· web viewthis section provides basic data and information of general interest. it also...

RPAS Safety Assessment Report

<<RPAS Type>>

DOC # <<Doc. Number>><<Applicant Name>>

<<Applicant Address1>><<Applicant Address2>>

All rights reserved. No part of this report may be reproduced or copiedin any form or by any means without written permission

of <<Applicant>>

Copyright © 2016 by <<Applicant>>

Revision 00, April 1, 2016Initial Issue: April 1, 2016

<<Applicant Logo>>

<<RPAS Picture>>

RPAS Safety Assessment Report Introduction<<RPAS Type>>

Intentionally left blank

Page 10 - 1 Doc # <<Doc. Number>> Revision 00, April 1, 2016


RPAS Safety Assessment Report

<<RPAS Type>>

RPA Manufacturer :

RPA Model :

Remote Controller Manufacturer :

Remote Controller Model :

DOC # : <<Doc. Number>>

Date of Initial Issue : april 1, 2016

Revision : 00

Date of Revision : april 1, 2016



PREFACEThe intent of this RPAS Safety Assessment Report is to demonstrate that the RPAS is safe enough for the manner and type of operation it is intended to perform.

The analysis presented in this RPAS Safety Assessment Report only considers the given design.

The present RPAS Safety Assessment Report covers all elements of the RPAS operation. The emphasis however is placed on the technical safety assessment of the RPAS components.

Applicable Regulations.The Remotely Piloted Aircraft System (RPAS) as described in this RPAS Safety Assessment Report is subject to Civil Aviation regulations. Regulations may vary depending on the country where you intend to operate the RPAS.

Any use of the RPAS in breach of the laws of the country where the RPAS is operated is under the sole responsibility of the RPAS Operator.

Inform yourself before operating the RPAS. Some countries may have laws that limit the use of unmanned aircraft to ‘Line-of-Sight’ operations and | or prohibit the use of unmanned aircraft at all or in specific areas.

Privacy.Recording and circulating an image of an individual, private property or historical building may constitute an infringement of their image and privacy for which you can be liable. Ask for authorization before taking pictures of an individual, private property or historical building, particularly if you want to keep your recordings and | or circulate images on the Web or any other medium. Do not circulate degrading images or ones that could undermine the reputation or dignity of an individual, private property or historical building. Check that your use of the cameras on board this RPA complies with the legal provision on privacy in the country where you operate your product.



Index of RevisionsRevisions to this RPAS Safety Assessment Report are recorded in the following table. The RPAS Safety Assessment Report Revision Number, Revision Date and Document Number are shown on the bottom right hand corner, respectively the bottom centre on each page.

The RPAS may only be operated if the RPAS Safety Assessment Report is up to date, and to the extent that the RPAS conforms to the given design.

Revision Number

Revision Date Reason for Revision Approval



TABLE OF CONTENTSSECTION

GENERAL..........................................................................................................................................1

RPA SYSTEM SAFEGUARDS..........................................................................................................2

THREATS | HAZARDS & CONSEQUENCES...................................................................................3

ALARMS | DETECTION OF MALFUNCTIONS.................................................................................4

EMERGENCY PROCEDURES..........................................................................................................5

PRE | POST FLIGHT INSPECTIONS................................................................................................6

PREVENTIVE MEASURES...............................................................................................................7

EMERGENCY SCENARIO’S.............................................................................................................8


RPAS Safety Assessment Report General<<RPAS Type>>

Section 1

GENERAL

TABLE OF CONTENTSPage

1.1 INTRODUCTION....................................................................................................................2

1.2 WARNINGS, CAUTIONS AND NOTES.................................................................................2

1.3 DESCRIPTION OF THE RPAS..............................................................................................2

1.3.1 Remotely Piloted Aircraft (RPA)..................................................................................2

1.3.1.1 Motors | Propellers | Electronic Speed Controls....................................................2

1.3.1.2 Avionics | Navigation | Communication Systems..................................................21.3.1.3 Fuel | Flight Battery...............................................................................................2

1.3.2 Remote Pilot Station...................................................................................................3

1.3.2.1 Function Controls Layout......................................................................................3

1.3.2.2 Command and Control Link...................................................................................31.3.2.3 Firmware | Software..............................................................................................3

1.4 LIST OF DEFINITIONS AND ABBREVIATIONS....................................................................3

1.4.1 Abbreviations and Acronyms......................................................................................3

1.4.2 Definitions...................................................................................................................3



1.1 Introduction.This Section provides basic data and information of general interest. It also contains definitions or explanations of symbols, abbreviations, and terminology commonly used.

Furthermore, it specifies the particular RPAS design considered in this RPAS Safety Assessment Report.

1.2 Warnings, Cautions and Notes.The following definitions apply to warnings, cautions, and notes used in this RPAS Safety Assessment Report:

WARNING!! Disregarding the following instructions leads to an immediate or severe deterioration of flight safety and hazardous situations, including such resulting in personal injury and damage to property.

CAUTION! Disregarding the following instructions leads to a serious or long term deterioration of flight safety.

NOTE Draws the attention to any special item not directly related to safety but which is important or unusual.

1.3 Description of the RPAS.The particular design of the Remotely Piloted Aircraft System (RPAS) that is subject of the present RPAS Safety Assessment Report is described below.

The RPAS consists of a Remotely Piloted Aircraft (RPA) and a Remote Pilot Station. The RPA is capable of carrying different payloads to perform its intended type of operation.

1.3.1 Remotely Piloted Aircraft (RPA).

1.3.1.1 Motors | Propellers | Electronic Speed Controls

(Number, Manufacturer, Model, Type)

1.3.1.2 Avionics | Navigation | Communication Systems

1.3.1.3 Fuel | Flight Battery

(Manufacturer, Type, Capacity)



1.3.2 Remote Pilot Station.

Manufacturer | Model

Conformity with the RPA manufacturing standard

1.3.2.1 Function Controls Layout

(Information Displays, User Interfaces)

1.3.2.2 Command and Control Link

1.3.2.3 Firmware | Software

1.3.2.4 Safety System

(Safety System against the loss of control by hacking, disturbance or perturbation)

1.3.3 Payload(s).

1.4 List of Definitions and Abbreviations.

1.4.1 Abbreviations and Acronyms.

AGL above ground levelC2 command and controlRPA remotely piloted aircraftRPAS remotely piloted aircraft system(s)VFR visual flight rulesVLOS visual line-of-sightVMC visual meteorological conditions

1.4.2 Definitions.

Aircraft. Any machine that can derive support in the atmosphere from the reactions of the air other than the reactions of the air against the earth’s surface.

Command and control (C2) link. The data link between the remotely piloted aircraft and the remote pilot station for the purposes of managing the flight.

Data link communications. A form of communication intended for the exchange of messages via a data link.



Maintenance. The performance of tasks required to ensure the continuing airworthiness of an aircraft, including any one or combination of overhaul, inspection, replacement, defect rectification and the embodiment of a modification or repair.

Operator. A person, organisation or enterprise engaged in or offering to engage in an aircraft operation.

Note. — In the context of remotely piloted aircraft, an aircraft operation includes the remotely piloted aircraft system.

Remotely piloted aircraft (RPA). An unmanned aircraft which is piloted from a remote pilot station.

Remotely piloted aircraft system (RPAS). A remotely piloted aircraft, its associated remote pilot station(s), the required command and control links and any other components as specified in the type design.

Rotorcraft. A power-driven heavier-than-air aircraft supported in flight by the reactions of the air on one or more rotors.

RPA observer. A trained and competent person designated by the operator who, by visual observation of the remotely piloted aircraft, assists the remote pilot in the safe conduct of the flight.

Safety risk. The predicted probability and severity of the consequences or outcomes of a hazard.

VFR. The symbol used to designate the visual flight rules.

VFR Flight. A flight conducted in accordance with the visual flight rules.

Visual line-of-sight (VLOS) operation. An operation in which the remote pilot or RPA observer maintains direct unaided visual contact with the remotely piloted aircraft.

Visual meteorological conditions (VMC). Meteorological conditions expressed in terms of visibility, distance from cloud, and ceiling, equal to or better than specified minima.

8 - 4 Doc # <<Doc. Number>> Revision 00, April 1, 2016

RPAS Safety Assessment Report RPA System Safeguards<<RPAS Type>>

Section 2

RPA SYSTEM SAFEGUARDS


2.1 INTRODUCTION....................................................................................................................2

2.2 SAFEGUARDS IN THE REMOTELY PILOTED AIRCRAFT (RPA).......................................2

2.2.1 Mechanical | Structural Integrity..................................................................................2

2.2.2 Electrical Systems.......................................................................................................2

2.2.3 Avionics | Navigation | Communication Systems........................................................2

2.3 SAFEGUARDS IN THE REMOTE PILOT STATION..............................................................2

2.4 SAFEGUARDS ON THE FIRMWARE | SOFTWARE LEVEL................................................2

2.5 SAFEGUARDS IN THE PAYLOAD(S)...................................................................................3



2.1 Introduction.This Section provides a more detailed description of the RPA System and its components, in particular with regard to the design considerations that have been applied in order to improve the system safety.

The fault tolerance of the RPA System is improved by providing a redundancy of the critical functions.

For safety critical signals hardware lines have been doubled, as demonstrated in the following Block | Wiring Diagrams.

The RPA Systems and Subsystems are continuously monitored, and alarms and warnings are (automatically) generated in order to enable operator intervention when necessary.

2.2 Safeguards in the Remotely Piloted Aircraft (RPA).

2.2.1 Mechanical | Structural Integrity.

2.2.2 Electrical Systems.

2.2.3 Avionics | Navigation | Communication Systems.

2.2.4 Safety System.

(Safety System against the loss of control by hacking, disturbance or perturbation)

2.3 Safeguards in the Remote Pilot Station.The Remote Pilot Station has been designed so as to assure that the operator will correctly perform the operational sequences and that the possibility of human errors is reduced as much as possible.

Switches and buttons have been placed in such a way that unintentional activation is avoided.



The Remote Pilot Station informs the operator in case problems occur.

(messages, alerts, warnings)

2.4 Safeguards on the Firmware | Software level.

2.5 Safeguards in the payload(s).The design and construction of any payload(s) ensures that the safe operation of the RPAS is not imperilled by the electronic emissions, the weight and location, or any other characteristic of the payload(s).


RPAS Safety Assessment Report Threats | Hazards & Consequences<<RPAS Type>>

Section 3

THREATS | HAZARDS & CONSEQUENCES


3.1 INTRODUCTION....................................................................................................................2

3.2 THREATS | HAZARDS...........................................................................................................2

3.2.1 Air-related...................................................................................................................2

3.2.2 Ground-related............................................................................................................2

3.3 CONSEQUENCES.................................................................................................................2



3.1 Introduction.This Section contains an in-depth analysis of potential safety threats | hazards related to the operation of the RPA System, and of their consequences.

A determination | identification is made of any threats | hazards related to functional failures of the RPA System (including subsystems and components).

For each of these failure conditions a determination | classification of the severity as well as the probability of its consequences is made.

The classification may be different during the different phases of flight considered.

Note: in this context, a hazard is defined as a potential, dormant, absent or contained threat (harmless state), a threat is defined as the associated harmful state.

3.2 Threats | Hazards.

3.2.1 Air-related.

3.2.2 Ground-related.

3.3 Consequences.For the classification of the severity of any consequences the following definitions are used:

Definition Meaning Value

Catastrophic Results in accident, death or equipment destroyed E

Hazardous Serious injury or major equipment damage D

Major Serious incident or injury C

Minor Results in minor incident B

Negligible Nuisance of little consequence A



The probability of any consequences are classified as follows:

Definition Meaning Value

Frequent Likely to occur many times 5

Occasional Likely to occur sometimes 4

Remote Unlikely to occur but possible 3

Improbable Very unlikely to occur 2

Extremely Improbable Almost inconceivable that the event will occur 1


RPAS Safety Assessment Report Alarms | Detection of Malfunctions<<RPAS Type>>

Section 4

ALARMS | DETECTION OF MALFUNCTIONS


4.1 INTRODUCTION....................................................................................................................2

4.2 SYSTEM ALARMS.................................................................................................................2

4.3 SYSTEM WARNINGS............................................................................................................2

4.4 SYSTEM MALFUNCTIONS DETECTION..............................................................................2



4.1 Introduction.This Section provides a detailed description of System Alarms | Warnings that may occur during the operation of the RPA System.

Furthermore, it describes any possible means of System Malfunctions Detection that could indicate a deterioration of RPA System performance, even before a System Alarm | Warning would occur.

Upon the occurrence of any System Alarm | Warning or the detection of any System Malfunction the operator can take appropriate action (see also Section 5 – Emergency Procedures).

4.2 System Alarms.

4.3 System Warnings.

4.4 System Malfunctions Detection.


RPAS Safety Assessment Report Emergency Procedures<<RPAS Type>>

Section 5

EMERGENCY PROCEDURES


5.1 INTRODUCTION....................................................................................................................2

5.2 EMERGENCY PROCEDURES..............................................................................................2



5.1 Introduction.The Emergency Procedures in this Section describe the proper action that need to be taken in case of Alarms | Warnings | System Malfunctions Detection — or when defects occur — during the operation of the RPA System.

Compared to the Emergency Procedures Checklists that would typically be included in a RPAS Flight Manual, this Section includes a thorough justification of the actions required.

The justification refers to the specific design of the RPA System and its components, in particular the Alarm | Warning | System Malfunction Detection (sub)systems, and is associated with the Threats | Hazards previously identified, and their Consequences.

5.2 Emergency Procedures.


RPAS Safety Assessment Report Pre | Post Flight Inspections<<RPAS Type>>

Section 6

PRE | POST FLIGHT INSPECTIONS


6.1 INTRODUCTION....................................................................................................................2

6.2 PRE-FLIGHT INSPECTIONS.................................................................................................2

6.3 POST-FLIGHT INSPECTIONS..............................................................................................2



6.1 Introduction.This Section describes the Inspections that need to be completed before and after the operation of the RPA System.

Pre- and Post-Flight Inspections are necessary to ensure safe operation of the RPA System in the short-term.

As the Pre- and Post-Flight Inspections are typically included in the RPAS Flight Manual as well, this Section provides additional justification of the inspection procedures.

6.2 Pre-Flight Inspections.

6.3 Post-Flight Inspections.


RPAS Safety Assessment Report Preventive Measures<<RPAS Type>>

Section 7

PREVENTIVE MEASURES


7.1 INTRODUCTION....................................................................................................................2

7.2 PERIODIC INSPECTIONS.....................................................................................................2

7.3 PERIODIC MAINTENANCE...................................................................................................2



7.1 Introduction.This Section details the inspections and maintenance that need to be completed at specified intervals, in order to ensure the continuous safe operation of the RPA System (long term).

The periodic inspections and maintenance are typically included in the RPAS Flight Manual as well, this Section however provides additional justification of the (periodic) inspection and maintenance procedures.

The maintenance actions are to be recorded by the maintenance organisation that performed them, in accordance with the pertinent procedures.

7.2 Periodic Inspections.

7.3 Periodic Maintenance.

7.4 Inspections | Maintenance performed by the owner | operator.

7.5 Inspections | Maintenance after incident or accident.


RPAS Safety Assessment Report Emergency Scenarios<<RPAS Type>>

Section 8

EMERGENCY SCENARIOS


8.1 INTRODUCTION....................................................................................................................2

8.2 SCENARIOS..........................................................................................................................2

8.2.1 Loss of Flight Control because of Servo Failure.........................................................2

8.2.2 Loss of Automatic Pilot...............................................................................................2

8.2.3 Loss of Propulsion......................................................................................................2

8.2.4 Loss of Engine Power (one Engine Inoperative).........................................................2

8.2.5 Low Battery.................................................................................................................2

8.2.6 Loss of Navigation (Position and Altitude)..................................................................3

8.2.7 Loss of Global Navigation Satellite Systems (GNSS).................................................3

8.2.8 Radio Control Link Failure..........................................................................................3

8.2.9 Remote Pilot Station Communication Failure.............................................................3

8.2.10 Remote Pilot Station Low Power................................................................................3

8.2.11 Loss of ATC Communication......................................................................................3

8.2.12 Loss of RPA Observer Communication......................................................................3

8.2.13 [Additional Emergency Scenario 1].............................................................................3



8.1 Introduction.In this Section the principles of the previous Sections are applied to a number of specific scenario’s.

For each scenario the threats | hazards, as well as any possible consequences are identified (with indication of their severity | probability). Specific alarms | warnings that may occur are indicated. Next, the specific (emergency) procedures that need to be followed by the operator are designated [avoid the consequences]. And finally, the specific pre-flight inspections are indicated [avoid the occurrence of the threat | hazard].

8.2 Scenarios.The first twelve emergency scenarios considered are those as specified in the Royal Decree of 10 April 2016, regarding the use of remotely piloted aircraft in the Belgian airspace.

If any of these emergency scenarios appear to be non-applicable for the RPA System subject to this RPAS Safety Assessment Report, it is indicated as such, and a short justification is given.

Additional emergency scenarios, relevant for the RPA System subject to this RPAS Safety Assessment Report, are considered subsequently.

8.2.1 Loss of Flight Control because of Servo Failure.

8.2.2 Loss of Automatic Pilot.

8.2.3 Loss of Propulsion.

8.2.4 Loss of Engine Power (one Engine Inoperative).

8.2.5 Low Battery.



8.2.6 Loss of Navigation (Position and Altitude).

8.2.7 Loss of Global Navigation Satellite Systems (GNSS).

8.2.8 Radio Control Link Failure.

8.2.9 Remote Pilot Station Communication Failure.

8.2.10 Remote Pilot Station Low Power.

8.2.11 Loss of ATC Communication.

8.2.12 Loss of RPA Observer Communication.

8.2.13 [Additional Emergency Scenario 1]


· web viewthis section provides basic data and information of general interest. it also...

Documents