[Federal Register: June 16, 2009 (Volume 74, Number 114)]
[Proposed Rules]
[Page 28449-28451]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr16jn09-6]
========================================================================
Proposed Rules
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains notices to the public of
the proposed issuance of rules and regulations. The purpose of these
notices is to give interested persons an opportunity to participate in
the rule making prior to the adoption of the final rules.
========================================================================
[[Page 28449]]
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 21 and 27
[Docket No. SW021; Notice No. 27-021-SC]
Special Conditions: Robinson Helicopter Company R66 Helicopters,
14 CFR 27.1309, Installation of an Autopilot (AP) Stabilization
Augmentation System (SAS)
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of proposed special conditions.
-----------------------------------------------------------------------
SUMMARY: This action proposes special conditions for installing an
Autopilot Stabilization Augmentation System (AP/SAS) in the Robinson
Helicopter Company (Robinson) Model R66 helicopter. This helicopter
will have novel or unusual design features associated with installing a
complex AP/SAS that has potential failure modes with more severe
adverse results than those envisioned by the existing applicable
airworthiness standards. The applicable airworthiness standards do not
contain adequate or appropriate safety standards for this design
feature. This proposed special condition contains the added safety
standards the Administrator considers necessary to establish a level of
safety equivalent to the existing airworthiness standards.
DATES: We must receive your comments by July 31, 2009.
ADDRESSES: Mail two copies of your comments to: Federal Aviation
Administration, Rotorcraft Directorate, Attn: Rules Docket (ASW-111),
Docket No. SW021, 2601 Meacham Blvd., Fort Worth, Texas 76137. You may
deliver two copies to the Rotorcraft Directorate at this address. You
must mark your comments for: Docket No. SW021. You may inspect comments
in the Rules Docket weekdays, except Federal holidays, between 8:30
a.m. and 4 p.m.
FOR FURTHER INFORMATION CONTACT: George Schwab, Aviation Safety
Engineer, FAA, Rotorcraft Directorate (ASW-112), Aircraft Certification
Service, 2601 Meacham Blvd., Fort Worth, Texas, 76137; telephone (817)
222-5114; facsimile (817) 222-5961.
SUPPLEMENTARY INFORMATION:
Comments Invited
We invite you to take part in this rulemaking by sending written
comments, data, or views. The most helpful comments reference a
specific portion of the special conditions, explain the reason for any
recommended change, and include supporting data. We ask that you send
us two copies of written comments.
We will file in the docket all comments we receive, as well as a
report summarizing each substantive public contact with FAA personnel
on these special conditions. You can inspect the docket before and
after the comment closing date. If you wish to review the docket in
person, go to the address in the ADDRESSES section of this document
between 8:30 a.m. and 4 p.m., Monday through Friday, except Federal
holidays.
We will consider all comments we receive on or before the closing
date for comments. We will consider comments filed late if it is
possible to do so without incurring additional expense or delay. We may
change these special conditions based on the comments we receive.
If you want the FAA to acknowledge receipt of your comments on this
proposal, include with your comments a pre-addressed, stamped postcard
on which the docket number appears. We will stamp the date on the
postcard and mail it back to you.
Background
On November 1, 2006, Robinson proposed a change to the
certification basis, through the FAA's Los Angeles Aircraft
Certification Office (LA ACO), that would include installing an AP/SAS
as part of the application for type certification for the Robinson
Model R66 helicopter. The Robinson Model R66 helicopter is a part 27
Normal category, single turbine engine, conventional helicopter
designed for civil operation. The helicopter is capable of carrying
four passengers with one pilot, and has a maximum gross weight of
approximately 2,650 pounds. The major design features include a 2-
blade, fully articulated main rotor, a 2-blade anti-torque tail rotor,
a skid landing gear, and a visual flight rule (VFR) basic avionics
configuration. Robinson proposes offering the Hoh Aeronautics, Inc.
two-axis AP/SAS as a factory installed option.
Type Certification Basis
Under 14 CFR 21.17, Robinson must show that the Model R66
helicopter meets the applicable provisions of 14 CFR part 27, as
amended by Amendments 27-1 through 27-40.
If the Administrator finds the applicable airworthiness standards,
as they apply to the type certification, do not contain adequate or
appropriate safety standards because of a novel or unusual design
feature, special conditions are prescribed under Sec. 21.16.
Special conditions, as appropriate, are defined in Sec. 11.19, and
issued by following the procedures in Sec. 11.38 and become part of
the type certification basis under Sec. 21.17(a)(2).
Special conditions are initially applicable to the model for which
they are issued. Should the Type Certificate for that model be amended
later to include any other model that incorporates the same novel or
unusual design feature, the special condition would also apply to the
other model under Sec. 21.101.
Novel or Unusual Design Features
The Robinson Model R66 helicopter will be required to show
compliance with the current applicable requirements without the
optional AP/SAS system. The Hoh Aeronautics, Inc. AP/SAS system will
constitute a novel or unusual design feature when installed in the
Model R66 helicopter. Although this AP/SAS system performs non-critical
control functions, the possible failure modes for this system and their
effects on the ability of the helicopter to continue safe flight and
landing are more severe than those envisioned when the present safety
standards were promulgated. Therefore, additional safety standards are
necessary.
Discussion
Failure Condition Categories
The effect on safety is not adequately covered under Sec. 27.1309
for the application of new technology and new application of standard
technology.
[[Page 28450]]
Specifically, the present provisions of Sec. 27.1309(c) do not
adequately address the safety requirements for systems whose failures
could result in Catastrophic or Hazardous/Severe-Major failure
conditions, or for complex systems whose failures could result in Major
failure conditions.
To comply with the provision of the special condition, we propose
to require that Robinson provide the FAA with a Systems Safety
Assessment (SSA) for the final Hoh Aeronautics Inc. AP/SAS installation
configuration that will adequately address the safety objectives
established by the Functional Hazard Assessment (FHA) and the
Preliminary System Safety Assessment (PSSA), including the Fault Tree
Analysis (FTA). This must ensure that all failure modes and their
resulting effects are adequately addressed for the installed AP/SAS.
The SSA process, FHA, PSSA, and FTA are all parts of the overall Safety
Assessment (SA) process discussed in FAA Advisory Circular (AC) 27-1B
(Certification of Normal Category Rotorcraft) and SAE document ARP 4761
(Guidelines and Methods for Conducting the Safety Assessment Process on
civil airborne Systems and Equipment).
This special condition requires that the AP/SAS system installed on
a Robinson Model R66 helicopter meet these requirements to adequately
address the failure effects identified by the FHA, and subsequently
verified by the SSA, within the defined design integrity requirements.
Applicability
As discussed, this special condition is applicable to the Robinson
Model R66 helicopter with the Hoh Aeronautics, Inc. AP/SAS installed as
a factory option under the pending application for the Robinson Model
R66 type certificate. Should Robinson Helicopter Company apply at a
later date for a change to the type certificate to include another
model incorporating this same factory installed option Hoh Aeronautics,
Inc. AP/SAS novel or unusual design feature, this special condition
would also apply to that model, under the provisions of Sec.
21.101(b)(1).
Conclusion
This action affects only the Robinson R66 model series of
helicopter with the novel or unusual design features of a Hoh
Aeronautics, Inc. AP/SAS installed. It is not a rule of general
applicability.
List of Subjects in 14 CFR Parts 21 and 27
Aircraft, Aviation safety, Exports, Imports, Reporting and
recordkeeping requirements.
The authority citation for these special conditions is as follows:
Authority: 42 U.S.C. 7572; 49 U.S.C. 106(g), 40105, 40113,
44701-44702, 44704, 44709, 44711, 44713, 44715, 45303.
The Proposed Special Conditions
Accordingly, the Federal Aviation Administration (FAA) proposes
the following special conditions as part of the type certification
basis for Robinson Model R66 helicopters:
For installation of a Hoh Aeronautics, Inc. Autopilot/Stability
Augmentation System on a Robinson Model R66 helicopter, the system
must be designed and installed so that the failure conditions
identified in the Functional Hazard Assessment and addressed by the
System Safety Assessment, after design completion, are adequately
addressed in accordance with the Definitions for the Failure
Condition Categories and the Requirements (including the design
integrity, design environmental, and test and analysis requirements)
of this special condition.
Definitions
Failure Conditions are conditions that result from a failure and
are classified, according to the severity of their effects on the
rotorcraft, into one of the following categories:
(1) No Effect--Failure Conditions that would have no effect on
safety; for example, Failure Conditions that would not affect the
operational capability of the rotorcraft or increase crew workload;
however, could result in an inconvenience to the occupants,
excluding the flight crew.
(2) Minor--Failure conditions which would not significantly
reduce rotorcraft safety, and would involve crew actions that are
well within their capabilities. Minor failure conditions would
include, for example, a slight reduction in safety margins or
functional capabilities, a slight increase in crew workload such as
routine flight plan changes, or result in some physical discomfort
to occupants.
(3) Major--Failure conditions which would reduce the capability
of the rotorcraft or the ability of the crew to cope with adverse
operating conditions to the extent there would be, for example, a
significant reduction in safety margins or functional capabilities;
a significant increase in crew workload or result in impairing crew
efficiency; physical distress to occupants, including injuries; or
physical discomfort to the flight crew.
(4) Hazardous/Severe-Major--Failure conditions that would reduce
the capability of the rotorcraft or the ability of the crew to cope
with adverse operating conditions to the extent there would be:
(i) A large reduction in safety margins or functional
capabilities;
(ii) Physical distress or excessive workload that would impair
the flight crew's ability to the extent that they could not be
relied on to perform their tasks accurately or completely; or
(iii) Possible serious or fatal injury to a passenger or a cabin
crewmember, excluding the flight crew.
Note: Hazardous/Severe-Major failure conditions can include
events that are manageable by the crew by use of proper procedures,
which, if not carried out correctly or in a timely manner, may
result in a Catastrophic Event.
(5) Catastrophic--Failure Conditions which would result in
multiple fatalities to occupants, fatalities or incapacitation to
the flight crew, or result in the inability of the rotorcraft to
continue safe flight and landing.
Requirements
Robinson must comply with the existing requirements of Sec.
27.1309 for all applicable design and operational aspects of the AP/
SAS with the failure condition categories of No Effect, Minor, and
for non-complex systems whose failure condition category is
classified as Major. Robinson must also comply with the requirements
of this special condition for all applicable design and operational
aspects of the AP/SAS with the failure condition categories of
Catastrophic and Hazardous/Severe-Major, and for complex systems
classified as a Major failure condition category.
A complex system is a system whose operations, failure modes, or
failure effects are difficult to understand without the aid of
analytical methods (for example, Fault Tree Analysis, Failure Modes
and Effect Analysis, Functional Hazard Assessment, etc.).
a. Design Integrity Requirements
Each of the failure condition categories defined in this special
condition relate to the corresponding aircraft system integrity
requirements. The design integrity requirements for the Hoh
Aeronautics, Inc. AP/SAS as they relate to the allowed probability
of occurrence for each failure condition category, and the proposed
software design assurance level, are as follows:
Major--Condition classified as a ``Major failure condition'' and
resulting in Major effects must be shown to be improbable, or at or
less than 1 x 10-5 failures/hour, and associated software
must be developed to the RTCA/DO-178B (Software Considerations in
Airborne Systems And Equipment Certification) software design
assurance Level C.
Hazardous/Severe-Major--Condition classified as a ``Hazardous/
Severe-Major failure condition'' and resulting in Hazardous/Severe-
Major effects must be shown to be extremely remote or at or less
than 1 x 10-7 failures/hour, and associated software must
be developed to the RTCA/DO-178B (Software Considerations in
Airborne Systems And Equipment Certification) software design
assurance Level B.
Catastrophic--Condition classified as a ``Catastrophic failure
condition'' and resulting in Catastrophic effects must be shown to
be extremely improbable or at or less than 1 x 10-9
failures/hour, and associated software must be developed to the
[[Page 28451]]
RTCA/DO-178B (Software Considerations in Airborne Systems And
Equipment Certification) Level A software design assurance level.
b. Design Environmental Requirements
Robinson must qualify the AP/SAS system equipment to the
appropriate environmental level in the RTCA document DO-160F
(Environmental Conditions and Test Procedures for Airborne
Equipment), for all relevant aspects. This must show that the AP/SAS
system performs its intended function under any foreseeable
operating condition, which includes the expected environment in
which the AP/SAS is intended to operate. Some of the main
considerations for environmental concerns are installation locations
and the resulting exposure to environmental conditions for the AP/
SAS system equipment, including considerations for other equipment
that may be affected environmentally by the AP/SAS equipment
installation. The level of environmental qualification must be
related to the severity of the considered failure condition and
effects on the aircraft.
c. Test & Analysis Requirements
Compliance with these requirements may be shown by a variety of
methods, which typically consist of analysis, flight tests, ground
tests, and simulation, as a minimum. Compliance methodology is
partly related to the associated failure condition category. If the
AP/SAS is a complex system, compliance with the requirements for
aspects of the AP/SAS that can result in failure conditions
classified as Major may be shown by analysis, in combination with
appropriate testing to validate the analysis. Compliance with the
requirements for aspects of the AP/SAS that can result in failure
conditions classified as Hazardous/Severe-Major may be shown by
flight-testing in combination with analysis and simulation, and the
appropriate testing to validate the analysis. Flight tests may be
limited for this classification of failures due to safety
considerations.
Compliance with the requirements for aspects of the AP/SAS that
can result in failure conditions classified as Catastrophic may be
shown by analysis and validated by appropriate testing in
combination with simulation. Very limited flight tests in
combination with simulation may be used as a part of a showing of
compliance for failures in this classification. Flight tests are
performed only in circumstances that use operational variations or
extrapolations from other flight performance aspects to address
flight safety.
Issued in Fort Worth, Texas, on June 11, 2009.
Mark R. Schilling,
Acting Manager, Rotorcraft Directorate, Aircraft Certification Service.
[FR Doc. E9-14103 Filed 6-15-09; 8:45 am]
BILLING CODE 4910-13-P