Aviation safety is ensured by a large ecosystem of different regulations, one of which is the ARP4761A Guidelines and Methods for Conducting The Safety Assessment Process on Civil Airborne Systems and Equipment, a 300-page book authored by SAE international and published in December 1996. In essence, it describes guidelines and methods for assessing the safety level of an aircraft in order to certify it. Read on to learn more about what this document contains and why it represents a fundamental pillar for safety assessment in the aviation industry.
Any individual — ranging from engineers to QA specialists to managers — who is somehow involved in aviation safety is governed by many rules which require procedures to be clearly defined, documented, and adhered to in order to get an aircraft in the sky. There are a myriad of regulations to be followed which outline how tasks need to be carried out and the absolute minimum requirements for attaining certification when it comes to developing flyable aircrafts.
Avionics safety is related to aviation safety but is not exactly the same thing: the term avionics specifically refers to the various electronic systems used in aircraft and satellites. This includes communications systems, navigation, display dashboards, and hundreds of other systems which are embedded in aircrafts for different functions. Getting avionics safety right includes examining the design, construction, analysis, and rigorous testing of all electronic systems, with the end goal of producing systems that are safeguarded against hazardous operations as much as possible. And where not possible, the risk must be managed at what is considered an acceptable level.
Ensuring aircraft safety to reduce the risks associated with air travel and transportation is an incredibly complicated task, which is why the industry needed a regulatory guide which combined international standards with a high level of safety protocols.
That’s where ARP4761A comes in
The ARP4761A Guidelines and Methods for Conducting The Safety Assessment Process on Civil Airborne Systems and Equipment is a 300-page book which was authored by SAE international and published in December 1996. It describes guidelines and methods for assessing the safety level of an aircraft to certify it. On top of that, it also forms part of the Aerospace Recommended Practice, a comprehensive collection of regulations whose aim is to support the secure development of civil aircraft and systems.
ARP4761A was created because industry professionals wanted to formalize the safety procedures associated with aircraft safety evaluation and give the overall process more structure. It works in close conjunction with its ‘sister’ regulation, SAE ARP4754 Guidelines for Development of Civil Aircraft and Systems. According to SAE, ARP4761A is “primarily associated with showing compliance with FAR/JAR 25.1309” and outlines “a systematic means, but not the only means, to show compliance.”
What to expect in the contents
ARP4761A is deemed by industry officials to be much more than a mere guideline for aircraft safety. While it provides a tutorial on aircraft safety, it also outlines instructions for applying theoretical concepts to different development activities in the aircraft development process. In other words, it provides the essential foundation for the safety assessment process for the avionics industry, which other regulations have since built upon.
Given that the goal of the assessment is to ensure the safety of the aircraft, its crew and its occupants, the guidelines leverage the following methods:
- Performing careful analysis (like FHA, PASA, PSSA, and SSA among many others)
- Architectural optimization
- Critical level definition and assessment
- Component selection
- Constant improvement, monitoring, and maintenance
Optimizing aircraft safety: the philosophy behind it
Technically speaking, the process of assessing the safety of an aircraft begins with the concept development phase and ends when it is verified that the design meets safety requirements. Whenever changes are made due to new iterations throughout the design process, the modified design needs to be reassessed again to determine its safety.
Sounds simple enough, right? Well, not exactly. Some people have the understandable misconception that the purpose of this safety assessment is to completely eliminate the risk of hazards, however, this is just not possible with complex avionics systems. ARP4761A takes a more realistic approach which still ensures optimum levels of security. It uses the following tenets to discover and measure hazards and risk:
- A severe hazard can be tolerable if the probability that it will happen is acceptably low
- A probable hazard can be tolerable if its potential effect on the aircraft, crew, and passengers is considered acceptable
- The hazard occurrence probability must always be inversely proportional to its possible severity
The ARP4761A approach to avionics safety
To sum it up, the purpose of the avionics safety assessment is to ask and answer the following questions for the aircraft and all systems involved:
- What is it for?
- What could go wrong with it?
- What happens if it does go wrong?
- What could cause it to go wrong?
- How high is the risk of something going wrong?
- Can you accept that risk?
While the safety of hardware can be calculated by measuring the probability of failure over a specific period of time, it is significantly more difficult to numerically ‘measure’ software safety. So for the software part of this regulation, rather than measuring probabilities of failure, ARP4761A establishes software safety by ensuring rigorous software documentation and verification which monitors how severe the outcomes will be if the software fails to perform its intended function.
ARP4761A Common Cause Analysis
One of the most important areas covered within ARP4761A is common cause analysis. In other words, aircraft developers must make every possible effort to ensure that aircraft systems and components can operate independently from each other. This means that a single failing system won’t be able to cause a chain of hazardous failures in an aircraft. If independence can’t be guaranteed, the system dependencies need to be assessed and deemed acceptable.
The results of common cause analysis are also useful for identifying opportunities for further optimization, whether that’s of overall safety standards, environmental risk assessments, or zonal safety requirements. Here are a couple of the types of analysis ARP4761A recommends:
1. Zonal Safety Analysis (ZSA):
This analysis makes sure that each of the systems installed in an aircraft are safe in their installations, as well as evaluating the possibility of them either malfunctioning or interfering with other systems aboard the aircraft.
2. Particular Risks Analysis (PRA):
Particular risks in this case refers to catastrophic events which can happen outside of systems (for example fire, lightning, or other weather hazards). Developers must conduct this analysis to limit the extent to which events like these can influence the performance of aircraft systems.
3. Common Mode Analysis (CMA):
This analysis determines the dependency of separate events and which combinations would trigger a failure state in an aircraft. Mapping these dependencies and ensuring as much independence as possible assures that no single event would make the aircraft fail.
Of course, the full ARP4761A details many more types of tests and analysis, however this is a good sneak peek of the different types of analysis you can expect to discover inside the guideline.
The easiest way to ensure traceability, cut down on compliance time, and reduce costs
ARP4761A may seem complex at first, and all the other regulations which pile on top of it don’t help matters either. Developing software and hardware for aircraft and spacecraft requires adhering to many rules and regulations, which makes achieving compliance seem very daunting, but it doesn’t need to be.
An easy way to streamline the development of airborne products, aviation software, and embedded avionics systems is by using a Requirement, Risk, Test, and Lifecycle Management platform like codebeamer. Cut development and compliance costs, reduce cycle times, and achieve compliance with DO-178C, DO-254, and other aviation standards.
Want to experience codebeamer in action? Try it for free – no credit card needed, no strings attached: