BenjiK
Student
- Nov 6, 2021
- 1
Hi all,
I am trying to do a safety analysis of a (relatively simple) existing aircraft system architecture.
I am following "Aircraft System Safety: Assessments for Initial Airworthiness Certification" by Duane Kritzinger and have begun with a functional analysis of the major AC systems.
Based on this, I have created an FHA that now assigns a failure condition to each of these functions and determines the severity of the consequence. In addition, this table also includes the implicated systems that may be responsible for such a failure. Since the system is very small, I decide not to do a separate system/subsystem analysis here and just have one large FHA table.
However, as the analysis progresses, I am now unsure. I have identified some functions that can lead to a catastrophic system failure (Loss of AC). Now the probability of failure for such an event is, for example, 10^-9. I could confirm this with a fault tree analysis....
In the literature examples, I keep finding now that each function with catastrophic consequences is checked individually with a failure probability of 10^-9 using an FTA. Why are they showing it like this?
All catastrophic system failures together should be allowed to fail combined with a maximum of 10^-9, in my oppinion right? So I would also have to model all catastrophic outcome functions in a single FT and check against 10^-9, right? Or is a fixed failure probability normally assigned to each function beforehand, which in combination with the other functions ensures the 10^-9? And only then is the FTA performed with this fixed failure value?
Do you see a more reasonable/logic approach that might be considered with an existing architecture (with assigned failure probabilities of system components)?
Thanks a lot!
I am trying to do a safety analysis of a (relatively simple) existing aircraft system architecture.
I am following "Aircraft System Safety: Assessments for Initial Airworthiness Certification" by Duane Kritzinger and have begun with a functional analysis of the major AC systems.
Based on this, I have created an FHA that now assigns a failure condition to each of these functions and determines the severity of the consequence. In addition, this table also includes the implicated systems that may be responsible for such a failure. Since the system is very small, I decide not to do a separate system/subsystem analysis here and just have one large FHA table.
However, as the analysis progresses, I am now unsure. I have identified some functions that can lead to a catastrophic system failure (Loss of AC). Now the probability of failure for such an event is, for example, 10^-9. I could confirm this with a fault tree analysis....
In the literature examples, I keep finding now that each function with catastrophic consequences is checked individually with a failure probability of 10^-9 using an FTA. Why are they showing it like this?
All catastrophic system failures together should be allowed to fail combined with a maximum of 10^-9, in my oppinion right? So I would also have to model all catastrophic outcome functions in a single FT and check against 10^-9, right? Or is a fixed failure probability normally assigned to each function beforehand, which in combination with the other functions ensures the 10^-9? And only then is the FTA performed with this fixed failure value?
Do you see a more reasonable/logic approach that might be considered with an existing architecture (with assigned failure probabilities of system components)?
Thanks a lot!