Overview
The Aerospace Safety Solution implements the standard ARP 4761 five-level classification scheme. Each classification level is:- Assigned to failure conditions during FHA analysis
- Used to allocate Design Assurance Levels (DAL) automatically via a built-in formula
- Color-coded for visual emphasis in risksheets and dashboards
- Linked to probability targets for quantitative safety objectives
Classification Levels
| Classification | ID | Description | ARP 4761 Definition | DAL Allocation | Color |
|---|---|---|---|---|---|
| Catastrophic | cat | Loss of essential function, flight crew unable to cope, multiple fatalities probable | Failure condition would prevent safe operation or result in loss of aircraft/multiple fatalities | DAL A | Red |
| Hazardous | haz | Significant degradation of safety margins, flight crew effort required, serious injury possible | Failure condition would reduce safety margins and require flight crew action to avoid serious injury or fatality | DAL B | Orange |
| Major | maj | Reduced safety margins, crew alert required, passenger discomfort | Failure condition would reduce safety margins and require crew awareness but safe flight possible | DAL C | Yellow |
| Minor | min | Minor operational impact, passenger inconvenience | Failure condition causes minor inconvenience or discomfort but has no direct effect on safety | DAL D | Blue |
| No Safety Effect | nse | No impact on safety, maintenance issue only | Failure condition has no impact on safety | DAL E | Grey |
Classification-to-DAL Mapping Formula
The FHA risksheet includes an automatic formula that derives the Design Assurance Level from the failure condition classification. This implements the standard ARP 4761 allocation rule:
Color Coding Convention
The Aerospace Safety Solution uses consistent color coding across all safety analysis risksheets (FHA, SFMEA, DFMEA, FTA, CCA):
- Row headers — the leftmost column of each risksheet row
- Classification cells — the severity value itself
- DAL cells — the corresponding allocation level
- Dashboard reports — visual risk matrices and trend charts
Flight Phase Context
Classification severity may vary by flight phase. A failure during cruise may be classified as Hazardous, while the same failure during landing might be Catastrophic. The failure condition record includes a Flight Phase field to capture this context:| Phase | Definition | Notes |
|---|---|---|
| Ground | Pre-flight, taxi, parking | Lower consequence window |
| Takeoff | Rotation and initial climb | Critical phase; high consequence potential |
| Climb | After initial climb to cruise altitude | Longer recovery time; moderate consequence |
| Cruise | Sustained level flight | Longest duration; crew may have time to mitigate |
| Descent | Descent to approach altitude | Decreasing altitude reduces recovery options |
| Approach | Instrument or visual approach | Approach procedures constrain options |
| Landing | Flare, touchdown, rollout | Lowest altitude; highest consequence potential |
Confirm whether your project uses all seven flight phases or a reduced set. Some projects consolidate phases or use only the most critical phases (Takeoff, Cruise, Landing).
Safety Objective Probability Targets
Each failure condition classification level is associated with a probability target—a quantitative safety objective that the design must achieve through architecture and risk controls:| Classification | Probability Target | Threshold |
|---|---|---|
| Catastrophic | Extremely Improbable | < 10⁻⁹ per flight hour |
| Hazardous | Extremely Remote | < 10⁻⁷ per flight hour |
| Major | Remote | < 10⁻⁵ per flight hour |
| Minor | Reasonably Probable | No specific numerical target |
| No Safety Effect | Probable | No safety requirement |
Role in Safety Assessment Cascade
Failure condition classification is the linchpin connecting three major safety analysis activities:
Integration with Work Item Types
Classification is a custom field on the failureCondition work item type. Related work item types reference or inherit this classification:| Work Item Type | Usage | Notes |
|---|---|---|
| failureCondition | Source of truth | Stores the classification value directly |
| safetyRequirement | Inheritance | Inherits DAL from allocated failure condition(s) |
| systemElement | Categorization | May be classified separately (SC/CC); different scope than failure classification |
| function | Analysis context | Functions link to failure conditions; classification flows from condition to requirement |
| riskControl | Mitigation scope | Risk controls are scoped by DAL to address appropriate severity levels |
Risksheet Views and Filtering
The FHA risksheet includes built-in views and filters for working with classifications:Full Analysis View
Displays all columns: Function, Failure Condition, Flight Phase, Effect Description, Classification, Probability Target, DAL, Safety Requirements, Verification Status. Rows are sorted by classification severity (Catastrophic first).Classification Summary View
Focuses on severity and risk allocation: Function, Failure Condition, Classification, DAL, Safety Requirement Count. Filtered to show only Hazardous and above (excludes Major, Minor, No Safety Effect).Safety Objectives View
Emphasizes probability targets and requirements: Failure Condition, Classification, Probability Target, DAL, Safety Requirement ID, Safety Requirement Title. Used during PSSA to set quantitative objectives.Traceability View
Full chain: Function, Failure Condition, Classification, Safety Requirement ID/Title, Verification Status. Used to confirm that every high-severity failure condition has a corresponding requirement and verification activity.Classification Consistency Rules
The Aerospace Safety Solution enforces several consistency checks on failure condition classification:Confirm whether the Classification Consistency Report automatically checks for orphaned failure conditions (those without classification) or mis-matched classifications (where the effect description does not support the chosen severity).
Relationship to Other Enumerations
Failure condition classification is distinct from but related to:| Enumeration | Scope | Relationship |
|---|---|---|
| Failure Condition Phase (flight phase) | When the failure occurs | Classification severity may depend on flight phase |
| DAL Levels (A–E) | Design rigor level | Directly derived from classification via formula |
| Failure Mode Severity (FMEA) | Individual failure mode severity | Different scale; FMEA severity rolls up to failure condition classification |
| Risk Control Type | How mitigation is implemented | Risk control scope is determined by the DAL of the failure condition it addresses |
| Safety Assurance Level (SAL) | Security requirements | Separate enumeration for DO-326A security threats; not related to safety classification |
Example: Assigning Failure Condition Classification
Scenario: During FHA of the Flight Control System, you identify the failure condition “Loss of Primary Flight Control Authority.”- Analyze impact: Flight crew cannot control pitch, roll, or yaw. Aircraft is uncontrollable. Multiple fatalities probable.
- Assign classification: Based on impact analysis, this is Catastrophic.
- Observe DAL: The FHA risksheet automatically allocates DAL A.
- Set probability target: DAL A implies Extremely Improbable (< 10⁻⁹ per flight hour).
- Define safety requirements: During PSSA, allocate safety requirements that achieve this probability target (e.g., redundant flight control channels, automatic switchover logic, health monitoring).
See Also
- Design Assurance Levels (DAL A-E) — the allocation levels derived from classification
- Failure Condition (failureCondition) — the work item type that stores classification
- FHA Risksheet Configuration Reference — the template that implements classification-to-DAL mapping
- Safety Objective Probability Targets — quantitative safety objectives by classification (if available)
Source References (dev)
Source References (dev)
Code:
.polarion/tracker/fields/failureCondition-custom-fields.xml (0.67) · .polarion/nextedy/models/rtm.yaml (0.61) · modules/RiskTemplates/FHATemplate/attachments/risksheet.json (0.59) · .polarion/tracker/fields/failureCondition-classification-enum.xml (0.58) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.58) · .polarion/tracker/fields/failureMode-custom-fields.xml (0.55) · .polarion/nextedy/sheet-configurations/DO-160G Environmental Qualification.yaml, Component RTM.yaml, Configuration Index.yaml, Design Verification Sheet.yaml, Interface Control Matrix.yaml, Problem Report Tracker.yaml, Process Steps.yaml, Review Action Item Tracker.yaml, SOI Stage Gate Dashboard.yaml, Use Steps Specification.yaml, User Need Validation Sheet.yaml, characteristics.yaml, component-characteristics.yaml, customer-requirements.yaml, design-requirements.yaml, subsystem-functions.yaml, subsystem-verification.yaml, system-elements.yaml, test-verification.yaml (0.54) · .polarion/tracker/fields/hazard-hazardCategory-enum.xml, hazard-operationalPhase-enum.xml, hazard-acceptanceAuthority-enum.xml (0.54) · .polarion/tracker/fields/safetyObjective-probability-enum.xml (0.54) · modules/RiskTemplates/FTATemplate/attachments/risksheet.json (0.52)