Melding DoD and FAA System Safety Methods  Blending SAE ARP4761 and MIL-STD-882E processes Presented To: 2014 International System Safety Society Conference St. Louis, MO Presented By: Marge Jones Commercial Aircraft Safety Commercial Projects Government Direct Projects Process Training Safety Analytical University of Kansas PPT Solutions Inc. Technologies, Inc. Aerospace Short Course Huntsville, AL Huntsville, AL [email protected] www.pptsinc.com http://aeroshortcourses.ku.edu/ SAE International did not authorize including their copyrighted material in electronic versions of this presentation. The following provides a summary of the ARP material that will be needed: ARP4761 ARP4754A Figure 2, p.18 Figure 7, p. 33 Section 2.2, p. 12 Section 5.2.3.2.1.1, pp. 41 & 42 Figure 9, p. 45 Table 4, p. 46 Table 3, p. 44 Figure 10, p. 48 Table 5, p. 49 Section 5.2.4, p.50 Figure 11, p. 51 Objective  Highlight the differences and similarities between MIL-STD-882E and associated Data Item Descriptions (DIDs) with the commercial aircraft system safety process (14CFR2X.1309, AC2X.1309, SAE ARP4761 and ARP4754)  By understanding the differences and similarities, Statement of Work and CDRL requirements can be tailored to define a blended system safety process that could satisfy both  FAA regulations are law – shall comply. Less flexible in terms of techniques or methods for showing of compliance. Always coordinate with Customers 2 Melding DoD and FAA System Safety Methods  Similarities  Same Basic System Safety Concept  Order of Precedence for applying risk mitigation  Tied to Development Process  Analytical techniques defined by specific objectives  Differences  Applicability and Diversity of Systems  Terminology  Acceptable Risk Concept  Technique for consideration of software/logic devices contributions  Specific analytical techniques and documentation 3 Blended “Safety” Definition  PHYSICAL Safety is dependent upon inherent characteristics of the component, system, etc. Physical  Usually can be thought of stored energy or energy transfers  OPERATIONAL Safety is usually thought of in terms of the user environment Functional Operational  How, when, by whom, etc..  FUNCTIONAL Safety is dependent From: “Aircraft System Safety, Military upon correct performance of and Civil Aeronautical Applications,” Duane Kritzinger intended function  and “control” of unintended functions: loss of, malfunctions, etc…  Any safety process MUST address all these aspects! 4 Outline  Basic System Safety Concept  Background on Commercial Aircraft Safety Process and MIL-STD-882 Process  Show integration with development  Methods for Consideration of Software to Hazards  Definitions – Conflicts  Comparison of Analysis Tasks  All Tasks  FHA, PSSA, SSA/SAR details  Safety Planning 5 System Safety Basic Concept/Process Identify the “Threat” [hazards/ hazardous conditions/ failure conditions/ unsafe Identify Safety “Risk” Requirements conditions] Assess the Severity and Establish Safety Identify Safety “Solutions” Requirements Objectives Develop Mitigation Strategies [Architecture, Operational, and/or Ensure all “Solutions” Identified Installation] Determine Effectiveness of Mitigation Strategies [Acceptable Risk] Verify Requirements Met Verify Implementation of Mitigation Strategies © 2014. Safety Analytical Technologies, Inc. 6 ARP4761 System Safety Process - Documentation Identify the “Threat” [hazards/ hazardous conditions/ failure conditions/ unsafe PSSA conditions] Assess the Severity and Establish Safety FHA Objectives Develop Mitigation SSA Strategies [Architecture, Operational, and/or Installation] Determine Effectiveness of Mitigation Strategies [Acceptable Risk] FHA - Functional Hazard Assessment Verify Implementation of PSSA – Preliminary System Safety Assessment Mitigation Strategies SSA – System Safety Assessment © 2014. Safety Analytical Technologies, Inc. 7 ARP4761 System Safety Concept/Process Identify Safety “Risk” Requirements DEFINE SAFETY OBJECTIVES/ REQUIREMENTS Functional Hazard Identify Risk Mitigations (Safety Requirements) Assessment Ensure all Safety Requirements Identified VALIDATE SAFETY OBJECTIVES/ REQUIREMENTS Preliminary System Safety Assessment Verify Requirements Met VERIFY SAFETY OBJECTIVES/ REQUIREMENTS System Safety Assessment © 2014. Safety Analytical Technologies, Inc. 8 Safety Assessment Process Overview (ARP4761) Physical Aircraft/System Hazards Architecture (Particular Risk, Definition Common Mode) System Safety Contribution to Requirements Determine Failure Condition (assurance, red., Severity Establish [DD, FTA, Markov, prob., install, Safety Establish Common Mode, etc.) Identify Objectives Compliance FFMEA] Functional Equipment Method (Safety Failures Safety Analyses, etc.) Requirements Software/CEH (assurance, Safety redundancy, Requirements prob., etc.) VALIDATE SAFETY (assurance, OBJECTIVES/ functions, etc.) Aircraft FHA System FHA REQUIREMENTS Preliminary System Safety Assessment System Safety Analysis Item Safety [F-FMEA, FTA, DEFINE SAFETY Analysis [Pred, CCA] OBJECTIVES/ FMEA, FTA, Aircraft REQUIREMENTS CCA] Safety Analysis [FTA, CCA] Functional Hazard Assessment VERIFY SAFETY Assurance FTA – Fault Tree Analysis OBJECTIVES/ Process DD – Dependency Diagram REQUIREMENTS Test Data; Verification Data Stress, FMEA – Failure Mode and Effects Analysis System Safety Performance, Assessment etc.. Analyses CCA – Common Cause Analysis 9 © 2014. Safety Analytical Technologies, Inc.