Dependencies Between Development (ARP4754A) and Production (Part 21, Subpart G) of Safety-Critical Avionics Equipment 2013-01-2122
Avionics equipment, especially for safety-critical systems, is developed by means of a series of design steps, propagating and refining requirements through a number of hierarchical levels, from the aircraft level, through system and sub-system levels, down to equipment, subassemblies and individual components (see SAE ARP4754A ). At each development level, accompanying safety assessments (e.g. per SAE ARP4761 ) are performed to derive safety requirements which ensure compliance to the overall safety requirements determined by the aircraft and systems functional hazard assessments (FHAs). The safety related requirements of all development levels flow through the process down into the individual equipment specifications and are ultimately implemented in the equipment design where the design data is approved for the certificated aircraft (or engine) type.
The equipment production process builds the equipment according to this approved design data. Safety assessment methodologies assume that each produced aircraft is equivalent to the type design. Conformity of the manufactured equipment, to the approved type design data, is therefore paramount to airworthiness and safety of each aircraft.
To ensure conformity, the avionics production process is monitored by a quality system, i.e. a process of inspections and testing to verify conformity to the design data and to approve the manufactured items up to approval of the fully assembled equipment which is individually certificated through an authorized release certificate (e.g. FAA Form 8130-3, EASA Form 1 [5, 8].)
For structural parts, or simple components, function is directly related to their physical properties. Conformity demonstration based on these properties is adequate and straightforward. For complex subsystems or components, in particular for avionics, the function is almost entirely emergent, i.e., not directly related to any physical property of the implementation. Conformity to type design, and verification thereof, must therefore go beyond the implementation, to include functional properties. This however, requires more knowledge about the product than just drawings and bill of materials. Despite the importance of the data shared between the development and the production processes, very little guidance is available regarding the nature of these data, and the methods used to develop an adequate production process quality system.
This paper is an attempt at defining the process and methods potentially required to develop the production process quality system, in particular the conformity verification activities, and the data required from the development processes. The production quality system is considered the continuation of the safety process within the development process.
The scope of this paper is limited to Avionic systems equipment, although in some places aircraft level aspects are mentioned. This paper is concerned about the safety aspects derived from ARP4754A interacting with the production process, referring to a “quality system” as per 14 CFR/IR Part 21, subpart G [2, 4, 7, 8]. Production related quality aspects (e.g. ensuring advantageous production yield supporting business related objectives) are not the subject of this paper.
Citation: Fritz, K., Kurz, N., Peterson, E., and Buese, R., "Dependencies Between Development (ARP4754A) and Production (Part 21, Subpart G) of Safety-Critical Avionics Equipment," SAE Int. J. Aerosp. 6(2):355-370, 2013, https://doi.org/10.4271/2013-01-2122. Download Citation
Klaus Fritz, Nikolaus Kurz, Eric Peterson, Rolf Buese
Diehl Aerospace GmbH, Electron International II Inc
SAE 2013 AeroTech Congress & Exhibition
SAE International Journal of Aerospace-V122-1, SAE International Journal of Aerospace-V122-1EJ