ARP4761A Introduction – Avionics Safety
Aviation Safety via ARP4761A is required for all avionics systems and this ARP4761A whitepaper provides the facts. ARP4761A’s FHA, PSSA, and SSA safety activities are summarized along with the continuous ARP4761 safety feedback required throughout avionics software and hardware development.
At 300+ pages, ARP4761 is rather more than a guideline for aircraft safety. ARP4761 is officially titled “Guidelines and Methods for Conducting The Safety Assessment Process on Civil Airborne Systems and Equipment”. In fact, ARP4761 is almost a tutorial on generalized safety and how to apply various theoretical analysis to assess ongoing development activities toward aircraft safety.
Clearly, ARP4761A lays the foundation for the most fundamental aspect of aircraft regulations: Safety. Clearly, viewing the avionics development ecosystem, ARP4761/A’s prominent place in the upper left conveys its importance:
The Safety Assessment process is a vital aspect of aviation safety, and for avionics, ARP4761 provides the foundation.
Literally every aspect of aviation undergoes safety assessment to better understand potential risks, quantify them, and then prevent, detect, or mitigate them, Experienced aviation persons are truthful when stating the safety assessment process is perhaps the most important element of avionics development. For avionics, the role of the safety assessment is to ensure the safety of the aircraft, its crew, and the occupants. Essentially, aircraft safety is optimized by performing careful analysis, architectural optimization, criticality level determination, component selection, architectural improvement, monitoring, and maintenance. Therefore only by having a thorough safety assessment process can we ensure we have an architecture with additional safety-related requirements which address safety aspects. The title of ARP4761 accurately justifies its importance within this fundamental process:
“Guidelines and Methods for Conducting the Safety assessment Process on Civil Airborne Systems & Equipment”
Clearly, ARP4761A is tightly coupled with ARP4754A and lays the foundation for the most fundamental aspect of aircraft regulations: Safety. Clearly, viewing the avionics development ecosystem, ARP4761A’s prominent place in the upper left conveys its importance; FAA certification and EASA certification now mandate ARP4754A plus a safety assessment, typically ARP4761:
As the ARP4761A-based safety assessment proceeds, the following documentation typically accompanies the various analyses:
- ✓ ARP4761A compliant Aircraft Functional Hazard Assessment (FHA)
- ✓ ARP4761A compliant Aircraft Fault Tree Analysis (FTAs)
- ✓ ARP4761A compliant System FHAs
- ✓ ARP4761A compliant System FTAs
- ✓ ARP4761A compliant System Failure Modes and Effects Analyses (FMEAs)
- ✓ ARP4761A compliant Item FTAs
- ✓ ARP4761A compliant Item FMEAs
ARP4761A: Top Down & Bottom Up:
A key to implementing ARP4761 properly is to remember the top-down versus bottom-up nature of ARP4761’s safety assessments as depicted in the following diagram (page 27 of AFuzion’s 240-page ARP4754A per ARP4761A training:
ARP4761 Common Cause Analysis
In ARP4761 and ARP4761A, common cause analysis is very important. The acceptance of adequate probability of failure conditions is often derived from the assessment of multiple systems based on the assumption that failures are independent. This independence might not exist in the practical sense, and specific studies are necessary to ensure that independence can either be assured or deemed acceptable. The ARP4761 common cause analysis yields additional safety requirements which then trace to implementation and tests, including DO-160 environmental tests. The SAE ARP4761 CCA is concerned with events that could lead to a hazardous or catastrophic failure condition. The CCA is divided into three areas of study:
- ✓ ARP4761 Zonal Safety Analysis (ZSA) — The objective of this analysis per ARP4761A is to ensure that the system and equipment installations within each zone of the aircraft are at an adequate safety standard regarding design and installation, interference between systems, and maintenance errors.
- ✓ ARP4761 Particular Risks Analysis (PRA) — Particular risks in ARP4761 and ARP4754A are those events or influences outside the systems of interest (for example, fire, leaking fluids, bird strike, HIRF, lightning, etc.). Each risk should be the subject of a specific study to examine and document the simultaneous or cascading effects (or influences) that might violate independence. The objective of the PRA per ARP4761 is to ensure that the safety related effects are either eliminated or that the risk is acceptable.
- ✓ ARP4761 Common Mode Analysis (CMA) — The CMA is performed to confirm the assumed independence of the events that were considered in combination for a given failure condition. Another way of saying this is that the CMA is performed to verify that combinatorial events in the FTA are truly independent in the actual implementation. ARP4761 mandates consideration of the effects of development, manufacturing, installation, maintenance and crew errors, and failures of system components that defeat the independence should be analyzed.
ARP4761A is rather more than a guideline for aircraft safety. ARP4761A (formally issued in 2018) is officially titled “Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment”. In fact, ARP4761 is almost a tutorial on generalized safety and how to apply various theoretical analysis to assess ongoing development activities toward aircraft safety.
Clearly, ARP4761A is tightly coupled with ARP4754A and lays the foundation for the most fundamental aspect of aircraft regulations: Safety. Clearly, viewing the avionics development ecosystem, ARP4761A’s prominent place in the upper left conveys its importance, as depicted below from AFuzion’s ARP4754A Training with ARP4761A details:
The safety assessment should answer the following questions for the aircraft, then each system, as depicted below:
A key is remembering that the safety assessment process begins with an overall Functional Hazard Assessment, followed by a Preliminary Assessment; both of these are top-down. Then, during and after implementation, the final System Safety Assessment is performed inclusive of FMEA which is bottom-up. This process is depicted below (excerpted from AFuzion’s ARP4754A training class with ARP4761A Training):
The purpose then of the FHA is summarized in the figure below excerpted from AFuzion’s ARP4754A training (with ARP4761A training info):
For the remaining 16 pages of this AFuzion ARP4761A Technical Whitepaper, please download below.
Information Request Form
Please provide the following information to receive your full WhitePaper