This chapter offers guidance on some general safety assessment issues for UAS Certification.
• The intent of a Safety Assessment is to demonstrate that the aircraft is safe enough for the manner and type of operation it is intended to perform. It is not intended here to describe any of the many different types of assessment or analyses that can be undertaken, but to outline the basic aspects to be considered.
• It is important however to recognize that Safety Assessments, if conducted as a fundamental and iterative design process, can provide benefits in terms of the level of safety achievable. This also achieves a degree of reliability or availability possible and even minimize the cost of ownership through effective maintenance schedules.
• If the Safety Assessment is considered simply as a retrospective analysis the result can only reflect the frozen design. Whilst this could be sufficient, it does also carry the risk that any shortfall can only be addressed by redesign or by limitations or restrictions on the use-which could be significant enough to preclude viable operation.
• A Safety Assessment may be considered in simple steps:
⁃ Determination of the set or aircraft level threats/hazards related to functional failures are identified;
⁃ The severity of the consequence for each of these failure conditions is determined/classified;
⁃ This classification could be different for differing scenarios, e.g. during different phases of flight;
⁃ The target level of safety (TLOS) is assigned for each failures condition;
⁃ The systems and and component failures that could contribute to each of these failure conditions is assessed or analyzed to establish if the individual TLOS is met;
⁃ Compliance with each individual failure condition and the overall aircraft level target is shown.
• Within the airworthiness requirements set, as discussed below, the large aircraft certification specifications contain specific requirements and levels of safety defined in probability terms. For smaller classes of aircraft the airworthiness requirements may not define levels of safety to this detail-hence the method of demonstrating compliance is open for discussion and may be able to be based on judgement and justified arguments rather than detailed probabilistic analysis. This is clearly important as with lower levels or robust component reliability data the more challenging is the task of developing probability analyses.