Browse the Glossary

Fail-Safe Design Concept

Fail-Safe Design Concept: Fundamental to the notion of safety-critical systems in certification is the fail-safe design concept, which “considers the effects of failures and combinations of failures in defining a safe design.” The concept has a different meaning for structures than for systems: fail-safe for structures is concerned with residual strength after sustaining damage; fail-safe for systems is concerned with the functional implications of a failure condition and its probability of occurrence. Although both concepts have the same goal— a safe design—the approaches to achieving that goal are different.

Fail-safe for structures is governed by 14 CFR 25.571 and the methods of compliance are outlined in AC 25.571-1C. In general, the structural components of an airplane (such as the airframe and wings) are designed such that “an evaluation of the strength, detail design, and fabrication must show that catastrophic failure due to fatigue, corrosion, manufacturing defects, or accidental damage, will be avoided throughout the operational life of the airplane.” However, after the 1988 Aloha Airlines flight 243 accident, where 18 feet of the upper crown skin and structure separated from the fuselage, there has been a greater emphasis on damage tolerance. A damage tolerance evaluation of structure ensures that “should serious fatigue, corrosion, or accidental damage occur within the design service goal of the airplane, the remaining structure can withstand reasonable loads without failure or excessive structural deformation until the damage is detected.”

Fail-safe for systems treats failures differently. A failure, as defined in AC 25.1309-1A and in Society of Automotive Engineers (SAE) ARP4761 is a loss of function or a malfunction of a system, and differs from a failure mode, which is the way a failure in an item occurs. The focus is on understanding the functional significance of aircraft systems, determining the risks to safety of flight associated with a failure condition, and using probability distributions to determine the frequency of occurrence of a failure condition and its effects on overall system function. The purpose of the fail-safe design concept for systems is to meet the following design objectives stated in 14 CFR 25.1309:

“Airplane systems and associated components, considered separately and in relation to other systems, must be designed so that The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable, and The occurrence of any other failure condition which would reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions is improbable.”

The regulation also specifies that warning information about the failure condition be provided to the crew so that they may take the appropriate corrective action. These two design objectives provide the basis for airplane certification standard practices and establish the approach to be used to determine the relative importance (and severity) of a system failure condition.

Speak Your Mind