Special Condition: Robinson R44 Helicopters, Section 27.1309, Installation of an Autopilot (AP) Stabilization Augmentation System (SAS) That Has Potential Failure Modes With Criticality Categories Higher Than Those Envisioned by the Applicable Airworthiness Regulations, 33399-33401 [05-11412]
Download as PDF
<![CDATA[
33399
Proposed Rules
Federal Register
Vol. 70, No. 109
Wednesday, June 8, 2005
This section of the FEDERAL REGISTER
contains notices to the public of the proposed
issuance of rules and regulations. The
purpose of these notices is to give interested
persons an opportunity to participate in the
rule making prior to the adoption of the final
rules.
DEPARTMENT OF TRANSPORTATION
weekdays, except Federal holidays,
between 8:30 a.m. and 4 p.m.
FOR FURTHER INFORMATION CONTACT:
Robert McCallister, Aviation Safety
Engineer, FAA, Rotorcraft Directorate,
Rotorcraft Standards Staff, 2601
Meacham Blvd., Fort Worth, Texas
76193–0110; telephone (817) 222–5121,
FAX (817) 222–5961.
Federal Aviation Administration
SUPPLEMENTARY INFORMATION:
14 CFR Part 27
Comments Invited
[Docket No. SW013; Special Condition No.
27–013–SC]
You are invited to submit written
data, views, or arguments. Your
communications should include the
docket or special condition number and
be sent in duplicate to the address
stated above. We will consider all
communications received on or before
the closing date and may change the
special condition in light of the
comments received. Interested persons
may examine the Docket. We will file a
report in the docket summarizing each
substantive public contact with FAA
personnel concerning this special
condition. If you wish us to
acknowledge receipt of your comments,
you must include a self-addressed,
stamped postcard on which the
following statement is made:
‘‘Comments to Docket No. SW013.’’ We
will date stamp the postcard and mail
it to you.
Special Condition: Robinson R44
Helicopters, Section 27.1309,
Installation of an Autopilot (AP)
Stabilization Augmentation System
(SAS) That Has Potential Failure
Modes With Criticality Categories
Higher Than Those Envisioned by the
Applicable Airworthiness Regulations
Federal Aviation
Administration (FAA), DOT.
ACTION: Notice of proposed special
condition.
AGENCY:
SUMMARY: This proposed special
condition is issued for the modification
of the Robinson Model R44 helicopter.
This modification will have novel or
unusual design features associated with
installing a complex Autopilot/
Stabilization Augmentation System (AP/
SAS) that has potential failure modes
with more severe adverse consequences
than those envisioned by the existing
applicable airworthiness regulations.
This proposal contains the additional
safety standards that the Administrator
considers necessary to ensure that the
failures and their effects are sufficiently
analyzed and contained.
DATES: Comments must be received on
or before July 8, 2005.
ADDRESSES: Send comments on this
special condition in duplicate to:
Federal Aviation Administration (FAA),
Rotorcraft Standards Staff, Attention:
Docket No. SW013, Fort Worth, Texas
76193–0110, or deliver them in
duplicate to the Rotorcraft Standards
Staff at 2601 Meacham Blvd., Fort
Worth, Texas 76137. Comments must be
marked: Docket No. SW013. You may
inspect comments in the Docket that is
maintained in Room 448 in the
Rotorcraft Directorate offices at 2601
Meacham Blvd., Fort Worth, Texas, on
VerDate jul<14>2003
15:36 Jun 07, 2005
Jkt 205001
Background
On January 18, 2000, Hoh
Aeronautics, Inc. submitted an
application for Supplemental Type
Certification (STC) for the installation of
an Autopilot Stability/Augmentation
System (AP/SAS) on a Robinson Model
R44 helicopter through the FAA’s Los
Angeles Aircraft Certification Office (LA
ACO). The Robinson Model R44
helicopter is a part 27 Normal category,
single reciprocating engine,
conventional helicopter designed for
civil operation. The helicopter is
capable of carrying three passengers
with one pilot, and has a maximum
gross weight of approximately 2,400
pounds. The major design features
include a 2-blade, fully articulated main
rotor, a 2-blade anti-torque tail rotor, a
skid landing gear, and a visual flight
rule (VFR) basic avionics configuration.
Hoh Aeronautics, Inc. proposes to
install a three-axis AP/SAS.
PO 00000
Frm 00001
Fmt 4702
Sfmt 4702
Type Certification Basis
Under the provisions of 14 CFR
21.115, Hoh Aeronautics, Inc. must
show that the Robinson Model R44
helicopter, as modified by the installed
AP/SAS, meets 14 CFR 21.101. The
baseline of the certification basis for the
unmodified R44 is listed in Type
Certification Data Sheet Number
H11NM, Revision 3. Additionally,
compliance must be shown to any
special conditions prescribed by the
Administrator.
If the Administrator finds that the
applicable airworthiness regulations, as
they pertain to this STC, do not contain
adequate or appropriate safety standards
because of a novel or unusual design
feature, special conditions are
prescribed under the provisions of
§ 21.101(d). Special conditions, as
appropriate, are defined in § 11.19, and
issued by following the procedures in
§ 11.38.
In addition to the applicable
airworthiness regulations and special
conditions, Hoh Aeronautics, Inc. must
show compliance of the AP/SAS STCaltered Robinson Model R44 helicopter
with the noise certification
requirements of 14 CFR part 36; and the
FAA must issue a finding of regulatory
adequacy pursuant to 49 U.S.C. 44715
(formerly section 611 of the Federal
Aviation Act of 1958 as amended by
section 7 of Pub. L. 92–574, the ‘‘Noise
Control Act of 1972.’’).
Novel or Unusual Design Features
The Hoh Aeronautics, Inc. AP/SAS
system incorporates novel or unusual
design features, for installation in a
Robinson Model R44 helicopter, Type
Certification Data Sheet Number
H11NM. This AP/SAS system performs
non-critical control functions, since this
model helicopter has been certificated
to meet the applicable requirements
independent of this system. However,
the possible failure modes for this
system, and their effect on the
helicopter’s ability to continue safe
flight and landing, are more severe than
those envisioned by the present rules
when they were first promulgated.
Discussion
Definitions: Definitions of Failure
Condition Categories—Failure
Conditions are classified, according to
the severity of their effects on the
E:\FR\FM\08JNP1.SGM
08JNP1
33400
Federal Register / Vol. 70, No. 109 / Wednesday, June 8, 2005 / Proposed Rules
aircraft, into one of the following
categories:
1. No Effect—Failure Conditions that
would have no effect on safety; for
example, Failure Conditions that would
not affect the operational capability of
the rotorcraft or increase crew workload;
however, could result in an
inconvenience to the occupants,
excluding the flight crew.
2. Minor—Failure conditions which
would not significantly reduce rotorcraft
safety, and which would involve crew
actions that are well within their
capabilities. Minor failure conditions
may include, for example, a slight
reduction in safety margins or
functional capabilities, a slight increase
in crew workload, such as routine flight
plan changes, or some physical
discomfort to occupants.
3. Major—Failure conditions which
would reduce the capability of the
rotorcraft or the ability of the crew to
cope with adverse operating conditions
to the extent that there would be, for
example, a significant reduction in
safety margins or functional capabilities,
a significant increase in crew workload
or in conditions impairing crew
efficiency, physical distress to
occupants, possibly including injuries,
or physical discomfort to the flight
crew.
4. Hazardous/Severe-Major—Failure
conditions which would reduce the
capability of the rotorcraft or the ability
of the crew to cope with adverse
operating conditions to the extent that
there would be:
• A large reduction in safety margins
or functional capabilities;
• Physical distress or excessive
workload that would impair the flight
crew’s ability to the extent that they
could not be relied on to perform their
tasks accurately or completely; or,
• Possible serious or fatal injury to a
passenger or a cabin crewmember,
excluding the flight crew.
Note: ‘‘Hazardous/Severe-Major’’ failure
conditions can include events that are
manageable by the crew by use of proper
procedures, which, if not implemented
correctly or in a timely manner, may result
in a Catastrophic Event.
5. Catastrophic—Failure Conditions
which would result in multiple fatalities
to occupants, fatalities or incapacitation
to the flight crew, or result in loss of the
rotorcraft.
The present §§ 27.1309(b) and (c)
regulations do not adequately address
the safety requirements for systems
whose failures could result in
‘‘Catastrophic’’ or ‘‘Hazardous/SevereMajor’’ failure conditions, or for
complex systems whose failures could
VerDate jul<14>2003
15:36 Jun 07, 2005
Jkt 205001
result in ‘‘Major’’ failure conditions. The
current regulations are inadequate
because when §§ 27.1309(b) and (c)
were promulgated, it was not
envisioned that this type of rotorcraft
would use systems that are complex or
whose failure could result in
‘‘Catastrophic’’ or ‘‘Hazardous/SevereMajor’’ effects on the rotorcraft. This is
particularly true with the application of
new technology, new application of
standard technology, or other
applications not envisioned by the rule
that affect safety.
We propose to require that Hoh
Aeronautics, Inc. provide the FAA with
a Systems Safety Assessment (SSA) for
the final AP/SAS installation
configuration that will adequately
address the safety objectives established
by the Functional Hazard Assessment
(FHA) and the Preliminary System
Safety Assessment (PSSA), including
the Fault Tree Analysis (FTA). This will
ensure that all failure modes and their
resulting effects are adequately
addressed for the installed AP/SAS. The
SSA process, FHA, PSSA, and FTA are
all parts of the overall Safety
Assessment (SA) process discussed in
FAA Advisory Circular (AC) 27–1B
(Certification of Normal Category
Rotorcraft) and SAE document ARP
4761 (Guidelines and Methods for
Conducting the Safety Assessment
Process on civil airborne Systems and
Equipment).
Requirements
We propose to require that the
applicant comply with the existing
requirements of § 27.1309 for all
applicable design and operational
aspects of the AP/SAS that are
associated with the failure condition
categories of ‘‘No Effect,’’ and ‘‘Minor,’’
and for non-complex systems whose
failure condition category is classified
as ‘‘Major.’’ We propose to require that
the applicant comply with the
requirements of this special condition
for all applicable design and operational
aspects of the AP/SAS that are
associated with the failure condition
categories of ‘‘Catastrophic’’ and
‘‘Hazardous Severe/Major,’’ and for
complex systems whose failure
condition category is classified as
‘‘Major.’’
Note: A complex system is a system whose
operations, failure modes, or failure effects
are difficult to comprehend without the aid
of analytical methods (e.g., Fault Tree
Analysis, Failure Modes and Effect Analysis,
Functional Hazard Assessment, etc.).
Design Integrity Requirements: Each
of the failure condition categories
defined in this special condition relate
PO 00000
Frm 00002
Fmt 4702
Sfmt 4702
to corresponding aircraft systems
integrity requirements. The systems
design integrity requirements, for the
Hoh Aeronautics, Inc. AP/SAS, as they
relate to the allowed probability of
occurrence for each failure condition
category, along with the proposed
software design assurance level, are as
follows:
• ‘‘Major’’—Failures resulting in
Major effects must be shown to be
improbable, or on the order of 1 × 10¥5
failures/hour, and associated software
must be developed to the RTCA/DO–
178B (Software Considerations in
Airborne Systems And Equipment
Certification) Level C software design
assurance level.
• ‘‘Hazardous/Severe-Major’’—
Failures resulting in Hazardous/SevereMajor effects must be shown to be
extremely remote, or on the order of 1
× 10¥7 failures/hour, and associated
software must be developed to the
RTCA/DO–178B (Software
Considerations in Airborne Systems
And Equipment Certification) Level B
software assurance level.
• ‘‘Catastrophic’’—Failures resulting
in Catastrophic effects must be shown to
be extremely improbable, or on the
order of 1 × 10¥9 failures/hour, and
associated software must be developed
to the RTCA/DO–178B (Software
Considerations in Airborne Systems
And Equipment Certification) Level A
design assurance level.
Design Environmental Requirements:
We propose to require that the AP/SAS
system equipment be qualified to the
appropriate environmental level in the
RTCA document DO–160D
(Environmental Conditions and Test
Procedures for Airborne Equipment), for
all relevant aspects. This is to ensure
that the AP/SAS system performs its
intended function under any foreseeable
operating condition, which includes the
expected environment in which the AP/
SAS is intended to operate. Some of the
main considerations for environmental
concerns are installation locations and
the resulting exposure to environmental
conditions for the AP/SAS system
equipment, including considerations for
other equipment that may be affected
environmentally by the AP/SAS
equipment installation. The level of
environmental qualification must be
related to the severity of the considered
failure effects on the aircraft.
Test & Analysis Requirements:
Compliance with the requirements
contained in this special condition may
be shown by a variety of methods,
which typically consist of analysis,
flight tests, ground tests, and
simulation, as a minimum. Compliance
methodology is partly related to the
E:\FR\FM\08JNP1.SGM
08JNP1
Federal Register / Vol. 70, No. 109 / Wednesday, June 8, 2005 / Proposed Rules
associated failure condition category. If
the AP/SAS is considered to be a
complex system, compliance with the
requirements contained in this
document for aspects of the AP/SAS
that can result in failure conditions
classified as ‘‘Major’’ may be shown by
analysis, in combination with
appropriate testing to validate the
analysis. Compliance with the
requirements contained in this special
condition for aspects of the AP/SAS that
can result in failure conditions
classified as ‘‘Hazardous/Severe-Major’’
may be shown by flight-testing in
combination with analysis and
simulation, and the appropriate testing
to validate the analysis. Flight tests may
be limited for this classification of
failures due to safety considerations.
Compliance with the requirements
contained in this special condition for
aspects of the AP/SAS that can result in
failure conditions classified as
‘‘Catastrophic’’ may be shown by
analysis, and appropriate testing in
combination with simulation to validate
the analysis. Very limited flight tests in
combination with simulation are
typically used as a part of a showing of
compliance for failures in this
classification. Flight tests are performed
only in circumstances that use
operational variations, or extrapolations
from other flight performance aspects to
address flight safety.
This proposed special condition
would require that the AP/SAS system
installed on a Robinson Model R44
helicopter, Type Certification Data
Sheet Number H11NM, Revision 3, meet
these requirements to adequately
address the failure effects identified by
the FHA, and subsequently verified by
the SSA, within the defined design
integrity requirements.
This special condition would be
applicable to the Hoh Aeronautics, Inc.
AP/SAS installed as an STC approval,
in a Robinson Model R44 helicopter,
Type Certification Data Sheet Number
H11NM, Revision 3.
Conclusion
This action would affect only certain
novel or unusual design features for a
Hoh Aeronautics, Inc. AP/SAS STC
installed on one model series of
helicopter. It is not a rule of general
applicability and affects only the
applicant who applied to the FAA for
approval of these features on the
helicopter. The FAA is requesting
comments to allow interested persons to
submit views.
15:36 Jun 07, 2005
Aircraft, Air transportation, Aviation
safety, Rotorcraft, Safety.
The authority citation for this special
condition is as follows: 42 U.S.C. 7572,
49 U.S.C. 106(g), 40105, 40113, 44701–
44702, 44704, 44709, 44711, 44713,
44715, 45303.
The Special Condition
Accordingly, pursuant to the
authority delegated to me by the
Administrator, the following special
condition is proposed as part of the Hoh
Aeronautics, Inc. supplemental type
certificate basis for an Autopilot/
Stability Augmentation System to be
installed on a Robinson Model R44
helicopter, Type Certification Data
Sheet Number H11NM, Revision 3.
The Autopilot/Stability Augmentation
System must be designed and installed
so that the failure conditions identified
in the Functional Hazard Assessment
and verified by the System Safety
Assessment, after design completion,
are adequately addressed in accordance
with the ‘‘Definitions’’ and
‘‘Requirements’’ sections (including the
integrity, environmental, and test and
analysis requirements) of this special
condition.
Issued in Fort Worth, Texas, on May 26,
2005.
S. Frances Cox,
Acting Manager, Rotorcraft Directorate,
Aircraft Certification Service.
[FR Doc. 05–11412 Filed 6–7–05; 8:45 am]
BILLING CODE 4910–13–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 71
[Docket FAA 2005–20417; Airspace Docket
05–ANM–06]
Applicability
VerDate jul<14>2003
List of Subjects in 14 CFR Part 27
Jkt 205001
Proposed Revision of Class E
Airspace; Wenatchee, WA
Federal Aviation
Administration (FAA), DOT.
ACTION: Notice of proposed rulemaking.
AGENCY:
SUMMARY: This proposal would revise
the Class E airspace at Wenatchee, WA.
This additional Class E airspace is
necessary to accommodate the new
Standard Instrument Landing System
(ILS) Approach Procedure (SIAP) at
Wenatchee/Pangborn Memorial Airport.
This change is proposed to improve the
safety of IFR aircraft executing the new
Standard ILS SIAP at Wenatchee/
Pangborn Memorial Airport, Wenatchee,
WA.
PO 00000
Frm 00003
Fmt 4702
Sfmt 4702
33401
Comments must be received by
July 25, 2005.
ADDRESSES: Send comments on this
proposal to the Docket Management
System, U.S. Department of
Transportation, Room Plaza 401, 400
Seventh Street, SW., Washington, DC
20590–0001. You must identify the
docket number, FAA 2005–20417;
Airspace Docket 05–ANM–06, at the
beginning of your comments. You may
also submit comments through the
Internet at https://dms.dot.gov. You may
review the public docket containing the
proposal, any comments received, and
any find dispositions in person in the
Docket Office between 9 a.m. and 5
p.m., Monday through Friday, except
Federal holidays. The Docket Office
(telephone number 1–800–647–5527) is
on the plaza level of the Department of
Transportation NASSIF Building at the
above address.
An informal docket may also be
examined during normal business hours
at the Federal Aviation Administration,
Air Traffic Organization, Western En
Route and Oceanic Area Office,
Airspace Branch, 1601 Lind Avenue,
SW., Renton, WA 98055.
SUPPLEMENTARY INFORMATION:
DATES:
Comments Invited
Interested parties are invited to
participate in this proposed rulemaking
by submitting such written data, views,
or arguments as they may desire.
Comments that provide the factual basis
supporting the views and suggestions
presented are particularly helpful in
developing reasoned regulatory
decisions on the proposal. Comments
are specifically invited on the overall
regulatory, aeronautical, economic,
environmental, and energy-related
aspects of the proposal.
Communications should identify Docket
FAA 2005–20417; Airspace Docket 05–
AMN–06, and be submitted in triplicate
to the address listed above. Commenters
wishing the FAA to acknowledge
receipt of their comments on this action
must submit, with those comments, a
self-addressed stamped postcard on
which the following statement is made:
‘‘Comments to Docket FAA 2005–20417;
Airspace Docket 05–ANM–06.’’ The
postcard will be date/time stamped and
returned to the commenter.
Availability of NPRM
An electronic copy of this document
may be downloaded through the
Internet at https://dms.dot.gov. Recently
published rulemaking documents can
also be accessed through the FAA’s web
page at https://www.faa.gov. or the
Superintendent of Documents’ web page
at https://www.access.gpo.gov/nara.
E:\FR\FM\08JNP1.SGM
08JNP1
]]>Agencies
[Federal Register Volume 70, Number 109 (Wednesday, June 8, 2005)]
[Proposed Rules]
[Pages 33399-33401]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-11412]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 70, No. 109 / Wednesday, June 8, 2005 /
Proposed Rules��
[[Page 33399]]
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 27
[Docket No. SW013; Special Condition No. 27-013-SC]
Special Condition: Robinson R44 Helicopters, Section 27.1309,
Installation of an Autopilot (AP) Stabilization Augmentation System
(SAS) That Has Potential Failure Modes With Criticality Categories
Higher Than Those Envisioned by the Applicable Airworthiness
Regulations
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of proposed special condition.
-----------------------------------------------------------------------
SUMMARY: This proposed special condition is issued for the modification
of the Robinson Model R44 helicopter. This modification will have novel
or unusual design features associated with installing a complex
Autopilot/ Stabilization Augmentation System (AP/SAS) that has
potential failure modes with more severe adverse consequences than
those envisioned by the existing applicable airworthiness regulations.
This proposal contains the additional safety standards that the
Administrator considers necessary to ensure that the failures and their
effects are sufficiently analyzed and contained.
DATES: Comments must be received on or before July 8, 2005.
ADDRESSES: Send comments on this special condition in duplicate to:
Federal Aviation Administration (FAA), Rotorcraft Standards Staff,
Attention: Docket No. SW013, Fort Worth, Texas 76193-0110, or deliver
them in duplicate to the Rotorcraft Standards Staff at 2601 Meacham
Blvd., Fort Worth, Texas 76137. Comments must be marked: Docket No.
SW013. You may inspect comments in the Docket that is maintained in
Room 448 in the Rotorcraft Directorate offices at 2601 Meacham Blvd.,
Fort Worth, Texas, on weekdays, except Federal holidays, between 8:30
a.m. and 4 p.m.
FOR FURTHER INFORMATION CONTACT: Robert McCallister, Aviation Safety
Engineer, FAA, Rotorcraft Directorate, Rotorcraft Standards Staff, 2601
Meacham Blvd., Fort Worth, Texas 76193-0110; telephone (817) 222-5121,
FAX (817) 222-5961.
SUPPLEMENTARY INFORMATION:
Comments Invited
You are invited to submit written data, views, or arguments. Your
communications should include the docket or special condition number
and be sent in duplicate to the address stated above. We will consider
all communications received on or before the closing date and may
change the special condition in light of the comments received.
Interested persons may examine the Docket. We will file a report in the
docket summarizing each substantive public contact with FAA personnel
concerning this special condition. If you wish us to acknowledge
receipt of your comments, you must include a self-addressed, stamped
postcard on which the following statement is made: ``Comments to Docket
No. SW013.'' We will date stamp the postcard and mail it to you.
Background
On January 18, 2000, Hoh Aeronautics, Inc. submitted an application
for Supplemental Type Certification (STC) for the installation of an
Autopilot Stability/Augmentation System (AP/SAS) on a Robinson Model
R44 helicopter through the FAA's Los Angeles Aircraft Certification
Office (LA ACO). The Robinson Model R44 helicopter is a part 27 Normal
category, single reciprocating engine, conventional helicopter designed
for civil operation. The helicopter is capable of carrying three
passengers with one pilot, and has a maximum gross weight of
approximately 2,400 pounds. The major design features include a 2-
blade, fully articulated main rotor, a 2-blade anti-torque tail rotor,
a skid landing gear, and a visual flight rule (VFR) basic avionics
configuration. Hoh Aeronautics, Inc. proposes to install a three-axis
AP/SAS.
Type Certification Basis
Under the provisions of 14 CFR 21.115, Hoh Aeronautics, Inc. must
show that the Robinson Model R44 helicopter, as modified by the
installed AP/SAS, meets 14 CFR 21.101. The baseline of the
certification basis for the unmodified R44 is listed in Type
Certification Data Sheet Number H11NM, Revision 3. Additionally,
compliance must be shown to any special conditions prescribed by the
Administrator.
If the Administrator finds that the applicable airworthiness
regulations, as they pertain to this STC, do not contain adequate or
appropriate safety standards because of a novel or unusual design
feature, special conditions are prescribed under the provisions of
Sec. 21.101(d). Special conditions, as appropriate, are defined in
Sec. 11.19, and issued by following the procedures in Sec. 11.38.
In addition to the applicable airworthiness regulations and special
conditions, Hoh Aeronautics, Inc. must show compliance of the AP/SAS
STC-altered Robinson Model R44 helicopter with the noise certification
requirements of 14 CFR part 36; and the FAA must issue a finding of
regulatory adequacy pursuant to 49 U.S.C. 44715 (formerly section 611
of the Federal Aviation Act of 1958 as amended by section 7 of Pub. L.
92-574, the ``Noise Control Act of 1972.'').
Novel or Unusual Design Features
The Hoh Aeronautics, Inc. AP/SAS system incorporates novel or
unusual design features, for installation in a Robinson Model R44
helicopter, Type Certification Data Sheet Number H11NM. This AP/SAS
system performs non-critical control functions, since this model
helicopter has been certificated to meet the applicable requirements
independent of this system. However, the possible failure modes for
this system, and their effect on the helicopter's ability to continue
safe flight and landing, are more severe than those envisioned by the
present rules when they were first promulgated.
Discussion
Definitions: Definitions of Failure Condition Categories--Failure
Conditions are classified, according to the severity of their effects
on the
[[Page 33400]]
aircraft, into one of the following categories:
1. No Effect--Failure Conditions that would have no effect on
safety; for example, Failure Conditions that would not affect the
operational capability of the rotorcraft or increase crew workload;
however, could result in an inconvenience to the occupants, excluding
the flight crew.
2. Minor--Failure conditions which would not significantly reduce
rotorcraft safety, and which would involve crew actions that are well
within their capabilities. Minor failure conditions may include, for
example, a slight reduction in safety margins or functional
capabilities, a slight increase in crew workload, such as routine
flight plan changes, or some physical discomfort to occupants.
3. Major--Failure conditions which would reduce the capability of
the rotorcraft or the ability of the crew to cope with adverse
operating conditions to the extent that there would be, for example, a
significant reduction in safety margins or functional capabilities, a
significant increase in crew workload or in conditions impairing crew
efficiency, physical distress to occupants, possibly including
injuries, or physical discomfort to the flight crew.
4. Hazardous/Severe-Major--Failure conditions which would reduce
the capability of the rotorcraft or the ability of the crew to cope
with adverse operating conditions to the extent that there would be:
A large reduction in safety margins or functional
capabilities;
Physical distress or excessive workload that would impair
the flight crew's ability to the extent that they could not be relied
on to perform their tasks accurately or completely; or,
Possible serious or fatal injury to a passenger or a cabin
crewmember, excluding the flight crew.
Note: ``Hazardous/Severe-Major'' failure conditions can include
events that are manageable by the crew by use of proper procedures,
which, if not implemented correctly or in a timely manner, may
result in a Catastrophic Event.
5. Catastrophic--Failure Conditions which would result in multiple
fatalities to occupants, fatalities or incapacitation to the flight
crew, or result in loss of the rotorcraft.
The present Sec. Sec. 27.1309(b) and (c) regulations do not
adequately address the safety requirements for systems whose failures
could result in ``Catastrophic'' or ``Hazardous/Severe-Major'' failure
conditions, or for complex systems whose failures could result in
``Major'' failure conditions. The current regulations are inadequate
because when Sec. Sec. 27.1309(b) and (c) were promulgated, it was not
envisioned that this type of rotorcraft would use systems that are
complex or whose failure could result in ``Catastrophic'' or
``Hazardous/Severe-Major'' effects on the rotorcraft. This is
particularly true with the application of new technology, new
application of standard technology, or other applications not
envisioned by the rule that affect safety.
We propose to require that Hoh Aeronautics, Inc. provide the FAA
with a Systems Safety Assessment (SSA) for the final AP/SAS
installation configuration that will adequately address the safety
objectives established by the Functional Hazard Assessment (FHA) and
the Preliminary System Safety Assessment (PSSA), including the Fault
Tree Analysis (FTA). This will ensure that all failure modes and their
resulting effects are adequately addressed for the installed AP/SAS.
The SSA process, FHA, PSSA, and FTA are all parts of the overall Safety
Assessment (SA) process discussed in FAA Advisory Circular (AC) 27-1B
(Certification of Normal Category Rotorcraft) and SAE document ARP 4761
(Guidelines and Methods for Conducting the Safety Assessment Process on
civil airborne Systems and Equipment).
Requirements
We propose to require that the applicant comply with the existing
requirements of Sec. 27.1309 for all applicable design and operational
aspects of the AP/SAS that are associated with the failure condition
categories of ``No Effect,'' and ``Minor,'' and for non-complex systems
whose failure condition category is classified as ``Major.'' We propose
to require that the applicant comply with the requirements of this
special condition for all applicable design and operational aspects of
the AP/SAS that are associated with the failure condition categories of
``Catastrophic'' and ``Hazardous Severe/Major,'' and for complex
systems whose failure condition category is classified as ``Major.''
Note: A complex system is a system whose operations, failure
modes, or failure effects are difficult to comprehend without the
aid of analytical methods (e.g., Fault Tree Analysis, Failure Modes
and Effect Analysis, Functional Hazard Assessment, etc.).
Design Integrity Requirements: Each of the failure condition
categories defined in this special condition relate to corresponding
aircraft systems integrity requirements. The systems design integrity
requirements, for the Hoh Aeronautics, Inc. AP/SAS, as they relate to
the allowed probability of occurrence for each failure condition
category, along with the proposed software design assurance level, are
as follows:
``Major''--Failures resulting in Major effects must be
shown to be improbable, or on the order of 1 x 10-\5\
failures/hour, and associated software must be developed to the RTCA/
DO-178B (Software Considerations in Airborne Systems And Equipment
Certification) Level C software design assurance level.
``Hazardous/Severe-Major''--Failures resulting in
Hazardous/Severe-Major effects must be shown to be extremely remote, or
on the order of 1 x 10-\7\ failures/hour, and associated
software must be developed to the RTCA/DO-178B (Software Considerations
in Airborne Systems And Equipment Certification) Level B software
assurance level.
``Catastrophic''--Failures resulting in Catastrophic
effects must be shown to be extremely improbable, or on the order of 1
x 10-\9\ failures/hour, and associated software must be
developed to the RTCA/DO-178B (Software Considerations in Airborne
Systems And Equipment Certification) Level A design assurance level.
Design Environmental Requirements: We propose to require that the
AP/SAS system equipment be qualified to the appropriate environmental
level in the RTCA document DO-160D (Environmental Conditions and Test
Procedures for Airborne Equipment), for all relevant aspects. This is
to ensure that the AP/SAS system performs its intended function under
any foreseeable operating condition, which includes the expected
environment in which the AP/SAS is intended to operate. Some of the
main considerations for environmental concerns are installation
locations and the resulting exposure to environmental conditions for
the AP/SAS system equipment, including considerations for other
equipment that may be affected environmentally by the AP/SAS equipment
installation. The level of environmental qualification must be related
to the severity of the considered failure effects on the aircraft.
Test & Analysis Requirements: Compliance with the requirements
contained in this special condition may be shown by a variety of
methods, which typically consist of analysis, flight tests, ground
tests, and simulation, as a minimum. Compliance methodology is partly
related to the
[[Page 33401]]
associated failure condition category. If the AP/SAS is considered to
be a complex system, compliance with the requirements contained in this
document for aspects of the AP/SAS that can result in failure
conditions classified as ``Major'' may be shown by analysis, in
combination with appropriate testing to validate the analysis.
Compliance with the requirements contained in this special condition
for aspects of the AP/SAS that can result in failure conditions
classified as ``Hazardous/Severe-Major'' may be shown by flight-testing
in combination with analysis and simulation, and the appropriate
testing to validate the analysis. Flight tests may be limited for this
classification of failures due to safety considerations. Compliance
with the requirements contained in this special condition for aspects
of the AP/SAS that can result in failure conditions classified as
``Catastrophic'' may be shown by analysis, and appropriate testing in
combination with simulation to validate the analysis. Very limited
flight tests in combination with simulation are typically used as a
part of a showing of compliance for failures in this classification.
Flight tests are performed only in circumstances that use operational
variations, or extrapolations from other flight performance aspects to
address flight safety.
This proposed special condition would require that the AP/SAS
system installed on a Robinson Model R44 helicopter, Type Certification
Data Sheet Number H11NM, Revision 3, meet these requirements to
adequately address the failure effects identified by the FHA, and
subsequently verified by the SSA, within the defined design integrity
requirements.
Applicability
This special condition would be applicable to the Hoh Aeronautics,
Inc. AP/SAS installed as an STC approval, in a Robinson Model R44
helicopter, Type Certification Data Sheet Number H11NM, Revision 3.
Conclusion
This action would affect only certain novel or unusual design
features for a Hoh Aeronautics, Inc. AP/SAS STC installed on one model
series of helicopter. It is not a rule of general applicability and
affects only the applicant who applied to the FAA for approval of these
features on the helicopter. The FAA is requesting comments to allow
interested persons to submit views.
List of Subjects in 14 CFR Part 27
Aircraft, Air transportation, Aviation safety, Rotorcraft, Safety.
The authority citation for this special condition is as follows: 42
U.S.C. 7572, 49 U.S.C. 106(g), 40105, 40113, 44701-44702, 44704, 44709,
44711, 44713, 44715, 45303.
The Special Condition
Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special condition is proposed as part of
the Hoh Aeronautics, Inc. supplemental type certificate basis for an
Autopilot/Stability Augmentation System to be installed on a Robinson
Model R44 helicopter, Type Certification Data Sheet Number H11NM,
Revision 3.
The Autopilot/Stability Augmentation System must be designed and
installed so that the failure conditions identified in the Functional
Hazard Assessment and verified by the System Safety Assessment, after
design completion, are adequately addressed in accordance with the
``Definitions'' and ``Requirements'' sections (including the integrity,
environmental, and test and analysis requirements) of this special
condition.
Issued in Fort Worth, Texas, on May 26, 2005.
S. Frances Cox,
Acting Manager, Rotorcraft Directorate, Aircraft Certification Service.
[FR Doc. 05-11412 Filed 6-7-05; 8:45 am]
BILLING CODE 4910-13-P
