DASDRM Section 5 Chapter 6 presents the Authority prescribed design requirements for role equipment and Portable Electronic Equipment (PEE). This Annex provides guidance on design considerations for technical assessment of role equipment to support operational approvals.
Role equipment may present unique hazards when operated on aircraft that are not likely to have been considered by the original designer of the equipment, and the equipment is unlikely to have been previously evaluated to confirm that it is physically compatible with the host aircraft. For example, the equipment may contain chemicals or other substances that could become hazardous to personnel or the aircraft structure if exposed (such as corrosive substances). Aircraft can also present a harsh environment for role equipment, and inadequately designed equipment may present a hazard to the host aircraft. Further, domestic appliances such as heaters or cooking equipment could pose a fire safety or leakage hazard. While these hazards may be acceptable in a non-aircraft environment (since the operator is likely to be able to evacuate the area) a similar approach to treating the hazard would not be suitable for aircraft operations. The following paragraphs provide specific guidance for identification of potential hazards associated with environmental conditions present in Defence aircraft, the general approach that should be adopted for conducting role equipment SSAs, and evaluating the safety of domestic appliances.
Conducting role equipment SSAs. For aircraft systems, hazards are normally identified by implementing a robust system safety program supported by, inter alia, SSAs. Robust system safety programs are unlikely to have been followed during design development of role equipment and, where a system safety approach was taken, the role equipment is unlikely to have been designed with comprehensive hazard identification and treatment in mind, particularly for the aviation environment. However, the system safety approach to role equipment should be applied in a pragmatic manner. It would be easy for aviation engineers to apply an excessive level of rigour, and expend associated resources, to role equipment and implement a comprehensive systems safety approach when this is not warranted. Consequently, the following suite of requirements, based on MIL-STD-882 ‘tasks’, provide a suggested basis for conducting system safety assessments for role equipment:
Task 106 – Hazard Tracking System. The hazards identified during the role equipment SSA should be incorporated into the host aircraft’s hazard tacking system (usually via the Hazard log).
Task 205 – System Hazard Analysis. Conduct a SHA to the extent necessary to identify hazards relevant to role equipment use in the airborne environment and evaluate whether the hazards have been (or can be) effectively treated.
Task 206 – Operating and Support Hazard Analysis. Evaluate proposed role equipment operations while on-board the host aircraft to identify whether operations introduce additional hazards and propose suitable risk treatment. Evaluate the support arrangements for the role equipment to identify if configuration changes to the equipment that may introduce hazards are adequately controlled.
Task 207 – Health Hazard Analysis. Evaluate role equipment to identify any potential health impacts on aircraft occupants associated with role equipment materials.
Task 303 – Test and Evaluation Participation. Where required, establish the parameters to be tested/verified during operational test and evaluation to support engineering assessment of the proposed role equipment.
Task 401 – Safety Verification. Identify any additional testing required to verify the safe operation of role equipment when on-board the host aircraft (eg additional environmental qualification or E3 testing).
Role equipment is often designed for an application other than aircraft use and is adapted to suit a Defence capability requirement. Consequently, the equipment is unlikely to have been previously evaluated to confirm that it can safely operate when subjected to the (sometimes) extreme environmental conditions experienced by the host aircraft. For example, the equipment may contain components that are hermetically sealed and may be prone to explosive rupture if subjected to an explosive or rapid decompression. Long-term exposure to vibration environments often present in the host aircraft may lead to internal failure of components that provide specific hazard treatment, such as bonding and circuit protection, and result in electrical fires or smoke and fumes. The worst-case environmental conditions that the role equipment may be subjected to in the host aircraft should be established and the equipment evaluated against these conditions to determine if it can be safely installed and operated, prior to approval for use.
Defence aircraft electrical and electronic systems are designed to satisfy the electromagnetic compatibility requirements prescribed in the aircraft’s certification basis. However, role equipment may not be designed to standards that provide a similar level of electromagnetic compatibility with the sometimes sensitive equipment found on aircraft. Consequently, the equipment is unlikely to have been certified as compliant with the E3 design requirements prescribed for the host aircraft systems and equipment. Therefore, an evaluation of the role equipment should be undertaken to verify that there will be no impact on safe aircraft operations as a result of electromagnetic interference. This evaluation may require analysis of extant EMI/EMC certification of the role equipment or additional testing if required, and the establishment of any additional limitations on role equipment operation (eg phases of flight that the equipment can be safely operated or location of the equipment during operation).
The requirements detailed in DASDRM Section 2 Chapter 4, Electromagnetic Environmental Effects can be used as a template for determining those elements of electromagnetic compatibility that require evaluation. Where the host aircraft certification basis for electromagnetic environmental effects is uncertain, the requirements in Section 2 Chapter 4 provide an initial benchmark for role equipment evaluation. Further information on electromagnetic compatibility issues is provided within the PEE guidance section of this Annex.
Role equipment is unlikely to have been certified as compliant with the electrical systems design requirements prescribed for Defence aircraft. Many items of role equipment are designed to commercial specifications and standards, which provide significant latitude for designers when establishing whether the system is safe. For example, the wiring used in role equipment often is insulated using the cheapest and most reliable materials for the commercial application (eg PVC insulation). Such insulation may not be suitable for aircraft use. Therefore, any non-compliance with Defence aircraft electrical system requirements should be identified and the impact on safe aircraft operations, if any, established together with any associated limitations on role equipment operation (eg additional circuit protection, limitations on connection to aircraft power supplies or permitted battery types).
The requirements detailed in DASDRM Section 3 Chapter 8, Electrical Systems can be used as a template for determining those elements of electrical systems compatibility that require evaluation. The following paragraphs detail specific guidance for role equipment electrical systems compatibility issues.
Electrical Wiring. Several types of electrical wiring, for example those with Polyvinyl Chloride (PVC) or Polyimide (Kapton) insulation, exhibit undesirable properties and are therefore either prohibited or restricted for use in Defence aircraft. A similar approach should be adopted for role equipment wiring. DASDRM Section 3 Chapter 8 Electrical Systems, details the Authority prescribed design requirements for aircraft wiring which should be applied to role equipment where reasonable and pragmatic. Wiring that connects role equipment to aircraft power outlets should be routed so that it does not interfere with normal aircraft operations or impede access to, or use of, the role equipment.
Bonding. Where practicable, all metallic components of role equipment should be electrically bonded to each other and to the airframe to protect the equipment and the aircraft against the effects of static electricity and lightning.
Battery Powered Equipment. Role equipment with installed batteries should be subjected to regular inspections to ensure the battery is physically sound and no leakage of electrolyte has occurred. If these inspections are not included in the equipment servicing schedules, a pre-flight inspection of batteries should be included in an aircraft special (S) servicing for fitment of the role equipment. Batteries should be assessed to confirm that they are compatible with the worst-case environment likely to be experienced when the equipment is installed in the host aircraft.
Electrical Power Connections. Where role equipment is to be connected to an aircraft power supply (either directly or through some form of power conversion equipment) military specification electrical connectors should be used wherever possible. Where this is not practicable, a safety assessment of the connectors should be conducted and any identified hazards appropriately treated.
Main Electrical Power Switch. Each item of electrically powered role equipment that will utilise aircraft power should be fitted with a single ON/OFF power switch in the appropriate power line. The switch should be guarded and there should be an indication that the power supply is switched on. Circuit breakers should not be used to fulfil this requirement unless they have been specifically designed for this purpose.
Overcurrent Protective Devices. Each item of electrically powered role equipment that will utilise aircraft power should be fitted with an overcurrent protective device. The protective device should be fitted as close as practicable to the entry point of power to the equipment.
Role equipment that incorporates an oxygen system is unlikely to be designed to Defence aircraft design standards and may therefore pose an increased fire hazard. In particular, items of role equipment used for medical purposes (Aeromedical Evacuation Equipment (AMEE)) are often commercially available equipment that is designed for hospital or general medical use using commercial specifications and standards, which provide significant latitude for designers when establishing whether the system is safe. For example, the oxygen piping used in role equipment is often PTFE tubing or similar, which is not usually suitable for aircraft systems and may pose an increased risk of leakage, or ignition and consequent fire hazard. Role equipment containing oxygen also presents particular hazards in an aircraft environment that may not be relevant in the equipment’s ‘normal’ use (eg confined spaces and oxygen enriched atmospheres in the presence of oils/lubricants used on aircraft components). Further, compatibility with the host aircraft oxygen system must be established (eg aircraft oxygen systems provide dry breathing oxygen while most medical systems require oxygen with a defined moisture content) where the aircraft system will provide the oxygen supply. Connections between the host aircraft and role equipment systems must also be secure and prevent the escape of oxygen.
While adoption of the host aircraft’s oxygen system design requirements may appear reasonable, aircraft oxygen systems are designed within a system safety framework that provides a robust approach to identification and treatment of hazards. For oxygen systems, this approach results in a comprehensive risk treatment program that includes: filtration (for replenishment support equipment and at the aircraft system filler valve), pressure reduction, selection of fire resistant materials, prescribed maintenance practices and inspections, and so on. Role equipment oxygen systems, on the other hand, are unlikely to have been designed under the same rigorous approach to hazard identification and treatment. Consequently, oxygen systems in role equipment should be designed to comply with the requirements in DASDRM Section 3 Chapter 6, to ensure that a ‘systems’ approach to design is followed that includes fire-resistant materials, filters, pressure reduction and so on.
Any non-compliance with Defence aircraft oxygen system requirements should be identified and the impact on safe aircraft operations should be evaluated before approval for use is granted. Further, any additional limitations or caveats on role equipment operation (eg additional testing required, limitations on connection to aircraft oxygen supplies or requirements for physical restraint of oxygen bottles) to ensure that the equipment can be safely installed and operated should be established and promulgated in associated role equipment and/or aircraft operating procedures.
Role equipment is unlikely to have been previously evaluated to confirm that it is physically capable of withstanding the significant forces involved in a crash or hard landing in an aircraft. The crash protection features of the host aircraft may be compromised by role equipment that is not designed to, or is not mounted using devices that can, withstand these forces. Consequently, role equipment must be capable of being restrained in such a manner that it does not become a projectile, or break apart, in a crash or hard landing.
Role equipment should be evaluated prior to approval for use, to ensure that the equipment design can be appropriately restrained and can withstand crash or hard landing forces in the host aircraft. Any additional limitations on role equipment fitment or operation (eg location of the equipment during operation and/or physical restraint methods) to ensure that the equipment remains safe when installed in the aircraft should also be established and promulgated in relevant equipment and/or aircraft procedures. The following paragraphs provide specific guidance for role equipment mounting.
Fastener Hardware. Fasteners should be suitable for the intended application and retain items securely without loss of joint integrity or separation of fastener parts when the equipment is subjected to the maximum expected vibration or to the likely loads experienced during a hard or crash landing. Screwed fasteners should be either of the self-locking variety or should be lock-wired to ensure security during operation.
Mounting and Securing. Suitable restraint devices should be provided which are capable of securing the role equipment against the maximum load forces expected (advice should be sought from Air Movements Training and Development Unit (AMTDU) where required). For non-standard and trial modifications where role equipment is permanently attached to the aircraft rather than restrained in a manner similar to cargo, the restraint of equipment should be designed in accordance with the Aircraft Structural Integrity Management Plan (ASIMP). Floor loading of the item should not exceed values for each aircraft type as detailed by AMTDU. Removable attachments, when not in use, should be securely stowed on the equipment.
Role equipment designs may introduce physical hazards to personnel when installed in Defence aircraft that are not present in the ‘normal’ operational environment of the equipment. Further, the equipment is unlikely to have been previously evaluated to confirm that it does not pose a hazard to personnel during flight or emergency evacuation. Physical design issues such as sharp edges or protruding components of the role equipment may also result in hazards that are not considered important for the equipment’s ‘normal’ use, but may be substantial hazards in an aircraft environment, resulting in injury or entanglement in turbulence or evacuations. Equipment should be mounted in the host aircraft in a location that will not impede normal and emergency ingress/egress. Additionally, the equipment should not impede access to aircraft emergency equipment and systems such as manual landing gear extension areas.
While safe operation of role equipment on Defence aircraft will initially be established through the evaluation in support of approval to operate the role equipment, inadequate maintenance practices or changes in role equipment configuration may compromise the level of safety established during this initial evaluation. Many items of role equipment are not aviation materiel and are therefore not managed by aircraft support agencies. In the past, role equipment issues as a result of failure to adopt appropriate maintenance practices or the incorporation of changes to the role equipment configuration (either approved by the managing CASG support organisation or under a ‘field approval’) have compromised role equipment safety. To avoid these issues, suitable maintenance programs and/or arrangements with the role equipment or PEE managing CASG support organisation should be established to ensure that any such changes are communicated and can be evaluated for impacts on the extant approval for use.