FEDERAL AVIATION ADMINISTRATION
TRANSPORT AIRPLANE AND ENGINE
SAFETY REQUIREMENTS
A GENERAL OVERVIEW
Certification Process Study Team Meeting #6
Museum of Flight, Seattle WA
June 26-27, 2001
TABLE OF CONTENTS
• Introductory Remarks (D. Cheney)
• Flight: Airplane Performance, Stability and
Control, Related Support (T. Archer/J. Neff)
• Structures: Loads, Design and Construction
(H. Offerman)
• Equipment: Mechanical (R. Jones)
• Equipment: General, Electrical, Avionics
(S. Boyd)
• Propulsion: Engine/APU (M. Fulmer)
• Propulsion: Engine Installation (K. Rask)
• Cabin Safety (F. Tiangsing)
• Human Factors (S. Boyd)
CERTIFICATION FLIGHT TEST
Tom Archer - FAA Flight Test Pilot
John Neff - FAA Flight Test Engineer
Flight Test Branch
Seattle Aircraft Certification Office
CERTIFICATION FLIGHT TEST
• Overview
–
–
–
–
Flying Qualities
Systems and Equipment
Aero. Performance
Airplane Flight Manual
 CDL
– Operations Manual / MMEL
CERTIFICATION FLIGHT TEST
• Flying Qualities (FAR 25, Subpart B)
• Aircraft Systems (FAR 25, Subparts D, E, & F)
– Aircraft Systems
– Installed Equipment
• Performance (FAR 25, Subpart B)
• Airplane Flight Manual (FAR 25 Subpart G)
FLIGHT TEST - GOAL
• Ensure aircraft meets minimum standards
– Fully operational aircraft or
– with any foreseeable failures (more probable
than 1x10E-9)
– with a pilot of average skills
– throughout the operational envelope:
 Speed
 Altitude
 Gross Weight / Center of Gravity
 Temperature
 Limit head/tail/cross winds
FLYING QUALITIES (FQ)
• General Requirements– The airplane must:
 Be safely controllable and maneuverable
 Not require exceptional piloting skill,
alertness or strength
 Be capable of continued safe flight and
landing following any single failure or
combination of failures not shown to be
extremely improbable.
– The flying qualities requirements must be
demonstrated throughout the flight envelope
FLYING QUALITIES (FQ) (cont’d)
• Stability
– Static
– Dynamic
•
•
•
•
•
Controllability
Maneuverability
Stall Characteristics
High Speed Characteristics
Degraded Modes
FLIGHT ENVELOPE
• The airplane must exhibit acceptable flying
qualities at the most critical loading within
the ranges of speed and altitude for which
certification is requested.
– The airline pilot is provided with a safe
operational flight envelope (bounded by
certificated limits) that has been thoroughly
explored during flight testing.
– The airplane is test flown outside of it’s
operational envelope to account for inadvertent
excursions beyond the certificated limits.
Gross Weight (Pounds)
C.G./GROSS WEIGHT ENVELOPE
Center of Gravity (%MAC)
Pressure Altitude (Feet)
FLIGHT ENVELOPE
Airspeed (KCAS)
V-N DIAGRAM
SPECIFIC FQ FLIGHT TESTS
• General (25.101-.143)
• Maneuvering stability
(25.143, .251, .255)
• Longitudinal control
(25.145)
• Directional and lateral
control (25.147)
• Minimum control speed
(25.149)
• Trim (25.161)
• Static longitudinal
stability (25.173-.175)
• Static lateral-directional
stability (25.177)
SPECIFIC FQ FLIGHT TESTS (Con’t)
• Dynamic stability
(25.181)
• Stall characteristics
(25.203)
• Ground handling
(25.231-.235)
• Cross wind (25.237)
• Vibration and buffeting
(25.251)
• High-speed
characteristics (25.253)
• Out-of-trim
characteristics (25.255)
TEST CONDITIONS
TEST
General
Man stab
LOADING
(wt/cg)
Full range
“
DATA
Qual, forces
Fs/g
Long control
Heavy/fwd, aft Qual, forces
Lat-dir control
Heavy/fwd, aft
“
TEST CONDITIONS (Con’t)
TEST
LOADING
DATA
Min cont spd
Light/aft
Hdg, grd track
Trim
Full range
Control forces
Stat long stab
Light/aft
Fe/V
Stat lat/dir stab Light/aft
Fa/, Fr/
TEST CONDITIONS (Con’t)
TEST
LOADING
DATA
Dyn stability
Light/aft
Oscillations
Grd handling
Full range
Qualitative
Stall char
Light/aft
,  response
Vib/buffet
Heavy/aft
Fs/g, Vc, Mach
TEST CONDITIONS (Con’t)
TEST
LOADING
DATA
High spd char
Full range
Fs/g, Vc, Mach
Out-of-trim
Full range
characteristics
Fs/g, Vc, Mach
ADDITIONAL APPROVALS
• Human Factors- continuous evaluations
conducted concurrently with other tests
• Operating Limitations (FAR 25, Subpart G)sufficient to define the envelope
demonstrated during flight tests
• Airplane Flight Manual (FAR 25, Subpart G)information validated during flight testing
SYSTEMS
• Systems and equipment evaluated by
Flight Test
– All Systems
– Virtually every piece of equipment on the A/C
 Three categories of equipment
> Equip. required by FAR Part 25
> Equip. NOT required by FAR 25, but IS by FAR 91,
121, 125, or 135,
> Equip. not required by any FAR
SYSTEMS
• ALL equip. MUST meet the following rules
– Perform it’s intended function/function
properly
– Not provide any misleading information to
crew
– Not interfere with any other equipment
– Specifically applicable rules (if any)
– No failure condition may preclude continued
safe flight and landing
AIRCRAFT SYSTEMS
•
•
•
•
•
Flight Controls
Landing Gear
Powerplant
Fuel
Auto Flight
–
–
–
–
Flight Director
Auto Pilot
Auto Throttle
HUD
• Hydraulics
•
•
•
•
Electrical
Pressurization/Environ.
Fire Protection
Flight Deck
– Controls
– Displays
•
•
•
•
Lights
Safety
Comm/Nav
De-ice/Anti-ice
FLIGHT TEST - FIRE/SMOKE
WATER IMPINGEMENT
COLD / HOT ENVIRONMENT
WINDOWS / DOORS
INSTALLED EQUIPMENT
• Operational
Requirement
–
–
–
–
–
–
–
–
TCAS
GPWS/EGPWS
RWS/PWS
CVR
FDR
HF
3rd Comm/Nav
Standby Instruments
• Optional
–
–
–
–
–
–
–
ACARS
GPS
IFE
Telephones
SAT Comm
Lavatories
Prayer Rooms
PERFORMANCE
• Phase of Flight
– Takeoff (FAR 25.105 - .107)
 Accelerate - Go
 Accelerate - Stop (FAR 25.109)
– Climb (FAR 25.113 - .117, .121)
 First / Second / Third / Final segment
– En Route (FAR 25.123)
– Descent
– Approach
 Approach climb (FAR 25.121)
– Landing (FAR 25.125)
 Landing climb (FAR 25.119)
T.O. PERFORMANCE
• Takeoff Speed Schedule Development
(FAR 25.107)
• Takeoff Field Length Requirements
(FAR 25.113)
HIGH ALTITUDE TAKEOFF PERF.
LaPaz, Bolivia, field elevation 13,100 ft. MSL
TAKEOFF SPEEDS
• Definitions for speed schedule
development
– V1 Takeoff “decision speed”



Brake Release
Min. speed, following critical engine failure, from which
T.O. can continue and achieve 35’ within T.O. distance
Max speed to initiate the first action in an abort and
stop within accel-stop distance
less than V1MBE
Vef
Vmcg
V1
Vmca
Vr
Vlof
Vmbe Max. tire
speed
Vmu
>V2
35 feet
(15’ if wet)
TAKEOFF SPEEDS
(cont’d)
• Definitions for speed schedule development
– Vr Rotation speed




Brake Release
Equal to, or greater than, V1, and 1.05 Vmca
result in a minimum Vlof of 1.05 OEI Vmu & 1.1 AEO Vmu
Allow reaching V2min by 35’, OEI
5 knot abuse (OEI) will not significantly extend the
takeoff distance
Vef
V1
Vmca
Vr
Vmu
Vlof
35 feet
>V2
TAKEOFF SPEEDS
(cont’d)
• Definitions for speed schedule
development
– V2 Takeoff Safety Speed


Meet minimum EO climb gradient
Greater than V2min
– V2min


1.1Vmca
1.13Vs
Brake Release
V1
Vs
Vmca
Vr
35 feet
V2
ADDITIONAL SAFETY MARGINS
• T.O. Tests @ each flap setting
–
–
–
–
–
–
Light / mid / heavy weights
All engine / one engine inoperative
Several T/W at each flap setting
Fuel cut conditions
Overspeed
Abuses
 Rapid rotations (rate)
 Over rotations
 5 knot Vr abuse
 Mis-trim
• Over 60 Takeoffs
FAR TAKEOFF FIELD LENGTH
All engine, “full up” airplane
>V2
Vr
Vlof
35 feet
Demonstrated All Engine Distance
Takeoff Distance = 1.15 X All Eng. Dist. To 35 feet
“AFM” Takeoff Distance Required
FAR TAKEOFF FIELD LENGTH
(cont’d)
Critical Engine Fails at Vef
“Balanced” field length
V2
“GO”
V1 Vr
Vlof
35 feet
Vef
Throttles / max. brakes, speed brakes
AFM expansion, incl. 2 sec. At V1
“RTO”
Dry Runway - NO credit for thrust reversers
Wet Runway - Credit given for thrust reversers
FAR TAKEOFF FIELD LENGTH
(cont’d)
Dispatch Runway Requirement, the longest distance of:
Vr
Vlof
35 feet
Takeoff Distance = 1.15 X All Eng. Dist.
“GO”
V1 Vr
Vlof
Vef
Vef
Throttles / max. brakes, speed brakes
“RTO”
35 feet
REFUSED TAKEOFF - STOPPING
• 100% MBE RTO
– Demonstrated performance with:
 90% (min.) worn brakes (accident
investigation)
> FAR 25.109
Pre-heated, 3 mile taxi w/ three stops
 full stop - 5 minutes

ANTI SKID - INOPERATIVE
CLIMB PERFORMANCE
• Takeoff Path Segments (FAR 25.115)
–
–
–
–
1st = Liftoff to gear up
2nd = gear up to 400 ft.
3rd = 400 ft. to 1500 ft. (accel/cleanup)
Enroute = Greater of: 1500 ft. or clean, MCT &
at final climb speed
• Min. climb requirements based on:
–
–
–
–
Weight
Altitude
Temperature
Most unfavorable CG
TAKEOFF PATH
• Minimum Climb Gradient (FAR 25.117)
– Based on total number of engines
– Takeoff segment
– All engine / OEI, and two EI for quads
• Operational Requirements (FAR 121, Subpart
I)
ENROUTE PERFORMANCE
• Enroute (FAR 25.123)
– Following data must be determined and
published
 Climb performance, all engine and OEI
 Drift down
 Procedures associated with the above
APPROACH PERFORMANCE
• Approach Climb (FAR 25.121)
– Min. climb gradient, based on:
 Approach configuration
 Total number of engines
 Critical engine inoperative
 Max. landing weight
FAR LANDING FIELD LENGTH
Vref “landing threshold speed”
Vref min = 1.23Vsr
FAR 25.125
Vref
Touch down
Full stop
50 feet
landing flare
transition
deceleration in full braking config.
FAR 25 Landing Field Length
FAR 121 Landing Distance = demonstrated
0.6
FAR 121 “FACTORED” Landing Distance (121.195)
AIRPLANE FLIGHT MANUAL
• AFM (FAR 25.1581)
– Four sections
 Limitations
 Normal procedures
 Non-normal procedures
 Performance
– Appendices
 Configuration Deviation List
 Derated thrust operations
 Engine intermix
 Alternate Weight
AFM / CDL
• CDL contains additional limitations
required for operations with missing
secondary parts
–
–
–
–
PIC notified and provided a list of all parts
Each limitation listed by placard in flight deck
Logbook entry
Cumulative performance decrements via
weight penalty
OPERATIONS MANUAL / MMEL
• Flight Crew Operations Manual (FCOM)
(FAR 121.141)
– Permits OM in lieu of the FAR Part 25 AFM
– Must contain Limitations from AFM
– Perf. data / procedures can be modified from
AFM
– NOT FAA Approved, “Accepted” by POI
• Master Minimum Equipment List (FAR
121.627)
– Permits operation of the aircraft in a “nonstandard” configuration
– owned by AEG
FLIGHT TEST - CONCLUSION
• Huge improvements in recent years
– Analytical Methods
– Dynamometer Testing
– Simulation
• Only Flight Test
– Total Integrated Package
– Real World Environment
– Human Factors
• Questions?
PART 25 STRUCTURES RULES
Hank Offerman
Airframe Branch
Transport Airplane Directorate
CERTIFICATION OF STRUCTURE
• CFR 14, Part 25 - Airworthiness Standards
– Subpart C, Structure
 Loads, design conditions, proof of structure
– Subpart D - Design & Construction (Structure)
 Material & process specifications, special
factors, design criteria, special considerations
– Subpart G - Operating Limitations & Information
 Airspeed, weight, center of gravity
> Limits can not exceed values used for design in
Subpart C

Instructions for Continued Airworthiness
> Inspection requirements
» Locations, intervals, methods, acceptance criteria
DESIGN LOADS
• Flight Maneuver & Gust (25.331 - 25.351)
• Ground Loads (25.471 - 25.519)
– Landing loads
– Ground handling loads
 Taxi & ground maneuver
– Towing loads
– Jacking & tie-down loads
• Control Surface & System Lds (25.391 25.459)
• Emergency Landing Conditions (25.561 25.563)
• Supplementary Conditions (25.361 - 25.373)
• Fatigue Evaluation (25.571)
• Lightning Protection (25.581)
MANEUVER LOADS
• Response to Control Input or Command
– Pilot
– Automatic flight control system
• Symmetric
– Balanced maneuvers
 Steady state
> Zero pitching acceleration
– Checked maneuvers
 Rational pitch vs. time profile
– Unchecked maneuvers
 Maximum control deflection
MANEUVER LOADS
• Asymmetric
– Rolling conditions
 Sudden deflection of controls
 Steady state roll maximum control deflection
– Yaw maneuver conditions
 Sudden deflection of controls
 Overswing yaw maximum control deflection
 Steady sideslip maximum control deflection
 Sudden return to neutral
MANEUVER LOADS
• Airplane Flight Configuration
– Cruise configuration
 With and without in-flight lift and drag
devices
– Takeoff, approach & landing
• Airplane Weight Configuration
– All critical weight & center of gravity
combinations on or within the C.G. envelope
– All critical fuel load combinations
• Airplane Speed & Load Factor
– All critical speed & load factor combinations
on or within the maneuver envelope
MANEUVER LOADS
• Load Factor - “n”
– The inertial or acceleration forces acting on a
body (f) is the load factor times the weight (w)
of the body
 f = n x w
• Sign Convention - Airplane Axis System
– Positive - push you into your seat
– Negative - lift you out of your seat
DESIGN V-N ENVELOPES
• Defined by Experience
– Based upon extensive flight measurement
 60 year history - on-going programs
– Values selected such that probability of
exceedance is small
– Relationships defined to ensure safe operation
in usage environment
– Does not constrain airplane usage in the
operational environment
– Enables minimum weight design
MANEUVER LOADS
• Maneuver Design Load Factors
– V-n diagram
GUST LOADS
• Gust is an Atmospheric Disturbance
– Direction - change in angle of attack
– Velocity - change in local airspeed
• Result of Gust is Change in Aerodynamic
Force Acting on Airplane
– Acceleration - change in load factor
• Two Structural Load Components
– Rigid body response
– Dynamic response due to airplane flexibility
and gust velocity profile
GUST LOADS
• Present Evaluation Requirements
– Discrete gust
 Excites rigid body response
> Provides a dynamic component
Single encounter - defined gust profile
 Includes airplane dynamic response
– Continuous gust
 Atmosphere model - power spectral density

> Atmospheric energy vs. frequency

Excites dynamic components
> Provides a rigid body component
Envelope design - high loads
 Mission analysis - fatigue spectrum

GUST ENVELOPE
• Gust Design Load Factors
– V-n diagram
GROUND LOADS
• Ground Loads are Computed using
Weights and Centers of Gravity Which
Result in Maximum Design Loads in Each
Landing Gear Element
– Forward, aft, vertical and lateral centers of
gravity locations must be considered
GROUND LOADS
• Landing Loads
– Applied to landing gear and airplane
• Landing Parameters
– Descent velocity
 Maximum landing weight - 10 feet per
second
 Maximum takeoff weight - 6 feet per second
– Landing load factors
 Function of landing gear energy absorption
characteristics
 Must be validated by tests
GROUND LOADS
• Landing Conditions
– Level landing (nose landing gear arrangement)
 Main gear in contact, nose gear clear
 All three gear in contact
– Tail down landing
– One-gear landing
– Drift landing
– Rebound landing
GROUND LOADS
• Ground Handling Loads
– Taxi, takeoff and landing roll
 Roughest ground reasonably expected
– Braked roll
 Main gear in contact, nose gear clear
 All three gear in contact
– Turning
 Side load due to centrifugal load factor
– Nose wheel yaw & steering
 Side load on nose gear
– Pivoting
 Landing gear torque
– Reversed braking
GROUND LOADS
• Towing Loads
– Defines loads to be applied to the towing
fittings
– 30% of the towed weight for airplanes
weighing less than 30,000 pounds
– 15% of the towed weight for airplanes
weighing more than 100,000 pounds
– Linearly varying between 30,000 and 100,000
pounds
GROUND LOADS
• Jacking & Tie-Down Loads
– Airplanes must have jacking provisions
– Loads computed at maximum ramp weight
– Airplane
 Loads resulting from a vertical load factor of
1.33 plus a horizontal load factor of 0.33 in any
direction
– Fittings & local structure
 Loads resulting from a vertical load factor of
2.00 plus a horizontal load factor of 0.33 in any
direction
– Tie-down fittings and local structure (IF provided)
 Loads resulting from a 65 knot horizontal
wind in any direction
CONTROL SURFACE & SYSTEM
LOADS
• Control Surfaces Must be Designed for
Loads Resulting From
– Flight conditions
 Loads need not exceed those resulting from
the application of maximum pilot effort loads
– Ground gust conditions
– Loads parallel to hinge line
 Load factor of 12 for horizontal surfaces and
24 for vertical surfaces
• Must Consider
– Pilot effort effects
– Trim tab effects
– Unsymmetrical loading
CONTROL SURFACE & SYSTEM
LOADS
• Control System Must be Designed for
Maximum Pilot Effort Loads
– Aileron, wheel
 80 x wheel diameter pound-inches
– Elevator, wheel
 300 pounds
– Rudder
 300 pounds
• Criteria for Dual Control Systems
– Pilots acting together
– Pilots acting in opposition
EMERGENCY LANDING
CONDITIONS
• Protection of Occupants
• Protection of Systems Which Could Cause
Fire or Explosion
• Design Load Factors
–
–
–
–
–
Up - 3.0
Forward - 9.0
Sideward - 3.0 for airframe, 4.0 for seats
Downward - 6.0
Aft - 1.5
• Dynamic Conditions for Seats
– “16 g seats”
SUPPLEMENTARY CONDITIONS
• Engine Torque
– Operating torque
– Engine acceleration
– Sudden engine stoppage
• Side Loads on Engine Mounts
• Pressurized Compartments
• Unsymmetrical Loads Due to Engine
Failure
• Gyroscopic Loads
• Speed Control Devices
DAMAGE TOLERANCE & FATIGUE
EVALUATION OF STRUCTURE
• “An evaluation of the strength, detail
design, and fabrication must show that
catastrophic failure due to fatigue,
corrosion, manufacturing defects, or
accidental damage, will be avoided
throughout the operational life of the
airplane” FAR 25.571(a)
DAMAGE TOLERANCE & FATIGUE
EVALUATION OF STRUCTURE
• Damage Tolerance Evaluation
– Address catastrophic failures due to fatigue,
corrosion & accidental damage
 Crack growth analysis and/or tests
 Residual strength evaluation
 Inspection & maintenance procedures
– Applied to single load path structure
– Applied to multiple load path and crack arrest
“fail safe” structure where it cannot be
demonstrated that failure will be detected
during normal maintenance
DAMAGE TOLERANCE & FATIGUE
EVALUATION OF STRUCTURE
• Damage Tolerance Evaluation (Cont’d)
– Wide spread fatigue damage will not occur
during the design service life of the airplane
 Supported by full scale fatigue test evidence
• Damage Tolerance (Discrete Source)
–
–
–
–
Bird impact
Uncontained fan blade impact
Uncontained engine failure
Uncontained high energy rotating machinery
failure
DAMAGE TOLERANCE & FATIGUE
EVALUATION OF STRUCTURE
• Fatigue (Safe Life) Evaluation
– May be used when the application of the damage
tolerance requirements is impractical
• Sonic Fatigue Strength
– Sonic fatigue cracks are are not probable in
flight structure subject to sonic excitation, or
– Catastrophic failure is not probable if sonic
fatigue cracking occurs
• Instructions for Continued Airworthiness
– The data developed to demonstrate compliance
with this requirement forms the basis for the
airframe instructions for continued airworthiness
LIGHTNING PROTECTION
• The Airplane Must be Protected Against
Catastrophic Effects of Lightning
– Electrical bonding
– Design of components to preclude the effect of
a strike
– Diverting electrical current
PROOF OF STRUCTURE
• 25.303 through 25.307
• Computed Loads - Limit Loads
• Limit Loads Times Factor of Safety Ultimate Loads
– Factor of safety - 1.5
 Very low number - commercial machine
design applications use 6 and up
 Usage is justified by material and process
controls imposed by Subpart D and
maintenance programs required by
operating rules
> Part 91, 121, 125, 135
PROOF OF STRUCTURE
• Requirement
– Limit load
 No detrimental permanent deformation
 Deflections may not interfere with safe
operation
– Ultimate load
 Structure must be able to support the load
for 3 seconds
– Dynamic testing may be used
PROOF OF STRUCTURE
• Compliance Demonstration
– Static tests to limit load
 May require ultimate load testing where limit
load testing is determined to be inadequate
– Structural analysis
 May only be used if the structure conforms
to that for which this method has been
shown to be reliable
DESIGN AND CONSTRUCTION
• Material & Process Specifications
– 25.603, 25.605, 25.613
• Special Factors
– 25.619 - 25.625
• Design Criteria
– 25.607 - 25.611, 25.651 - 25.735
• Special Considerations
– 25.629 - 25.631, 25.843(a)
MATERIAL & PROCESS
SPECIFICATIONS
• The Suitability and Durability of Materials
Must – Be established on the basis of experience or
tests
– Conform to approved specifications
 Ensure having the strength and other
properties assumed in the design data
 Take into account environmental conditions
expected in service
> Temperature
> Humidity
MATERIAL & PROCESS
SPECIFICATIONS
• Manufacturing Processes
– The method of fabrication used must produce
a consistently sound structure
– If a fabrication process requires close control
to produce consistently sound results it must
be performed under an approved process
specification
– Each new fabrication method must be
substantiated by tests
MATERIAL & PROCESS
SPECIFICATIONS
• Material Specifications
– Material strength properties must be based on
enough tests of material meeting approved
specifications to establish design values on a
statistical basis
 “A-basis” – 99% probability, 90% confidence
 “B-basis” – 90% probability, 90% confidence
– Effects of temperature must be considered
where thermal effects are significant under
normal operating conditions
SPECIAL FACTORS
• The Factor of Safety of 1.5 Must be
Multiplied by the Highest Pertinent Special
Factor of Safety for Each Part of the
Structure Whose Strength is
– Uncertain
– Likely to deteriorate in service
– Subject to appreciable variability
 Uncertainties in manufacturing process
 Uncertainties in inspection methods
SPECIAL FACTORS
• Casting Factor – Process Variables
– Critical castings
 Failure would preclude continued safe flight
and landing or cause injury
 1.25 to 1.5
> Based upon testing and inspection
– Noncritical castings
 All others
 1.0 to 2.0
> Based upon testing and inspection
SPECIAL FACTORS
• Fitting Factor – Uncertainties in Stress
Analysis
– Applied to fittings whose strength has not been
proven by limit and ultimate load tests
– 1.15
• Fitting Factor – Wear and Deterioration
– Seats, seatbelt fittings
– 1.33
• Bearing Factor – Wear and Deterioration
– Control surface hinges
– 6.67
SPECIAL FACTORS
• Bearing Factor – Clearance Fits Subject to
Vibration
– Judgment
• Joints Subject to Angular Motion – Wear
– 3.33
– Not applicable to ball or roller bearings
DESIGN CRITERIA
• Fasteners
– Locking devices
• Protection of Structure
– Protection against loss of strength in service
due to any cause, including
 Weathering
 Corrosion
 Abrasion
– Provisions for ventilation and drainage
DESIGN CRITERIA
• Control Surfaces
– Limit load tests required
– Compliance with special factor requirements
must be shown by analysis or test
• Control System Stops
– Must be able to withstand any load
corresponding to design conditions for the
control system
• Control system Limit Load Static Tests
– Testing required in which
 Each fitting, pulley and bracket is loaded
 Compliance with special factors may be by
analysis
DESIGN CRITERIA
• Landing Gear
– Shock absorption tests
 Limit drop tests
> Landing load factors

Reserve energy absorption drop tests
> 12 foot per second descent velocity
• Landing Gear Retracting Mechanisms
– Loads from flight conditions, gear retracted
– Loads from flight conditions in landing
configuration, gear retraction operating
DESIGN CRITERIA
• Landing Gear Doors
– Design for yawing conditions
• Wheels and Tires
– Requirements for load ratings
SPECIAL CONSIDERATIONS
• Aeroelastic Stability Requirements
– Flutter, divergence, control reversal
– Loss of stability and control as a result of
structural deformation
– Must be shown by
 Analysis
 Wind tunnel tests
 Ground vibration tests
 Flight tests
 Other means found necessary by the
Administrator
SPECIAL CONSIDERATIONS
• Aeroelastic Stability Requirements
(Cont’d)
– Aeroelastic stability envelope
 Normal conditions
> VD + 15%

Failure, malfunction & adverse conditions
> VC + 15%
> Failures, malfunctions & adverse conditions
defined
– Flight test requirements
• Bird Strike
– Empennage
 8 pound bird at VC
MECHANICAL SYSTEMS
Robert C. Jones
Mechanical Systems Branch
Transport Airplane Directorate
MECHANICAL SYSTEMS
• Flight Controls
• Hydraulic Systems
• Landing Gear Systems
• Cabin Environmental Systems
• Cargo Fire Protection Systems
• Ice Protection Systems
FLIGHT CONTROL SYSTEMS
Flight Control Systems (25.629, .671, .672, .1309 et al)
• Ensure airplane controllability for
– All flight and load conditions in flight envelope
– Environmental conditions (temp, precip, salt, deice contamination, etc)
– In the presence of failures (including A/P)
 All single failures & combinations of
failures Pf > 10^-9 and certain dual failures
 Jams Pj > 10^-9
– Ensure availability of functions that rely on FC
 Stability: Flutter, speed, mach, dutch roll; load
allev.
 Safe pilot interface (feel systems, disconnects,
indications, warnings, motions, procedures)
• Methods: Test, analysis redundancy, separation, monitoring,
maintenance
FLIGHT CONTROL SYSTEMS
Safety Objectives
• Provide control system capable of safely maneuvering airplane
through all phases of flight within the flight envelope and that
has effective residual control for safe flight and landing after
failures and jams.
• The system must be designed to allow to control airplane
without exceptional piloting skill or strength even after failures.
• System design must account for human factors to ensure pilot
has suitable warnings, can disconnect or override interfacing
systems, and that movement of controls in the normal sense
results in normal airplane response.
• Where automated functions (A/P, SAS, LAS) implemented thru
flight controls ensure system has acceptable reliability,
annunciation, disconnects, and that procedures are available to
permit CSF&L.
• Ensure the airplane without engines remains controllable
down to certain landing speeds.
FLIGHT CONTROL SYSTEMS
Upcoming Improvements
Harmonized flight control rule (25.671/672)
• Addresses NTSB recommendation for reliable
redundancy
• Ensure that failures of dual redundant control
paths do not fail latent without meeting specific
guidelines
HYDRAULIC SYSTEMS
Hydraulic Systems (25.1309, 1435, 1438, 1461)
• Ensure hydraulics for critical & essential
services
• Equipment req’d to meet specific pressure
loads in combination with limit structural loads
and to withstand 1.5 X design operating
pressure load
• Fire safety requirements
• Integrity of pressure vessels
• Containment of failed rotors
• Methods: Test, analysis, separation, redundancy,
monitoring, maintenance
HYDRAULIC SYSTEMS
Safety Objective
• Ensure hydraulics for critical & essential
services, as required, to allow continued safe
flight and landing even after hydraulic failures
LANDING GEAR SYSTEMS
Landing Gear Systems (25.721, 729, 735, 1309,
JAR 25.745)
• Provide capability for airplane ground
maneuvering,
• Braking/stopping,
• Gear retraction and gear extension in the
air.
LANDING GEAR SYSTEMS
Safety Objective
• Provide capability for airplane ground
maneuvering, braking/stopping, plus gear
retraction and gear extension in the air
– Landing gear systems include nose and main
gear retraction/extension mechanisms
including doors, wheels, tires, brakes and
brake controls (antiskid), steering, brake wear
& temperature monitoring, and tire pressure
indication systems
LANDING GEAR SYSTEMS
Note
• Worn Brake Rejected Take-Off (RTO)
– A DC-10 went off the runway. Brakes had been
tested in a new condition for RTO in accordance
with the certification rules in effect at that time.
AD required airplanes over 75,000 pounds to
perform a worn brake demonstration
(dynamometer)
– Latest rule requires airplane demonstration for
all gross weights
CABIN ENVIRONMENTAL SYSTEMS
Cabin Environment (25.831, 25.832, 25.841,
25.1438, 25.1441, 25.1443, 25.1445, 25.1447,
25.1450, 25.1309)
• Ensure passengers and crewmembers have:
– an acceptable environment during normal
operating conditions
– adequate protection to enable survival
without permanent physiological damage
after any system failure
• Methods: Test, analysis, redundancy, maintenance
CABIN ENVIRONMENTAL SYSTEMS
Safety Objective
• Provide the means to keep the occupants
of the aircraft alive and comfortable
– Oxygen, pressurization, pneumatic, heating,
ventilation, and air conditioning systems
CABIN ENVIRONMENTAL SYSTEMS
• The pressurization and temperature
controlled environments protect the
occupants from the cold temperatures at
high altitudes and provides an atmosphere
with enough oxygen to maintain life
• The high operating altitudes of modern
aircraft necessitate oxygen systems that
can sustain life for a limited period of time
should cabin pressurization fail
CARGO FIRE PROTECTION
SYSTEMS
Cargo Fire Protection (25.851(b), 25.855,
25.857, 25.858, 1309)
• Ensure that – Detection systems detect a fire before it
damages airplane structure & provides visual
indication within 1 minute
– Built-in fire extinguishing system does not
introduce a hazard to occupants or the
airplane structure & is adequate to control any
fire likely to occur
• Methods: Test, analysis, redundancy, maintenance
CARGO FIRE PROTECTION
SYSTEMS
Safety Objectives
• Provide safety features to detect/combat fires
• Minimize the impact of fire and extinguishing
agent on occupants
CARGO FIRE PROTECTION
SYSTEMS
• Cargo Compartments
– Requirements to keep hazardous quantities of
smoke/flame from entering into crew/passenger
compartments
– Most are required to have smoke/fire detectors and
an annunciator in the flightdeck
• Fire Suppression
– Cargo compartment fires are not “extinguished,”
they are “suppressed and controlled”
– The suppressing agent is Halon
CARGO FIRE PROTECTION
SYSTEMS
• Information on Class D to C Cargo Compartments
– FAA eliminated Class D cargo compartments for future type
certification from commercial transport airplanes
March 19, 2001


Class D cargo compartments must meet the standards for
Class C or Class E compartments
These changes came about because of a number of
accidents, including Valujet
ICE PROTECTION SYSTEMS
Ice Protection (25.1419, 1403, 1309)
• Ensure Airplane Safety by:
– Detection ice or icing conditions
– Anti-ice or deice capability
– Windshield and probes heating
– Provide acceptable flight characteristics for
intercycle ice and ice accreted on
unprotected surfaces
• Methods: Test, analysis, redundancy, separations
ICE PROTECTION SYSTEMS
Safety Objectives
• For airplanes that intend to operate in icing
conditions the ice detection and protections
systems must be designed to ensure timely
activation and capability of ice protection system,
the airplane must be shown to safely operate with
ice accreted on unprotected surfaces and
intercycle ice on protected surfaces, and the
airplane must be shown safe for trajectories of
shed ice to ensure they do not negatively impact
propulsion, instruments, or structures
• Clear windshield in icing conditions
• Instruments operable in icing conditions
ICE PROTECTION SYSTEMS
• Developments
– Definition of SLD conditions for certification.
Current FAR/JAR do not cover this condition.
(rule in development)
– Detection of ice formations aft of the protected
surfaces. Current FAR/JAR do not require this.
(OPS rule in development)
– Ensuring stall margins met with intercycle ice
and ice on unprotected surfaces (SFAR in
work)
PART 25 EQUIPMENT RULES
Steve Boyd
Systems & Flight Crew Interface Branch
Transport Airplane Directorate
OVERVIEW
•
•
•
•
•
•
•
•
General Remarks
Equipment Installation Requirements
Safety Standards and Objectives
Operational Environment
Instruments
Electrical Systems
Lighting
Recording Systems
GENERAL REMARKS
• Subpart F addresses most systems
installed in the airplane
• Examples include
–
–
–
–
–
avionics
flight and navigational equipment
environmental control
lighting
power generation
EQUIPMENT INSTALLATION
REQUIREMENTS
• Overall Purposes
– Establish safety standards for installed
equipment
 Equipment must perform its intended
functions
 Regulate frequency of failures based on their
severity
 Protect aircraft and persons against effects of
environmental and operational hazards
 Provide means to alert the crew
– Standardize certain flight deck display
information
– Provide airworthiness standards for certain
equipment required by operating rules
SAFETY STANDARDS: PERFORM
INTENDED FUNCTION
• The equipment’s functionality, capability,
and limitation must be deliberately
incorporated, i.e. no hidden functionality
(25.1301)
• Certain levels of reliability for safetycritical systems are required,…
• However, equipment is not expected to
always work
• Therefore, the effects of failures are also
regulated (25.1309)
SAFETY OBJECTIVES
• Failure effects are regulated by requiring
an inverse relationship between the
severity of the failures and their frequency
of occurrence
Catastrophic
Effect
Reduced Crew
Ability to Cope
with Adversity
Minor Effect
Extremely
Improbable
Improbable
More
Frequent
SAFETY OBJECTIVES
(continued)
In addition…
• Fail Safe Design = No single failure
can result in a catastrophic condition
(AC25.1309-1A)
SAFETY OBJECTIVES
(continued)
• The regulations governing system safety
are based on the “fail-safe” design
concepts which typically include:
–
–
–
–
–
Design integrity and quality (design practices)
System redundancy (protect from first failure)
Proven reliability (service experience)
Error tolerance (designer, maintainer, operator)
Flight/maintenance crew procedures (mitigate
failure effects)
– Others (not listed for brevity)
SAFETY OBJECTIVES
(continued)
• The safety objectives are defined at the
airplane level, not at the components
themselves [a component failure does not
always result in a hazard to the airplane,
crew, or occupants]
• To meet these objectives, the methods of
compliance routinely involve qualifying
components by rigorous industry-wide
guidelines:
– Hardware RTCA/DO-160D
– Software RTCA/DO-178B
SAFETY OBJECTIVES
(continued)
• Alerting is necessary to meet the overall
safety objectives (25.1309 (c))
– When flight crews are expected in intervene to
mitigate the effects of failures
– Alerting can be by design (warnings/cautions)
or by intrinsic characteristics (e.g. deterrent
buffet)
• Lighted messages are standardized by
color coding: red or Amber, depending on
the hazard level and urgency (25.1322)
SAFETY OBJECTIVES
(end)
• Certification Maintenance Requirements
(CMR) are established during certification
as an operating limitation of the Type
Certificate (AC25-19)
– CMR is failure finding task to detect safetysignificant latent system failures that, in
combination with other failures, result in a
hazardous or catastrophic condition
– CMR is not MSG-3 which are tasks that prevent
failures
– CMR is not structural inspection required by
25.571, 25.1529, Appendix H25.4
THE OPERATING ENVIRONMENT
• Effects due to operational and
environmental conditions (internal and
external) are considered
– Specific rules for:
 lightning protection (25.1316)
 ice detection and protection (25.1403, 1419)
 life support systems (25.1438-1453)
– Other conditions (altitude, temperature, rain,
wind, vibration, glare, etc…) are considered in
specific methods of compliance which
typically involve testing
INSTRUMENTS
• The regulations provide the minimum
standards for displaying safety-critical
information in the flight deck (25.1303,
1305)
• Certain instruments must be installed
– Safety-critical flight and navigation
instruments (specific navigation systems are
required by operating rules)
– Powerplant instruments
• The “basic T” arrangement (25.1321)
INSTRUMENTS
• Specific regulations levied against flight
critical system to ensure:
– Safety of design (under failure conditions, for
flammability, system status indications, etc.)
– Human factors issues (control accessibility,
consistency of operation, consistent use of
color, etc.) have been addressed
– Adequate means to detect system failures
– Adequate system capacity (for electrical
power)
INSTRUMENTS
• General requirements levied against flight
critical instruments ensure:
– Means are provided to connect required
instruments to opposite side of cockpit
– Display of information essential to safety of
flight will remain available to pilots after single
failure
– Other systems may not be connected to these
flight critical systems, unless provisions are
made to ensure correct operation after failure
AIRSPEED INDICATING (25.1323)
STATIC PRESSURE (25.1325)
• Other specific instrumentation
requirements intended to deal with past
problem areas:
– System arrangement to prevent malfunction
due to entry of moisture, dirt, or other
substances
– Heated to prevent malfunction due to icing
– Redundant systems separated to prevent
single event (e.g., birdstrike) from disabling
multiple systems
– Positive drainage to avoid corrosion, correct
use of materials, correct installation to avoid
chafing
AUTOPILOT/FLIGHT DIRECTOR
SYSTEMS (25.1329)
• Must be able to be disengaged quickly and
positively to prevent interference with pilot
control of airplane
• Must be designed to prevent hazardous loads
on airframe or hazardous flight path deviations
during normal flight or failure condition
• Must be designed to provide positive and
unambiguous annunciation of current operating
mode
• Human factors issues (operation of controls,
location of displays and controls, etc.)
POWERPLANT INSTRUMENTS
(25.1337)
• Provides installation requirements for the
instruments required by other sections
– Minimize hazards from escape of flammable
fluids
– Ensure proper calibration of fuel quantity
indication systems
– Minimize affects of fuel flowmeter
malfunctions
– Other specific issues associated with oil
quantity, propeller position, and fuel pressure
indication systems
ELECTRICAL SYSTEMS
• General Requirements
• Generating Systems
• Distribution System
• Circuit Breakers
GENERAL REQUIREMENTS
• The airplane must be capable of operation
without normal electrical power sources at
maximum altitude for at least 5 minutes
(25.1351d)
• Electrical equipment, controls and wiring
must be installed to ensure non-interference
with other electrical units and systems
essential to safe operations (25.1353a)
• Electrical cables must be grouped, spaced
and routed to minimize damage to essential
systems due to faults in heavy currentcarrying cables (25.1353b)
GENERAL REQUIREMENTS
• Electrical Systems Laboratory Tests
(25.1363)
– system should have a high degree of fidelity
with actual equipment installed on the airplane
– for flight conditions not simulated adequately
in the laboratory, flight tests must be made
 example: effect of zero g and negative g’s on
generator function
GENERATING SYSTEMS (25.1351)
• Electrical Loads analysis determines the
generating capacity and number and kind
of power sources
• No failure of a power source can create a
hazard or impair the ability of remaining
sources to supply essential loads
• There must be a means to disconnect
power sources from the system and
indicate power available
BATTERIES (25.1353C)
• Most aircraft need a battery to power critical
systems or start the auxiliary power unit in
case normal generator power is lost in flight
• Battery requirements include:
– temperature and pressure safeguards
– protection from explosion and toxic gas
emissions
– meet 5 minute loss of primary power requirement
– charge rate, temperature monitored with
associated warning to crew and ability to
disconnect
CIRCUIT PROTECTION (25.1357)
• Circuit breakers or fuses are required to
protect wiring and airplane power busses
– automatic devices required to minimize hazard
to airplane in event of wiring faults
– protective devices necessary for generating
system
– if resetting is required for safety of flight,
circuit breaker must be located and identified
so it can be easily reset in flight
LIGHTING REQUIREMENTS
• External requirements include:
– Position lights (red, green, white on tail)
(25.1385, 1387, 1389)
– Anti-collision lights (25.1401)
– Wing ice detection lights (25.1403)
– Landing lights (25.1383)
• Specific requirements for coverage, color,
position and intensity (25.1389, 1391,
1393, 1395, 1397)
LIGHTING REQUIREMENTS
• Internal lighting requirements include:
– means provided to control intensity (25.1381)
– meet intended function (25.1301)
– emergency lightning for evacuation (25.812)
• Cockpit lighting evaluation by pilots for all
operational conditions
• No requirements for cabin lights, except
for emergency lighting
RECORDING SYSTEMS
• Recording systems must not impact the
safe operation of the airplane and are
mandated by the operating rules (91.609
c,e)
• Design and installation requirements
addressed in Part 25, subsection F
– Cockpit Voice Recorder (CVR)
– Flight Data Recorder (FDR)
• Additional requirements in operating rules
(121.359, 121.343)
MISCELLANEOUS EQUIPMENT
REQUIRED BY OPERATING RULES
• Airworthiness standards for certain
equipment required by operating rules are
provided
–
–
–
–
Windshear systems (121.358, AC25-12)
Protective breathing equipment (25.1439)
Oxygen equipment (25.1441-1453)
Terrain Awareness & Warning (TAWS) (121.354,
AC25-23)
– Traffic Alert & Collision Avoidance System
(TCAS) (121.356)
ENGINES AND APU’S
Mark Fulmer
Manager, Engine Certification Office
Engine and Propeller Directorate
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Safety is defined at the Aircraft level
– Engine and APU Contributors

Burst

Fire

Loads

Loss of Thrust Control

Toxic Products in Bleeds

In-flight Shutdown

Propeller Release
THE OLD WAY
Resources Expended on Initial & Ongoing Evaluation (Type & Production)
Typical average
by PAH type
Resource
Expenditure
(degree of
attention
paid)
Wide variation
subjective criteria
Priority
No Distinction for Same Production Approval
Holder (PAH) types PMA/TSO/PC)
THE NEW WAY
Resources Expended on Initial & Ongoing Evaluation
(Type & Production)
{
Designees &
Eval. Method
{ Self Audit
System Adequacy
{
Criteria
Focus
Non-Priority
Non-Critical
Resource
Expenditure
Priority
Non-Critical
Priority
Critical
PI/PE
Evaluations
ACSEP & Product
Specific Evaluations
Old Avg.
(degree of
safety based
attention
paid)
Smaller variation
defined by resource
targeting
Priority
Determined by: - SVC Exper Safety Data
- Product Safety Assessment
Causal Factors of Disk Fractures
Accident (level 4)
~ 5 per 100 Million Flights
Hazardous events:
~ 16 per 100 M flights
Part Fractures
All uncontained:
~ 32 per 100 M flights
Opportunities
Opportunities
Examples
low cycle
fatigue
high cycle manufact.
fatigue
defect
material
defect
Forging
Titanium
Machining Inconel
Peening
Steel
Other
maint. &
overhaul
fretting/
rubbing
Assembly error
Inspection
Repair
troubleshooting
erosion/
corrosion
bearing
failure
Design
Prod.
Maint.
overspeed
overtemp
Shaft failure Loss of disk
Fuel Control cooling,
Closed VSVs Limitation
exceeded
FOD
Birds
A/C ice shed
Blue ice
BMOD
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Some common considerations
– Likely single and multiple failures
– Likely improper operation
– Likely improper maintenance
– Likely inservice damage
– Minimize and cover latent failures
– Human factors assessed
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Burst
– Minimize failures that can release debris,
particularly high energy debris
– Contain failures where possible
– Uncontainable failures are predictable
– Effects on aircraft minimized (redundancy,
isolation, shielding)
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Fire
– Minimize occurrence and spread

Contain flammable fluids
> Assess structural integrity and materials of
components and fire wall



Isolate ignition sources
Control usage of flammable materials such
as Titanium and Magnesium
Coordination with aircraft installation to
minimize effects
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Loads
– Ultimate and limit capability defined

Mounts

Major load carrying structure
– Vibratory (internal and external effects)

Component criticals and induced
– Failure conditions

Instantaneous, rundown, windmilling
– Engine induced loads coordinated with aircraft
installation
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Loss of Thrust Control
– Control system reliability and safety
assessment (hardware and software)
– Redundancy

channels, mode, models, hydro-mechanical
backup
– Auto-shutdown for APU’s
– Limiting

topping, overspeed, overtemp
– Fail safe options
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Toxic Products in Bleeds
– Bleed air quality testing
– HazMats and VOC assessment
– Minimize ingress for likely failures
– Aircraft level isolation
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• In-flight Shutdown
– Reliability and durability
 Random independent vs. common cause threat
 Damage tolerance
 ETOPS
 Control system time limited dispatch
– Environmental
 Weather, birds, HIRF, lightning
– Stability
 Fan and compressor stall
 Combustor stability
– Human factors in operations and maintenance
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Propeller Release
– Propeller mount flange and shaft loads
– Propeller installation and flight strain
survey evaluated for suitability
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Outcomes of Certification
– Ratings and Operating Limitations

Power

Rotor speeds

Temperatures and pressures (gas path, fuel,
oil, etc.)
– Installation Requirements

Component temperatures

Loads (steady & vibratory)

Inputs/Outputs
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Outcomes of Certification
– Operating instructions


Altitude, attitude, speed, temperature
Procedures (in-flight relight, environmental,
ground handling, etc.)
– Airworthiness Limits

Component life, inspections, maintenance
– Instructions for Continued Airworthiness

On-wing preventative maintenance and
off-wing overhaul
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
• Production Certification
– Production process definition, process
controls, defect characterization, inspectability,
surveillance
• Operational and Maintenance Certifications
– Based on ability to adhere to type certification
data, limitations, and conditions
• Ongoing Management of Production,
Operability and Maintainability
FA ACT SECTION 603
• To be eligible for an airworthiness
certificate, an aircraft must:
– Conform to its type certificate, and
– Be in a condition for safe operation
• Type Certificate (FAR 21.41) includes the
type design (FAR 21.31) plus operating
limitations, TCDS, and applicable FAR
compliance conditions and limitations
PERFORMANCE OF MAINTENANCE
AND ALTERATION
• Repair Stations must perform work in accordance with
the manufacturers ICA (FAR 43.13a), an aircarrier's
manuals (FAR 145.2) or other FAA approved data.
• Maintenance may be conducted using other methods,
techniques and practices acceptable to the
Administrator that accomplish the same end result
with respect to airworthiness i.e.; conformity to the
type design and safe for operation
• Repairs, alterations, or deviations from the
Manufacturers ICA which are major require FAA
approved data
• Maintenance must return the product to either its
original or properly altered configuration
(FAR 43.13b)
FUNDAMENTAL CERTIFICATION CONCEPTS
ENGINES AND APU’S
•
In Closing:
– Don’t confuse compliance with safe nor
non-compliance with unsafe
– There is no such thing as an isolated event
POWERPLANT INSTALLATIONS
Kathrine Rask
Senior Engineer, Propulsion Branch
Seattle Aircraft Certification Office
PROPULSION SYSTEM
• Overview
– System Definitions
– Fundamental Certification Concepts
– Fuel Systems
– Engine Ice Protection
– Thrust Reverser
– Engine Operating Characteristics
– Fire Protection
– Uncontained Engine Failure
– Powerplant Instruments
SYSTEM DEFINITIONS
• Multi-Engine Installation
– Engines are Part 33 certified
 Objective is “stand alone” type certificate;
generally not airframe specific
• Auxiliary Power Unit (APU) Installation
– APU’s qualified to technical standard order
 Also “stand alone” certification objective
• Fuel System
– Tanks, pumps, plumbing, wiring, etc.
§§ 25.901(a), 25.903
FUNDAMENTAL CERTIFICATION
CONCEPTS
• No Single Failure or Probable
Combination of Failures will Jeopardize
Safe Operation
– A single failure is assumed without
consideration as to its probability of failing
– If a failure event cannot be readily detected, it
is counted as a latent existing failure in
addition to the first failure
– “Probable” - expected or foreseeable
 Term often confused with 25.1309
terminology; quantitatively means “not
extremely improbable”
§ 25.901(c)
FUNDAMENTAL CERTIFICATION
CONCEPTS
– “Jeopardize safe operation”
 Continued safe flight and landing from brake
release through ground deceleration to stop
 Safe flight is determined by both qualitative
and quantitative analysis
 Consider service experience of similar failures
§ 25.901(c)
FUNDAMENTAL CERTIFICATION
CONCEPTS
• No Single Failure or Probable Combination
of Failures will Jeopardize Safe Operation
– Accomplished By
 Isolation
 Independence
 Redundancy
 Reliability
– Four Exceptions To Rule
 Uncontained Engine Failures
 Combustor Case Burn Through
 Propeller Failure
 Certain Structural Failures
§§ 25.901(c), 25.903(b), 25.903(d)(1), 25.905(d)
FUEL SYSTEMS
• Fuel System Independence/Redundancy
• Fuel Flow
– Normal operation
– Hot/cold weather, negative “G,” gravity feed
• Lightning Protection
• Crashworthiness
• Failure Modes
– Ignition sources/flammability
– Function of automated fuel system
§§ 25.943, 25.951-25.1001
FUEL SYSTEM
• New Outlook on Fuel System Safety
– Part 21 Special Federal Aviation Regulation
 Retroactive design review of in-service
airplanes
– New Part 25 Regulation Changes
 Improved safety analysis
 Minimized fuel tank flammability
– Operating Rule Changes
 Mandate improved maintenance
SFAR No. 88; §§ 25.981, 91.410, 121.370, 125.248, 129.32
ENGINE ICE PROTECTION
• Engine Installation Shall Continue to
Operate in Severe Environmental
Conditions
– Review ice accumulations on engine, inlet, and
other airframe surfaces that could be ingested
 Freezing fog on ground
 Falling and blowing snow on ground
 Late activation of ice protection by crew in
flight
 Fan ice shedding and procedures
– No engine icing limitations
 Engine power/thrust always required to exit
inadvertent icing conditions
§ 25.1093
THRUST REVERSER
• Demonstrate compatibility with engine
• Demonstrate compatibility with airplane
– Significant change in philosophy since the
Lauda 767 accident
 Exposed vulnerability to certain aircraft
during high speed flight
Long Strut/Low Mount
T/R pattern under wing - no stall
Short Strut/High Mount
T/R pattern over wing - stall
THRUST REVERSER
• Two Options to Meet Part 25 Safety Intent:
– To demonstrate that the airplane must be
controllable under any possible position of the
thrust reverser
 Thorough flight test controllability
demonstration
 Demonstrate operable reverser can be
restored to the forward thrust position
 Minimize potential for in-flight deployment
§ 25.933
THRUST REVERSER
• Two Options to Meet Part 25 Safety Intent
(continued):
– To demonstrate the possibility of an inflight
thrust reverser deployment will not occur
within the life of the airplane fleet
 Rigorous qualitative and quantitative
analysis with more conservative
assumptions
 Typically results in three independent
thrust reverser restraints
 Review minimum dispatch configurations
THRUST REVERSER
• Maintenance has played a significant role in
the majority of inflight thrust reverser
incidents
– Review safety analysis assumptions to ensure
they are tolerant to human error
– Review general thrust reverser maintenance
procedures
– In depth review of thrust reverser lock-out
configuration and procedures
• Vast majority of in-service thrust reverser
uncommanded deployments resulted from
improperly de-activating system
associated with MEL activity
ENGINE OPERATING
CHARACTERISTICS
• Engines should continue to safely operate
throughout the airplane flight envelope
• Engine operation demonstrated at
airplane’s limits of :
– Ambient temperature
– Altitude/airspeed/angle of attack
– Tailwind/crosswind
– Rapid and slow power lever movements
– Mechanical/electrical loading
§§ 25.939, 25.931
POWERPLANT FIRE PROTECTION
• General intent is to provide redundant
design:
– Minimize potential for fire
 Ventilation required to minimize potential of
flammable vapor
 Managing zone temperatures and sources
of ignition
– Minimize effects/duration if a fire should occur
 Fire walls
 Quick acting detectors
 Flammable fluid shut off provisions
 Drainage provisions
 Extinguishing
§§ 25.863-25.869, 25.1181-25.1207
UNCONTAINED ENGINE FAILURE
B-747; 2000
DC-10; 1973
UNCONTAINED ENGINE FAILURE
• Uncontained engine failure threat too
great to be completely addressed by
failsafe philosophy
– Some of the threat addressed by prescriptive
requirements
 Differential compartment loads
 Damage tolerant structure
 Decompression
§§ 25.365(e)(1), 25.571(e)(2)-(3), 25.841(a)(3), 25.903(d)(1)
UNCONTAINED ENGINE FAILURE
– Remainder of airplane threat minimized in the
event of an uncontained engine or APU failure
 Isolation
> hydraulic check valves
> flammable fluid shut-off provisions & dry bays

Redundancy & Separation
> hydraulic line, flight control wires/cables & electric
power
> flammable fluid shut-off valves

Shielding
> critical structure & systems
> auxiliary fuel tanks
> APU containment devices
POWERPLANT INSTRUMENTS
• Intent is to provide indication of engine
parameters, limits, and failures to enable
the crew to always maintain control of
engine
– Limit exceedances (protect rotor integrity)
– Fault enunciation - critical failures
 Messaging system consistent with flight
deck philosophy
 Minimize flight crew workload
– Pop-up displays
– Standby indication
– Trend monitoring
§§ 25.1305
OTHER SYSTEM REQUIREMENTS
• Part 25 also addresses:
–
–
–
–
–
Propeller installation
Oil system
Thrust augmentation
Starting
Component cooling
–
–
–
–
–
Controls
APU
Performance
Powerplant accessories
Inlets/Exhaust
All follow the fundamental concept
of fail-safe and isolation
CABIN SAFETY
Frank Tiangsing
Manager, Airframe/Cabin Safety Branch
Transport Airplane Directorate
DEFINITION
• Cabin Safety, the discipline that deals
with:
– Occupant protection/survival
– Escape from crashes or other emergency
events
Electrical
Systems
Mechanical
Systems
Cabin Safety
Operations
(Flight Standards)
Airframe
MAIN ELEMENTS
• Occupant protection
• Evacuation
• Fire protection
• Emergency equipment
OCCUPANT PROTECTION
• Occupant protection is provided by
having:
– Seats approved to static and dynamic loads
(§§ 25.561, 25.562, 25.785)
– Items of mass retained (§ 25.789)
– Padding on projecting objects (§ 25.785(k))
– Handholds along aisles (§ 25.785(j))
– Slip resistant floors (§ 25.793)
– Access to oxygen during a decompression event
(§ 25.1447)
OCCUPANT PROTECTION
• Static testing of seats
– Seats are tested to loads in the forward, aft,
sideward, up and down directions
– Maximum loads from the ground, flight and
emergency landing conditions are applied
OCCUPANT PROTECTION
• Dynamic testing of seats
– Two test conditions

16g forward load
14g downward load
– Includes occupant injury criteria


Head Injury Criteria (HIC)

Lumbar load
Femur load
– TSO-C127 prescribes minimum performance
standards for dynamically tested seats

MAIN ELEMENTS
• Occupant protection
• EVACUATION
• Fire protection
• Emergency equipment
EVACUATION
Evacuation addresses the means for
occupants to safely travel from their seats
to the ground or water
EVACUATION
• Effective evacuation is accomplished by
providing:
– Appropriate type and number of exits (§ 25.807)
– Access to exits (§ 25.813)
– Assist means from the aircraft to ground or water
(§ 25.810, TSO C69c)
EVACUATION
• Effective evacuation is accomplished by
providing:
– Emergency lighting (§ 25.812)
– Emergency evacuation demonstration (§ 25.803, App. J)
– Ditching capability (§ 25.801)
MAIN ELEMENTS
• Occupant protection
• Evacuation
• FIRE PROTECTION
• Emergency equipment
FIRE PROTECTION
• Interior fire protection is accomplished
by addressing the following areas:
– Interior materials (§ 25.853, App. F)
 Bunsen burner test
(Part I)
 Seat cushion test
(Part II)
 Heat release test
(Part IV)
 Smoke emission test
(Part V)
– Cargo compartments (§ 25.855, App. F)
 Bunsen burner test
 Oil burner test for Class C compartment liners
(Part III)
FIRE PROTECTION
– Lavatories (§§ 25.853(h), 25.854)
 Waste receptacles
> Must have built-in fire extinguishers
> Must be capable of containing fire
Smoke detectors are required
– Portable fire extinguishers must be distributed
throughout the aircraft (§ 25.851)

MAIN ELEMENTS
• Occupant protection
• Evacuation
• Fire protection
• EMERGENCY EQUIPMENT
EMERGENCY EQUIPMENT
• Emergency Equipment Required by
Part 25
– Fire extinguishers, oxygen bottles, floatation seat
cushions or life vests (§§ 25.851, 25.1415, 25.1447,
121.333(e))
– Overwater operation: life rafts, life vests, survival
kits, emergency transmitters, life lines (§ 25.1415)
• Emergency Equipment Required by
Part 121
– Megaphones, first aid kits, smoke hoods, crash ax,
flashlights (§§ 121.309, 121.337, 121.549)
EMERGENCY EQUIPMENT
• Emergency equipment must be:
– Readily accessible (§ 25.1411(a))
– Reasonably distributed and arranged so that
its location is obvious, well identified and
appropriate for its intended use
(§§ 25.851(a), 25.1411)
– Protected from inadvertent damage
(§25.1411(b))
HUMAN FACTORS IN PART 25
Steve Boyd
Airplane & Flight Crew Interface Branch
Transport Airplane Directorate
HUMAN FACTORS IN PART 25
• Definition (unofficial) - Human Factors, as it
applies to aircraft certification:
– The application of scientific theory, principles,
data and methods...
– about human abilities, limitations, and other
characteristics...
– to the establishment of minimum safety-related
design requirements for flight crew interfaces,
tasks, and procedures,...
– and then ensuring that those requirements are
met,
– in order to promote overall system performance
and safety
UNDERPINNING FOR THE CREW
INTERFACE REQUIREMENTS
• We base the requirements on knowledge
and/or assumptions about:
– The “human” capabilities and limitations of the
people who will fly the airplanes
– Their level of training
– Their roles and responsibilities
– The demands of the mission
• Note: Requirements for items 2 and 3 are
contained in the operating rules
PRIMARY HF AREAS
• Human factors issues are integrated into
the rules in various subparts
• Main areas include:
–
–
–
–
The controls and displays that the pilots use
The physical geometry of the flight deck
Integrated aspects of the flight crew interfaces
The evaluation of performance and handling
qualities
COMPETING REQUIREMENTS
Tall Pilots
All controls
reachable,
displays readable
Weight. Panel
space
Additional
functionality
Comfortable
seats
Information
Overload
Situation
Awareness
Commonality
16g seats
External vision
Short Pilots
Space necessary
for controls and
displays
CONTROLS AND DISPLAYS
• Specific controls and displays are called
out for certain functions
• Some are based on “assumed” pilot
responsibilities
• Some are required to deal with failures
– Driven by failure modes and effects
– Pilot actions are intended to mitigate the
failure effects
CONTROLS AND DISPLAYS
• Design to support pilot performance and
reduce errors in the use of controls/displays
– Arrangement - convenient accessibility and use,
no confusion, standardization
– Direction of movement - matches the function
– Control shape - standardization for certain
controls
– Control labeling - except when function is
obvious
– Preventing inadvertent activation - location,
guarding
– Color coding - standardization for alerts/limits
FLIGHT DISPLAY
ARRANGEMENT
• The technology and formats change,
but….
Attitude
Airspeed
Altitude
Heading
FLIGHT DECK GEOMETRY
• Accommodate a range of pilot sizes
– Short pilots can reach everything they need
– Tall pilots can fit in the flight deck
• Pilots can see what they need to see
– Installation location of the displays/controls
– Windows provide adequate visibility
• Reflections and glare
• Emergency egress
INTEGRATION ASPECTS OF THE
FLIGHT DECK
• Workload
– Workload must be acceptable for the minimum
flight crew
– No unreasonable concentration or fatigue
• Crew response to failures
• Environmental conditions
– Noise and vibration
– Lighting
• Intended function - assessed in context
EVALUATION OF PERFORMANCE
AND HANDLING QUALITIES
• HF considerations are embedded in
numerous requirements related to
performance and handling qualities.
Examples:
– ...can be “consistently executed in service by
crews of average skill.”
– …may not “require exceptional piloting or
alertness.”
– “Reasonably expected variations in service
from the established takeoff procedures… may
not result in unsafe flight characteristics…”
EVALUATION OF PERFORMANCE
AND HANDLING QUALITIES
• Requirements are based on experience
– Human performance “margins” are usually in
guidance material
• Test pilots are the key players in
evaluating performance/HQ
– Subjective assessment (including
consideration of line pilot capabilities and line
operations)
– Performance data - measuring airplane
performance with pilots in the loop
– Close coordination between Certification and
Flight Standards (Aircraft Evaluation Group)
pilots