Usage of MTBF for Exposure Times of Undetected Faults in Safety Assessments 2007-01-3831
Many of the certification regulations in 14 CFR Part 25 are by design, broad and as such, can be subject to large differences in the interpretation of what constitutes adequate compliance. Advisory Circulars (AC's) were developed for many of the regulations to assist industry, as well as certification personnel, with what is considered an acceptable, but not the only means, of compliance. However, there are many regulations where no advisory material is available. In these cases, the “acceptable means” of compliance can vary to a greater degree among the various aircraft certification offices. This difficulty is aggravated as new applicants and regulatory personnel enter the certification field.
Recent discussions and interpretations on the usage of an avionic unit's mean time between failure or MTBF for its detectable faults as the basic repair rate for undetected or latent faults, is a subject area where no significant advisory material exists. Therefore certification office interpretation as to “what is acceptable maintenance” in such a situation can vary significantly. This paper discusses the use of an avionic unit's MTBF for detected faults - plus an allowable repair time after a detected failure has occurred before the unit would need to be repaired - as the safety analysis failure exposure time for undetected faults and establishes a mathematical basis justifying its use.
The presented analysis approach shows that using the unit's MTBF for detected faults - plus an allowable, but time limited operating period before repair is needed - as the basic repair rate for the undetected faults, is an acceptable means of maintaining undetectable failures of protective elements. In this operating scenario, the risk of system loss due to operating with latent failures in multiple units of the protective elements can be adequately controlled to the needed classification levels.