SAE S-18 Aircraft Safety Assessment Committee

Special Thanks to Linh Le Safety Assessment Program Manager, ANM-117, for building up this presentation Contact him at

Acronyms AC – Advisory Circular ARAC – Aviation Rulemaking Advisory Committee ARP – Aerospace Recommended Practice CTA – Centro Tecnico Aerospacial DAL – Development Assurance Level DGAC – Direction G  n  rale de l\'Aviation Civile FAA – Federal Aviation Administration FAR – Federal Aviation Regulations MCDC – Multiple Condition Decision Coverage HIRF – High Intensity Radiated Field SAE – Society of Automotive Engineers SOW – Statement of Work

S-18 Committee Charter Develop and keep up suggested hones for fulfilling starting configuration and in-administration security evaluation of flying machine, and related frameworks and gear to bolster successful wellbeing administration.

Airbus Boeing Rockwell Collins Honeywell International Cessna Raytheon B.F. Goodrich Hamilton Sundstrand Pratt & Whitney Rolls-Royce FAA DGAC Brazilian CTA Embraer Gulfstream more S-18 Committee Members

Statement of Work (SOW) Proactively give best in class direction material for air ship & framework wellbeing appraisal: Review & keep up ARP 4761, "Rules and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment" (1 st distribution 1996,) as cutting edge direction record for air ship security evaluation. Survey & keep up ARP 4754, "Accreditation Considerations for Highly-Integrated or Complex Aircraft Systems" (1 st production 1996,) as cutting edge direction archive for airplane incorporation, necessities advancement, confirmation and approval. Grow new wellbeing direction material to address industry issues.

SOW (cont) Completion arrangement: 1 st Qtr 2007 Committee meets 4 times each year. Next meeting: week of July 25, 2005 Contacts: Chair: John Dalton, Co-seat: Eric Peterson, FAA Voting Members: Linh Le, ANM-117 Lee Nguyen, AIR-120

Why Change? Industry has advanced and perceived that current archives don\'t completely speak to current practices and won\'t address future issues ARPs have a compulsory 5-year audit cycle

Why Change? (cont) Trends toward more coordinated framework plans make requirements for framework building approach. New rulemaking Most eminently FAR/CS 25.1309. The ARAC proposed AC material depicts uses of ARP4754 and ARP4761. For proposed guideline/AC, see

Why Change? (cont) Publication of new industry direction DO-254, "Plan Assurance Guidance for Airborne Electronic Hardware", 4/2000. ARP5150, "Security Assessment of Transport Airplanes in Commercial Service", 11/2003. (S18 is likewise the creator of this ARP.) Incorporate lessons learned.

Proposed Changes to ARP4754 New title "Direction for Development, Validation, and Verification of Aircraft Systems" Reflects genuine purpose and more extensive application. Not restricted to "exceptionally coordinated" or "complex" frameworks. Suggests relationship to in-administration security.

Proposed Changes to ARP4754 Content is more framework designing focused: Encompasses end-to-end plane life cycle, including post-accreditation alteration Adds direction on plane level wellbeing arrangement Adds direction on plane level security evaluation (v.s. framework level) Generically depicts wellbeing appraisal process and alludes to ARP4761 for points of interest Provides extra subtle elements on Configuration Management

Proposed Changes to ARP4754 Content might be rearranged to Clarify and guide manner of thinking More intently mirror the sensible procedure stream e.g. security appraisal precedes improvement certification level task

Proposed Changes to ARP4754 A vital way to deal with task of advancement confirmation levels (DAL) DAL is a framework wellbeing necessity to be caught at the start of the framework improvement life cycle, and afterward repeats as framework definition develops. DAL is mapped beginning from plane level capacity, through framework engineering definition, lastly to programming/equipment segment definitions.

Proposed Changes to ARP4754 DAL task rationality: Uphold "engineering contemplations" reasoning of existing ARP4754 Focus on finding the right DALs, not on diminishing the DAL Integrates involvement with DO-178B and DO-254 Be aware of impediments of certification procedure

Proposed Changes to ARP4754 Unlike the present segment 5.4, the proposed procedure does not pre-appoint the DAL\'s. Abstains from "shoehorning" (driving the outline, or the translation of the configuration, to match one of the 5 case designs in Table 5.2) Relies essentially on the adult and bland wellbeing evaluation process. Concurrence on the wellbeing appraisal comes about frequently dispenses with DAL task discussions. Considers the abilities of the current programming and electronic equipment affirmation forms (DO-178B and DO-254, separately.) Maximizes adaptability for framework engineers

Proposed Changes to ARP4754 In many cases, results are fundamentally the same as or indistinguishable to those given by today\'s ARP4754: At slightest one part under the "AND" entryway will for the most part have its DAL specifically associate to the risk characterization of the top disappointment condition. In situations where uniqueness and autonomy between excess disappointment ways are substantiated, and the top disappointment is brought about by loss of capacity (instead of breakdown) , the disappointment ways can be guaranteed at a DAL lower than the top disappointment impact (e.g. level A framework goal is fulfilled by level B segments)

Proposed Changes to ARP4754 However, in (uncommon) circumstances where the top disappointment condition must be brought about by glitches , one of the excess ways would be comparable with the top disappointment impact, to guarantee the essential blunder discovering affirmation exercises (i.e., MCDC for disastrous conditions, confirmation freedom for dangerous conditions, and so on.)

In Store for ARP4754 Recognize that "high seriousness" plan mistakes (i.e., may bring about calamitous or perilous results) in complex frameworks (especially programming driven frameworks) are regularly followed to prerequisite blunders, instead of execution (improvement) blunders. Put more accentuation on necessity particular and approval.

ARP4761 Update So far, no significant changes have been proposed Minor revisions and elucidations of existing materials.

In Store for ARP4761 Committee arrangements to address: Validation and Verification, traceability of wellbeing necessities Integration with DO-254 (most eminently the "deterioration" process for level An and B capacities) Considerations for human blunders in security appraisal Operational unwavering quality Software wellbeing evaluation Shared assets Addition of HIRF to Particular Risk Analysis Wiring disappointments

Conclusion S-18 Aircraft Safety Assessment Committee: Published "Wellbeing Assessment of Transport Airplanes in Commercial Service " (ARP5150) in 2003 Plans to finish modification in mid 2007: "Direction for Development, Validation, and Verification of Aircraft Systems" (ARP-4754) "Rules and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment"(APR-4761) Questions?? If you don\'t mind contact advisory group seats (see slide 7) Thanks again to Linh Le for his assistance. 

