Federal Aviation Administration (FAA), DOT.
Notice of proposed special condition.
This proposed special condition is issued for the modification of the Robinson Model R44 helicopter. This modification will have novel or unusual design features associated with installing a complex Autopilot/ Stabilization Augmentation System (AP/SAS) that has potential failure modes with more severe adverse consequences than those envisioned by the existing applicable airworthiness regulations. This proposal contains the additional safety standards that the Administrator considers necessary to ensure that the failures and their effects are sufficiently analyzed and contained.
Comments must be received on or before July 8, 2005.
Send comments on this special condition in duplicate to: Federal Aviation Administration (FAA), Rotorcraft Standards Staff, Attention: Docket No. SW013, Fort Worth, Texas 76193-0110, or deliver them in duplicate to the Rotorcraft Standards Staff at 2601 Meacham Blvd., Fort Worth, Texas 76137. Comments must be marked: Docket No. SW013. You may inspect comments in the Docket that is maintained in Room 448 in the Rotorcraft Directorate offices at 2601 Meacham Blvd., Fort Worth, Texas, on weekdays, except Federal holidays, between 8:30 a.m. and 4 p.m.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Robert McCallister, Aviation Safety Engineer, FAA, Rotorcraft Directorate, Rotorcraft Standards Staff, 2601 Meacham Blvd., Fort Worth, Texas 76193-0110; telephone (817) 222-5121, FAX (817) 222-5961.End Further Info End Preamble Start Supplemental Information
You are invited to submit written data, views, or arguments. Your communications should include the docket or special condition number and be sent in duplicate to the address stated above. We will consider all communications received on or before the closing date and may change the special condition in light of the comments received. Interested persons may examine the Docket. We will file a report in the docket summarizing each substantive public contact with FAA personnel concerning this special condition. If you wish us to acknowledge receipt of your comments, you must include a self-addressed, stamped postcard on which the following statement is made: “Comments to Docket No. SW013.” We will date stamp the postcard and mail it to you.
On January 18, 2000, Hoh Aeronautics, Inc. submitted an application for Supplemental Type Certification (STC) for the installation of an Autopilot Stability/Augmentation System (AP/SAS) on a Robinson Model R44 helicopter through the FAA's Los Angeles Aircraft Certification Office (LA ACO). The Robinson Model R44 helicopter is a part 27 Normal category, single reciprocating engine, conventional helicopter designed for civil operation. The helicopter is capable of carrying three passengers with one pilot, and has a maximum gross weight of approximately 2,400 pounds. The major design features include a 2-blade, fully articulated main rotor, a 2-blade anti-torque tail rotor, a skid landing gear, and a visual flight rule (VFR) basic avionics configuration. Hoh Aeronautics, Inc. proposes to install a three-axis AP/SAS.
Type Certification Basis
Under the provisions of 14 CFR 21.115, Hoh Aeronautics, Inc. must show that the Robinson Model R44 helicopter, as modified by the installed AP/SAS, meets 14 CFR 21.101. The baseline of the certification basis for the unmodified R44 is listed in Type Certification Data Sheet Number H11NM, Revision 3. Additionally, compliance must be shown to any special conditions prescribed by the Administrator.
If the Administrator finds that the applicable airworthiness regulations, as they pertain to this STC, do not contain adequate or appropriate safety standards because of a novel or unusual design feature, special conditions are prescribed under the provisions of § 21.101(d). Special conditions, as appropriate, are defined in § 11.19, and issued by following the procedures in § 11.38.
In addition to the applicable airworthiness regulations and special conditions, Hoh Aeronautics, Inc. must show compliance of the AP/SAS STC-altered Robinson Model R44 helicopter with the noise certification requirements of 14 CFR part 36; and the FAA must issue a finding of regulatory adequacy pursuant to 49 U.S.C. 44715 (formerly section 611 of the Federal Aviation Act of 1958 as amended by section 7 of Pub. L. 92-574, the “Noise Control Act of 1972.”).
Novel or Unusual Design Features
The Hoh Aeronautics, Inc. AP/SAS system incorporates novel or unusual design features, for installation in a Robinson Model R44 helicopter, Type Certification Data Sheet Number H11NM. This AP/SAS system performs non-critical control functions, since this model helicopter has been certificated to meet the applicable requirements independent of this system. However, the possible failure modes for this system, and their effect on the helicopter's ability to continue safe flight and landing, are more severe than those envisioned by the present rules when they were first promulgated.
Definitions: Definitions of Failure Condition Categories—Failure Conditions are classified, according to the severity of their effects on the Start Printed Page 33400aircraft, into one of the following categories:
1. No Effect—Failure Conditions that would have no effect on safety; for example, Failure Conditions that would not affect the operational capability of the rotorcraft or increase crew workload; however, could result in an inconvenience to the occupants, excluding the flight crew.
2. Minor—Failure conditions which would not significantly reduce rotorcraft safety, and which would involve crew actions that are well within their capabilities. Minor failure conditions may include, for example, a slight reduction in safety margins or functional capabilities, a slight increase in crew workload, such as routine flight plan changes, or some physical discomfort to occupants.
3. Major—Failure conditions which would reduce the capability of the rotorcraft or the ability of the crew to cope with adverse operating conditions to the extent that there would be, for example, a significant reduction in safety margins or functional capabilities, a significant increase in crew workload or in conditions impairing crew efficiency, physical distress to occupants, possibly including injuries, or physical discomfort to the flight crew.
4. Hazardous/Severe-Major—Failure conditions which would reduce the capability of the rotorcraft or the ability of the crew to cope with adverse operating conditions to the extent that there would be:
- A large reduction in safety margins or functional capabilities;
- Physical distress or excessive workload that would impair the flight crew's ability to the extent that they could not be relied on to perform their tasks accurately or completely; or,
- Possible serious or fatal injury to a passenger or a cabin crewmember, excluding the flight crew.
“Hazardous/Severe-Major” failure conditions can include events that are manageable by the crew by use of proper procedures, which, if not implemented correctly or in a timely manner, may result in a Catastrophic Event.
5. Catastrophic—Failure Conditions which would result in multiple fatalities to occupants, fatalities or incapacitation to the flight crew, or result in loss of the rotorcraft.
The present §§ 27.1309(b) and (c) regulations do not adequately address the safety requirements for systems whose failures could result in “Catastrophic” or “Hazardous/Severe-Major” failure conditions, or for complex systems whose failures could result in “Major” failure conditions. The current regulations are inadequate because when §§ 27.1309(b) and (c) were promulgated, it was not envisioned that this type of rotorcraft would use systems that are complex or whose failure could result in “Catastrophic” or “Hazardous/Severe-Major” effects on the rotorcraft. This is particularly true with the application of new technology, new application of standard technology, or other applications not envisioned by the rule that affect safety.
We propose to require that Hoh Aeronautics, Inc. provide the FAA with a Systems Safety Assessment (SSA) for the final AP/SAS installation configuration that will adequately address the safety objectives established by the Functional Hazard Assessment (FHA) and the Preliminary System Safety Assessment (PSSA), including the Fault Tree Analysis (FTA). This will ensure that all failure modes and their resulting effects are adequately addressed for the installed AP/SAS. The SSA process, FHA, PSSA, and FTA are all parts of the overall Safety Assessment (SA) process discussed in FAA Advisory Circular (AC) 27-1B (Certification of Normal Category Rotorcraft) and SAE document ARP 4761 (Guidelines and Methods for Conducting the Safety Assessment Process on civil airborne Systems and Equipment).
We propose to require that the applicant comply with the existing requirements of § 27.1309 for all applicable design and operational aspects of the AP/SAS that are associated with the failure condition categories of “No Effect,” and “Minor,” and for non-complex systems whose failure condition category is classified as “Major.” We propose to require that the applicant comply with the requirements of this special condition for all applicable design and operational aspects of the AP/SAS that are associated with the failure condition categories of “Catastrophic” and “Hazardous Severe/Major,” and for complex systems whose failure condition category is classified as “Major.”
A complex system is a system whose operations, failure modes, or failure effects are difficult to comprehend without the aid of analytical methods (e.g., Fault Tree Analysis, Failure Modes and Effect Analysis, Functional Hazard Assessment, etc.).
Design Integrity Requirements: Each of the failure condition categories defined in this special condition relate to corresponding aircraft systems integrity requirements. The systems design integrity requirements, for the Hoh Aeronautics, Inc. AP/SAS, as they relate to the allowed probability of occurrence for each failure condition category, along with the proposed software design assurance level, are as follows:
- “Major”—Failures resulting in Major effects must be shown to be improbable, or on the order of 1 × 10−5 failures/hour, and associated software must be developed to the RTCA/DO-178B (Software Considerations in Airborne Systems And Equipment Certification) Level C software design assurance level.
- “Hazardous/Severe-Major”—Failures resulting in Hazardous/Severe-Major effects must be shown to be extremely remote, or on the order of 1 × 10−7 failures/hour, and associated software must be developed to the RTCA/DO-178B (Software Considerations in Airborne Systems And Equipment Certification) Level B software assurance level.
- “Catastrophic”—Failures resulting in Catastrophic effects must be shown to be extremely improbable, or on the order of 1 × 10−9 failures/hour, and associated software must be developed to the RTCA/DO-178B (Software Considerations in Airborne Systems And Equipment Certification) Level A design assurance level.
Design Environmental Requirements: We propose to require that the AP/SAS system equipment be qualified to the appropriate environmental level in the RTCA document DO-160D (Environmental Conditions and Test Procedures for Airborne Equipment), for all relevant aspects. This is to ensure that the AP/SAS system performs its intended function under any foreseeable operating condition, which includes the expected environment in which the AP/SAS is intended to operate. Some of the main considerations for environmental concerns are installation locations and the resulting exposure to environmental conditions for the AP/SAS system equipment, including considerations for other equipment that may be affected environmentally by the AP/SAS equipment installation. The level of environmental qualification must be related to the severity of the considered failure effects on the aircraft.
Test & Analysis Requirements: Compliance with the requirements contained in this special condition may be shown by a variety of methods, which typically consist of analysis, flight tests, ground tests, and simulation, as a minimum. Compliance methodology is partly related to the Start Printed Page 33401associated failure condition category. If the AP/SAS is considered to be a complex system, compliance with the requirements contained in this document for aspects of the AP/SAS that can result in failure conditions classified as “Major” may be shown by analysis, in combination with appropriate testing to validate the analysis. Compliance with the requirements contained in this special condition for aspects of the AP/SAS that can result in failure conditions classified as “Hazardous/Severe-Major” may be shown by flight-testing in combination with analysis and simulation, and the appropriate testing to validate the analysis. Flight tests may be limited for this classification of failures due to safety considerations. Compliance with the requirements contained in this special condition for aspects of the AP/SAS that can result in failure conditions classified as “Catastrophic” may be shown by analysis, and appropriate testing in combination with simulation to validate the analysis. Very limited flight tests in combination with simulation are typically used as a part of a showing of compliance for failures in this classification. Flight tests are performed only in circumstances that use operational variations, or extrapolations from other flight performance aspects to address flight safety.
This proposed special condition would require that the AP/SAS system installed on a Robinson Model R44 helicopter, Type Certification Data Sheet Number H11NM, Revision 3, meet these requirements to adequately address the failure effects identified by the FHA, and subsequently verified by the SSA, within the defined design integrity requirements.
This special condition would be applicable to the Hoh Aeronautics, Inc. AP/SAS installed as an STC approval, in a Robinson Model R44 helicopter, Type Certification Data Sheet Number H11NM, Revision 3.
This action would affect only certain novel or unusual design features for a Hoh Aeronautics, Inc. AP/SAS STC installed on one model series of helicopter. It is not a rule of general applicability and affects only the applicant who applied to the FAA for approval of these features on the helicopter. The FAA is requesting comments to allow interested persons to submit views.Start List of Subjects
List of Subjects in 14 CFR Part 27End List of Subjects
The Special Condition
Accordingly, pursuant to the authority delegated to me by the Administrator, the following special condition is proposed as part of the Hoh Aeronautics, Inc. supplemental type certificate basis for an Autopilot/Stability Augmentation System to be installed on a Robinson Model R44 helicopter, Type Certification Data Sheet Number H11NM, Revision 3.
The Autopilot/Stability Augmentation System must be designed and installed so that the failure conditions identified in the Functional Hazard Assessment and verified by the System Safety Assessment, after design completion, are adequately addressed in accordance with the “Definitions” and “Requirements” sections (including the integrity, environmental, and test and analysis requirements) of this special condition.Start Signature
Issued in Fort Worth, Texas, on May 26, 2005.
S. Frances Cox,
Acting Manager, Rotorcraft Directorate, Aircraft Certification Service.
[FR Doc. 05-11412 Filed 6-7-05; 8:45 am]
BILLING CODE 4910-13-P