Scribd
Upload
289 views19 pages

Presentation ARP4754 APSYS

The document discusses guidelines for developing civil aircraft systems according to ARP4754A. It summarizes different root causes of failures such as random failures, errors, and events. It then describes how ARP4754A establishes Development Assurance Levels (DALs) to reduce design errors based on a safety assessment process. DALs are assigned to both functions and items/components based on their failure classifications and guide the development assurance procedures that must be followed.

Uploaded by

Dr Mechanica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
289 views19 pages

Presentation ARP4754 APSYS

The document discusses guidelines for developing civil aircraft systems according to ARP4754A. It summarizes different root causes of failures such as random failures, errors, and events. It then describes how ARP4754A establishes Development Assurance Levels (DALs) to reduce design errors based on a safety assessment process. DALs are assigned to both functions and items/components based on their failure classifications and guide the development assurance procedures that must be followed.

Uploaded by

Dr Mechanica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Séminaire Captronic – Toulouse - 18/09/2013

ARP4754-A / ED79-A
“Guidelines for Development of
Civil Aircraft And Systems”

Points clés
Premiers retours d’expérience
INTRODUCTION

Different root causes of


failures

Page 2
Different root causes

►Random failure

►Error

►Event

Page 3
Random Failure

Example: short circuit of electronic component

► This type of failure is covered by « classical » safety analyses


such as FMEA, FMES, FTA,…

Page 4
Event

► Examples of events considered in safety analysis:

Environmental events: meteorological conditions


• Wind, Icing, lightning, etc.

Flight Operation
• RTO, terminal area, emergency evacuation.

Fire or smoke event


• Fire or smoke in the cockpit or in cabine (APU, Engines,…)

Bird impact

Page 5
Error

Human error: Example: human error on procedure


application
=> Human error are covered by Human Factor analysis

Design/development errors: Examples : specification


error, hardware/software design error.
=> Introduction of DAL (Design Assurance Level) to
reduce the risk of error)

Page 6
Global approach of safety

► Random failure « classical » safety analysis

► Error (human cause) Human factor analysis

► Event PRA analysis

► Error (design cause) Design Assurance Level

Page 7
Development Assurance Level definition

Development Assurance level (DAL) for functions, item of


equipment, item of software.
- The DAL is the means for prescribing the measures to be taken in order to avoid
errors during the development of onboard functions systems and items.
- DAL is determined using the results of the Safety Assessment Process.
- The development assurance procedures to apply for the development of a function
or an item depend on the DAL associated to this item. These development assurance
procedures for the onboard systems are given in:

· ARP 4754A for functions, systems, items development,


· DO 178 B / ED 78B for software item development,
· DO 254 / ED 80 for electronic hardware item development,

Page 8
Presentation of ARP4754A

Safety Assessment Process


Guidelines & Methods
( ARP 4761 / ED- 135)
Intended
Function, Failure System
Aircraft
& Safety Design
Function
Information Information

Guidelines for development of


Civil Aircraft and Systems
( ARP4754A / ED-79A)

Guidelines for Integrated


Modular Avionics
( DO- 297/ ED- 124)

Hardware Development Software Development


Life- Cycle Life- Cycle
( DO- 254 / ED- 80) ( DO- 178B/ED-12B)

Page 9
Overall ARP4754A approach

AIRCRAFT/SYSTEM
FUNCTIONS

Functional Dysfunctional

Requirements :
DAL & Qualitative / quantitative
Functional, Operational,
safety requirements
Performance, etc ...

Systems architecture and development

ARP4754A: GUIDELINES FOR DEVELOPMENT OF CIVIL AIRCRAFT AND SYSTEMS

Page 10
Presentation of ARP4754A

ARP4761
Function 1 (eg: Function 2 Function n
ARP4754 provide electrical power) (eg: propulsion)

System 1 System 2 (ex: System 3 System n


electrical generation)
(ex: electrical distribution)

DO178 Item 1 (ex: FPGA, Item 2 Item n


assembly board)
DO254 (ex: boot, loader,
applications)

Page 11
Page 11
A/C-System development process

DAL definition &


allocation

Requirements cascading
Page 12
SAFETY ASSESSMENT PROCESS
Aircraft Functions Aircraft level
Function DAL assigment

FHA / PASA

SyFHA

Item DAL allocation

PSSA System level

FTA FMEA
Hardware level
CMA FMES
Page 13
DAL assignment versus FC
classification

Error severity Classification DAL of the Develop. process


Catastrophic A
Hazardous / Severe Major B
Major C
Minor D
No safety effect E

There are two types of DAL:


One for function development (FDAL) and
one for item development (IDAL)

Page 14
ARP 4754A - Requirements determination and DAL

FDAL (Function Development Assurance Level) definition

- The FDAL is defined as: level of rigor of tasks performed to functions in a


development assurance process.

- FDAL applies to function development (requirement elaboration phase):


A/C Functions, Systems functions, Sub-Systems functions, equipment
functions.

- The ARP 4754A defines the activities and deliverables recommended


depending on the FDAL.
The ARP 4754A provides, according to the FDAL, the details of activities to
perform for development assurance and Configuration Management.

Page 15
ARP 4754A IDAL: DAL determination at equipment
level (hardware/software)

IDAL ( Item Design Assurance Level) definition

• The IDAL is defined as: Level of rigor of tasks performed to


items in the development assurance process.

• IDAL applies to hardware and software items development.

• IDAL is an input for the application of DO-178B/ED-12B


(software) and DO-254/ED-80 (Hardware).

• The IDAL assignment always follows the FDAL assignment.

Page 16
FDAL and IDAL assignment example

Top level function F


Top function level Top level FC: CAT
Table 5.1- Top level Function FDAL: A
Top level FDAL: A

Faul tree like


representation
Table 5.2- Function F1 et F2 FDAL
minimum assignment:
Option 1:A,C or C,A - Option 2: B,B
Sub function The IDAL assignment follows the FDAL
F1: FDAL1 F2: FDAL2 assignment :
members level
Item I1 et I2 IDAL minimum assignment:
Item members SW and HW IDAL1 = FDAL1,
SW1 IDAL1 SW2 IDAL2
SW and HW IDAL2 = FDAL2
level (SW or HW1 IDAL1 HW2 IDAL2
HW)

F1: FDAL1 SW1 IDAL1 HW1 IDAL1


Dependence
diagram
F2: FDAL2 SW2 IDAL2 HW2 IDAL2 representation

Page 17
FDAL Assignment taking credit for external events

- For systems that provide protection against an event external to the aircraft
design, the FDAL should be consistent with the reduction in safety margins
caused by the failure of the protection system per the FHA.
- The system FDAL may be assigned up to 2 levels below the top event FC
classification provided that the subject event is independent of the system failure
and the conditional probability is considered as:
FDAL

A Example: Cargo Fire Event


- Probability per flight hour 2x10-7
B
- Top level FC: Non controlled
C cargo fire: CAT
Then fire detection suppression
function: FDAL B

10-3 10- 10-5 10-6 10-7 10- Probability


4 9
of the
Legend: CAT Top Level Failure Condition
external
HAZ Top Level Failure Condition
event
Page 18
Merci pour votre attention

Page 19

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy