How to Classify the Criticality Level in Aeronautics ?

Photo of author
Written By Functional Safety Expert

Lorem ipsum dolor sit amet consectetur pulvinar ligula augue quis venenatis. 

The classification of criticality level in an aeronautical system is a crucial process aimed at assessing the impact of potential failures on the overall safety of the aircraft and passengers. This process is standardized and guided by rigorous methodologies, such as those defined in ARP4761 and ARP4754A standards, as well as the certification rules of aviation authorities (FAA, EASA).

Here’s how this process typically unfolds:

Steps in Criticality Level Classification:

1. Identify Critical Functions of the System:

  • Analyze the main functions of the system (e.g., flight control system, fuel management system, avionics systems).
  • List all functions to understand their role in the safety of the flight and passengers.

2. Identify Possible Failure Modes:

  • Conduct a Failure Modes and Effects Analysis (FMEA) to identify how each function can fail.
  • For each failure, assess its impact on the aircraft and safety (e.g., loss of control, engine failure, loss of critical information for the pilots).

3. Classify Failure Severity:

Each potential failure is classified based on its severity. Standard categories for classifying failures are:

  • Catastrophic: A failure that leads to the loss of the aircraft and/or death of passengers and crew.
    • Example: Total loss of the flight control system.
  • Hazardous: A failure that causes severe or fatal injuries to multiple occupants, or significant loss of control that is difficult to manage.
    • Example: Failure of one engine on a multi-engine aircraft.
  • Major: A failure that causes minor injuries to multiple occupants or significant discomfort, and could affect flight management.
    • Example: Failure of a subsystem that reduces the effectiveness of the pilot’s control without complete loss of control.
  • Minor: A failure that causes discomfort for passengers or a slight increase in workload for pilots, without compromising safety.
    • Example: Temporary loss of a non-critical display in the cockpit.
  • No Effect: A failure that has no impact on safety, flight, or passenger comfort.
    • Example: Failure of the in-flight entertainment system.

4. Assess the Probability of Failure:

Along with the severity of the failure, the probability of each failure occurring must be evaluated. This step is based on historical data, reliability calculations (like MTBF – Mean Time Between Failures), and statistical analysis.

Common probability categories include:

  • Frequent: Happens often (more than once per year).
  • Probable: Likely to occur multiple times during the aircraft’s lifetime.
  • Occasional: Occurs sometimes during the aircraft’s lifetime.
  • Remote: Unlikely but could occur at least once during the aircraft’s lifetime.
  • Extremely Improbable: Should never occur during the aircraft’s lifetime.

5. Risk Matrix (Severity vs. Probability):

A risk matrix is used to combine the severity and probability of failures to determine the overall criticality level of a risk. This matrix classifies each risk as:

  • Acceptable: No additional safety measures are required.
  • Unacceptable: Must be eliminated or mitigated.
  • Tolerable with Mitigation: Can be tolerated if risk-reducing measures are in place.

For example:

  • A catastrophic failure with a remote probability would be classified as tolerable with mitigation.
  • A hazardous failure with a frequent probability would be classified as unacceptable.

6. Assigning a DAL (Design Assurance Level):

Based on the determined criticality level, a Design Assurance Level (DAL) is assigned to each function or component. The DAL indicates the level of assurance required during the development process to ensure the system is safe enough. The DALs range from A (most critical) to E (least critical).

  • DAL A: Catastrophic — Extremely high reliability required (failure rate on the order of 10⁻⁹ per flight hour).
  • DAL B: Hazardous — Very low failure rate required.
  • DAL C: Major — Moderate reliability required.
  • DAL D: Minor — Lower reliability required, but still necessary.
  • DAL E: No Effect — No specific reliability requirements.

7. Validation and Testing:

Once the DAL is defined, specific validation and testing processes are implemented. This includes:

  • Rigorous testing (unit tests, regression tests, real-world environment tests).
  • Hardware and software system checks.
  • Simulations and stress tests under extreme conditions to ensure the system meets safety requirements.

Tools Used for Criticality Classification:

  • ARP4761: Standard used for the safety of avionics systems, especially for risk analysis.
  • ARP4754A: Standard for the certification of avionics systems.
  • FMEA (Failure Modes and Effects Analysis): To identify failure modes and their impacts.
  • FTA (Fault Tree Analysis): To determine the probability of a major failure from individual failures.

Summary

The classification of criticality level is a structured process that starts with identifying critical functions, evaluating failure modes, determining the severity and probability of each failure, and ends with assigning a DAL. This ensures that aeronautical systems are designed and tested with the appropriate level of rigor to match their potential impact on flight safety.

Murphy’s Law: When Anything That Can Go Wrong, Will Go Wrong

The Safety Case in Dependability

Leave a Comment

Reach out to us for sponsorship opportunities

Contact Us

© 2024 Functional Safety Expert

Privacy Policy Terms of Service