What is Functional Hazard Assessment?
A Functional Hazard Assessment (FHA) is a top-down qualitative assessment whose goal is to perform a systematic examination of functions to identify Failure Conditions to prove functional integrity. Those Failure Conditions describe the specific state or scenario in which the system or component fails and its consequences.
The FHA is usually conducted both at aircraft and system levels and supports compliance statements against regulations such as the EASA Certification Specification 25.1309, Certification Specification 23.2510, or the FAA equivalent FAR Part 25.1309
How is it related to other safety analysis?
The results of the FHA serve as the starting point for conducting the Preliminary System/Aircraft Safety Assessment (PSSA/PASA), which is a systematic examination of the suggested system architecture to determine how failures can cause the functional hazards identified in the FHA. This analysis can take the form of a Fault Tree Analysis (FTA), even though Dependence Diagrams (DD) or Markov Analysis (MA) are also applicable.
As it can be seen in the following figure, the Failure Conditions derived from the Aircraft FHA can be used as the top events of the Aircraft Fault Trees and, at the same time, the basic events used in said Fault Trees can be the Failure Conditions of the System FHA, which, at the same time, can be the top gates of the system FTAs.
Link between AFHA and SFHA
What inputs do you need to perform an FHA?
Before starting to develop the analysis is important to gather all the needed information:
1) System description
A comprehensive system description is crucial to develop the FHA. It helps safety engineers to understand how the components, subsystems, and functions interact within the overall system. This is essential to identify the potential failure modes, hazards, and risks. This understanding also allows the identification of dependencies and interface interactions that could lead to potential safety concerns. Furthermore, an accurate system description establishes the system’s boundaries, essential for focused analysis on safety-relevant elements. The system description forms the foundation of the FHA process, ensuring an accurate and pertinent analysis for the design under consideration, leading to better identification and mitigation of potential safety hazards and risks.
2) Operational Environment description
The operational environment description provides the necessary context for the FHA by helping safety engineers understand the potential hazards and interactions that a system might face in its intended operating conditions, which is critical for accurately assessing and mitigating safety concerns.
The description of the Operational Environment should include all characteristics, which may be relevant when assessing the system and its ability to achieve an acceptable risk, to satisfy its Safety Objectives and meet its Safety Requirements.
3) Regulatory framework
Knowing the regulatory framework (EASA, FAA, etc.) is important to ensure that the aircraft design and operation conforms to the established requirements. Moreover, it facilitates the certification process and international acceptance of the aircraft.
4) Applicable standards
When conducting an FHA, it is advisable to consult relevant standards, guidelines, and regulations to ensure a thorough and compliant analysis. Collaboration with safety experts, engineers, and regulatory authorities can help in making sure that the FHA process is aligned with industry best practices and regulatory requirements.
The most used standard for performing an FHA is SAE ARP4761, which has demonstrated compliance with airworthiness regulations such as FAA and EASA. Nevertheless, it is important to note that the selection of applicable standards depends on factors such as the type of aircraft, its intended use, and the regulatory framework in the specific jurisdiction.
5) Initial safety plan
The initial safety plan is a crucial component when conducting a Functional Hazard Assessment (FHA) in aeronautics, or any safety assessment for that matter. The approach, scope, objectives, resources, and methodologies that will be used throughout the assessment process are outlined. This document is therefore very important for planning the analysis and ensures that the assessment leads to accurate hazard identification, effective risk assessment, and appropriate safety measures.
6) Overall project/programme plans
Although this may not be considered as an input as such, as its content is not used to directly develop the analysis, it is important to consider the overall project plans. This is because the alignment of the analysis with the overall project plan facilitates an effective communication, collaboration and decision-making among various stakeholders and disciplines involved in the aircraft development or modification.
The inputs mentioned in this section are essential for establishing the foundation of an initial version of the Functional Hazard Assessment (FHA). However, it is crucial to recognize that the safety assessment development process is inherently iterative. Therefore, as the system evolves, continuous updates of the analysis are necessary. In this regard, outputs from other analyses will also be used as inputs on various occasions, allowing for a more comprehensive perspective. Additionally, some of the inputs mentioned in the list are likely to be modified, such as adjustments to the system description, based on gathered information and new insights gained throughout the iterative process.
How to do an FHA?
Once all the inputs are gathered, the FHA can be started. In the following figure the steps used to develop the AFHA and the SFHA is shown. As it can be seen, the process followed to perform both analyses are nearly the same: first, you identify the functions, then, you assess the Failure Conditions, then you allocate the probability targets, and finally you predict how to accomplish them.
The image below is sourced from “Aircraft System Safety” by D. Kritzinger. For more in-depth details on conducting FHA for this particular section, refer to the mentioned book.
An FHA process flow
This image shows the process in a generic way and relates the analysis to other analyses such as SSA. We will now look at the specific steps that can be followed to develop the analysis:
1) Function identification
To identify the functions associated with the system under study it is important to gather first some information like the equipment’s functionality, capability, and limitations. With that, a preliminary function list can be developed. This list can be expanded throughout the process if additional information is obtained or if deemed necessary.
2) Identification and description of the Failure Conditions
To identify the Failure Conditions associated with these functions, single and multiple failures in normal and degraded environments must be considered.
An environment and emergency configuration list must be developed. It should include the environmental conditions to be considered at aircraft level (e.g., the weather) and the emergency/abnormal conditions (e.g., the loss of communication).
After that, and taking into consideration the function list, the list of failure conditions can be developed considering both single failure conditions and combined failure conditions.
3) Allocation of the flight phases affected
Once the Failure Conditions are defined, the following is to assign the phases applicable for each of them. For example, one of the failure conditions identified may be only applicable during take-off or during the cruise phase.
4) Determination of the effects of the Failure Conditions
Considering the detectability and mitigations that may exist for each Failure Condition, the effects of the latter on the aircraft, crew and occupants can be identified.
5) Classification of the effects of the Failure Conditions
Severities, assigned according to the effect of Failure Conditions on crew, occupants, and the aircraft itself, are commonly used to classify the effects. The most broadly used severities classification are: Catastrophic, Hazardous, Major, Minor and No Safety Effect. The determination of this classification is accomplished with documentation like accidents data, regulatory material, and previous experience.
The table below shows how to allocate this severity from the effects according to AMC 25.1309
6) Assignment of probability requirements
In accordance with the applicable safety standards, a qualitative or quantitative safety target may have to be allocated. For example, the relationship between the probability and the severity of a failure condition stated in EASA AMC 25.1309 is shown in the following figure below:
Once all the steps have been completed, a compilation table can be created with all the information. An example for the function “provide WIFI on board” is shown below
Output of an FHA
The main outputs of the FHA are the function description, the Failure Conditions, the Phase of Operations, the effect of the Failure Condition on the Aircraft, Crew and Occupants, the classification of the Failure Conditions, Reference to Supporting Material and the verification method for the design solution chosen to meet the safety objective. All of this should be gathered in the report.
Another output of the FHA is the Derived Safety Requirements for the design at each level. This are safety related specifications derived or generated based on the analysis of hazards and risks identified during the assessment. They offer specific guidelines to address safety concerns, influencing the design, development, and operation of the aircraft or system to ensure appropriate safety measures are in place.
Performing the FHA may bring on some challenges. To reduce them, the following actions can be taken:
- Make sure to understand the system you are working on before starting, as this can decrease the number of revisions needed to be done.
- Involve the experts. The communication between the systems engineer in charge of the system and the safety engineer performing the FHA is important to gather diverse perspectives and ensure all concerns are addressed.
- Document clearly all the process, including all findings, discussions, and decisions. This will facilitate the reviews, audits, and compliance assessments.
- Remember that it is an iterative process. It is important to consider that the design will evolve after the first issue of the FHA is developed and it will need to be updated.
- Make sure to comply with the industry regulations and standards. This way, you can ensure that the assessment is aligned with the stablished norm. In addition, this can save you time as some standards provide templates for your analysis and are based on collective expertise and best practices.
- When possible, peer review is always a good idea. This way, you’ll be able to detect possible mistakes that you missed or find possible areas of improvement.
- Stay updated and informed about the latest developments, best practices and lessons learned in the field.
DMD Solutions provides a comprehensive range of RAMS solutions to help organizations ensure the reliability, availability, maintainability, and safety of their product. Connect with our expert team for collaborations, we would be happy to assist you. Contact us now to receive support.