Special Conditions: Robinson Helicopter Company R66 Helicopters, 14 CFR 27.1309, Installation of an Autopilot (AP) Stabilization Augmentation System (SAS), 28449-28451 [E9-14103]
Download as PDF
<![CDATA[
28449
Proposed Rules
Federal Register
Vol. 74, No. 114
Tuesday, June 16, 2009
This section of the FEDERAL REGISTER
contains notices to the public of the proposed
issuance of rules and regulations. The
purpose of these notices is to give interested
persons an opportunity to participate in the
rule making prior to the adoption of the final
rules.
Engineer, FAA, Rotorcraft Directorate
(ASW–112), Aircraft Certification
Service, 2601 Meacham Blvd., Fort
Worth, Texas, 76137; telephone (817)
222–5114; facsimile (817) 222–5961.
SUPPLEMENTARY INFORMATION:
Comments Invited
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 21 and 27
[Docket No. SW021; Notice No. 27–021–SC]
Special Conditions: Robinson
Helicopter Company R66 Helicopters,
14 CFR 27.1309, Installation of an
Autopilot (AP) Stabilization
Augmentation System (SAS)
cprice-sewell on PRODPC61 with PROPOSALS
AGENCY: Federal Aviation
Administration (FAA), DOT.
ACTION: Notice of proposed special
conditions.
SUMMARY: This action proposes special
conditions for installing an Autopilot
Stabilization Augmentation System (AP/
SAS) in the Robinson Helicopter
Company (Robinson) Model R66
helicopter. This helicopter will have
novel or unusual design features
associated with installing a complex
AP/SAS that has potential failure modes
with more severe adverse results than
those envisioned by the existing
applicable airworthiness standards. The
applicable airworthiness standards do
not contain adequate or appropriate
safety standards for this design feature.
This proposed special condition
contains the added safety standards the
Administrator considers necessary to
establish a level of safety equivalent to
the existing airworthiness standards.
DATES: We must receive your comments
by July 31, 2009.
ADDRESSES: Mail two copies of your
comments to: Federal Aviation
Administration, Rotorcraft Directorate,
Attn: Rules Docket (ASW–111), Docket
No. SW021, 2601 Meacham Blvd., Fort
Worth, Texas 76137. You may deliver
two copies to the Rotorcraft Directorate
at this address. You must mark your
comments for: Docket No. SW021. You
may inspect comments in the Rules
Docket weekdays, except Federal
holidays, between 8:30 a.m. and 4 p.m.
FOR FURTHER INFORMATION CONTACT:
George Schwab, Aviation Safety
VerDate Nov<24>2008
14:59 Jun 15, 2009
Jkt 217001
We invite you to take part in this
rulemaking by sending written
comments, data, or views. The most
helpful comments reference a specific
portion of the special conditions,
explain the reason for any
recommended change, and include
supporting data. We ask that you send
us two copies of written comments.
We will file in the docket all
comments we receive, as well as a
report summarizing each substantive
public contact with FAA personnel on
these special conditions. You can
inspect the docket before and after the
comment closing date. If you wish to
review the docket in person, go to the
address in the ADDRESSES section of this
document between 8:30 a.m. and 4 p.m.,
Monday through Friday, except Federal
holidays.
We will consider all comments we
receive on or before the closing date for
comments. We will consider comments
filed late if it is possible to do so
without incurring additional expense or
delay. We may change these special
conditions based on the comments we
receive.
If you want the FAA to acknowledge
receipt of your comments on this
proposal, include with your comments
a pre-addressed, stamped postcard on
which the docket number appears. We
will stamp the date on the postcard and
mail it back to you.
Background
On November 1, 2006, Robinson
proposed a change to the certification
basis, through the FAA’s Los Angeles
Aircraft Certification Office (LA ACO),
that would include installing an AP/
SAS as part of the application for type
certification for the Robinson Model
R66 helicopter. The Robinson Model
R66 helicopter is a part 27 Normal
category, single turbine engine,
conventional helicopter designed for
civil operation. The helicopter is
capable of carrying four passengers with
one pilot, and has a maximum gross
weight of approximately 2,650 pounds.
The major design features include a 2-
PO 00000
Frm 00001
Fmt 4702
Sfmt 4702
blade, fully articulated main rotor, a 2blade anti-torque tail rotor, a skid
landing gear, and a visual flight rule
(VFR) basic avionics configuration.
Robinson proposes offering the Hoh
Aeronautics, Inc. two-axis AP/SAS as a
factory installed option.
Type Certification Basis
Under 14 CFR 21.17, Robinson must
show that the Model R66 helicopter
meets the applicable provisions of 14
CFR part 27, as amended by
Amendments 27–1 through 27–40.
If the Administrator finds the
applicable airworthiness standards, as
they apply to the type certification, do
not contain adequate or appropriate
safety standards because of a novel or
unusual design feature, special
conditions are prescribed under § 21.16.
Special conditions, as appropriate, are
defined in § 11.19, and issued by
following the procedures in § 11.38 and
become part of the type certification
basis under § 21.17(a)(2).
Special conditions are initially
applicable to the model for which they
are issued. Should the Type Certificate
for that model be amended later to
include any other model that
incorporates the same novel or unusual
design feature, the special condition
would also apply to the other model
under § 21.101.
Novel or Unusual Design Features
The Robinson Model R66 helicopter
will be required to show compliance
with the current applicable
requirements without the optional AP/
SAS system. The Hoh Aeronautics, Inc.
AP/SAS system will constitute a novel
or unusual design feature when
installed in the Model R66 helicopter.
Although this AP/SAS system performs
non-critical control functions, the
possible failure modes for this system
and their effects on the ability of the
helicopter to continue safe flight and
landing are more severe than those
envisioned when the present safety
standards were promulgated. Therefore,
additional safety standards are
necessary.
Discussion
Failure Condition Categories
The effect on safety is not adequately
covered under § 27.1309 for the
application of new technology and new
application of standard technology.
E:\FR\FM\16JNP1.SGM
16JNP1
28450
Federal Register / Vol. 74, No. 114 / Tuesday, June 16, 2009 / Proposed Rules
Specifically, the present provisions of
§ 27.1309(c) do not adequately address
the safety requirements for systems
whose failures could result in
Catastrophic or Hazardous/Severe-Major
failure conditions, or for complex
systems whose failures could result in
Major failure conditions.
To comply with the provision of the
special condition, we propose to require
that Robinson provide the FAA with a
Systems Safety Assessment (SSA) for
the final Hoh Aeronautics Inc. AP/SAS
installation configuration that will
adequately address the safety objectives
established by the Functional Hazard
Assessment (FHA) and the Preliminary
System Safety Assessment (PSSA),
including the Fault Tree Analysis
(FTA). This must ensure that all failure
modes and their resulting effects are
adequately addressed for the installed
AP/SAS. The SSA process, FHA, PSSA,
and FTA are all parts of the overall
Safety Assessment (SA) process
discussed in FAA Advisory Circular
(AC) 27–1B (Certification of Normal
Category Rotorcraft) and SAE document
ARP 4761 (Guidelines and Methods for
Conducting the Safety Assessment
Process on civil airborne Systems and
Equipment).
This special condition requires that
the AP/SAS system installed on a
Robinson Model R66 helicopter meet
these requirements to adequately
address the failure effects identified by
the FHA, and subsequently verified by
the SSA, within the defined design
integrity requirements.
Applicability
cprice-sewell on PRODPC61 with PROPOSALS
As discussed, this special condition is
applicable to the Robinson Model R66
helicopter with the Hoh Aeronautics,
Inc. AP/SAS installed as a factory
option under the pending application
for the Robinson Model R66 type
certificate. Should Robinson Helicopter
Company apply at a later date for a
change to the type certificate to include
another model incorporating this same
factory installed option Hoh
Aeronautics, Inc. AP/SAS novel or
unusual design feature, this special
condition would also apply to that
model, under the provisions of
§ 21.101(b)(1).
Conclusion
This action affects only the Robinson
R66 model series of helicopter with the
novel or unusual design features of a
Hoh Aeronautics, Inc. AP/SAS installed.
It is not a rule of general applicability.
VerDate Nov<24>2008
14:59 Jun 15, 2009
Jkt 217001
List of Subjects in 14 CFR Parts 21 and
27
Aircraft, Aviation safety, Exports,
Imports, Reporting and recordkeeping
requirements.
The authority citation for these
special conditions is as follows:
Authority: 42 U.S.C. 7572; 49 U.S.C.
106(g), 40105, 40113, 44701–44702, 44704,
44709, 44711, 44713, 44715, 45303.
The Proposed Special Conditions
Accordingly, the Federal Aviation
Administration (FAA) proposes the following
special conditions as part of the type
certification basis for Robinson Model R66
helicopters:
For installation of a Hoh Aeronautics, Inc.
Autopilot/Stability Augmentation System on
a Robinson Model R66 helicopter, the system
must be designed and installed so that the
failure conditions identified in the
Functional Hazard Assessment and
addressed by the System Safety Assessment,
after design completion, are adequately
addressed in accordance with the Definitions
for the Failure Condition Categories and the
Requirements (including the design integrity,
design environmental, and test and analysis
requirements) of this special condition.
Definitions
Failure Conditions are conditions that
result from a failure and are classified,
according to the severity of their effects on
the rotorcraft, into one of the following
categories:
(1) No Effect—Failure Conditions that
would have no effect on safety; for example,
Failure Conditions that would not affect the
operational capability of the rotorcraft or
increase crew workload; however, could
result in an inconvenience to the occupants,
excluding the flight crew.
(2) Minor—Failure conditions which
would not significantly reduce rotorcraft
safety, and would involve crew actions that
are well within their capabilities. Minor
failure conditions would include, for
example, a slight reduction in safety margins
or functional capabilities, a slight increase in
crew workload such as routine flight plan
changes, or result in some physical
discomfort to occupants.
(3) Major—Failure conditions which would
reduce the capability of the rotorcraft or the
ability of the crew to cope with adverse
operating conditions to the extent there
would be, for example, a significant
reduction in safety margins or functional
capabilities; a significant increase in crew
workload or result in impairing crew
efficiency; physical distress to occupants,
including injuries; or physical discomfort to
the flight crew.
(4) Hazardous/Severe-Major—Failure
conditions that would reduce the capability
of the rotorcraft or the ability of the crew to
cope with adverse operating conditions to the
extent there would be:
(i) A large reduction in safety margins or
functional capabilities;
(ii) Physical distress or excessive workload
that would impair the flight crew’s ability to
the extent that they could not be relied on
PO 00000
Frm 00002
Fmt 4702
Sfmt 4702
to perform their tasks accurately or
completely; or
(iii) Possible serious or fatal injury to a
passenger or a cabin crewmember, excluding
the flight crew.
Note: Hazardous/Severe-Major failure
conditions can include events that are
manageable by the crew by use of proper
procedures, which, if not carried out
correctly or in a timely manner, may result
in a Catastrophic Event.
(5) Catastrophic—Failure Conditions
which would result in multiple fatalities to
occupants, fatalities or incapacitation to the
flight crew, or result in the inability of the
rotorcraft to continue safe flight and landing.
Requirements
Robinson must comply with the existing
requirements of § 27.1309 for all applicable
design and operational aspects of the AP/
SAS with the failure condition categories of
No Effect, Minor, and for non-complex
systems whose failure condition category is
classified as Major. Robinson must also
comply with the requirements of this special
condition for all applicable design and
operational aspects of the AP/SAS with the
failure condition categories of Catastrophic
and Hazardous/Severe-Major, and for
complex systems classified as a Major failure
condition category.
A complex system is a system whose
operations, failure modes, or failure effects
are difficult to understand without the aid of
analytical methods (for example, Fault Tree
Analysis, Failure Modes and Effect Analysis,
Functional Hazard Assessment, etc.).
a. Design Integrity Requirements
Each of the failure condition categories
defined in this special condition relate to the
corresponding aircraft system integrity
requirements. The design integrity
requirements for the Hoh Aeronautics, Inc.
AP/SAS as they relate to the allowed
probability of occurrence for each failure
condition category, and the proposed
software design assurance level, are as
follows:
Major—Condition classified as a ‘‘Major
failure condition’’ and resulting in Major
effects must be shown to be improbable, or
at or less than 1 × 10¥5 failures/hour, and
associated software must be developed to the
RTCA/DO–178B (Software Considerations in
Airborne Systems And Equipment
Certification) software design assurance
Level C.
Hazardous/Severe-Major—Condition
classified as a ‘‘Hazardous/Severe-Major
failure condition’’ and resulting in
Hazardous/Severe-Major effects must be
shown to be extremely remote or at or less
than 1 × 10¥7 failures/hour, and associated
software must be developed to the RTCA/
DO–178B (Software Considerations in
Airborne Systems And Equipment
Certification) software design assurance
Level B.
Catastrophic—Condition classified as a
‘‘Catastrophic failure condition’’ and
resulting in Catastrophic effects must be
shown to be extremely improbable or at or
less than 1 × 10¥9 failures/hour, and
associated software must be developed to the
E:\FR\FM\16JNP1.SGM
16JNP1
Federal Register / Vol. 74, No. 114 / Tuesday, June 16, 2009 / Proposed Rules
RTCA/DO–178B (Software Considerations in
Airborne Systems And Equipment
Certification) Level A software design
assurance level.
b. Design Environmental Requirements
Robinson must qualify the AP/SAS system
equipment to the appropriate environmental
level in the RTCA document DO–160F
(Environmental Conditions and Test
Procedures for Airborne Equipment), for all
relevant aspects. This must show that the
AP/SAS system performs its intended
function under any foreseeable operating
condition, which includes the expected
environment in which the AP/SAS is
intended to operate. Some of the main
considerations for environmental concerns
are installation locations and the resulting
exposure to environmental conditions for the
AP/SAS system equipment, including
considerations for other equipment that may
be affected environmentally by the AP/SAS
equipment installation. The level of
environmental qualification must be related
to the severity of the considered failure
condition and effects on the aircraft.
c. Test & Analysis Requirements
cprice-sewell on PRODPC61 with PROPOSALS
Compliance with these requirements may
be shown by a variety of methods, which
typically consist of analysis, flight tests,
ground tests, and simulation, as a minimum.
Compliance methodology is partly related to
the associated failure condition category. If
the AP/SAS is a complex system, compliance
with the requirements for aspects of the AP/
SAS that can result in failure conditions
classified as Major may be shown by
analysis, in combination with appropriate
testing to validate the analysis. Compliance
with the requirements for aspects of the AP/
SAS that can result in failure conditions
classified as Hazardous/Severe-Major may be
shown by flight-testing in combination with
analysis and simulation, and the appropriate
testing to validate the analysis. Flight tests
may be limited for this classification of
failures due to safety considerations.
Compliance with the requirements for
aspects of the AP/SAS that can result in
failure conditions classified as Catastrophic
may be shown by analysis and validated by
appropriate testing in combination with
simulation. Very limited flight tests in
combination with simulation may be used as
a part of a showing of compliance for failures
in this classification. Flight tests are
performed only in circumstances that use
operational variations or extrapolations from
other flight performance aspects to address
flight safety.
Issued in Fort Worth, Texas, on June 11,
2009.
Mark R. Schilling,
Acting Manager, Rotorcraft Directorate,
Aircraft Certification Service.
[FR Doc. E9–14103 Filed 6–15–09; 8:45 am]
BILLING CODE 4910–13–P
VerDate Nov<24>2008
14:59 Jun 15, 2009
Jkt 217001
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Parts 51, 60, 61 and 63
[EPA–HQ–OAR–2008–0531; FRL–8917–3]
RIN 2060–AP23
Restructuring of the Stationary Source
Audit Program
AGENCY: Environmental Protection
Agency (EPA).
ACTION: Proposed rule.
SUMMARY: The action proposes
amendments to the General Provisions
to allow accredited providers to supply
stationary source audit samples and to
require sources to obtain and use these
samples from the accredited providers
instead of from EPA, as is the current
practice. In addition, this proposed rule
incorporates by reference Volume 3,
‘‘General Requirements for
Environmental Proficiency Test
Providers’’ adopted December 22, 2007,
as an example of an acceptable
accredited proficiency test sample
provider (APTSP) technical criteria
document. This document outlines the
criteria an accredited provider program
must meet for the samples to be
acceptable.
Requirements pertaining to the audit
samples have all been moved to the
General Provisions and have been
removed from the test methods because
the current language in the test methods
regarding audit samples is inconsistent
from method to method. Therefore,
deleting all references to audit samples
in the test methods eliminates any
possible confusion and inconsistencies.
Under this proposed amendment, the
requirement to use an audit sample
during a compliance test will apply to
all test methods for which a
commercially available audit exists.
DATES: Comments must be received on
or before July 16, 2009. Under the
Paperwork Reduction Act, comments on
the information collection provisions
are best assured of having full effect if
the Office of Management and Budget
(OMB) receives a copy of your
comments on or before July 16, 2009.
ADDRESSES: Submit your comments,
identified by Docket ID Number EPA–
HQ–OAR–2008–0531, by one of the
following methods:
• https://www.regulations.gov: Follow
the on-line instructions for submitting
comments.
• E-mail: Comments may be sent by
electronic mail (e-mail) to a-and-rdocket@epa.gov, Attention Docket ID
No. EPA–HQ–OAR–2008–0531.
PO 00000
Frm 00003
Fmt 4702
Sfmt 4702
28451
• Fax: Fax your comments to: 202–
566–9744, Attention Docket ID No.
EPA–HQ–OAR–2008–0531.
• Mail: Send your comments to: Air
and Radiation Docket and Information
Center, Environmental Protection
Agency, Mail Code 2822T, 1200
Pennsylvania Ave., NW., Washington,
DC 20460. Attention Docket ID No.
EPA–HQ–OAR–2008–0531. In addition,
please mail a copy of your comments on
the information collection provisions to
the Office of Information and Regulatory
Affairs, Office of Management and
Budget (OMB), Attn: Desk Officer for
EPA, 725 17th St., NW., Washington, DC
20503.
• Hand Delivery or Courier: Deliver
your comments to: EPA Docket Center,
1301 Constitution Ave., NW., Room
3334, Washington, DC. Such deliveries
are only accepted during the Docket’s
normal hours of operation, and special
arrangements should be made for
deliveries of boxed information.
Instructions: Direct your comments to
Docket ID No. EPA–HQ–OAR–2008–
0531. EPA’s policy is that all comments
received will be included in the public
docket without change and may be
made available online at https://
www.regulations.gov, including any
personal information provided, unless
the comment includes information
claimed to be Confidential Business
Information (CBI) or other information
whose disclosure is restricted by statute.
Do not submit information that you
consider to be CBI or otherwise
protected through https://
www.regulations.gov or e-mail. The
https://www.regulations.gov Web site is
an ‘‘anonymous access’’ system, which
means EPA will not know your identity
or contact information unless you
provide it in the body of your comment.
If you send an e-mail comment directly
to EPA without going through https://
www.regulations.gov, your e-mail
address will be automatically captured
and included as part of the comment
that is placed in the public docket and
made available on the Internet. If you
submit an electronic comment, EPA
recommends that you include your
name and other contact information in
the body of your comment and with any
disk or CD–ROM you submit. If EPA
cannot read your comment due to
technical difficulties and cannot contact
you for clarification, EPA may not be
able to consider your comment.
Electronic files should avoid the use of
special characters, any form of
encryption, and be free of any defects or
viruses. For additional information
about EPA’s public docket, visit the EPA
E:\FR\FM\16JNP1.SGM
16JNP1
]]>Agencies
[Federal Register Volume 74, Number 114 (Tuesday, June 16, 2009)]
[Proposed Rules]
[Pages 28449-28451]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-14103]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 74, No. 114 / Tuesday, June 16, 2009 /
Proposed Rules��
[[Page 28449]]
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 21 and 27
[Docket No. SW021; Notice No. 27-021-SC]
Special Conditions: Robinson Helicopter Company R66 Helicopters,
14 CFR 27.1309, Installation of an Autopilot (AP) Stabilization
Augmentation System (SAS)
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of proposed special conditions.
-----------------------------------------------------------------------
SUMMARY: This action proposes special conditions for installing an
Autopilot Stabilization Augmentation System (AP/SAS) in the Robinson
Helicopter Company (Robinson) Model R66 helicopter. This helicopter
will have novel or unusual design features associated with installing a
complex AP/SAS that has potential failure modes with more severe
adverse results than those envisioned by the existing applicable
airworthiness standards. The applicable airworthiness standards do not
contain adequate or appropriate safety standards for this design
feature. This proposed special condition contains the added safety
standards the Administrator considers necessary to establish a level of
safety equivalent to the existing airworthiness standards.
DATES: We must receive your comments by July 31, 2009.
ADDRESSES: Mail two copies of your comments to: Federal Aviation
Administration, Rotorcraft Directorate, Attn: Rules Docket (ASW-111),
Docket No. SW021, 2601 Meacham Blvd., Fort Worth, Texas 76137. You may
deliver two copies to the Rotorcraft Directorate at this address. You
must mark your comments for: Docket No. SW021. You may inspect comments
in the Rules Docket weekdays, except Federal holidays, between 8:30
a.m. and 4 p.m.
FOR FURTHER INFORMATION CONTACT: George Schwab, Aviation Safety
Engineer, FAA, Rotorcraft Directorate (ASW-112), Aircraft Certification
Service, 2601 Meacham Blvd., Fort Worth, Texas, 76137; telephone (817)
222-5114; facsimile (817) 222-5961.
SUPPLEMENTARY INFORMATION:
Comments Invited
We invite you to take part in this rulemaking by sending written
comments, data, or views. The most helpful comments reference a
specific portion of the special conditions, explain the reason for any
recommended change, and include supporting data. We ask that you send
us two copies of written comments.
We will file in the docket all comments we receive, as well as a
report summarizing each substantive public contact with FAA personnel
on these special conditions. You can inspect the docket before and
after the comment closing date. If you wish to review the docket in
person, go to the address in the ADDRESSES section of this document
between 8:30 a.m. and 4 p.m., Monday through Friday, except Federal
holidays.
We will consider all comments we receive on or before the closing
date for comments. We will consider comments filed late if it is
possible to do so without incurring additional expense or delay. We may
change these special conditions based on the comments we receive.
If you want the FAA to acknowledge receipt of your comments on this
proposal, include with your comments a pre-addressed, stamped postcard
on which the docket number appears. We will stamp the date on the
postcard and mail it back to you.
Background
On November 1, 2006, Robinson proposed a change to the
certification basis, through the FAA's Los Angeles Aircraft
Certification Office (LA ACO), that would include installing an AP/SAS
as part of the application for type certification for the Robinson
Model R66 helicopter. The Robinson Model R66 helicopter is a part 27
Normal category, single turbine engine, conventional helicopter
designed for civil operation. The helicopter is capable of carrying
four passengers with one pilot, and has a maximum gross weight of
approximately 2,650 pounds. The major design features include a 2-
blade, fully articulated main rotor, a 2-blade anti-torque tail rotor,
a skid landing gear, and a visual flight rule (VFR) basic avionics
configuration. Robinson proposes offering the Hoh Aeronautics, Inc.
two-axis AP/SAS as a factory installed option.
Type Certification Basis
Under 14 CFR 21.17, Robinson must show that the Model R66
helicopter meets the applicable provisions of 14 CFR part 27, as
amended by Amendments 27-1 through 27-40.
If the Administrator finds the applicable airworthiness standards,
as they apply to the type certification, do not contain adequate or
appropriate safety standards because of a novel or unusual design
feature, special conditions are prescribed under Sec. 21.16.
Special conditions, as appropriate, are defined in Sec. 11.19, and
issued by following the procedures in Sec. 11.38 and become part of
the type certification basis under Sec. 21.17(a)(2).
Special conditions are initially applicable to the model for which
they are issued. Should the Type Certificate for that model be amended
later to include any other model that incorporates the same novel or
unusual design feature, the special condition would also apply to the
other model under Sec. 21.101.
Novel or Unusual Design Features
The Robinson Model R66 helicopter will be required to show
compliance with the current applicable requirements without the
optional AP/SAS system. The Hoh Aeronautics, Inc. AP/SAS system will
constitute a novel or unusual design feature when installed in the
Model R66 helicopter. Although this AP/SAS system performs non-critical
control functions, the possible failure modes for this system and their
effects on the ability of the helicopter to continue safe flight and
landing are more severe than those envisioned when the present safety
standards were promulgated. Therefore, additional safety standards are
necessary.
Discussion
Failure Condition Categories
The effect on safety is not adequately covered under Sec. 27.1309
for the application of new technology and new application of standard
technology.
[[Page 28450]]
Specifically, the present provisions of Sec. 27.1309(c) do not
adequately address the safety requirements for systems whose failures
could result in Catastrophic or Hazardous/Severe-Major failure
conditions, or for complex systems whose failures could result in Major
failure conditions.
To comply with the provision of the special condition, we propose
to require that Robinson provide the FAA with a Systems Safety
Assessment (SSA) for the final Hoh Aeronautics Inc. AP/SAS installation
configuration that will adequately address the safety objectives
established by the Functional Hazard Assessment (FHA) and the
Preliminary System Safety Assessment (PSSA), including the Fault Tree
Analysis (FTA). This must ensure that all failure modes and their
resulting effects are adequately addressed for the installed AP/SAS.
The SSA process, FHA, PSSA, and FTA are all parts of the overall Safety
Assessment (SA) process discussed in FAA Advisory Circular (AC) 27-1B
(Certification of Normal Category Rotorcraft) and SAE document ARP 4761
(Guidelines and Methods for Conducting the Safety Assessment Process on
civil airborne Systems and Equipment).
This special condition requires that the AP/SAS system installed on
a Robinson Model R66 helicopter meet these requirements to adequately
address the failure effects identified by the FHA, and subsequently
verified by the SSA, within the defined design integrity requirements.
Applicability
As discussed, this special condition is applicable to the Robinson
Model R66 helicopter with the Hoh Aeronautics, Inc. AP/SAS installed as
a factory option under the pending application for the Robinson Model
R66 type certificate. Should Robinson Helicopter Company apply at a
later date for a change to the type certificate to include another
model incorporating this same factory installed option Hoh Aeronautics,
Inc. AP/SAS novel or unusual design feature, this special condition
would also apply to that model, under the provisions of Sec.
21.101(b)(1).
Conclusion
This action affects only the Robinson R66 model series of
helicopter with the novel or unusual design features of a Hoh
Aeronautics, Inc. AP/SAS installed. It is not a rule of general
applicability.
List of Subjects in 14 CFR Parts 21 and 27
Aircraft, Aviation safety, Exports, Imports, Reporting and
recordkeeping requirements.
The authority citation for these special conditions is as follows:
Authority: 42 U.S.C. 7572; 49 U.S.C. 106(g), 40105, 40113,
44701-44702, 44704, 44709, 44711, 44713, 44715, 45303.
The Proposed Special Conditions
Accordingly, the Federal Aviation Administration (FAA) proposes
the following special conditions as part of the type certification
basis for Robinson Model R66 helicopters:
For installation of a Hoh Aeronautics, Inc. Autopilot/Stability
Augmentation System on a Robinson Model R66 helicopter, the system
must be designed and installed so that the failure conditions
identified in the Functional Hazard Assessment and addressed by the
System Safety Assessment, after design completion, are adequately
addressed in accordance with the Definitions for the Failure
Condition Categories and the Requirements (including the design
integrity, design environmental, and test and analysis requirements)
of this special condition.
Definitions
Failure Conditions are conditions that result from a failure and
are classified, according to the severity of their effects on the
rotorcraft, into one of the following categories:
(1) No Effect--Failure Conditions that would have no effect on
safety; for example, Failure Conditions that would not affect the
operational capability of the rotorcraft or increase crew workload;
however, could result in an inconvenience to the occupants,
excluding the flight crew.
(2) Minor--Failure conditions which would not significantly
reduce rotorcraft safety, and would involve crew actions that are
well within their capabilities. Minor failure conditions would
include, for example, a slight reduction in safety margins or
functional capabilities, a slight increase in crew workload such as
routine flight plan changes, or result in some physical discomfort
to occupants.
(3) Major--Failure conditions which would reduce the capability
of the rotorcraft or the ability of the crew to cope with adverse
operating conditions to the extent there would be, for example, a
significant reduction in safety margins or functional capabilities;
a significant increase in crew workload or result in impairing crew
efficiency; physical distress to occupants, including injuries; or
physical discomfort to the flight crew.
(4) Hazardous/Severe-Major--Failure conditions that would reduce
the capability of the rotorcraft or the ability of the crew to cope
with adverse operating conditions to the extent there would be:
(i) A large reduction in safety margins or functional
capabilities;
(ii) Physical distress or excessive workload that would impair
the flight crew's ability to the extent that they could not be
relied on to perform their tasks accurately or completely; or
(iii) Possible serious or fatal injury to a passenger or a cabin
crewmember, excluding the flight crew.
Note: Hazardous/Severe-Major failure conditions can include
events that are manageable by the crew by use of proper procedures,
which, if not carried out correctly or in a timely manner, may
result in a Catastrophic Event.
(5) Catastrophic--Failure Conditions which would result in
multiple fatalities to occupants, fatalities or incapacitation to
the flight crew, or result in the inability of the rotorcraft to
continue safe flight and landing.
Requirements
Robinson must comply with the existing requirements of Sec.
27.1309 for all applicable design and operational aspects of the AP/
SAS with the failure condition categories of No Effect, Minor, and
for non-complex systems whose failure condition category is
classified as Major. Robinson must also comply with the requirements
of this special condition for all applicable design and operational
aspects of the AP/SAS with the failure condition categories of
Catastrophic and Hazardous/Severe-Major, and for complex systems
classified as a Major failure condition category.
A complex system is a system whose operations, failure modes, or
failure effects are difficult to understand without the aid of
analytical methods (for example, Fault Tree Analysis, Failure Modes
and Effect Analysis, Functional Hazard Assessment, etc.).
a. Design Integrity Requirements
Each of the failure condition categories defined in this special
condition relate to the corresponding aircraft system integrity
requirements. The design integrity requirements for the Hoh
Aeronautics, Inc. AP/SAS as they relate to the allowed probability
of occurrence for each failure condition category, and the proposed
software design assurance level, are as follows:
Major--Condition classified as a ``Major failure condition'' and
resulting in Major effects must be shown to be improbable, or at or
less than 1 x 10-5 failures/hour, and associated software
must be developed to the RTCA/DO-178B (Software Considerations in
Airborne Systems And Equipment Certification) software design
assurance Level C.
Hazardous/Severe-Major--Condition classified as a ``Hazardous/
Severe-Major failure condition'' and resulting in Hazardous/Severe-
Major effects must be shown to be extremely remote or at or less
than 1 x 10-7 failures/hour, and associated software must
be developed to the RTCA/DO-178B (Software Considerations in
Airborne Systems And Equipment Certification) software design
assurance Level B.
Catastrophic--Condition classified as a ``Catastrophic failure
condition'' and resulting in Catastrophic effects must be shown to
be extremely improbable or at or less than 1 x 10-9
failures/hour, and associated software must be developed to the
[[Page 28451]]
RTCA/DO-178B (Software Considerations in Airborne Systems And
Equipment Certification) Level A software design assurance level.
b. Design Environmental Requirements
Robinson must qualify the AP/SAS system equipment to the
appropriate environmental level in the RTCA document DO-160F
(Environmental Conditions and Test Procedures for Airborne
Equipment), for all relevant aspects. This must show that the AP/SAS
system performs its intended function under any foreseeable
operating condition, which includes the expected environment in
which the AP/SAS is intended to operate. Some of the main
considerations for environmental concerns are installation locations
and the resulting exposure to environmental conditions for the AP/
SAS system equipment, including considerations for other equipment
that may be affected environmentally by the AP/SAS equipment
installation. The level of environmental qualification must be
related to the severity of the considered failure condition and
effects on the aircraft.
c. Test & Analysis Requirements
Compliance with these requirements may be shown by a variety of
methods, which typically consist of analysis, flight tests, ground
tests, and simulation, as a minimum. Compliance methodology is
partly related to the associated failure condition category. If the
AP/SAS is a complex system, compliance with the requirements for
aspects of the AP/SAS that can result in failure conditions
classified as Major may be shown by analysis, in combination with
appropriate testing to validate the analysis. Compliance with the
requirements for aspects of the AP/SAS that can result in failure
conditions classified as Hazardous/Severe-Major may be shown by
flight-testing in combination with analysis and simulation, and the
appropriate testing to validate the analysis. Flight tests may be
limited for this classification of failures due to safety
considerations.
Compliance with the requirements for aspects of the AP/SAS that
can result in failure conditions classified as Catastrophic may be
shown by analysis and validated by appropriate testing in
combination with simulation. Very limited flight tests in
combination with simulation may be used as a part of a showing of
compliance for failures in this classification. Flight tests are
performed only in circumstances that use operational variations or
extrapolations from other flight performance aspects to address
flight safety.
Issued in Fort Worth, Texas, on June 11, 2009.
Mark R. Schilling,
Acting Manager, Rotorcraft Directorate, Aircraft Certification Service.
[FR Doc. E9-14103 Filed 6-15-09; 8:45 am]
BILLING CODE 4910-13-P
