4.12 g burtenshaw certification issues

4, 5 October 2005 Implementing RNP (Towards a Mandate?) 1
European Aviation Safety Agency
Certification Issues
Geoff Burtenshaw
U.K. Civil Aviation Authority

Topics
The role that RNP plays within ATM
safety
Background
Some definitions of safety
Safety assessment techniques - the state
of play
What does the RNP MASPS provide?
Assuring safety using RNP
Certification issues

Topics cont.
Certification Issues related to RNP
airworthiness approval and flight operations
authorisation
EASA experience to date
Technical challenges of low RNP approval
Certification process issues
Lessons learned
What are we doing?
EASA Draft AMC 20-XZ
Future tasking
Summary

The role that RNP plays
within ATM safety

Background
Today’s ATM system characterised by
simple and well understood concepts
and route structures/procedures
ATM safety defined through a
combination of:
ICAO Annex/PANS safety targets
Standards and specifications
Derived functional safety requirements
e.g., at the airworthiness level
Implied safety through operating
procedures

Some Definitions of Safety
ATS Route Spacing
A Target Level of Safety (TLS) of 5x10-9
fatal
accidents per flight hour per dimension (Annex 11,
Attachment B for parallel tracks)
Obstacle Clearance
The OCA/H values designed against an overall
safety target of 1x10-7
per approach of risk of
collision with obstacles (PAN OPS Doc 8186 Vol
II)
Infrastructure
Annex 10 requirements for individual navigation
aids

Some Definitions of Safety
Aircraft Design and Flight Operations
Loss of all navigation must be Improbable
 Objective of 1x10-5
per flight hour
Display of ‘hazardously misleading’
navigational or positional information on
both pilot’s displays must be Improbable
 Extremely Remote* in specific flight phases (objective of
1x10-7
per flight hour)
• Alleviated in JAA TGL No. 10 and subject to on-going
harmonisation activity
Standard operating procedures
 Basic licensing, aircraft type rating, specific training and
approvals for LROPS, AWO

Safety Assurance
Safety assured independently by the
respective domains
But how well joined up are these
safety requirements?
For RNAV, proving the safety targets
have been met is more difficult
Complexity

Safety Assessment Techniques
– The State of Play
Industry beginning to focus on end-to-
end safety e.g., use of tools such as
HAZID to generate Safety Arguments
ESARR4 Risk Assessment and
Mitigation in ATM
Difficult to apportion safety budgets
Lacking interpretative guidance
Resolving risk – per flight hour for each
aircraft versus per flight hour per dimension
Common issue with all CNS/ATM
applications

What does the RNP MASPS
provide?
RTCA/EUROCAE DO-236()/ED-75()
Path definition – reliable, predictable and
repeatable ground tracks
An Estimate of Position Uncertainty (EPU)
Containment methodology
 Aircraft qualified as RNP will remain within the confines of the
RNP airspace with a predefined level of confidence
Alerting
A tool for airspace, route and procedure
design (scaleable procedures / airspace)
An enabler for future ATM concepts

Containment Methodology
Containment Integrity
The probability that the TSE of each
aircraft operating in RNP airspace exceeds
the specified cross track containment limit
(2xRNP) without annunciation shall be
less than 1x10-5
per flight hour
Containment Continuity
The probability of annunciated loss of RNP
capability shall be less than 1x10-4
per
flight hour

What the RNP MASPS doesn’t
provide?
DO-236()/ED-75() is NOT in itself:
A certification standard
A safety standard for an airspace, a route
spacing, traffic separation or obstacle
clearance
Containment methodology should be
considered as an additional level of
safety assurance provided by the
aircraft system design
But how to use it?

Assuring Safety Using RNP
Aircraft safety a multi-layered affair
Traditional 25.1301 and 1309 assessment
Containment methodology
Credit for back-up Surveillance systems
 TCAS and TAWS
Credit for improved flight crew situational
awareness and monitoring procedures
Safety accounted for within performance based
procedure design and traffic separation criteria
A mixture of quantitative and qualitative
assessments (RNP operational safety)
Need a new overall safety methodology to
capture these aspects in the airspace design

Certification Issues
Need a formal safety methodology that
can relate RNP Containment to route
spacing and obstacle clearance
Take account of RNP operational safety
and mitigation strategies
Avoid over reliance on operating procedures
Question of buffers and the safety targets
Blunder errors
A universal set of assumptions
Default versus scaleable RNP applications

Certification Issues related
to RNP airworthiness
approval and flight
operations authorisation

EASA Experience to date
A low RNP airworthiness approval
supporting a Special Aircraft and
Aircrew Authorisation Required
(SAAAR) application
Technical challenges
Certification process issues

Technical challenges of Low
RNP Approval
Performance under all operating
conditions
Normal conditions e.g., Turn Radius with
max CAS in a given wind strength
Abnormal conditions e.g., failure cases
Understanding FGS behaviour
Effects on FTE
Human Machine Interface (HMI)
Track Deviation Monitoring

Technical challenges of Low
RNP Approval
Documentation (AFM and MEL)
RNP accuracy for special approaches
provided operational assumptions of the
‘Airworthiness Compliance Document’ are
observed
To be accounted for in instrument
procedure design assumptions
To assist definition of specific
contingency or mitigation procedures
for system failures

Certification Process Issues
Not entirely satisfactory experience
for the Agency or the Applicant
Lack of available safety standards
Blurring of roles between
airworthiness and operational
approvals
Technical assessment without a good
appreciation of Ops Concept

Certification Process Issues
Difficulty in doing airworthiness
assessment remote from procedure
design and operational approval
Concern that airworthiness assumptions
not undermined by operational approval
Not knowing how the airworthiness
approval and assumptions will be used

Lessons Learned
Need a concise certification standard with
which to work to
Capturing the Ops Concept
Assessing the Risks
Risk mitigation strategies
Showing of compliance
Education
A more integrated approach to airworthiness
and operational approval (TCA and FAA
National Aircraft Evaluation Team?)

What are we doing?
Getting a consistent understanding of
RNP applications (ICAO RNPSORSG)
Standard or default applications
Specials
For approach phase :-
EASA Rulemaking Drafting Group
Draft AMC 20-XZ, Airworthiness and
Operational Approval for RNP Approach
Operations

Integration of airworthiness and
operational criteria
Scope supporting RNP 0.3 approvals
but also airworthiness demonstration
for < 0.3 NM
Consistency with FAA Notice
8000.287 Special Aircraft and Aircrew
Authorisation Required (SAAAR) and
Public SAAAR criteria

Include a requirement for an
Operational Support Document
detailing airworthiness assumptions
Coordination with JAA Operations
Sectorial Team (OST)
Harmonisation with FAA through
PARC
Rulemaking Drafting Group meeting
in early November to finalise draft

Future Tasking
Approach phase
Lessons learned
Safety standards evolving
Now awaiting PANS OPS criteria / Manual
Other flight phases
Awaiting definition of RNP Ops Concept i.e., the
navigation application
Safety methodology relating aircraft capability and
route spacing
Airworthiness and operational approval criteria

Summary
Presentation has addressed the role that
RNP plays within ATM safety
Contribution of containment
But the need for a formal safety methodology
Pinning down the credit for RNP operational safety
Highlighted EASA experience to date on a
low RNP airworthiness approval
Identified certification process issues
Lessons learned
Current EASA rulemaking drafting group activity
Identified EASA certification tasks for future
consideration

Questions ?

Session 4
RNP – The Expectations?
Question and Answer Session

Session 5
Open Forum
The Way Forward

4.12 g burtenshaw certification issues

More Related Content

What's hot

More from Vinil Patel

Recently uploaded

4.12 g burtenshaw certification issues