Nowadays, System Safety Assessment is a key element to meet UAVs airworthiness requirements from aviation authorities. Usually, when we think about safety, we only think about safety relative to the aircraft itself. But there are many other players involved in drone operation: safety pilot, drone operator, control station, drone operation environment, UAV maintenance… all this must be considered when defining an SSA and analyzed up to hardware and software quality assurance level.
What is System Safety Assessment (SSA)
First of all, we should ask ourselves what system safety is? It is the application of engineering principles, analysis and techniques to minimize risks and hazards at the lowest admissible level on the UAV. System Safety is applied to the entire project life. It starts at the design / conceptual stages and continues during the development and operation, and involves processes up to the end of the life of the UAV.
The System Safety Assessment (SSA) is part of the Safety Assessment Process defined in ARP 4761. The SSA is elaborated for a determined UAV system and proves that safety requirements contained in Functional Hazard Assessment (FHA) and Preliminary System Safety Assessment (PSSA) are met in the system design.
System Safety Assessment makes use of different techniques and analysis, some of them are listed below:
- Hazard analysis.
- Failure modes and effects analysis.
- Fault trees.
- Markov processes.
- Software safety.
- Hardware safety.
Functional Hazard Analysis (FHA) or Hazard Analysis takes place with the start of the UAV development. This type of analysis recognizes and organizes possible failure situations associated with the unmanned system.
Failure modes and effects analysis is a way of detecting failure modes either in an unmanned system or in a part of it and determine their effects in the next higher level.
Fault trees are used to make sure that qualitative and quantitative UAV requirements and objectives, as well as failure conditions, can be accomplished.
Markov analysis is a method similar to fault trees analysis (FTA) and dependence diagram (DD). By means of the Markov chain, system states and transitions are represented graphically. The transitions between states are obtained from the failure and repair rates.
When defining the components and subcomponents involved in safety, the last stage in the safety analysis is the hardware and software in critical components. In the drone SSA, software and hardware development assurance levels (DALs) validate safety requirements obtained from Preliminary System Safety Assessment (PSSA). Related with hardware and software safety in airborne systems, there are two recommendations for ensuring acceptable safety levels that are elaborated by the Radio Technical Commission for Aeronautics (RTCA). These recommendations are DO-178C (Software Considerations in Airborne Systems and Equipment Certification) and DO-254 (Design Assurance Guidance for Airborne Electronic Hardware).
Embention’s support for System Safety Assessment
Embention offers his experience in UAVs to help to elaborate the System Safety Assessment (SSA) for any unmanned system. In addition, Embention provides support for UAV certification with main aviation authorities worldwide, now working with FAA, FOCA, AESA, LBA, ENAC…
Veronte Autopilot 1x meets main recommendations on Hardware and Software safety by ensuring compliance with DO-178 and DO-254 up to DAL B. Meeting these standards provides plenty of safety documentation and artifacts that are available for entering a UAV certification process.