View Latest Blog Entries
Close
Categories
Testing & Assessment Certification Aging Wires & Systems Management Standard & Regulation Maintenance & Sustainment Conference & Report Research Protection & Prevention Arcing Miscellaneous
Popular Tags
Visual Inspection MIL-HDBK MIL-HDBK-525 FAR AS50881 FAR 25.1707 Electromagnetic Interference (EMI) High Voltage Wire System Maintenance Arcing Damage FAR 25.1709
All Tags in Alphabetical Order
25.1701 25.1703 Accelerated Aging ADMT Aging Systems Aircraft Power System Aircraft Service Life Extension Program (SLEP) arc damage Arc Fault (AF) Arc Fault Circuit Breaker (AFCB) Arc Track Resistance Arcing Arcing Damage AS22759/87 AS4373 AS4373 Method 704 AS50881 AS5692 AS6019 AS85485 AS85485 Wire Standard ASTM F2799 ATSRAC Attenuation Automated Wire Testing System (AWTS) Bent Pin Analysis Best of Lectromec Best Practice Cable cable testing Carbon Nanotube (CNT) Certification Chafing Chemical Testing Circuit Breaker circuit design Circuit Protection Coaxial cable cold bend comparative analysis Compliance Component Selection Condition Based Maintenance Conductor conduit Connector connectors contacts Corona Corrosion Corrosion Preventing Compound (CPC) Cracking D-sub data analysis data cables degradat Degradation Delamination Derating diagnostic dielectric constant Distributed Power System DO-160 Electrical Aircraft Electrical Component Electrical Testing Electromagnetic Interference (EMI) Electromagnetic Vulnerability (EMV) EMC EMF EN3197 EN3475 EN6059 End of Service Life End of Year Energy Storage engines Environmental Environmental Cycling ethernet EWIS Component EWIS Design EWIS Failure EWIS Thermal Management EZAP FAA AC 25.27 FAA AC 25.981-1C Failure Database Failure Modes and Effects Analysis (FMEA) FAQs FAR FAR 25.1703 FAR 25.1707 FAR 25.1709 fault tree Fixturing Flammability fleet reliability Flex Testing fluid exposure Forced Hydrolysis fuel system fuel tank ignition functional testing Fundamental Articles Future Tech Green Taxiing Grounding Harness Design Hazard Analysis health monitoring heat shrink tubing high current high Frequency high speed data cable High Voltage History Hot Stamping Humidity Variation ICAs IEC60172 Instructions for Continued Airworthiness Insulation insulation resistance IPC-D-620 ISO 17025 Certified Lab Kapton Laser Marking life limited parts life projection Maintenance Maintenance costs Mandrel Mechanical Testing MECSIP MIL-C-38999 MIL-C-85485 MIL-DTL-17 MIL-DTL-3885G MIL-DTL-38999 MIL-E-25499 MIL-HDBK MIL-HDBK-1646 MIL-HDBK-217 MIL-HDBK-454 MIL-HDBK-516 MIL-HDBK-522 MIL-HDBK-525 MIL-HDBK-683 MIL-STD-1560 MIL-STD-1798 MIL-STD-464 MIL-T-7928 MIL-T-81490 MIL-W-22759/87 MIL-W-5088 Military 5088 modeling MS3320 NASA NEMA27500 No Fault Found off gassing Outgassing Overheating of Wire Harness Parallel Arcing part selection Performance physical hazard assessment Physical Testing polyimdie Polyimide-PTFE Power over Ethernet Power systems predictive maintenance Presentation Probability of Failure Product Quality Radiation Red Plague Corrosion Reduction of Hazardous Substances (RoHS) regulations relays Reliability Research Rewiring Project Risk Assessment SAE Secondary Harness Protection Separation Requirements Series Arcing Service Life Extension Severe Wind and Moisture-Prone (SWAMP) Severity of Failure Shield Shielding signal cable silver plated wire smoke Solid State Circuit Breaker Space Certified Wires stored energy supportability Sustainment Temperature Rating Temperature Variation Test methods Test Pricing Testing Thermal Circuit Breaker Thermal Endurance Thermal Index Thermal Shock Thermal Testing Tin plated conductors Troubleshooting TWA800 UAVs verification Visual Inspection voltage white paper whitelisting Wire Ampacity Wire Certification Wire Comparison wire damage wire failure wire properties Wire System wire testing Wire Verification work unit code

Principles of EWIS System Safety (25.1709)

Certification

Key Takeaways
  • EWIS system safety relies on well established risk assessment fundamentals.
  • Risk assessment is dependent on quantifying failure probability and failure severity.
  • Tools, such as Lectromec’s EWIS RAT, can expedite EWIS risk assessment.

Of the regulations encapsulating the 25.17XX EWIS group, none is more complicated than 25.1709. This regulation, consisting of only 31 words, can be the result of thousands of hours of labor, hundreds of pages of documentation, and requiring inputs from just about every system group working on the vehicle. If you step back from the regulation and ask, “What is necessary to show compliance?” it comes down to several factors.

Here, we review some of the basic principles of 25.1709, where it impacts and interacts with other systems in the vehicle.

What is the regulation?

These 31 words carry a lot of weight and they hide a lot of the complexity rooted in risk assessment concepts.

25.1709 System safety: EWIS.

Each EWIS must be designed and installed so that:

(a) Each catastrophic failure condition –

   (1) Is extremely improbable; and

   (2) Does not result from a single failure.

(b) Each hazardous failure condition is extremely remote.

As covered in previous Lectromec articles (here and here), risk assessment relies on identifying the probability of failure and the severity of failure. Regulation “Item A” requires that catastrophic EWIS failure events EWIS must have a failure probability of “extremely improbable”.

Item B requires hazardous EWIS failure events have a failure probability of extremely remote or better. For those unfamiliar with these terms, they have specific meaning in the aerospace industry and have specific values.

Failure Levels

The following tables are taken directly from AC 25.1701-1 and the FAA System Safety Handbook

Term

Explanation

No Safety Effect

Failure conditions that would have no effect on safety, for example failure conditions that would not affect the operational capability of the airplane or increase flightcrew workload.

Minor

Failure conditions that would not significantly reduce airplane safety, and involve flightcrew actions that are well within their capabilities. For example, minor failure conditions may include:

– a slight reduction in safety margins or functional capabilities;

– a slight increase in flightcrew workload, such as routine flight plan changes; or

– some physical discomfort to passengers or cabin crew.

Major

Failure conditions that would reduce the capability of the airplane or the ability of the flightcrew to cope with adverse operating conditions to the extent that there would be, for example:

– a significant reduction in safety margins or functional capabilities;

– a significant increase in flightcrew workload or in conditions impairing flightcrew efficiency;

– discomfort to the flightcrew; or

– physical distress to passengers or cabin crew, possibly including injuries.

Hazardous

Failure conditions that would reduce the capability of the airplane or the ability of the flightcrew to cope with adverse operating conditions to the extent that there would be, for example:

– a large reduction in safety margins or functional capabilities;

– physical distress or excessive workload such that the flightcrew cannot be relied upon to perform their tasks accurately or completely; or

– serious or fatal injuries to a relatively small number of persons other than the flightcrew.

Catastrophic

Failure conditions that would result in multiple fatalities, usually with the loss of the airplane. (NOTE: A catastrophic failure condition was defined differently in previous versions of § 25.1309 and in accompanying advisory material as “a failure condition that would prevent continued safe flight and landing.”

Identification

Qualitative Description

Probable

Qualitative: Anticipated to occur one or more times during the entire system/operational life of an item. Quantitative: Probability of occurrence per operational hour is greater that 1 x 10-5

Remote

Qualitative: Unlikely to occur to each item during its total life. May occur several time in the life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x 10-5 , but greater than 1 x 10-7

Extremely Remote

Qualitative: Not anticipated to occur to each item during its total life. May occur a few times in the life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x 10-7 but greater than 1 x 10-9

Extremely Improbable

Qualitative: So unlikely that it is not anticipated to occur during the entire operational life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x 10-9

A common tool used for visualizing the failure probability and failure severity is a risk assessment matrix (MIL-STD-882). In this, the severity of failure is shown along the horizontal axis and the probability of failure is shown along the vertical axis. This matrix is a means to visually present the concept of risk assessment and the trade-offs between system reliability and failure severity. Ideally, the goal is to ensure that the probability of system failure is relatively low, and often this is achieved by higher-quality parts, better design, and/or system redundancy [see how this is applied to aging aircraft].

Test Setup
Example risk assessment matrix. Source: MIL-STD-882.

Mathematically, for a risk to be fully eliminated requires that it physically cannot happen (think of water catching fire). From a practical perspective, several layers of redundancy can achieve the same objective.

Redundancy and impact on Risk

The idea of system redundancy is that if one component fails every 1000 hours, the probability of failure is roughly 1 in 1000 or 10-3 failures per flight hour. If there is a backup system supporting this function that has the same failure probability of 10-3, then the combined system reliability can be said to be 10-6 failures per flight hour. This improved failure rate of the combined system is possible if the components and supporting systems are completely independent.

If the systems rely on a single power source, that potentially reduces the reliability of the system. If the two devices rely on exactly the same input, the reliability potentially is reduced. From an EWIS perspective, if the system wiring is co-located in the same wiring harness, runs through the same connector, or could be damaged by a single event e.g. tire burst, then this also reduces the combined reliability of the two systems. This last point of EWIS separation is what is highlighted in a couple of the EWIS regulations.

Reliability

A single failure cannot lead to a catastrophic failure condition. From the perspective of 25.1709, that means that EWIS supporting redundant systems cannot be co-located. They cannot be placed in the same wire harness, and they cannot be routed in the same connector. To do otherwise, would violate the intention of the regulation.

So what is necessary to actually show compliance? As a starting point, advisory circular (AC) 25.1701–1 provides a good description on what needs to be considered to show compliance. The advisory circular breaks up the elements of 25.1709 into two separate domains: physical and functional impact. Lectromec has a couple articles devoted to discussing these areas of 25.1709 and they are available here.

For those that are not looking to read another article, this comes down to ensuring that the physical separation is considered (much of this data is gathered to support 1707 requirements), and that the functional separation is also addressed (think single point failure). Much of the functional separation requires work with various systems groups and the system safety engineers to identify the functional impact of the EWIS failure.

Expedite results

So what can be done to expedite 25.1709 compliance documentation and evaluation? For one, understanding the requirements early in the project can have a great impact on reducing the long-term cost of EWIS evaluation. Second, Lectromec’s risk assessment tool can be used to evaluate wiring systems very quickly and reduce the total amount of labor needed.  Contact Lectromec for details.

Michael Traskos

Michael Traskos

President, Lectromec

Michael has been involved in wire degradation and failure assessments for more than a decade. He has worked on dozens of projects assessing the reliability and qualification of EWIS components. Michael is an FAA DER with a delegated authority covering EWIS certification and the chairman of the SAE AE-8A EWIS installation committee.