ARP4754

Last updated
Guidelines For Development Of Civil Aircraft and Systems
SAE International logo.svg
AbbreviationARP4754B
Latest versionB
December 2023 (2023-12)
Organization SAE International
DomainAviation Safety
Website www.sae.org/standards/content/arp4754b/

ARP4754, Aerospace Recommended Practice (ARP) ARP4754B (Guidelines for Development of Civil Aircraft and Systems), is a guideline from SAE International, dealing with the development processes which support certification of Aircraft systems, addressing "the complete aircraft development cycle, from systems requirements through systems verification." [1] Revision A was released in December 2010. It was recognized by the FAA through Advisory Circular AC 20-174 published November 2011. [2] [3] EUROCAE jointly issues the document as ED79.

Contents

Revision B was released in December 2023 and inherits the "mandates" conferred through FAA advisory circulars AC 25.1309-1 and AC 20-174 as acceptable means of demonstrating compliance with 14 CFR 25.1309 in the U.S. Federal Aviation Administration (FAA) airworthiness regulations for transport category aircraft, and also harmonized international airworthiness regulations such as European Aviation Safety Agency (EASA) CS25.1309. Revision B is an interim release meant to expedite consistency with ARP4761 Revision A, "Safety Assessment Process", which was also released in December 2023. While the general principles of FDAL/IDAL assignment and safety assessment process were retained in ARP4754B/ED-79B, the details of these activities and process were transferred to ARP4761A/ED-135. Major adjustments to ARP4754 are deferred to Revision C. [4] [5]

Objectives of the document

The Aerospace Recommended Practice (ARP) is a guideline for development of civil aircraft and systems with an emphasis on safety aspects. Revision A was a substantial rewrite of the document which describes the safety process as a part of an Integrated Development Process. A significant new section is devoted to the process of determining Development Assurance Level (DAL) which determines the assurance rigor of development and verification activities for complex hardware and software aspects of airborne systems.

It is intended to be used in conjunction with the safety assessment process defined in SAE ARP4761 (updated to Revision A in December 2023) and is supported by other aviation standards such as RTCA DO-178C/DO-178B and DO-254.

This guideline addresses Functional Safety and design assurance processes. DAL allocation pertaining to functional failure conditions and hazard severity are assigned to help mitigate risks. Functional Hazard Analyses / Assessments are central to determining hazards and assigning DAL, in addition to requirements based testing and other verification methods. This guideline concerns itself with Physical (item) DAL and Functional (software/systems integration behavior) DAL and the Safety aspects of systems for the whole life-cycle for systems that implement aircraft functions.

History

ARP4754 was defined in the context of aircraft certification, in particular Part 25 Sections 1301 and 1309 of harmonized civil aviation regulations for transport category airplanes. These are found in the U.S. FAA Federal Aviation Regulations (FAR) at 14 CFR 25.1309 and the corresponding European JAA Joint Aviation Requirements (JAR), which have been replaced by EASA certification standards. FAA Advisory Circular AC 25.1309-1A, System Design and Analysis, explained certification methodology for Part 25 Section 1309. [6]

In May 1996, the FAA Aviation Rulemaking Advisory Committee (ARAC) was tasked with a review of harmonized FAR/JAR 25.1309, AC 1309-1A, and related documents, and to consider revision to AC 1309-1A incorporating recent practice, increasing complex integration between aircraft functions and the systems that implement them, [7] and the implications of new technology. This task was published in the Federal Register at 61 FR 26246-26247 (1996-05-24). The focus was to be on safety assessment and fault-tolerant critical systems.

In a parallel effort, SAE published ARP4754 in November 1996. In 2002 ARAC submitted to the FAA a draft Notice of Proposed Rulemaking (NPRM) and draft revision AC 1309-1B (the draft ARSENAL version) recognizing the role of ARP4754 in complex system certification. [8] This draft remains unreleased, but ARP4754 became broadly recognized as an appropriate standard for aircraft system development and certification. The corresponding EASA Acceptable Means of Compliance AMC 25.1309 (included as a section of CS-25) does recognize ARP4754/ED79.

The FAA and EASA have both subsequently recognized ARP4754/ED79 as valid for certification of other aircraft categories, and for specific systems such as avionic databuses.

ARP4754A and ED79A were released by SAE and EUROCAE in December 2010. The document title has changed to Guidelines For Development Of Civil Aircraft and Systems. ARP4754A recognizes AMC 25.1309 (published in 2003) and AC 25.1309-1B-Arsenal draft. This revision expands the design assurance concept for application at the aircraft and system level and standardizes on the use of the term development assurance. As a consequence, Functional Development Assurance Level (FDAL) is introduced for aircraft and systems concerns and the term Design Assurance Level has been renamed Item Development Assurance Level (IDAL). [9] Furthermore, the addition of definitions for Error, Failure, and Failure Condition are acknowledge as derived from AMC 25.1309. [10] The qualitative and quantitative classification of failure conditions by severity and probability now used by ARP4754A [11] and ARP4761 [12] are defined in AMC 25.1309/AC 25.13091B-Arsenal draft.

See also

Related Research Articles

<span class="mw-page-title-main">Safety engineering</span> Engineering discipline which assures that engineered systems provide acceptable levels of safety

Safety engineering is an engineering discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety engineering. Safety engineering assures that a life-critical system behaves as needed, even when components fail.

DO-178B, Software Considerations in Airborne Systems and Equipment Certification is a guideline dealing with the safety of safety-critical software used in certain airborne systems. It was jointly developed by the safety-critical working group RTCA SC-167 of the Radio Technical Commission for Aeronautics (RTCA) and WG-12 of the European Organisation for Civil Aviation Equipment (EUROCAE). RTCA published the document as RTCA/DO-178B, while EUROCAE published the document as ED-12B. Although technically a guideline, it was a de facto standard for developing avionics software systems until it was replaced in 2012 by DO-178C.

A hazard analysis is one of many methods that may be used to assess risk. At its core, the process entails describing a system object that intends to conduct some activity. During the performance of that activity, an adverse event may be encountered that could cause or contribute to an occurrence. Finally, that occurrence will result in some outcome that may be measured in terms of the degree of loss or harm. This outcome may be measured on a continuous scale, such as an amount of monetary loss, or the outcomes may be categorized into various levels of severity.

<span class="mw-page-title-main">ARP4761</span> Aerospace recommended practice from SAE International

ARP4761, Guidelines for Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment is an Aerospace Recommended Practice from SAE International. In conjunction with ARP4754, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S. Federal Aviation Administration (FAA) airworthiness regulations for transport category aircraft, and also harmonized international airworthiness regulations such as European Aviation Safety Agency (EASA) CS–25.1309.

RTCA DO-254 / EUROCAE ED-80, Design Assurance Guidance for Airborne Electronic Hardware is a document providing guidance for the development of airborne electronic hardware, published by RTCA, Incorporated and EUROCAE. The DO-254/ED-80 standard was formally recognized by the FAA in 2005 via AC 20-152 as a means of compliance for the design assurance of electronic hardware in airborne systems. The guidance in this document is applicable, but not limited, to such electronic hardware items as

<span class="mw-page-title-main">DO-160</span> Standard for environmental testing of avionics hardware

DO-160, Environmental Conditions and Test Procedures for Airborne Equipment is a standard for the environmental testing of avionics hardware. It is published by the Radio Technical Commission for Aeronautics (RTCA) and supersedes DO-138.

DO-178C, Software Considerations in Airborne Systems and Equipment Certification is the primary document by which the certification authorities such as FAA, EASA and Transport Canada approve all commercial software-based aerospace systems. The document is published by RTCA, Incorporated, in a joint effort with EUROC and replaces DO-178B. The new document is called DO-178C/ED-12C and was completed in November 2011 and approved by the RTCA in December 2011. It became available for sale and use in January 2012.

Zonal Safety Analysis (ZSA) is one of three analytical methods which, taken together, form a Common Cause Analysis (CCA) in aircraft safety engineering under SAE ARP4761. The other two methods are Particular Risks Analysis (PRA) and Common Mode Analysis (CMA). Aircraft system safety requires the independence of failure conditions for multiple systems. Independent failures, represented by an AND gate in a fault tree analysis, have a low probability of occurring in the same flight. Common causes result in the loss of independence, which dramatically increases probability of failure. CCA and ZSA are used to find and eliminate or mitigate common causes for multiple failures.

Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard. This is an adaptation of the Safety Integrity Level (SIL) used in IEC 61508 for the automotive industry. This classification helps defining the safety requirements necessary to be in line with the ISO 26262 standard. The ASIL is established by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario. The safety goal for that hazard in turn carries the ASIL requirements.

<span class="mw-page-title-main">Advisory circular</span> Publication offered by the Federal Aviation Administration

Advisory circular (AC) refers to a type of publication offered by the Federal Aviation Administration (FAA) to "provide a single, uniform, agency-wide system … to deliver advisory (non-regulatory) material to the aviation community." Advisory circulars are now harmonized with soft law Acceptable Means of Compliance (AMC) publications of EASA, which are nearly identical in content. The FAA's Advisory Circular System is defined in FAA Order 1320.46D.

<span class="mw-page-title-main">AC 25.1309-1</span> American aviation regulatory document

AC 25.1309–1 is an FAA Advisory Circular (AC) that identifies acceptable means for showing compliance with the airworthiness requirements of § 25.1309 of the Federal Aviation Regulations. Revision A was released in 1988. In 2002, work was done on Revision B, but it was not formally released; the result is the Rulemaking Advisory Committee-recommended revision B-Arsenal Draft (2002). The Arsenal Draft is "considered to exist as a relatively mature draft". The FAA and EASA have subsequently accepted proposals by type certificate applicants to use the Arsenal Draft on development programs.

<span class="mw-page-title-main">FAA Order 8130.34</span>

FAA Order 8130.34D, Airworthiness Certification of Unmanned Aircraft Systems, establishes procedures for issuing either special airworthiness certificates in the experimental category or special flight permits to unmanned aircraft systems (UAS), optionally piloted aircraft (OPA), and aircraft intended to be flown as either a UAS or an OPA.

<span class="mw-page-title-main">AC 20-115</span>

The Advisory Circular AC 20-115( ), Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( ), recognizes the RTCA published standard DO-178 as defining a suitable means for demonstrating compliance for the use of software within aircraft systems. The present revision D of the circular identifies ED-12/DO-178 Revision C as the active revision of that standard and particularly acknowledges the synchronization of ED-12 and DO-178 at that revision.

<span class="mw-page-title-main">FAA Order 8110.105</span> American regulatory order

FAA Order 8110.105B, Airborne Electronic Hardware Approval Guidelines is an explanation of how Federal Aviation Administration (FAA) personnel can use and apply the publication

<span class="mw-page-title-main">AC 20-152</span>

The Advisory Circular AC 20-152A, Development Assurance for Airborne Electronic Hardware, identifies the RTCA-published standard DO-254 as defining "an acceptable means, but not the only means" to secure FAA approval of electronic hardware for use within the airspace subject to FAA authority. Commonly, the DO-254 has been interpreted as applying to complex custom micro-coded components within aircraft systems with Item Design Assurance Levels (IDAL) of A, B, or C. However, Revision A of this AC clarifies that AC 20-152 and DO-254 applies to all type certification of all electronic hardware aspects of airborne systems, including all electronic hardware that is not complex, that is, "simple electronic devices". Revision A also defines objectives in addition to those identified in DO-254; applicants choosing to follow DO-254 under the authority of AC 20-152A must also accomplish these additional objectives.

<span class="mw-page-title-main">Boeing 737 MAX certification</span> Certification of aircraft

The Boeing 737 MAX was initially certified in 2017 by the U.S. Federal Aviation Administration (FAA) and the European Union Aviation Safety Agency (EASA). Global regulators grounded the plane in 2019 following fatal crashes of Lion Air Flight 610 and Ethiopian Airlines Flight 302. Both crashes were linked to the Maneuvering Characteristics Augmentation System (MCAS), a new automatic flight control feature. Investigations into both crashes determined that Boeing and the FAA favored cost-saving solutions, which ultimately produced a flawed design of the MCAS instead. The FAA's Organization Designation Authorization program, allowing manufacturers to act on its behalf, was also questioned for weakening its oversight of Boeing.

CAST-32A, Multi-core Processors is a position paper, by the Certification Authorities Software Team (CAST). It is not official guidance, but is considered informational by certification authorities such as the FAA and EASA. A key point is that Multi-core processor "interference can affect execution timing behavior, including worst case execution time (WCET)."

The Advisory Circular AC 00-69, Best Practices for Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( ), initially issued in 2017, supports application of the active revisions of ED-12C/DO-178C and AC 20-115. The AC does not state FAA guidance, but rather provides information in the form of "best practices" complementary to the objectives of ED-12C/DO-178C.

The Certification Authorities Software Team (CAST) is an international group of aviation certification and regulatory authority representatives. The organization of has been a means of coordination among representatives from certification authorities in North and South America, Europe, and Asia, in particular, the FAA and EASA. The focus of the organization has been harmonization of Certification Authorities activities in part though clarification and improvement of the guidance provided by DO-178C and DO-254.

<span class="mw-page-title-main">CAST-15</span>

CAST-15, Merging High-Level and Low-Level Requirements is a Certification Authorities Software Team (CAST) Position Paper. It is an FAA publication that "does not constitute official policy or guidance from any of the authorities", but is provided to applicants for software and hardware certification for educational and informational purposes only.

References

  1. Bill Potter. Complying with DO-178C and DO-331 using Model-Based Design (PDF). SAE 2012 Aerospace Electronics and Avionics Systems Conference (12AEAS). MathWorks, Inc. Retrieved 2019-02-13.
  2. Leanna Rierson (19 December 2017) [7 January 2013]. Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance. CRC Press. p. 49. ISBN   9781351834056 . Retrieved 2024-04-10. On September 30, 2011, the Federal Aviation Administration (FAA) published Advisory Circular (AC) 20–174, entitled Development of civil aircraft systems. AC 20–174 recognizes ARP4754A as 'an acceptable method for establishing a development assurance process.'
  3. S18 (2010). Guidelines for Development of Civil Aircraft and Systems. SAE International. ARP4754A.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: numeric names: authors list (link)
  4. Anastasiia Balashova (March 12, 2024). "Release of ARP4754B: Exploring the updates". DMD Solutions. Retrieved 2024-09-04. All of these [advisory circulars] elevates it from a 'guideline' to a 'mandatory' status, which the new version ARP4754B inherits. ... ARP4754B primarily focuses on alignment with the recently released ARP4761A, indicating that there are no significant changes in development principles compared to ARP4754A. The core of the development process remains consistent, and we expect some big changes in the forthcoming version, ARP4754C.
  5. "SAE ARP4754, Revision B, 2023: Guidelines for Development of Civil Aircraft and Systems". oviss.jp. Retrieved 2024-09-04. Revision B is primarily focused on the necessary updates to align its contents with ARP4761A/ED-135. There were extensive discussions within S-18/WG-63 on the need to limit scope of this revision versus expanding its contents to include emerging system development techniques in use by the industry. Given the timeframe of ARP4761A/ED-135 publication, and the necessity to maintain consistency between both ARP4754B/ED-79B and ARP4761A/ED-135, the first option, limiting the scope, was chosen and suggested changes that would further expand ARP4754/ED-79 contents were deferred for a new Revision C. As a result, while the general principles of FDAL/IDAL assignment were retained in ARP4754B/ED-79B, the details of FDAL/IDAL assignment activities were transferred to ARP4761A/ED-135. The same approach was adopted for all safety assessment process contents in ARP4754B/ED-79B.
  6. ANM-110 (1988). System Design and Analysis (PDF). Federal Aviation Administration. Advisory Circular AC 25.1309-1A. Retrieved 2011-02-20.{{cite book}}: CS1 maint: numeric names: authors list (link)
  7. ARP4754A, p. 7
  8. ARAC Systems Design and Analysis Harmonization Working Group (2002). Task 2 – System Design and Analysis Harmonization and Technology Update (PDF). Federal Aviation Administration. Archived from the original (PDF) on 2006-10-05. Retrieved 2011-02-20.
  9. ARP4754A, pp. 7-8
  10. ARP4754A, pp. 11
  11. ARP4754A, p. 34
  12. S18 (1996). Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment. Society of Automotive Engineers. p. 9. ARP4761.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: numeric names: authors list (link)