SAE規格 SARP4761, Revision A, 2023: Guidelines for Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment

Description

ARP4761A and its EUROCAE counterpart, ED-135, present guidelines for performing safety assessments of civil aircraft, systems, and equipment. They may be used when addressing compliance with certification requirements (e.g., 14 CFR/CS Parts 23, 25, 27, and 29 and 14 CFR Parts 33, 35, CS-E, and CS-P). ARP4761A/ED-135 may also be used to assist a company in meeting its own internal safety assessment standards. While the safety assessment processes described are primarily associated with civil aircraft, systems, and equipment, these processes may be used in many other applications. The guidelines herein identify a systematic safety assessment process, but other processes may be equally effective.

The processes described herein are usually applicable to the new designs or to existing designs that are affected by changes to design or functions. In the case of the implementation of existing design(s) in a derivative application, complementary means such as service experience in a similar application may be used in the safety assessment.

ARP4761A/ED-135 does not address safety assessment of in-service products but does include references to those processes. ARP5150A and ARP5151A contain processes for conducting in-service safety assessments.

This document does not include information on security threat considerations.

Purpose
This document presents guidelines for conducting an industry accepted safety assessment process consisting of the Aircraft Functional Hazard Assessment (AFHA), Preliminary Aircraft Safety Assessment (PASA), System Functional Hazard Assessment (SFHA), Preliminary System Safety Assessment (PSSA), System Safety Assessment (SSA), and Aircraft Safety Assessment (ASA) processes.

This document also presents information on the safety analysis methods that may be used to conduct the safety assessment process. These methods include Fault Tree Analysis (FTA), Dependence Diagram (DD), Markov Analysis (MA), Model-Based Safety Analysis (MBSA), Failure Modes and Effects Analysis/Summary (FMEA/FMES), Cascading Effects Analysis (CEA), Zonal Safety Analysis (ZSA), Particular Risk Analysis (PRA), and Common Mode Analysis (CMA).

Intended Users
The intended users of this document include, but are not limited to, aircraft, engine, and propeller manufacturers, system integrators, equipment suppliers, and certification authorities who are involved with the safety assessment of civil aircraft and associated systems and equipment.

How to Use This Document
The guidelines provided in this document are intended to be used in conjunction with other applicable documents (e.g., ARP4754B/ED-79B, RTCA DO-178C/ED-12C, RTCA DO-254/ED-80, and RTCA DO-297/ED-124), and also with the associated certification regulations and advisory material. These regulations/advisory materials include 14 CFR/CS Parts 23, 25, 27, and 29 (sections 1309, 1709, 2510, and other system safety requirements such as sections 671, 783, 901, 903, and 933, as applicable) and 14 CFR Parts 33 and 35, CS-E, and CS-P. Since the terminology used herein is directly aligned with ARP4754B/ED-79B, the application of ARP4761A/ED-135 in support of other development processes may require an understanding of the concepts in ARP4754B/ED-79B.

All the processes described in this document may not be applicable to all projects. The depth each process goes to in this document is an example and the level presented here may not be applicable to all projects. The safety program plan (or similar planning document) should draw from the list of processes depicted in this document, and describe how, and to what depth they will be used. The size and scope of the final process presented in this document may not be appropriate for the type and complexity of the product or STC activity. At a high level, the applicant is strongly encouraged to have the safety program plan (or similar planning document) include the depth to which each process will be applied, and where the results will show that the safety requirements are met. For information on planning documents, refer to ARP4754B/ED-79B. This document defines an overall safety assessment process and provides recommendations of process outputs. It identifies activities, methods, and inputs that may be used in the performance of safety assessments for civil aircraft and their associated systems and equipment. It is recognized that the safety process for a given program will be accomplished at multiple levels by multiple stakeholders.

General guidelines in evaluating the safety aspects of an aircraft, system, or equipment are provided in Section 3; the recommended processes and analytical methods, and the relationship between these, are introduced therein. Section 4 expands on some of these analytical methods. Section 5 provides information on the use of the analytical methods in this document by the manufacturer in determining maintenance tasks and intervals that provide for safe operation of the aircraft. Section 6 describes the relationship between the safety assessment process and the Master Minimum Equipment List (MMEL). Section 7 provides information on the Time Limited Dispatch (TLD) concept for Full-Authority Digital Engine Control (FADEC) systems which may be helpful in developing similar aircraft design solutions. Section 8 provides information on associated in-service safety assessment.

Users who need further information on a specific process or method may obtain detailed information from Appendices A through P. Appendix Q provides a contiguous example of the safety assessment process for a hypothetical system. This example illustrates the relationships between the processes and methods in creating the overall safety evaluation of an aircraft or system as it develops through the design cycle.

NOTE: The appendices are not standalone documents, but are intended to be used in conjunction with the information contained in this document’s main body. The user is cautioned not to use the appendices independent of the document main body. Further, the contiguous example contained in Appendix Q should not be used without making reference to the document main body and corresponding appendices.

Examples presented in this document, including documentation examples, are intended only as illustrations. The examples should not be interpreted as an addition to or an amplification of any recommendation.

Throughout this document and appendices, reference is made to using FTA. It should be understood by the reader that other quantitative analysis methods—such as DD, MA, or MBSA—may be selected to accomplish the same purpose, depending on the circumstances and the types of data desired.

ARP5580 contains information about FMEA, but ARP4761A/ED-135 takes precedence for purposes of civil aircraft safety assessment.