Issues in the Conduct of PSSA

Abstract

Aerospace Recommended Practices (ARPs) 4754 and 4761 introduce the concept of preliminary system safety assessment (PSSA) as a key stage in the safety process for systems on civil aircraft. PSSA is intended to follow functional hazard assessment (FHA). Its purpose is to assist in validating a proposed system architecture and to allocate (derived) safety requirements to components of that architecture. Although the ARPs claim to represent “best practise” some of their recommendations, including the conduct of PSSA, are novel, and it is not always clear how to interpret and apply them. The purpose of this paper is to give some guidelines on the conduct of PSSA, based on our experience of assisting a number of organisations in developing safety processes in response to the ARPs. We discuss some major issues which, in our experience, cause significant difficulties in using the ARPs. The ARPs are clear about the purpose of PSSA – but in our experience the purpose isn’t always adequately understood (in part this is due to the nature of the example in ARP 4761 Appendix L). Where practical, we illustrate our concerns by presenting a critique of the example in Appendix L of ARP 4761