Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certification of Rotorcraft and FHA Process

Published byLester Curtis Modified over 5 years ago

Similar presentations

Presentation on theme: "Certification of Rotorcraft and FHA Process"— Presentation transcript:

1 Certification of Rotorcraft and FHA Process
AEA January 31, 2012

2 OUTLINE Certification Process
Installation of Complex Systems in Normal Category Rotorcraft XX.1301 & XX.1309 Comparison Guidance Material Compliance with 27/ System Safety Assessment Items to be aware of… FHA/SSA Questions

3 Certification Process
Application (e.g. TC, ATC, STC, ASTC) Certification Basis defined. Certification Plans: Detail how compliance will be shown for each rule ( analysis, ground test, flight test, etc.). Define level of FAA involvement (delegation). Test planning & execution. Data/Test Review: FAA reviews/witnesses tests as necessary. TC/STC issued. This is the stage of the program where the FHA should be completed and the desige and equipment selection should be based off of that FHA and is follow on documents.

4 Complex Systems in Small Rotorcraft
Subject equipment Attitude Direction Indicator Synthetic Vision AHRS i.e. MEMS technology Air Data Navigation HTAWS Traffic Weather RAD ALT Autopilots / stability augmentation System integration Certification Bases that range from CAR 6 to part 27 amndt. 46 Intended Function Will it only be used for Day/Night VFR ? Single/Dual Pilot CAT A / CAT B FHA / SSA Proper hazards classification Proper design levels, including software Requires input from various engineering disciplines and Pilots Here are some examples of “complex” equipment being installed on small rotorcraft without operational credit being granted. Complex integrated systems are those systems that provide more than one function from a single electronic device or from more than one inter-related electronic devices/components. The inter-relationship is based on common aspect(s) of providing the functions. The definition of complexity as it applies to integrated systems, is a design condition that exhibits the characteristic of possible combinations of simultaneous failures/faults, as opposed to simple systems where there exists only failures/faults that can be considered individually. Even though the equipment may be intended to be used as non-required, the FHA needs to take into account the hazards posed by misleading information. For example, misleading information on an electronic attitude direction indicator is considered to be hazardous for night VFR (misleading information on the same installation would be classified as catastrophic for IFR). Software design assurance levels also need to be considered. Is it being installed to satisfy and Operational equipment requirements i.e. (135)? Can it be classified and non-required safety enhancing equipment?

5 14 CFR 2X.1301 Comparison 2X.1301: Each item of installed equipment must- Be of a kind and design appropriate to its intended function; Be labeled as to its function and operational limitations Be installed according to its limitations Function properly when installed. Although the rule & its application are the same, they result in different requirements due to the platform’s design & operational differences.

6 2X.1309 Comparison 2X.1309: While there are some differences in the 14 CFR Parts 23, 25, 27, 29, in general, they all say that each item should be safe and reliable and not adversely affect any other system. Basically, this is the regulation that requires that hazards posed by the systems installed on aircraft must be addressed as part of the certification process. RESOURCES AC 27/ SAE ARP4754 “Guidelines for Development of Civil Aircraft and Systems”. SAE ARP4761"Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment". Other published AC Guidance (e.g., 21-40,27-1B, 29-2B), FAA Orders, RTCA Documents. Although the Regulations are differ from one FAR part to another, some of the more significant differences are contained in the AC material. For instance neither of the 27/ ACs recognize a “class” of aircraft with differing certitude criteria as it is done in AC the closest correlation to be made is between a Class 4 part 23 aircraft and a Part 27 VFR CAT B Helicopter, but even then for reason we will go though later in this presentation that comparison is still not entirely apples to apples.

7 & Comparison It is assumed that the basic Part 27 aircraft will be certified VFR. on a VFR Helicopter does not address systems whose failure conditions are assessed to be higher than major (i.e. hazardous or catastrophic). May require special conditions If the rotorcraft is to be certified for IFR flight, then you must use 27 appendix “B” which invokes some Part 29 rules including portions of When was promulgated, the FAA did not envision that basic VFR rotorcraft would have systems installed whose failure conditions are assessed to be hazardous or catastrophic (e.g. fly-by- wire, FADEC,etc.). If a system is being install that can present that level of hazard higher than major, then an issue paper and special condition should be issued for the project to invoke the appropriate airworthiness standard (i.e ). Examples where this may be the case is a “fly by wire” system, or a fast acting full authority auto pilot. For IFR certified Part 27 rotorcraft, they must meet Transport Category Rotorcraft Equipment systems and installations requirements.

8 Guidance Material AC 27.1B, provides guidance for compliance to FAR AC 29-2C, provides guidance for compliance to FAR Both ACs recognize SAE-ARP 4761/4754 System Safety Assessment (SSA) process AC for compliance to the new ARP 4754A. Note the AC is recognizing the latest revision of the ARP 4754A, our 27 and 29 guidance are currently being revised to harmonize with it.

9 Compliance to 27/29.1309 XX.1309 Compliance Data:
Qualitative & Quantitative analysis required for Catastrophic, Hazardous, and for complex systems that have Major failure classifications. FHA, PSSA, FTA, FMEA & CCA required. Must Substantiate probability of failure reqmts. Only Qualitative assessment required for non-complex Major and Minor systems. No probability of failure substantiation required.

10 Safety Assessment Process
Functional Hazard Assessment (FHA) Aircraft Level & Systems Level FHAs Used to Identify Effects (i.e. Failure Condition Categories) of System Failures on Aircraft 5 Failure Condition Categories Catastrophic Hazardous/Severe-Major Major Minor No-Effect

11 System Safety Assessment hardware requirements
Catastrophic - <1 x probability of Occurrence Hazardous/Severe-Major - <1 x 10 -7 Major - <1 x 10 -5 Minor - <1 x 10 -3 No-Effect - no probability of occurrence reqmts. As defined in AC27/ & SAE ARP4761 "Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment". When it comes to meeting these numbers, the rotorcraft directorate does not recognize any reduction in requirements based on the size, weight, performance or type of rotorcraft… at this time

12 System Safety Assessment Software & AEH Requirements
RTCA/DO-178B Software Level and RTCA/DO-254 AEH Level Commensurate with Failure Condition Category Level A (Catastrophic) Level B (Hazardous/Severe-Major) Level C (Major) Level D (Minor) Level E (No Safety Effect) When it comes to meeting these Levels, the rotorcraft directorate does not recognize any reduction in requirements based on the size, weight, performance or type of rotorcraft… at this time

13 Assessing the Effects of Failures
Integration of Cockpit Display Systems and Pilot Interface In addition to the systems engineering specialists, both flight test and HF evaluation of pilot-system interface is used to evaluate and classify the hazard level of a particular failure condition. Especially if it involves the pilot – system interface (control or misrepresentation to the pilot of information) This should be TEAM effort from Test Pilots, Human Factors Specialist, Systems engineers ect.

14 Issues to be aware of: FHA should not be accomplished after system design and installation. Primary purpose of FHA is to set design standards; not to appease FAA Do not use the equipment reliability to define failure classification. The highest hazard classification for equipment that is not required by certification or operational rules NOT is “minor”. As we see more small airplane equipment move into rotorcraft, we are seeing the perception that failure of functions not required by Part 27, such as hazardously misleading information, is “Minor” because, by definition, it is not required. Some folks start with the reliability and design level of the equipment and then define the failure classification based on the equipment’s design level Misleading attitude information, for VFR, results in a hazard classification of hazardous.

15 FHA / SSA questions for the group
Should the hazard classification / threat to the aircraft and or occupants change for misleading information as a function of… Its Required vs. non-required in CAR 6 / part 27? What if it can be classified as “safety enhancing” equipment? Its being installed to satisfy and Operational equipment requirements i.e. (135)? Examples: Flight Data Monitors HTAWS Electronic display systems EVS SVS Autopilots Mission equipment Tactical Radios FLIR

16 Discussion Time: Back to Kim…

17 Questions to industry and the FAA:
Do we, the FAA and industry, understand the risk tradeoffs if we allow the installation of equipment with a lower level of certitude than our guidance allows? Given the unique characteristics of rotorcraft What are the risk tradeoffs and what do they buy us? Do we get a net gain in safety (as reflected by lower accident numbers)? How are we discouraging applicants and operators from installing safety enhancing equipment that is not required by any regulations? Are we going to exacerbate poor pilot decision making by providing a system that may provide a false sense of security (i.e. “snow tire syndrome”) Is there a Safety – Economic balance point? If so, where and how do we codify it?

Download ppt "Certification of Rotorcraft and FHA Process"

Similar presentations

Software in Legacy Systems

Software in Legacy Systems
Integrated Part 23 Cockpit Displays Wes Ryan 816-329-4127 Dec, 2004 FAA Small Airplane Directorate Aircraft Certification Service.

Integrated Part 23 Cockpit Displays Wes Ryan Dec, 2004 FAA Small Airplane Directorate Aircraft Certification Service.
MAJOR REPAIRS AND ALTERATIONS

MAJOR REPAIRS AND ALTERATIONS
Presented January 20, 2011 by: John Allen Director, Flight Standards Service (AFS-1) Federal Aviation Administration Public Aircraft Operations Forum.

Presented January 20, 2011 by: John Allen Director, Flight Standards Service (AFS-1) Federal Aviation Administration Public Aircraft Operations Forum.
Define & Compare Flowcharts of Each Method Tom Delong.

Define & Compare Flowcharts of Each Method Tom Delong.
Safety at Specialized Incidents 7-1 Chapter 7. Learning Objectives Describe the safety issues related to hazardous materials incident response. Describe.

Safety at Specialized Incidents 7-1 Chapter 7. Learning Objectives Describe the safety issues related to hazardous materials incident response. Describe.
Certification of Transport Medical Equipment

Certification of Transport Medical Equipment
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Oint Aviation Authorities 01 - 03 June 2004OST 04-2, Helsinki1 TGL No. 36 Approval of Electronic Flight Bags (EFBs) Georges Rebender – JAA Operations Director.

Oint Aviation Authorities June 2004OST 04-2, Helsinki1 TGL No. 36 Approval of Electronic Flight Bags (EFBs) Georges Rebender – JAA Operations Director.
Sense & Avoid for UAV Systems

Sense & Avoid for UAV Systems
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Runway Excursions. Runway Excursion 2000 Worldwide, runway excursions are the highest single occurrence category of all accidents for commercial & general.

Runway Excursions. Runway Excursion 2000 Worldwide, runway excursions are the highest single occurrence category of all accidents for commercial & general.
Electronic Flight Bag (EFB)

Electronic Flight Bag (EFB)
TCCA Aircraft Certification

TCCA Aircraft Certification
Safety Report Treatment of Safety-Critical Systems in Transport Airplanes Office of Research and Engineering.

Safety Report Treatment of Safety-Critical Systems in Transport Airplanes Office of Research and Engineering.
141 SEMINAR Review of Part 91 and Part 43

141 SEMINAR Review of Part 91 and Part 43
AVS Repair, Alteration and Fabrication Team (RAFT) Results

AVS Repair, Alteration and Fabrication Team (RAFT) Results
Www.methoda.com MethodGXP The Solution for the Confusion.

MethodGXP The Solution for the Confusion.
1 Avionics Workshop Ottawa, Ontario Nov.2003 Installation Approval of Non-required Avionics Equipment ISSUE TCCA Regional aircraft certification engineers.

1 Avionics Workshop Ottawa, Ontario Nov.2003 Installation Approval of Non-required Avionics Equipment ISSUE TCCA Regional aircraft certification engineers.
Maintenance Malfunction Information Report (MMIR) & Event Reporting Ed DiCampli Helicopter Association International.

Maintenance Malfunction Information Report (MMIR) & Event Reporting Ed DiCampli Helicopter Association International.

Similar presentations

Ads by Google