Introduction

Relationship between ARP4761 & ARP4754A. Feedback from DO-178C and DO-254.

Certification Specifications & Acceptable Means of Compliance
Knowledge of the aerospace industry rules abided by EASA, FAA & ECSS. Required certification targets. Focus can be centred in alumni interests:

• CS-23, CS-25, CS-27, CS-29
• CS-LURS, CS-LUAS, SC-VTOL
• ECSS standards

Safety Assessment Process

Minimum required safety document involved in a Type Certificate or Supplemental Type Certificate: from FHA to SSA. Classification of Failure Conditions according to their severity.

Safety Analysis Methods

Initial overview, description and adequacy of the diverse safety analyses methods available: FTA, Markov Analysis, Dependence Diagram, FMEA, FMES, Zonal Safety Analysis, Particular Risk Analysis, and Common Mode Analysis

ACTIVITY 1: Development of a Functional Hazard Assessment for an ATA 24 (Electrical) System*

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ARP4761: Guidelines and methods for conducting the Safety Assessment Process on Civil
  airborne systems and equipment
• ARP4754A: Guidelines for Development of Civil Aircraft and Systems

Auxiliary

• DO-178C: Software Considerations in Airborne Systems and Equipment Certification
• DO-254: Design Assurance Guidance for Airborne Electronic Hardware

In-depth Safety Analysis Methods

In-depth knowledge of the diverse safety analyses methods available: FTA, Markov Analysis, Dependence Diagram, FMEA, FMES, Zonal Safety Analysis, Particular Risk Analysis, and Common Mode Analysis

FDAL and IDAL allocation
Detailed methods (with practical example) to allocate FDAL/IDAL according to DO-254

ACTIVITY 1: Development of an FTA/DD for an ATA 24 (Electrical) system*

ACTIVITY 2: Development of a typical Common Mode Analysis using the FTA produced in Activity 1*

ACTIVITY 3: Development of a typical Fire Particular Risk Assessment

ACTIVITY 4: FDAL/IDAL allocation using the FTA produced in Activity 1*

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ARP4761: Guidelines and methods for conducting the Safety Assessment Process on Civil
  airborne systems and equipment
• ARP4754A: Guidelines for Development of Civil Aircraft and Systems

Auxiliary

• DO-178C: Software Considerations in Airborne Systems and Equipment Certification
• DO-254: Design Assurance Guidance for Airborne Electronic Hardware
• NUREG-0492: Fault Tree Handbook

Introduction
Relationship between ARP4761 & ARP4754A. Feedback from DO-178C and DO-254.

PSSA
Definition of an industry proven Safety cycle, including methods and timeline. Overview of main documents contents & structure (FHA, PSSA, SSA & ASA).

Development of the Preliminary System Safety assessment. Analysing the failure conditions, define the safety requirements, and develop RMS contribution to the design. Common Cause analyses and strategies to solve Single Point of Failures.

SSA / ASA
Development of the System Safety assessment, Verify the safety requirements and build the compliance cross matrix.

ACTIVITY 1: Development of the critical chapters of a Preliminary Systems Safety
Assessment for an ATA 24 (Electrical) System*.
Discussion of best iteration routes to refine the safety of the design
after preliminary analysis

ACTIVITY 2: Development of a System Safety Assessment of a modified ATA 24
(Electrical) System* according to conclusions from Activity 1.
Discussion of technical reporting aspects to gain solid safety assurance
and substantiation

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ARP4761: Guidelines and methods for conducting the Safety Assessment Process on Civil
  airborne systems and equipment
• ARP4754A: Guidelines for Development of Civil Aircraft and Systems

Auxiliary

• “Aircraft System Safety” – Duane Kritzinger – Woodhead Publishing, 2016

Introduction
Explain what is the FTA and what is the relationship with the other safety analyses like FMECA, FHA, SSA…

Main definitions & symbology
Definition of the main concepts of the FTA and the symbology used to develop the analysis.

Main objective & steps of FTA
Main objective the FTA and development of steps/process to build system’s FTAs. Structure of complex projects.

FTA construction. Main nodes used in the FTA
Learn how to develop an FTA with schematics and FMECA as inputs. In-depth knowledge about the different types of nodes used in this analysis. Pitfalls to avoid to effectively reproduce system failure behaviour.

Unavailability of the Primary Events. Types of calculation
Understand the different types of calculation of the unavailability. Obtain the unavailability from FR and MTBF. Understand the difference between dormancy and hidden events.

Qualitative and quantitative analysis of FTA.
Learn the qualitative analysis of the FTA, like the cut sets analysis, and the quantitative analyses.
Understand the two types of quantitative analysis:

• Exact method calculation
• MCS calculation

Extract conclusions from FTA. Introduction to CMA
Learn how to extract the main conclusions from the FTA. Identify Single Points of Failure (SPF) from the cut sets analysis.
Introduction to the Common Mode Analysis (CMA) and how to extract the information needed from the FTA.

 

ACTIVITY 1: Development of an FTA for an ATA 24 (Electrical) system* in Robin from
an already existing FMECA.

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• NUREG-0492: Fault Tree Handbook
• CIVE240: Fault Tree Analysis

Introduction
Explain what is the FTA and what is the relationship with the other safety analyses like FMECA, FHA, SSA…

Hazard Log: why, when and who?
Hazard Log in the aerospace context. Evaluation of safety outcomes, compliance and measures of hazard control.

Hazard Analysis
A description of methods and techniques used to conduct the hazard analysis, including assumptions made, qualitative and quantitative data used, and means to provide traceability to the source data.

HAZOP
Identification of possible hazards in maintenance and operation processes. Effects of variation. Failure Points.

Hazard Log Database
Parametrization and classification of hazards. Understanding context and operations for a workable Hazard Log.

Problematic Substances
Rules & regulations applicable to problematic substances classification. Labelling and authorized usage.

HRI, Residual Risk and Risk Acceptance
Quantitative and qualitative criteria to define an acceptable level of risk.

ACTIVITY 1: Hazard Analysis development for an ATA 24 (Electrical) system* in different operational environments

ACTIVITY 2: Classification, labelling and usage procedures for 3 example Problematic Substances

ACTIVITY 3: Classification and justification of acceptable level of residual risk using the HAZOP results produced in Activity 1*

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ECAST Guidance on Hazards Identification
• Regulation (EU) No 376/2014: Reporting, Analysis and Follow-up of Occurrences in Civil Aviation
• Regulation (EU) No 1321/2014: Continuing Airworthiness
• ICAO Safety Management Manual, Fourth Edition – 2018 (Doc 9859-AN/474)

Regulation overview
Overview of international regulations for all types of Hazardous Materials and Problematic Substances, including labelling, transport and usage. REACH and RoHS in context.

REACH: Registration, Evaluation, Authorisation and Restriction of Chemicals
Understand the different roles in the supply chain with regard to REACH compliance. Classification of substances according to REACH Registry. Annex XVII (Restricted List), Annex XIV (Authorisation List) & Candidate List. Tools for substance identification.

RoHS Directive: Restriction of Hazardous Substances in Electronical and Electrical Equipment Applicability to Electronics and Electronical Equipment.
Overview of Directive 2002/95/EC (RoHS 1) amended by 2011/65/EU (RoHS 2) & Directive 2015/863. RoHS and CE marking. Obligations of RoHS equipment suppliers.

Obligations for Downstream Users and Distributers in the EU
Obligations regarding documentation linked to articles, substances and mixtures. Storage and safe usage, risk exposure management. Penalties in case of non-compliance.

ACTIVITY 1: Understand, classify and collect required data for a substance, a mixture, an article and a piece of electronic equipment.

ACTIVITY 2: Analysis of an aerospace system BOM: classify parts and assign compliance action for each.

Basic

• Regulation (EC) No 1907/2006: Registration, Evaluation, Authorisation and Restriction of Chemicals
• Directive 2002/95/EC: Restriction of the use of certain hazardous substances in electrical and electronic equipment
• Directive 2011/65/EU: RoHS 2 recast
• Directive 2015/863: RoHS 3, addition of four restricted substances to RoHS 2

Introduction
What is FRACAS? The importance of FRACAS in the aeronautical sector and industry actors involved.

Main definitions
Definition of the main concepts in FRACAS:

• Sources of data: AMR / DIR / Failure report
• Distinction between reported anomalies: Malfunction, defect, failure, no fault found, etc.
• Reliability concepts: MTBF, MTBUR, MTBCF, PMTBF, GMTBF, MTTF

Main objective & Process of FRACAS
Goals and benefits of implementing a FRACAS. Insights derived of a FRACAS process for aerospace systems.
Overview of the complete process of FRACAS and the importance of each role in this process.

FRACAS Database
Hands-on development of the main fields that a FRACAS database should have in order to perform valuable analyses.

Reliability Assessment
Insights in a reliability assessment and organization of conceptual conclusions according to goals. Understanding of the results obtained.

Corrective Actions
Application and adequacy of corrective actions. Understand the importance of the corrective actions and how it could be beneficial to the aircraft manufacturer.

ACTIVITY 1: Failure reporting: classification and data introduction of an AMR, a DIR and a field failure report to avoid data error

ACTIVITY 2: Development of a Reliability Assessment in Robin and extract main conclusions. Identification of CA impact in the MTBF parameter

Basic

• MIL-STD-2155: Failure reporting, Analysis and Corrective Action taken

Auxiliary

• AIAA Standard: Performance-Based Failure Reporting, Analysis & Corrective Action System (FRACAS) Requirements

Introduction to Reliability
Importance of reliability and historical evolution. Reliability for aerospace.

Reliability Modelling and Prediction theorical concepts
General procedure for prediction calculations. Basic mathematical models and reliability modelling. Methodologies such as Reliability Block Diagrams, Failure Distributions, Environmental Data and Mathematical/Simulation models will be discussed.

Overview of the available Prediction Standards
Overview, applicability and scope of the different available Reliability Prediction Standards.

Prediction calculations
Calculation methodology for the following standards:

• MIL-HDBK-217F (Including specific topics related to environment and temperature dependence)
  • ANSI-VITA specification application
• RIAC-HDBK-217Plus
• FIDES 2009 (Including specific topics related to the standard as definition of mission phases, computation of Pi factors or phase dependant parameters importance)
• NSWC-11 for non-electronic parts.

For each standard, component categorization and scope are discussed.

Reliability Historical data
Overview and applicability of the NPRD2016 and EPRD2014 databases.

Reliability Prediction Analysis
Evaluation of reliability requirements in design specifications. Sections and methodology for conducting an RPA. Interpretation of results and detection of possible flaws in the design.

 

ACTIVITY 1: Perform prediction calculations for each discussed standard (MIL-HDBK-217F, RIAC-HDBK-217Plus, FIDES2009 and NSWC-11) with the aid of Robin RPA

ACTIVITY 2: Perform a complete Reliability Prediction Analysis for a Simple Electronic System* using Robin RPA

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• MIL-HDBK-217F: Reliability Prediction of Electronic Equipment
• ANSI-VITA: American National Standard for Reliability Prediction MIL-HDBK-217 Subsidiary Specification.
• RIAC-HDBK-217Plus: Handbook of 217Plus™ Reliability Prediction Models
• FIDES 2009: FIDES guide 2009 Reliability Methodology for Electronic Systems
• NSWC-11: Handbook of Reliability Prediction Procedures for Mechanical Equipment
• MIL-HDBK-338B: Electronic Reliability Design Handbook

Auxiliary

• “Case Studies in Reliability and Maintenance” – Wallace R. Blischked & N. Prabhakar Murthy – Wiley Interscience
• Alessandro Birolini, “Reliability Engineering: Theory and Practice”, Eight Edition

MSG-3/RCM
Brief introduction to RCM and MSG-3 methodologies.

MSI Analysis
In-depth knowledge of the MSI Analysis process. Identification of the MSI and the further analysis. Definition of the failure modes.

Zonal Analysis
Procedure Detailed process explanation of the Zonal Analysis.

L/HIRF Analysis
Theorical overview of L/HIRF Analysis.

ACTIVITY 1: Development of an MSI Analysis for an ATA 27 (Flight Control) system*

ACTIVITY 2: Development of a Zonal Analysis Procedure for an ATA 32 (Landing Gear) system*

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ATA MSG-3: Operator/Manufacturer Scheduled Maintenance Development

Auxiliary

• “Case Studies in Reliability and Maintenance” – Wallace R. Blischked & N. Prabhakar Murthy – Wiley Interscience

Introduction
Basic concepts and definitions of the FMECA analysis

FMECA
Methodology and recommendations for each FMECA field (e.g. Local Effect, Next Effect, End Effect…). Real examples of different types of FMEA

• Functional vs piece-part FMECA
• Qualitative vs Quantitative FMECA
• Structural vs LRU FMECA
• Data source for failure rate
• Failure modes distribution

Detection Coverage
Definition of the different types of detection (PBIT, CBIT, IBIT, maintenance, pilot…). Computation of the detection coverage according to the phases and effects of each Failure Mode. Acceptable detection requirements for the aerospace industry. Calculation of false alarm ratios.

FMES & Candidate Critical Item List
FMES obtention after FMECA completion. Analysis of the most critical end effects and most influencing items and failure modes. Candidate Critical Item List. How to draw conclusions from an FMECA

Recommendations and safety requirements
Recommendations for system engineers derived from the FMECA (e.g. fail-safe demonstration, dual check reuqired, critical characteristic investigation). Safety requirements.Final tips to perform a good FMECA. Detection of possible flaws

ACTIVITY 1: Development of a complete FMECA analysis for an ATA 24 (Electrical) system* in Robin FMECA

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ARP4761: Guidelines and methods for conducting the Safety Assessment Process on Civil airborne systems and equipmen
• FMD-2016: Failure Mode Mechanisms Distribution, Quanterion

Auxiliary

• Guidelines for Failure Mode and Effects Analysis for Automotive, Aerospace and General Manufacturing Industries, Dyadem Press. ISBN: 0849319080
• Product Excellence Using Six Sigma. Failure Modes, Effects & Criticality Analysis. Warwink Manufacturing Group

History of Cybersecurity
Background explaining the beginning and evolution of Airworthiness Cybersecurity, specially centred in EASA

Applicable and related regulation
Amendments performed in Certification Specifications by EASA & FAA. Requirements specified by DO-178C

Development Process
Steps and processes to follow to comply with ED-202 standard. Interdependencies between Safety and Security

Security Risk Assessment
Sections and methodology for performing a SRA. Numerical evaluation of level threat according ED-203A

Security Verification and Continued Airworthiness
Security, Robustness and Vulnerability Tests. Cybersecurity in Continued Airworthiness according to ED-204.

ACTIVITY 1: Perform a Security Risk Assessment for a WiFi equipment*

*The example system can be adapted to students’ industry and requirements on previous request

Basic

• ED-202A: Airworthiness Security Process Specification
• ED-203A: Airworthiness Security Methods and Considerations
• ED-204: Information Security Guidance for Continuing Airworthiness

Auxiliary

• DO-178C: Software Considerations in Airborne Systems and Equipment Certification