View Latest Blog Entries
Close
Categories
Testing & Assessment Certification Aging Wires & Systems Standard & Regulation Management Maintenance & Sustainment Conference & Report Research Protection & Prevention Arcing Miscellaneous
Popular Tags
Visual Inspection AS50881 MIL-HDBK MIL-HDBK-525 High Voltage FAR Electromagnetic Interference (EMI) FAR 25.1707 AS4373 Maintenance Wire System Arcing Damage
All Tags in Alphabetical Order
2021 25.1701 25.1703 abrasion AC 33.4-3 Accelerated Aging ADMT Aging Systems AIR6808 AIR7502 Aircraft Power System aircraft safety Aircraft Service Life Extension Program (SLEP) altitude arc damage Arc Damage Modeling Tool Arc Fault (AF) Arc Fault Circuit Breaker (AFCB) Arc Track Resistance Arcing Arcing Damage AS22759 AS22759/87 AS23053 AS4373 AS4373 Method 704 AS50881 AS5692 AS6019 AS83519 AS85049 AS85485 AS85485 Wire Standard ASTM D150 ASTM D8355 ASTM F2696 ASTM F2799 ASTM F3230 ASTM F3309 ATSRAC Attenuation Automated Wire Testing System (AWTS) Automotive backshell batteries Bent Pin Analysis Best of Lectromec Best Practice bonding Cable Cable Bend cable testing Carbon Nanotube (CNT) Certification Chafing Chemical Testing Circuit Breaker circuit design Circuit Protection Coaxial cable cold bend collision comparative analysis Compliance Component Selection Condition Based Maintenance Conductor conductors conduit Connector connector selection connectors contacts Corona Corrosion Corrosion Preventing Compound (CPC) Cracking D-sub data analysis data cables degradat Degradation Delamination Derating design safety development diagnostic Dielectric breakdown dielectric constant Dimensional Life disinfectant Distributed Power System DO-160 dry arc dynamic cut through E-CFR Electrical Aircraft Electrical Component Electrical Power Electrical Testing Electromagnetic Interference (EMI) Electromagnetic Vulnerability (EMV) EMC EMF EN2235 EN3197 EN3475 EN6059 End of Service Life End of Year Energy Storage engines Environmental Environmental Cycling environmental stress ethernet eVTOL EWIS certification EWIS Component EWIS Design EWIS Failure EWIS sustainment EWIS Thermal Management EZAP FAA FAA AC 25.27 FAA AC 25.981-1C FAA Meeting failure conditions Failure Database Failure Modes and Effects Analysis (FMEA) FAQs FAR FAR 25.1703 FAR 25.1707 FAR 25.1709 fault tree Fixturing Flammability fleet reliability Flex Testing fluid exposure Forced Hydrolysis fuel system fuel tank ignition Functional Hazard Assessment functional testing Fundamental Articles Future Tech galvanic corrosion Glycol Gold Gold plating Green Taxiing Grounding hand sanitizer handbook Harness Design Hazard Analysis health monitoring heat shrink heat shrink tubing high current high Frequency high speed data cable High Voltage HIRF History Hot Stamping Humidity Variation HV system ICAs IEC60172 IEEE Inspection installation installation safety Instructions for Continued Airworthiness insulating material insulating tape Insulation insulation breakdown insulation resistance insulation testing interchangeability IPC-D-620 ISO 17025 Certified Lab ISO 9000 J1673 Kapton Laser Marking life limit life limited parts Life prediction life projection Lightning liquid nitrogen lunar maintainability Maintenance Maintenance costs Mandrel mean free path measurement mechanical stress Mechanical Testing MECSIP MIL-C-38999 MIL-C-85485 MIL-DTL-17 MIL-DTL-3885G MIL-DTL-38999 MIL-E-25499 MIL-HDBK MIL-HDBK-1646 MIL-HDBK-217 MIL-HDBK-454 MIL-HDBK-516 MIL-HDBK-522 MIL-HDBK-525 MIL-HDBK-683 MIL-STD-1353 MIL-STD-1560 MIL-STD-1798 MIL-STD-464 MIL-T-7928 MIL-T-81490 MIL-W-22759/87 MIL-W-5088 MIL–STD–5088 Military 5088 modeling moon MS3320 NASA NEMA27500 Nickel nickel plating No Fault Found OEM off gassing Outgassing Over current Overheating of Wire Harness Parallel Arcing part selection Partial Discharge partial discharge at altitude Performance physical hazard assessment Physical Testing polyimdie Polyimide-PTFE Power over Ethernet power system Power systems predictive maintenance Presentation Probability of Failure Product Quality PTFE pull through Radiation Red Plague Corrosion Reduction of Hazardous Substances (RoHS) regulations relays Reliability Research Resistance Revision C Rewiring Project Risk Assessment S&T Meeting SAE SAE Committee Sanitizing Fluids Secondary Harness Protection Separation Requirements Series Arcing Service Life Extension Severe Wind and Moisture-Prone (SWAMP) Severity of Failure shelf life Shield Shielding signal cable Silver silver plated wire silver-plating skin depth skin effect Small aircraft smoke Solid State Circuit Breaker Space Certified Wires Splice standards Storage stored energy supportability Sustainment System Voltage Temperature Rating Temperature Variation Test methods Test Pricing Testing Thermal Circuit Breaker Thermal Endurance Thermal Index Thermal Runaway Thermal Shock Thermal Testing tin Tin plated conductors tin plating tin solder tin whiskering tin whiskers top 5 Transient Troubleshooting TWA800 UAVs UL94 USAF validation verification video Visual Inspection voltage voltage differential Voltage Tolerance vw-1 wet arc white paper whitelisting Wire Ampacity Wire Bend Wire Certification Wire Comparison wire damage wire failure wire performance wire properties Wire System wire testing Wire Verification wiring components work unit code

Principles of EWIS System Safety (25.1709)

Certification

Key Takeaways
  • EWIS system safety relies on well established risk assessment fundamentals.
  • Risk assessment is dependent on quantifying failure probability and failure severity.
  • Tools, such as Lectromec’s EWIS RAT, can expedite EWIS risk assessment.

Of the regulations encapsulating the 25.17XX EWIS group, none is more complicated than 25.1709. This regulation, consisting of only 31 words, can be the result of thousands of hours of labor, hundreds of pages of documentation, and requiring inputs from just about every system group working on the vehicle. If you step back from the regulation and ask, “What is necessary to show compliance?” it comes down to several factors.

Here, we review some of the basic principles of 25.1709, where it impacts and interacts with other systems in the vehicle.

What is the regulation?

These 31 words carry a lot of weight and they hide a lot of the complexity rooted in risk assessment concepts.

25.1709 System safety: EWIS.

Each EWIS must be designed and installed so that:

(a) Each catastrophic failure condition –

   (1) Is extremely improbable; and

   (2) Does not result from a single failure.

(b) Each hazardous failure condition is extremely remote.

As covered in previous Lectromec articles (here and here), risk assessment relies on identifying the probability of failure and the severity of failure. Regulation “Item A” requires that catastrophic EWIS failure events EWIS must have a failure probability of “extremely improbable”.

Item B requires hazardous EWIS failure events have a failure probability of extremely remote or better. For those unfamiliar with these terms, they have specific meaning in the aerospace industry and have specific values.

Failure Levels

The following tables are taken directly from AC 25.1701-1 and the FAA System Safety Handbook

Term

Explanation

No Safety Effect

Failure conditions that would have no effect on safety, for example failure conditions that would not affect the operational capability of the airplane or increase flightcrew workload.

Minor

Failure conditions that would not significantly reduce airplane safety, and involve flightcrew actions that are well within their capabilities. For example, minor failure conditions may include:

– a slight reduction in safety margins or functional capabilities;

– a slight increase in flightcrew workload, such as routine flight plan changes; or

– some physical discomfort to passengers or cabin crew.

Major

Failure conditions that would reduce the capability of the airplane or the ability of the flightcrew to cope with adverse operating conditions to the extent that there would be, for example:

– a significant reduction in safety margins or functional capabilities;

– a significant increase in flightcrew workload or in conditions impairing flightcrew efficiency;

– discomfort to the flightcrew; or

– physical distress to passengers or cabin crew, possibly including injuries.

Hazardous

Failure conditions that would reduce the capability of the airplane or the ability of the flightcrew to cope with adverse operating conditions to the extent that there would be, for example:

– a large reduction in safety margins or functional capabilities;

– physical distress or excessive workload such that the flightcrew cannot be relied upon to perform their tasks accurately or completely; or

– serious or fatal injuries to a relatively small number of persons other than the flightcrew.

Catastrophic

Failure conditions that would result in multiple fatalities, usually with the loss of the airplane. (NOTE: A catastrophic failure condition was defined differently in previous versions of § 25.1309 and in accompanying advisory material as “a failure condition that would prevent continued safe flight and landing.”

Identification

Qualitative Description

Probable

Qualitative: Anticipated to occur one or more times during the entire system/operational life of an item. Quantitative: Probability of occurrence per operational hour is greater that 1 x 10-5

Remote

Qualitative: Unlikely to occur to each item during its total life. May occur several time in the life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x 10-5 , but greater than 1 x 10-7

Extremely Remote

Qualitative: Not anticipated to occur to each item during its total life. May occur a few times in the life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x 10-7 but greater than 1 x 10-9

Extremely Improbable

Qualitative: So unlikely that it is not anticipated to occur during the entire operational life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x 10-9

A common tool used for visualizing the failure probability and failure severity is a risk assessment matrix (MIL-STD-882). In this, the severity of failure is shown along the horizontal axis and the probability of failure is shown along the vertical axis. This matrix is a means to visually present the concept of risk assessment and the trade-offs between system reliability and failure severity. Ideally, the goal is to ensure that the probability of system failure is relatively low, and often this is achieved by higher-quality parts, better design, and/or system redundancy [see how this is applied to aging aircraft].

Test Setup
Example risk assessment matrix. Source: MIL-STD-882.

Mathematically, for a risk to be fully eliminated requires that it physically cannot happen (think of water catching fire). From a practical perspective, several layers of redundancy can achieve the same objective.

Redundancy and impact on Risk

The idea of system redundancy is that if one component fails every 1000 hours, the probability of failure is roughly 1 in 1000 or 10-3 failures per flight hour. If there is a backup system supporting this function that has the same failure probability of 10-3, then the combined system reliability can be said to be 10-6 failures per flight hour. This improved failure rate of the combined system is possible if the components and supporting systems are completely independent.

If the systems rely on a single power source, that potentially reduces the reliability of the system. If the two devices rely on exactly the same input, the reliability potentially is reduced. From an EWIS perspective, if the system wiring is co-located in the same wiring harness, runs through the same connector, or could be damaged by a single event e.g. tire burst, then this also reduces the combined reliability of the two systems. This last point of EWIS separation is what is highlighted in a couple of the EWIS regulations.

Reliability

A single failure cannot lead to a catastrophic failure condition. From the perspective of 25.1709, that means that EWIS supporting redundant systems cannot be co-located. They cannot be placed in the same wire harness, and they cannot be routed in the same connector. To do otherwise, would violate the intention of the regulation.

So what is necessary to actually show compliance? As a starting point, advisory circular (AC) 25.1701–1 provides a good description on what needs to be considered to show compliance. The advisory circular breaks up the elements of 25.1709 into two separate domains: physical and functional impact. Lectromec has a couple articles devoted to discussing these areas of 25.1709 and they are available here.

For those that are not looking to read another article, this comes down to ensuring that the physical separation is considered (much of this data is gathered to support 1707 requirements), and that the functional separation is also addressed (think single point failure). Much of the functional separation requires work with various systems groups and the system safety engineers to identify the functional impact of the EWIS failure.

Expedite results

So what can be done to expedite 25.1709 compliance documentation and evaluation? For one, understanding the requirements early in the project can have a great impact on reducing the long-term cost of EWIS evaluation. Second, Lectromec’s risk assessment tool can be used to evaluate wiring systems very quickly and reduce the total amount of labor needed.  Contact Lectromec for details.

Michael Traskos

Michael Traskos

President, Lectromec

Michael has been involved in wire degradation and failure assessments for more than a decade. He has worked on dozens of projects assessing the reliability and qualification of EWIS components. Michael is an FAA DER with a delegated authority covering EWIS certification and the chairman of the SAE AE-8A EWIS installation committee.