AVIATION SYSTEM SAFETY
Knowledge and experience in system safety, software safety, system engineering, project management, and reliability are necessary for one to work effectively in aviation safety.
Ground-based or airborne systems, we are here to help you whether it be in a consulting role or training.
HCRQ has experience with:
- SAE ARP4754A,
- SAE ARP4761,
- MIL-STD-882 (E, D, C, B),
- JSSSEH,
- FAA Safety Management System (SMS),
- Safety Risk Management Guidance for System Acquisitions (SRMGSA),
- Safety Risk Management Document (SRMD),
- System Safety Working Group (SSWG),
- Weapons System Explosives Safety Review Board (WSESRB), and
- Software System Safety Technical Review Panel (SSSTRP)
*** AVIATION SYSTEM SAFETY COURSE ***
SAE ARP4761, MIL-STD-882E and much, much more. Find out what the attraction is. Click here for insight. Compare FHA with PHA for example. You will see what continues to attract many people to this course.
A FEW OF OUR PREVIOUS AVIATION CONTRACTS
SYSTEM SAFETY SUBCONTRACT
Harris Corporation selected HCRQ to be the system safety subcontractor on the FAA DCIS project.
The Data Comm Program is a critically important next step for improving air safety, reducing delays, increasing fuel savings, improving the environment, and leading U.S. aviation into the 21st century. The introduction of data communications between the FAA's air traffic control functions and carrier aircraft represents a key phase of the transition from the current decades old analog voice system to a predominantly digital mode of communication. The Data Comm System supports the NextGen vision by providing Air Traffic Service (ATS) data transmissions directly to pilots via aircraft avionics systems. This ATS data communications capability enables more efficient procedures and flight profiles through services such as revised departure clearances, automation of routine clearances, Traffic Flow Management reroutes, automated transfer of communications, optimized profile descents, and trajectory-based operations. These services contribute to evolving air traffic control from short-term tactical operations to the strategic managements of flights from gate-to-gate.
The Harris Team also includes companies such as ARINC, GE Aviation and Thales.
The Data Comm Program is a critically important next step for improving air safety, reducing delays, increasing fuel savings, improving the environment, and leading U.S. aviation into the 21st century. The introduction of data communications between the FAA's air traffic control functions and carrier aircraft represents a key phase of the transition from the current decades old analog voice system to a predominantly digital mode of communication. The Data Comm System supports the NextGen vision by providing Air Traffic Service (ATS) data transmissions directly to pilots via aircraft avionics systems. This ATS data communications capability enables more efficient procedures and flight profiles through services such as revised departure clearances, automation of routine clearances, Traffic Flow Management reroutes, automated transfer of communications, optimized profile descents, and trajectory-based operations. These services contribute to evolving air traffic control from short-term tactical operations to the strategic managements of flights from gate-to-gate.
The Harris Team also includes companies such as ARINC, GE Aviation and Thales.
COMPANION CONTRACT: SYSTEM SAFETY
SUBCONTRACT ON DATA COMMUNICATIONS
NETWORK SERVICE (DCNS)
SUBCONTRACT ON DATA COMMUNICATIONS
NETWORK SERVICE (DCNS)
HCRQ is the system safety subcontractor to Harris Corporation on the FAA DCNS project.
SYSTEM SAFETY SUBCONTRACTOR ON ALASKA
FLIGHT SERVICE MODERNIZATION (AFSM)
FLIGHT SERVICE MODERNIZATION (AFSM)
Harris Corporation selected HCRQ to be the system safety subcontractor on the AFSM project. Safety Risk Management Guidance for System Acquisitions (SRMGSA) was to be followed.
SYSTEM SAFETY SUBCONTRACTOR ON OASIS II
HCRQ was the system safety subcontractor to Harris Corporation on the Operational Supportability and Implementation System (OASIS) II in Alaska.
SYSTEM SAFETY SME FOR DND'S MHP DEFENSE
HELICOPTER ACQUISITION
HELICOPTER ACQUISITION
HCRQ was responsible for specifying system safety requirements (e.g., SOW, CDRLs, DIDs), reviewing system safety portions of other SOW sections and DIDs (e.g., project management, system engineering, airworthiness) for the Canadian Martime Helicopter Project (MHP).
This position interfaced directly with Human Factors Engineering, system engineering, software, project management, configuration management, and airworthiness aspects of this project. The MHP contract was awarded to Sikorsky Aircraft who openly praised the quality of our work. Our hats will always be off for Clifford Parizo and Bill Harrison !!!
This work thus established the baseline for system safety of the CH148 Cyclone.
This position interfaced directly with Human Factors Engineering, system engineering, software, project management, configuration management, and airworthiness aspects of this project. The MHP contract was awarded to Sikorsky Aircraft who openly praised the quality of our work. Our hats will always be off for Clifford Parizo and Bill Harrison !!!
This work thus established the baseline for system safety of the CH148 Cyclone.
SYSTEM SAFETY ANALYSIS FOR UAV DE-ICING SYSTEM
HCRQ was responsible for the reliability, maintainability and safety analyses for Ice Management Systems' Electro-Expulsive De-icing System (EEDS) used on the WK450 Watchkeeper UAV.
The WK450 is based on the Elbit 450 Hermes tactical UAV.
Clouds with supercooled liquid water constitute a significant aviation hazard because of the potential risk of air-craft icing. Icing reduces rate of lift, rate of climb, and fuel efficiency while increasing drag, stalling speed, weight, and power requirements.
At pre-determined intervals, the EEDS passes a pulse of current through embedded conductors. Electromagnetic forces repel the top layer away from the rigidly mounted bottom layer. The top layer imparts a shock/acceleration force to the outer surface. This rapid acceleration force breaks the surface tension of the ice on the outer surface of the cuff and shatters the ice into harmless particles.
The WK450 is based on the Elbit 450 Hermes tactical UAV.
Clouds with supercooled liquid water constitute a significant aviation hazard because of the potential risk of air-craft icing. Icing reduces rate of lift, rate of climb, and fuel efficiency while increasing drag, stalling speed, weight, and power requirements.
At pre-determined intervals, the EEDS passes a pulse of current through embedded conductors. Electromagnetic forces repel the top layer away from the rigidly mounted bottom layer. The top layer imparts a shock/acceleration force to the outer surface. This rapid acceleration force breaks the surface tension of the ice on the outer surface of the cuff and shatters the ice into harmless particles.
DIRECT USER ACCESS TERMINAL (DUAT)
HCRQ provided system safety support to Data Transformation Corporation (DTC) on DUAT.
DUAT provides weather briefing, flight planning, flight plan filing, and information functions to pilots.
With the assistance of DTC, HCRQ prepared the Preliminary Hazard Analysis (PHA), Hazard Log (HL), System Safety Hazard Analysis (SHA), and System Safety Assessment Report (SAR). HCRQ also assisted with responses to comments from FAA and related document modifications.
DUAT provides weather briefing, flight planning, flight plan filing, and information functions to pilots.
With the assistance of DTC, HCRQ prepared the Preliminary Hazard Analysis (PHA), Hazard Log (HL), System Safety Hazard Analysis (SHA), and System Safety Assessment Report (SAR). HCRQ also assisted with responses to comments from FAA and related document modifications.
DIRECT USER ACCESS TERMINAL SERVICE (DUATS)
HCRQ provided system safety support to Computer Sciences Corporation (CSC) on DUATS.
This effort was similar to that provided to DTC.
This effort was similar to that provided to DTC.
POTENTIAL FUTURE CONTRACT - FLIGHT SERVICE DIRECT (FSD)
FAA has a requirement for a performance-based acquisition to replace DUATS with increased capability, which will be called FSD.
Due to its previous effort on DUAT and DUATS, HCRQ hopes to provide the system safety support.
Due to its previous effort on DUAT and DUATS, HCRQ hopes to provide the system safety support.
SYSTEM SAFETY SUPPORT FOR ECU
HCRQ provided SAE ARP4761 system safety support to RCCT (formerly Athena Technologies Inc.) on an Engine Control Unit (ECU) project.
TECHNICAL AIRWORTHINESS MANUAL (TAM) CRITIQUE
We critiqued DND's TAM identifying deficiencies with respect to system safety.
After spending this many years in system safety, we quickly focus on what is missing and what is wrong.
By the way, perhaps you are familiar with Australian Air Publication 7001.053(AM1) "Technical Airworthiness Management Manual". It specifies software safety requirements in sections 2.2.12 (e)(2), 2.2.12 (e)(4), and 3.5.3 (d)(2).
After spending this many years in system safety, we quickly focus on what is missing and what is wrong.
By the way, perhaps you are familiar with Australian Air Publication 7001.053(AM1) "Technical Airworthiness Management Manual". It specifies software safety requirements in sections 2.2.12 (e)(2), 2.2.12 (e)(4), and 3.5.3 (d)(2).
ED-135/SAE ARP4761
ED-135/SAE ARP4761 is specifically oriented towards "airborne systems and equipment". This standard marries nicely to:
ED-135/SAE ARP4761 is based on qualitative safety targets, in the form of Development Assurance Levels, and quantitative safety targets which are flowed down and verified.
Similar to other approaches to system safety, its intent is to influence architectural design.
ED-135/SAE ARP4761 utilizes the concept of failure conditions which are classified according to severity.
Since ARP4761 focuses on aircraft hazards, it does not address the other types and their associated analyses. ARP4761 also falls short in a number of other areas and defines FMEA incorrectly ! HCRQ recently provided such insight to COMAC (China).
- ED-79A/SAE ARP 4754A (certification considerations with the exceptions of Safety Program Plan, Preliminary Aircraft Safety Assessment (PASA), and Aircraft Safety Assessment (ASA) which are awaiting 4761A - currently expected in January 2022),
- ED-12C/RTCA DO-178C (airborne software considerations),
- ED-109A/RTCA DO-278A (CNS/ATM software considerations), and
- ED-80/RTCA DO-254 (hardware considerations).
ED-135/SAE ARP4761 is based on qualitative safety targets, in the form of Development Assurance Levels, and quantitative safety targets which are flowed down and verified.
Similar to other approaches to system safety, its intent is to influence architectural design.
ED-135/SAE ARP4761 utilizes the concept of failure conditions which are classified according to severity.
Since ARP4761 focuses on aircraft hazards, it does not address the other types and their associated analyses. ARP4761 also falls short in a number of other areas and defines FMEA incorrectly ! HCRQ recently provided such insight to COMAC (China).
DEVELOPMENT ASSURANCE LEVELS (DALS)
DALs are primarily an ED-135/SAE ARP4761 concept and are "similar to" Safety Integrity Levels (SILs).
The System Safety Program defines DALs for aircraft functions, for systems, for items, for hardware and for software.
DALs must be determined by experienced system safety engineers as their assignment is crucial.
DALs for aircraft functions are determined from the hazard or failure condition severities.
DALs are utilized to establish confidence that system development has been accomplished in a sufficiently disciplined manner to limit the likelihood of development errors that could impact safety.
The hardware and software design levels establish the degrees of rigor to be used in the associated development processes.
The System Safety Program defines DALs for aircraft functions, for systems, for items, for hardware and for software.
DALs must be determined by experienced system safety engineers as their assignment is crucial.
DALs for aircraft functions are determined from the hazard or failure condition severities.
DALs are utilized to establish confidence that system development has been accomplished in a sufficiently disciplined manner to limit the likelihood of development errors that could impact safety.
The hardware and software design levels establish the degrees of rigor to be used in the associated development processes.
SAFETY ASSESSMENTS
ED-135/SAE ARP4761 calls up:
CCA is addressed very well and is embodied in FHA, PSSA and SSA. Its is also addressed very well in HCRQ's aviation system safety, and system safety courses.
By the way, did you know that you can purchase excellent DIDs from us for FHA, PSSA, SSA and more?
ED-135/SAE ARP4761 advocates the following analytical approaches:
- Functional Hazard Assessment (FHA),
- Preliminary System Safety Assessment (PSSA),
- System Safety Assessment (SSA), and
- Common Cause Analysis (CCA).
CCA is addressed very well and is embodied in FHA, PSSA and SSA. Its is also addressed very well in HCRQ's aviation system safety, and system safety courses.
By the way, did you know that you can purchase excellent DIDs from us for FHA, PSSA, SSA and more?
ED-135/SAE ARP4761 advocates the following analytical approaches:
- Fault Tree Analysis (FTA),
- Dependency Diagrams (DD),
- Markov Analysis (MA),
- Failure Mode and Effects Analysis (FMEA), and
- Failure Mode and Effects Summary (FMES).
CMR
A Certification Maintenance Requirement (CMR) is a mandatory periodic task, required to maintain the safety of the aircraft, which is established during the design certification of the aircraft as an operating limitation of the type certificate.
The maintenance requirements, and the necessary interval between these focused maintenance activities in order to ensure adequate safety coverage, are derived by the System Safety Program.
The use of periodic maintenance or flight crew checks to detect significant latent failures when they occur is undesirable and should not be used in lieu of practical and reliable failure monitoring and indication.
CMRs are identified within the PSSA and verified within the SSA.
The maintenance requirements, and the necessary interval between these focused maintenance activities in order to ensure adequate safety coverage, are derived by the System Safety Program.
The use of periodic maintenance or flight crew checks to detect significant latent failures when they occur is undesirable and should not be used in lieu of practical and reliable failure monitoring and indication.
CMRs are identified within the PSSA and verified within the SSA.
MMEL
A Master Minimum Equipment List (MMEL) regulates the dispatch of aircraft with inoperative equipment.
It defines the aircraft equipment allowed to be inoperative under certain conditions for a specific aircraft.
It defines the aircraft equipment allowed to be inoperative under certain conditions for a specific aircraft.
ED-12C/RTCA DO-178C
ED-12C/RTCA DO-178C utilizes Software Development Assurance Levels defined by the application of ED-135/SAE ARP 4761.
- A - Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a catastrophic failure condition for the aircraft
- B - Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a hazardous/severe-major failure condition for the aircraft
- C - Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a major failure condition for the aircraft
- D - Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a minor failure condition for the aircraft
- E - Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function with no effect on aircraft operational capability or pilot workload
ED-80/RTCA DO-254
ED-80/RTCA DO-254 utilizes Hardware Development Assurance Levels defined by the application of ED-135/SAE ARP 4761.
- A - Hardware functions whose failure or anomalous behavior, as shown by the hardware safety assessment, would cause a failure of system function resulting in a catastrophic failure condition for the aircraft
- B - Hardware functions whose failure or anomalous behavior, as shown by the hardware safety assessment, would cause a failure of system function resulting in a hazardous/severe-major failure condition for the aircraft
- C - Hardware functions whose failure or anomalous behavior, as shown by the hardware safety assessment, would cause a failure of system function resulting in a major failure condition for the aircraft
- D - Hardware functions whose failure or anomalous behavior, as shown by the hardware safety assessment, would cause a failure of system function resulting in a minor failure condition for the aircraft
- E - Hardware functions whose failure or anomalous behavior, as shown by the hardware safety assessment, would cause a failure of system function with no effect on aircraft operational capability or flight crew workload