehended by deterministic analyses or tests. This ARP was developed “in the context of Title 14 of the Code of Federal Regulations (14 CFR) part 25,” a category which includes complex systems such as full fly-by-wire flight controls. However, this paper shows that such systems are the exception to most, recent civil airplane designs.