318:
looks for external events which can create a hazard such as a birdstrike or engine turbine burst. The Zonal Safety
Analysis (ZSA) looks at each compartment on the aircraft and looks for hazards that can affect every component in that compartment, such as loss of cooling air or a fluid line bursting. The Common Mode Analysis (CMA) looks at the redundant critical components to find failure modes which can cause all to fail at about the same time. Software is always included in this analysis as well as looking for manufacturing errors or "bad lot" components. A failure such as a bad resistor in all flight control computers would be addressed here. The mitigations for CMA discoveries is often DO-254 or DO-178B components.
314:
performed for major hazards if warranted. DALs and specific safety design requirements are imposed on the subsystems. The safety design requirements are captured and traced. These may include preventive or mitigation strategies selected for particular subsystems. The PSSA and CCA generate separation requirements to identify and eliminate common mode failures. Subsystem failure rate budgets are assigned so that hazard probability limits can be met.
220:
Functional Hazard
Analysis (SFHA). Using qualitative assessment, aircraft functions and subsequently aircraft system functions are systematically analyzed for failure conditions, and each failure condition is assigned a hazard classification. Hazard classifications are closely related to Development Assurance Levels (DALs) and are aligned between ARP4761 and related aviation safety documents such as ARP4754A, 14 CFR 25.1309, and
27:
306:
entire safety life cycle. One approach is to identify systems by their ATA system codes and the corresponding hazards by derivative identifiers. For example, the thrust reverser system could be identified by its ATA code 78-30. Untimely deployment of thrust reverser would be a hazard, which could be assigned an identifier based on ATA code 78-30.
321:
The SSA includes quantitative FMEA, which is summarized into FMES. Normally FMES probabilities are used in quantitative FTA to demonstrate that the hazard probability limits are in fact met. Cutset analysis of the fault trees demonstrates that no single failure condition will result in a hazardous or
219:
The
Functional Safety process is focused on identifying functional failure conditions leading to hazards. Functional Hazard Analyses / Assessments are central to determining hazards. FHA is performed early in aircraft design, first as an Aircraft Functional Hazard Analysis (AFHA) and then as a System
317:
The CCA consists of three separate types of analyses which are designed to uncover hazards not created by a specific subsystem component failure. The CCA may be many separate documents, may be one CCA document, or may be included as sections in the SSA document. The
Particular Risk Analysis (PRA)
313:
The PSSA may contain qualitative FTA, which can be used to identify systems requiring redundancy so that catastrophic events do not result from a single failure (or dual failure where one is latent). A fault tree is prepared for each SFHA hazard rated hazardous or catastrophic. Fault trees may be
135:
This
Recommended Practice defines a process for using common modeling techniques to assess the safety of a system being put together. The first 30 pages of the document covers that process. The next 140 pages give an overview of the modeling techniques and how they should be applied. The last 160
305:
FHA results are normally shown in spreadsheet form, with columns identifying function, failure condition, phase of flight, effect, hazard classification, DAL, means of detection, aircrew response, and related information. Each hazard is assigned a unique identifier that is tracked throughout the
322:
catastrophic event. The SSA may include the results of all safety analysis and be one document or may be many documents. An FTA is only one method for performing the SSA. Other methods include dependence diagram or
333:
The PSSA and CCA often result in recommendations or design requirements to improve the system. The SSA summarizes the residual risks remaining in the system and should show all hazards meet the 1309 failure rates.
309:
FHA results are coordinated with the system design process as aircraft functions are allocated to aircraft systems. The FHA also feeds into the PSSA, which is prepared while the system architecture is developed.
483:
488:
478:
419:
423:
455:
221:
337:
The ARP4761 analyses also feed into Crew
Alerting System (CAS) message selection and the development of critical maintenance tasks under ATA MSG3.
665:
161:
581:
728:
448:
405:
129:
114:
106:
723:
203:
Perform the system level FHA in parallel with allocation of aircraft functions to system functions, and initiate the CCA.
649:
441:
323:
700:
685:
675:
401:
Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment
680:
103:
ARP4761, Guidelines for
Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment
597:
173:
695:
182:
155:
551:
413:
373:
122:
20:
Guidelines for
Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment
464:
62:
670:
566:
345:
In 2004, SAE Standard
Committee S-18 began working on Revision A to ARP4761. When released,
200:
Perform the aircraft level FHA in parallel with development of aircraft level requirements.
613:
209:
Iterate the CCA and PSSA as the system is allocated into hardware and software components.
143:
644:
113:, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S.
26:
206:
Perform the PSSA in parallel with system architecture development, and update the CCA.
717:
118:
327:
81:
399:
639:
618:
212:
Perform the SSA in parallel with system implementation, and complete the CCA.
576:
571:
561:
556:
546:
541:
536:
634:
531:
526:
378:
125:
504:
368:
358:
346:
229:
110:
128:, and also harmonized international airworthiness regulations such as
519:
514:
363:
225:
433:
690:
437:
196:
The general flow of the safety life cycle under ARP4761 is:
349:
plans to jointly issue the document as ED–135.
16:
Aerospace recommended practice from SAE International
658:
627:
606:
590:
497:
471:
76:
68:
58:
41:
33:
222:Radio Technical Commission for Aeronautics (RTCA)
479:Association of Licensed Automobile Manufacturers
215:Feed the results into the certification process.
136:pages give an example of the process in action.
449:
8:
418:: CS1 maint: multiple names: authors list (
170:Common Cause Analysis (CCA), consisting of:
19:
149:Preliminary System Safety Assessment (PSSA)
456:
442:
434:
422:) CS1 maint: numeric names: authors list (
105:is an Aerospace Recommended Practice from
25:
18:
234:
167:Failure Modes and Effects Summary (FMES)
390:
489:Société des ingénieurs de l'automobile
411:
7:
244:Maximum Probability per Flight Hour
14:
162:Failure Mode and Effects Analysis
666:Engineering Societies' Building
179:Particular Risks Analysis (PRA)
130:European Aviation Safety Agency
115:Federal Aviation Administration
152:System Safety Assessment (SSA)
1:
139:Some of the methods covered:
650:SAE Supermileage Competition
144:Functional Hazard Assessment
241:Development Assurance Level
745:
324:reliability block diagram
132:(EASA) CS–25.1309.
24:
729:Engineering literature
109:. In conjunction with
724:Handbooks and manuals
598:Wright Brothers Medal
238:Hazard Classification
174:Zonal Safety Analysis
398:S–18 (1996).
156:Fault Tree Analysis
21:
374:Safety engineering
123:transport category
47:December 2023
711:
710:
465:SAE International
406:SAE International
303:
302:
192:Safety life cycle
107:SAE International
100:
99:
63:SAE International
736:
671:SAE steel grades
458:
451:
444:
435:
428:
427:
417:
409:
395:
235:
121:regulations for
96:
93:
91:
89:
87:
85:
83:
54:
52:
29:
22:
744:
743:
739:
738:
737:
735:
734:
733:
714:
713:
712:
707:
654:
623:
614:Andrew L. Riker
602:
586:
493:
467:
462:
432:
431:
410:
397:
396:
392:
387:
355:
343:
328:Markov Analysis
194:
80:
72:Aviation Safety
50:
48:
46:
17:
12:
11:
5:
742:
740:
732:
731:
726:
716:
715:
709:
708:
706:
705:
704:
703:
698:
693:
688:
683:
678:
668:
662:
660:
656:
655:
653:
652:
647:
645:SAE Aerodesign
642:
637:
631:
629:
625:
624:
622:
621:
616:
610:
608:
604:
603:
601:
600:
594:
592:
588:
587:
585:
584:
579:
574:
569:
564:
559:
554:
549:
544:
539:
534:
529:
523:
522:
517:
512:
507:
501:
499:
495:
494:
492:
491:
486:
481:
475:
473:
469:
468:
463:
461:
460:
453:
446:
438:
430:
429:
389:
388:
386:
383:
382:
381:
376:
371:
366:
361:
354:
351:
342:
341:Future changes
339:
301:
300:
297:
294:
290:
289:
286:
283:
279:
278:
275:
272:
268:
267:
264:
261:
257:
256:
253:
250:
246:
245:
242:
239:
217:
216:
213:
210:
207:
204:
201:
193:
190:
189:
188:
187:
186:
185:Analysis (CMA)
180:
177:
168:
165:
159:
153:
150:
147:
98:
97:
78:
74:
73:
70:
66:
65:
60:
56:
55:
43:
42:Latest version
39:
38:
35:
31:
30:
15:
13:
10:
9:
6:
4:
3:
2:
741:
730:
727:
725:
722:
721:
719:
702:
699:
697:
694:
692:
689:
687:
684:
682:
679:
677:
674:
673:
672:
669:
667:
664:
663:
661:
657:
651:
648:
646:
643:
641:
638:
636:
633:
632:
630:
626:
620:
617:
615:
612:
611:
609:
605:
599:
596:
595:
593:
589:
583:
580:
578:
575:
573:
570:
568:
565:
563:
560:
558:
555:
553:
550:
548:
545:
543:
540:
538:
535:
533:
530:
528:
525:
524:
521:
518:
516:
513:
511:
508:
506:
503:
502:
500:
496:
490:
487:
485:
482:
480:
477:
476:
474:
472:Organizations
470:
466:
459:
454:
452:
447:
445:
440:
439:
436:
425:
421:
415:
407:
403:
402:
394:
391:
384:
380:
377:
375:
372:
370:
367:
365:
362:
360:
357:
356:
352:
350:
348:
340:
338:
335:
331:
329:
325:
319:
315:
311:
307:
298:
295:
292:
291:
287:
284:
281:
280:
276:
273:
270:
269:
265:
262:
259:
258:
254:
251:
248:
247:
243:
240:
237:
236:
233:
231:
227:
223:
214:
211:
208:
205:
202:
199:
198:
197:
191:
184:
181:
178:
175:
172:
171:
169:
166:
163:
160:
157:
154:
151:
148:
145:
142:
141:
140:
137:
133:
131:
127:
124:
120:
119:airworthiness
116:
112:
108:
104:
95:
79:
75:
71:
67:
64:
61:
57:
44:
40:
36:
32:
28:
23:
628:Competitions
509:
400:
393:
344:
336:
332:
320:
316:
312:
308:
304:
249:Catastrophic
218:
195:
138:
134:
102:
101:
59:Organization
34:Abbreviation
640:Formula SAE
183:Common Mode
718:Categories
619:Henry Ford
408:. ARP4761.
385:References
224:standards
88:/standards
582:SAE J3400
577:SAE J3105
572:SAE J3068
567:SAE J3016
562:SAE J2452
557:SAE J1939
552:SAE J1814
547:SAE J1772
542:SAE J1708
537:SAE J1587
498:Standards
414:cite book
293:No Effect
260:Hazardous
92:/arp4761a
701:SAE 904L
691:SAE 440C
686:SAE 316L
635:Baja SAE
532:SAE J306
527:SAE J300
379:avionics
353:See also
126:aircraft
90:/content
37:ARP4761A
696:SAE 630
681:SAE 316
676:SAE 304
659:Related
510:ARP4761
505:ARP4754
369:DO-178B
359:ARP4754
347:EUROCAE
230:DO-178B
111:ARP4754
77:Website
51:2023-12
49: (
607:People
591:Awards
520:AS9100
515:AS9000
484:FISITA
364:DO-254
226:DO-254
164:(FMEA)
117:(FAA)
69:Domain
282:Minor
271:Major
176:(ZSA)
158:(FTA)
146:(FHA)
424:link
420:link
326:and
228:and
86:.org
84:.sae
299:--
288:--
277:10
266:10
255:10
232:.
82:www
720::
416:}}
412:{{
404:.
330:.
457:e
450:t
443:v
426:)
296:E
285:D
274:C
263:B
252:A
94:/
53:)
45:A
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
