资源描述
Presentedto:Federal AviationAdministrationCertification of Rotorcraft and FHA ProcessAEAJanuary31,2012CertificationofRotorcraftan2Federal AviationAdministrationOUTLINECertification Process InstallationofComplexSystemsinNormalCategoryRotorcraftXX.1301&XX.1309ComparisonGuidanceMaterialCompliancewith27/29.1309SystemSafetyAssessmentItemstobeawareofFHA/SSAQuestions2OUTLINECertificationProcess23Federal AviationAdministrationCertification Process1.Application(e.g.TC,ATC,STC,ASTC)2.Certification Basis defined.3.Certification Plans:Detailhowcompliancewillbeshownforeachrule(27.1309analysis,groundtest,flighttest,etc.).DefinelevelofFAAinvolvement(delegation).4.Test planning&execution.5.Data/Test Review:FAA reviews/witnesses tests as necessary.6.TC/STC issued.3CertificationProcessApplicati4Federal AviationAdministrationComplex Systems in Small RotorcraftSubject equipmentAttitudeDirectionIndicatorSyntheticVisionAHRSi.e.MEMStechnologyAirDataNavigationHTAWSTrafficWeatherRADALTAutopilots/stabilityaugmentationSystemintegrationCertification Bases that range from CAR 6 to part 27 amndt.46Intended FunctionWillitonlybeusedforDay/NightVFR?Single/DualPilotCATA/CATBFHA/SSAProperhazardsclassificationProperdesignlevels,includingsoftwareRequiresinputfromvariousengineeringdisciplinesandPilots4ComplexSystemsinSmallRotor5Federal AviationAdministration14 CFR 2X.1301 Comparison2X.1301:Each item of installed equipment must-Beofakindanddesignappropriatetoitsintendedfunction;BelabeledastoitsfunctionandoperationallimitationsBeinstalledaccordingtoitslimitationsFunctionproperlywheninstalled.Although the rule&its application are the same,they result in different requirements due to the platforms design&operational differences.514CFR2X.1301Comparison2X.136Federal AviationAdministration2X.1309 Comparison2X.1309:Whiletherearesomedifferencesinthe14CFRParts23,25,27,29,ingeneral,theyallsaythateachitemshouldbesafeandreliableandnotadverselyaffectanyothersystem.Basically,thisistheregulationthatrequiresthathazardsposedbythesystemsinstalledonaircraftmustbeaddressedaspartofthecertificationprocess.RESOURCESAC27/29.1309SAEARP4754“GuidelinesforDevelopmentofCivilAircraftandSystems”.SAEARP4761GuidelinesandMethodsforConductingtheSafetyAssessmentProcessonCivilAirborneSystemsandEquipment.OtherpublishedACGuidance(e.g.,21-40,27-1B,29-2B),FAAOrders,RTCADocuments.62X.1309Comparison2X.1309:Wh7Federal AviationAdministration27.1309&29.1309 ComparisonItisassumedthatthebasicPart27aircraftwillbecertifiedVFR.27.1309onaVFRHelicopterdoesnotaddresssystemswhosefailureconditionsareassessedtobehigherthanmajor(i.e.hazardousorcatastrophic).MayrequirespecialconditionsIftherotorcraftistobecertifiedforIFRflight,thenyoumustuse27appendix“B”whichinvokessomePart29rulesincludingportionsof29.1309.727.1309&29.1309ComparisonIt8Federal AviationAdministrationGuidance MaterialAC 27.1B,27.1309 provides guidance for compliance to FAR 27.1309AC 29-2C,29.1309 provides guidance for compliance to FAR 29.1309Both ACs recognize SAE-ARP 4761/4754 System Safety Assessment(SSA)processAC 20-174 for compliance to the new ARP 4754A.8GuidanceMaterialAC27.1B,27.9Federal AviationAdministrationCompliance to 27/29.1309XX.1309 Compliance Data:Qualitative&QuantitativeanalysisrequiredforCatastrophic,Hazardous,andforcomplexsystemsthathaveMajorfailureclassifications.FHA,PSSA,FTA,FMEA&CCArequired.MustSubstantiateprobabilityoffailurereqmts.OnlyQualitativeassessmentrequiredfornon-complexMajorandMinorsystems.Noprobabilityoffailuresubstantiationrequired.9Complianceto27/29.1309XX.13010Federal AviationAdministrationSafety Assessment ProcessFunctional Hazard Assessment(FHA)AircraftLevel&SystemsLevelFHAsUsedtoIdentifyEffects(i.e.FailureConditionCategories)ofSystemFailuresonAircraft5 Failure Condition CategoriesCatastrophicHazardous/Severe-MajorMajorMinorNo-Effect10SafetyAssessmentProcessFunct11Federal AviationAdministrationSystem Safety Assessment hardware requirementsCatastrophic-1x10-9probabilityofOccurrenceHazardous/Severe-Major-1x10-7Major-1x10-5Minor-1x10-3No-Effect-noprobabilityofoccurrencereqmts.AsdefinedinAC27/29.1309&SAEARP4761GuidelinesandMethodsforConductingtheSafetyAssessmentProcessonCivilAirborneSystemsandEquipment.11SystemSafetyAssessmenthardw12Federal AviationAdministrationSystem Safety Assessment Software&AEH RequirementsRTCA/DO-178B Software Level and RTCA/DO-254 AEH Level Commensurate with Failure Condition CategoryLevelA(Catastrophic)LevelB(Hazardous/Severe-Major)LevelC(Major)LevelD(Minor)LevelE(NoSafetyEffect)12SystemSafetyAssessmentSoftw13Federal AviationAdministrationAssessing the Effects of FailuresIntegration of Cockpit Display Systems and Pilot InterfaceIn addition to the systems engineering specialists,both flight test and HF evaluation of pilot-system interface is used to evaluate and classify the hazard level of a particular failure condition.Especiallyifitinvolvesthepilotsysteminterface(controlormisrepresentationtothepilotofinformation)13AssessingtheEffectsofFail14Federal AviationAdministrationIssues to be aware of:FHA should not be accomplished after system design and installation.PrimarypurposeofFHAistosetdesignstandards;nottoappeaseFAADo not use the equipment reliability to define failure classification.The highest hazard classification for equipment that is not required by certification or operational rules NOT is“minor”.14Issuestobeawareof:FHAshou15Federal AviationAdministrationFHA/SSA questions for the groupShould the hazard classification/threat to the aircraft and or occupants change for misleading information as a function ofItsRequiredvs.non-requiredinCAR6/part27?Whatifitcanbeclassifiedas“safetyenhancing”equipment?ItsbeinginstalledtosatisfyandOperationalequipmentrequirementsi.e.(135)?15FHA/SSAquestionsforthegr16Federal AviationAdministrationDiscussion Time:Back to Kim16DiscussionTime:BacktoKim117Federal AviationAdministrationQuestions to industry and the FAA:Dowe,theFAAandindustry,understandtherisktradeoffsifweallowtheinstallationofequipmentwithalowerlevelofcertitudethanourguidanceallows?GiventheuniquecharacteristicsofrotorcraftWhataretherisktradeoffsandwhatdotheybuyus?Dowegetanetgaininsafety(asreflectedbyloweraccidentnumbers)?Howarewediscouragingapplicantsandoperatorsfrominstallingsafetyenhancingequipmentthatisnotrequiredbyanyregulations?Arewegoingtoexacerbatepoorpilotdecisionmakingbyprovidingasystemthatmayprovideafalsesenseofsecurity(i.e.“snowtiresyndrome”)17Questionstoindustryandthe
展开阅读全文