1 / 18

SAE ARP 4761 Process

SAE ARP 4761 Process. Barry Hendrix Workshop AM Presentation. SAE ARP 4761 Process. Title: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. First promulgated in 1996

aadi
Download Presentation

SAE ARP 4761 Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAE ARP 4761 Process Barry Hendrix Workshop AM Presentation

  2. SAE ARP 4761 Process • Title: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. • First promulgated in 1996 • Currently SAE ARP 4761A undergoing re-write under SAE S-18 (Safety Committee Headed by John Dalton – Boeing) • Rewrite is to bring in line to dovetail with Prerequisite SAE ARP 4754A Update Promulgated in 2010 from 1996 Version.

  3. SAE ARP 4761 Process • So SAE ARP 4761 and SAE ARP 4754 go hand in hand and use functional approach to safety. • Both ARPS focused on complex aircraft systems development and safety assessments leading to Certifications. Three Basic Work Products from ~10 tasks. • Functional Hazard Assessments (FHA) • Preliminary System Safety Assessments (PSSA) • System Safety Assessments (SSA) • Other supporting analyses, such as FTAs, FMECAs, Zonals Focus is on determining top level events, functional failure conditions, root causes of faults, and contributing causal factors before hazards are identified.

  4. SAE ARP 4761 Process • Suitable for airborne systems only. On modern and complex safety-critical systems, hazard based methods/approaches alone can’t meet FAR /JAR 25.1309. • FHA, PSSA, SSAs can be endless living documents • Civil/Commercial methods in ARPs require: • Hazard and Risk Based Approach • Criteria Based Approach • Requirements Based Approach • Functional Based Approach • Safety Verification Based Approach • Airworthiness Based Approach • Safety Requirements must be met for Cert with no exceptions (FAA)

  5. SAE ARP 4761 Process • SAE ARP 4754A current and ARP 4761A process (in rewrite) convention is based on Catastrophic, Hazardous, Major and Minor Failure Conditions and corresponding Design Assurance Levels (DAL) for Software/Systems. • Convention also dovetails well with DO-178B/C Software Design Assurance Objectives A B C D as Objective Evidence of Compliance.

  6. SAE ARP 4761 Process • SAE ARP 4754A Introduced DALs, are either Item DALS (IDALS) or Functional DALS (FDALS) • IDALs relate to System, HW Equipment, Items • FDALs priorities for level of rigor and special safety tests relate to software and safety-critical Functions implemented in software/systems • Aircraft and or System FHA Safety-criticality is up front focus for future analysis and assessment

  7. SAE ARP 4761 Process • Center theme of ARPs are failure conditions leading to hazards referred to as: • Loss of or Hazardously Misleading Information of a specific function causing the hazard • Examples Loss of and Hazardously Misleading Events: • Loss of Airspeed, Loss of thrust, Loss of electrical power, Loss of hydraulics, Loss of stability augmentation, Loss of flight control • Hazardously Misleading Information: Unannunciated erroneous (Airspeed, Attitude, Altitude, Engine Displays, Flight Displays), False Indications or wrong commands or cues.

  8. SAE ARP 4761 Process • Some areas authorized by SAE ARP 4761 that have proven to be essential • Common Cause Analysis • Zonal Safety Analysis • Particular Risk Analysis • Common Mode Analysis • Failure Modes Effects Testing (FMETs), Fault Insertion Testing (FIT) and Failure Immunity Testing (FIT) dovetail well and are mutually enhancing with the APR functional approach.

  9. SAE ARP 4761 Process • Fault Tree Analyses, Event Trees and quantitative methods and software safety analyses (Typically IEEE STD 1228 Software Safety are often used as part of the ARP process for Safety critical inputs to FHAs, PSSA and SSAs. • The systems engineering process from INCOSE used with the commercial standards. • Residual risk not part of ARP process as requirements must be met with few exceptions.

  10. Summary of ARPs • SAE ARP 4761, SAE ARP 4754 , IEEE STD 1228, DO-178B/C collective Civil/Commercial Best Practices require more system safety analysis and assessment involvement to influence airborne systems requiring airworthiness certification to get into certain airspace: • Safety-Critical Functions and Requirements allocation (required for continued safe flight and landing under all required conditions and environment) • Safety is viewed as a vital “functional “ attribute of a system • Risk mitigation strategies, such as architectural redundancy, comprehensive monitoring, software semi-autonomous control, engineered safety features • Design Assurance Levels (DALs) correspond to Failure Conditions/Hazard Severity • Safety Verification methods, such as Failure Modes Effects Testing, Failure Immunity Testing, Software Functional Testing, Requirements Based Testing and other methods to ensure overall design assurance, safety, airworthiness and technical integrity.

  11. Top-Level System Safety Process IEEE 12207 /DO-178B Software Design Assurance Determine Impact of S/W Design Determine severity of failure conditions on the A/C or aircrew Determine S/W Levels A/B/C/D/E Allocate S/W functions to appropriate CSCIs CSCs, CSUs INTEGRATION TESTING/ QUALIFICATION TESTING Software Requirements and Definition Software Coding And Unit Testing SIL Testing Ground Testing Flight Testing PDR CDR SOFTWARE DESIGN Software Safety IAW IEEE STD 1228 Ensure Compliance with Safety-Critical Requirements Determine S/W Safety Involvement Determine S/W Level Define S/W Safety Critical Requirements Conduct S/W Safety Analyses Per 1228 Determine S/W Safety Hazard Mitigations Define S/W Safety Verification Requirements Perform Test Safety Analysis & Develop S-C Test Requirements (FMETs/FTs/CWAs) PSSA Define Initial System Safety Design Requirements Refine Hazard Mitigations and Identify Derived Safety Reqmts SSA Analyze System Hazards SSPP per “882” FHA Integration Specs & SRSs TDOCs System Safety Engineering IAW ARP 4761

  12. Strength and Weaknesses of Each Process Barry Hendrix Workshop PM Presentation

  13. Strengths and Weaknesses of Each Process • ANSI – Strengths: Flexible for commercial, less complex systems (non-military, non-space) • Easily tailored, limited Gov’t involvement, ideal for products to reduce hazard risk • Ideal for start up system safety Weakness: Since ANSI 010 was developed by G-48 as de-militarized version of MIL-882, it is unknown if many or any industries or companies are actually aware of existence and if so using it.

  14. Strengths and Weaknesses of Each Process • MIL-STD-882E: • Strength is now more comprehensive than before: FHA and better software safety guidance. Still suitable for majority of complex DoD military ground and shipboard systems where no alternative methods. • Weakness is NOT ideally suited (alone) for aircraft and airborne systems with software intensive systems requiring airworthiness and system certification and FAA compliance considering the SAE ARP integrate aircraft systems and safety (many ARPs for all airborne systems)

  15. Strengths and Weaknesses of Each Process • SAE ARPs are ideally geared for safety analysis and assessment methods for commercial and complex military aircraft platforms requiring airworthiness certification and to get into FAA controlled airspace. Most military aircraft can easily adapt to ARP methods with blended MIL-STD-882. • Weakness: ARPs are “Aerospace” oriented only and not structured to be suitable for ground or shipboard systems, but something similar could be developed with more emphasis on functional approach (FHA) and Software and system certifications.

  16. Contrast and Compare • The following Matrix chart shows basic of the most popular system safety methods by DoD, NASA, FAA. • Excluded is IEC 61508 Functional Approach to safety most widely used worldwide by auto industry, oil and gas industry, and chemical industries, Nuclear Power. Many consider it the best safety standard of all. This is debatable of course. Required HUMOR…NO! Auburn just lost to FL State 34-31…this presentation is finished!

  17. Top-Level System Safety Process DO-178B Software Design Assurance Determine Impact of S/W Design Determine severity of failure conditions on the A/C or aircrew Determine S/W Levels A/B/C/D/E Allocate S/W functions to appropriate CSCIs CSCs, CSUs INTEGRATION TESING/ QUALIFICATION TESTING Software Requirements and Definition Software Coding And Unit Testing SIL Testing Ground Testing Flight Testing PDR CDR SOFTWARE DESIGN Software Safety IAW IEEE STD 1228 Ensure Compliance with Safety-Critical Requirements Determine S/W Safety Involvement Determine S/W Level Define S/W Safety Critical Requirements Conduct S/W Safety Analyses Per 1228 Determine S/W Safety Hazard Mitigations Define S/W Safety Verification Requirements Perform Test Safety Analysis & Develop S-C Test Requirements (FMETs/FTs/CWAs) PSSA Define Initial System Safety Design Requirements Refine Hazard Mitigations and Identify Derived Safety Reqmts SSA Analyze System Hazards SSPP per “882” FHA Integration Specs & SRSs TDOCs System Safety Engineering IAW ARP 4761

More Related