Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Patrice Micouin –Certification Together, Toulouse, October 2010 A/C System Requirement & Design Engineering: Implementing Airworthiness Requirements.

Similar presentations


Presentation on theme: " Patrice Micouin –Certification Together, Toulouse, October 2010 A/C System Requirement & Design Engineering: Implementing Airworthiness Requirements."— Presentation transcript:

1  Patrice Micouin –Certification Together, Toulouse, October 2010 A/C System Requirement & Design Engineering: Implementing Airworthiness Requirements Dr Patrice MICOUIN MICOUIN Consulting LSIS, Arts et Métiers Paris’Tech,

2  Patrice Micouin –Certification Together, Toulouse, October 2010 Purpose To provide a development framework as consistent and complete as possible: 1.Contributing to the definition of an A/C Model Based System Engineering 2. Dealing with certification requirements 3. Integrating tightly development and safety assessment activities 4. Consistent with the ARP 4754 standard.

3  Patrice Micouin –Certification Together, Toulouse, October 2010 Requirement & Design Engineering Statements Requirement & Design Engineering deals with three kinds of statements Epistemic statements Deontic statements Design choice statements

4  Patrice Micouin –Certification Together, Toulouse, October 2010 Epistemic statements Examples Record knowledge items Under the control of the nature, social agreement,.. Designers use epistemic statements as lever in the design process AC EXTREMELY IMPROBABLE: “A probability on the order of or less is assigned to this classification.” AC25.11A Table 5 Failure Condition Hazard Classification Qualitative Probability Loss of all barometric altitude displays, including standby displayCatastrophic Extremely Improbable Display of misleading barometric altitude information on one primary display combined with a standby failure (loss of altitude or incorrect altitude) Catastrophic Extremely Improbable AC Catastrophic Failure conditions : Failure conditions which would prevent a safe landing.

5  Patrice Micouin –Certification Together, Toulouse, October When condition  equipment.MTTR  30 mn Deontic statements Examples Constitute obligations or prohibitions Under the control of authorities, acquirer,.. Designers have to comply with deontic statements 1. The equipment shall be easy to repair Text Based Requirement Property Based Requirement Interpretative Material

6  Patrice Micouin –Certification Together, Toulouse, October 2010 Design choice statements The flow path will be allocated to the following physical processors: o Static probe o Transducer o Air Data Computer o Flight Display Constitute choices among various possibilities Under the control of designer Designers have to select design options relying on relevant epistemic statements and complying with deontic statements The flow path named « Provide an A/C vertical Position Indication » will be designed as a sequence including the following processes: o « To acquire the static pressure » o « To sense the static pressure » o « To converte the static pressure » o « To compute the Vertical Position » o « To compare computed Vertical Positions » o « To display the Vertical Position » The process « To compare computed Vertical Positions » will be allocated to the Flight Display processors Examples

7  Patrice Micouin –Certification Together, Toulouse, October 2010 Property Based Requirement A PBR is a constraint on a property of an object [kind] that shall be held [when a condition is met]. Formal expression PBR : [When Condition =>] val (Object.Property)  D Patrice Micouin, Toward a property based requirements theory: System requirements structured as a semilattice INCOSE Journal of Systems Engineering, Volume 11, Issue 3 (August 2008) Requirement determination is a process that interprets Text Based Requirements (expectations) in one or more Property Based Requirements (PBR) Two relationships among PBRs related to an object kind : PBR-1 is more stringent than PBR-2 : PBR-1  PBR-2 Conjunction of PBRs : PBR-1  PBR-2 is a PBR

8  Patrice Micouin –Certification Together, Toulouse, October 2010 CS Flight and navigation instruments The following are required flight and navigational instruments:.. (b) A sensitive altimeter Example 1 : Specific Certification Requirement 1303.b AC refers TSO C10b that refers AS 392C (canceled) and replaced by AS 8002A (Air Data Computers) or AS 8009B (other altimeters) What is a “sensitive altimeter »? --| PBR from CS (b) When Avionics.Power_on  val (Avionics.AC-Vertical-Position.Status) =Operative  When AC.Altitude  [0ft,5000ft]  val (Avionics. AC-Vertical-Position.Accuracy) ≤25ft  When AC.Altitude  ]5000ft,8000ft]  val (Avionics. AC-Vertical-Position.Accuracy) ≤30ft  When AC.Altitude  ]8000ft,11000ft]  val (Avionics.AC-Vertical-Position.Accuracy) ≤35ft  When AC.Altitude  ]11000ft,..ft] .. Interpretative material

9  Patrice Micouin –Certification Together, Toulouse, October 2010 AC Failure conditions catastrophic : Failure conditions which would prevent a safe landing : What is a “failure condition which would prevent the continued safe flight and landing »? ED79/ARP4754: AC25.11A Table 5: CS Equipment, systems, and installations (b) The rotorcraft systems and associated components, considered separately and in relation to other systems, must be designed so that – (2) For Category A rotorcraft: (i) The occurrence of any failure condition which would prevent the continued safe flight and landing of the rotorcraft is extremely improbable; and Example 2 : General Certification Requirement 1309.(b).(2).(i) --| PBR from CS (b)(2)(i) When In_Flight => Prob(Avionics.AC-Vertical-Position-Indication.Status=Loss) ≤10 -9 /fh  When In_Flight => Prob(Avionics.AC-Vertical-Position-Indication.Status=Misleading) ≤10 -9 /fh  Avionics.DAL=A Interpretative material Failure Condition Hazard Classification Qualitative Probability Loss of all barometric altitude displays, including standby displayCatastrophic Extremely Improbable Display of misleading barometric altitude information on one primary display combined with a standby failure (loss of altitude or incorrect altitude) Catastrophic Extremely Improbable Failure Condition ClassificationSystem Development Level CatastrophicA What about vertical position indication? AC EXTREMELY IMPROBABLE: “A probability on the order of or less is assigned to this classification.” What does mean “extremely improbable »?

10  Patrice Micouin –Certification Together, Toulouse, October 2010 Requirement & Design Process Framework ARP 4754 § “While there is no specific recommended process for systems development, a generic development model is described in Appendix A to assist in establishing common terminology and understanding. The specific development process selected should be described in sufficient detail to achieve mutual understanding of the key elements and their relationships.” Requirement Definition Solution Definition System Technical Requirements trace to Logical Solution Representations Technical Derived Requirements Physical Solution Representations DESIGN SOLUTION assigned to drive Source de SPECIFIED REQUIREMENTS Specified by High level Safety Requirements System Technical Requirements trace to Failure Conditions & Categorization Safety Assessment Representations assigned to drive EIA 632 Process Framework Extended Framework The meaning of « derived requirement » (DR) is not the one generally used by the aeronautical community. However, it is consistent interpretation of the ARP 4754 definition of DRs. J. Scott develops this approach of DRs. Specified Requirements are validated iff System Technical Requirements  Specified Requirements Acquirer Requirements Other Stakeholder Requirements trace to

11  Patrice Micouin –Certification Together, Toulouse, October 2010 Atmosphere Corrections Pilot Logical Solution To acquire the static pressure To compute the Vertical Position To display the Vertical Position To correct the reference static pressure Vertical-Position-Indication Requirement Avionics shall provide a A/C vertical Position Indication Requirement 1303.b logical implementation SourceFlow path Sink Atmosphere Provide a A/C vertical Position Indication Vertical Position Indication

12  Patrice Micouin –Certification Together, Toulouse, October 2010 Logical Solution Representation Avionics shall provide the A/C vertical Position Indication Requirement Vertical-Position- Indication.Loss Safety Assessment representation Air Data Computer.loss Fli ght Display.loss Transducer. loss Static probe.loss Probabilty of loss=p p1p2 p3p4 p=p1+p2+p3+p4OR Atmosphere Pilot Corrections Air Data Computer Static probe Transducer Physical Solution Representation Baro Fli ght Display Vertical-Position-Indication Redundancy = 1 Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication Corrections Pilot To correct the reference static pressure To keyboard the correction To record the correction To sense the static pressure To converte the static pressure

13  Patrice Micouin –Certification Together, Toulouse, October 2010 Requirement 1309.b logical implementation --| PBR from CS (b)(2)(i) When In_Flight => Prob(Avionics.AC-Vertical-Position-Indication.Status=Loss) ≤10 -9 /fh  When In_Flight => Prob(Avionics.AC-Vertical-Position-Indication.Status=Misleading) ≤10 -9 /fh  Avionics.DAL=A Atmosphere Logical Solution To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication With this minimal flow path, the occurrence of loss or misleading vertical position indication has a probability greater than /fh. Prob(Avionics.AC-Vertical-Position-Indication.Status=Loss) >>10 -9 /fh Prob(Avionics.AC-Vertical-Position-Indication. Status=Misleading)>> /fh --| PBR Val(Provide-AC-Vertical-Position.redundancy)  3  Val(Provide-AC-Vertical-Position.similarity)  2 To prevent such CAT FCs, the following safety requirement is raised: Provide-AC-Vertical-Position flow path shall be triplicated to allow a comparison mechanism with at least one dissimilar path Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication To compare computed Vertical Position

14  Patrice Micouin –Certification Together, Toulouse, October 2010 Avionics AC-Vertical- Position-Indication Req-S : Val (Avionics.DAL) = A DAL Requirement Derivation Requirement derivation is a substitution that replaces a level-n requirement by the conjunction of level-n+1 requirements under the assumption that design choices will be actually implemented. Example Portion Backup Portion Primary Design pattern 5, ARP 4754 Table 4 dReq-B : Val (Avionics.Backup.DAL)  C dReq-P : Val (Avionics.Primary.DAL) = A Atmosphere When ARP4754. Design pattern 5 => Val (Avionics.DAL) = A ≤ Val (Primary.DAL) = A  Val (Backup.DAL)  C

15  Patrice Micouin –Certification Together, Toulouse, October 2010 Logical Solution Representation Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication Atmosphere To acquire the static pressure To compute the Vertical Position To display the Vertical Position Vertical-Position-Indication To compare computed Vertical Position

16  Patrice Micouin –Certification Together, Toulouse, October 2010 Physical Solution Representation

17  Patrice Micouin –Certification Together, Toulouse, October 2010 Safety Assessment Representation

18  Patrice Micouin –Certification Together, Toulouse, October 2010 Conclusion The PBR theory and the Requirement & Design process framework described hereabove are suitable to address an A/C Model Based System Engineering 1. Dealing with all categories of requirements including certification requirements and safety requirements, 2. Integrating tightly development and safety assessment activities 3. Consistent with the ARP 4754 standard.

19  Patrice Micouin –Certification Together, Toulouse, October 2010 The latest version of this presentation will be available here : More information: about Property Based Requirement Theory: Patrice Micouin, Toward a property based requirements theory: System requirements structured as a semilattice INCOSE Journal of Systems Engineering, Volume 11, Issue 3 (August 2008) Derived requirements: JACKSON Scott, Systems engineering for commercial aircraft, Ashgate Publisher, 1997 McDERMID, John & NICHOLSON, Mark, Extending PSSA for Complex Systems, ISSC Ottawa, August 2003 Model Based Engineering SAE-AS5506A, Architecture Analysis & Design Language (AADL), OMG Systems Modeling Language, (OMG SysML™) Version 1.2, June 2010 EIA 632 : James Martin, Processes for Engineering a System, in The Avionics Handbook edited by C. Spitzer, CRC Press, 2007 ANSI/EIA 632: Processes for Engineering a System, GEIA, Arlington, VA, 2003.


Download ppt " Patrice Micouin –Certification Together, Toulouse, October 2010 A/C System Requirement & Design Engineering: Implementing Airworthiness Requirements."

Similar presentations


Ads by Google