Certification evidence
Functional hazard assessment evidence review for ARP4761A, ARP4754B
This review is for OEMs, avionics suppliers, Engineering teams responsible for functional hazard assessment. It is triggered by fHA baseline before PSSA start. EE checks function list against the system, aircraft-level definitions, failure condition identification per phase of flight, plus the governing plan or application, against ARP4761A, ARP4754B. Discrepancies include missing source records, mismatched configuration, unsupported assumptions, or functions missing because the FHA predates a requirements change. Output includes Functional hazard assessment exception register, Claim to evidence map, Reviewer question list.
When this review is needed
- The plan names functional hazard assessment as a required deliverable.
- The review notes that evidence was carried forward from another configuration or installation.
- The authority or authorized representative is expected to sample the records.
- Open questions need to be separated from editorial cleanup.
The problem
File volume does not settle the question. The package must show why the evidence proves is the FHA complete and are its classifications defensible, since every DAL and safety budget downstream inherits its errors, especially where functions missing because the FHA predates a requirements change.
What gets reviewed
- Review function list against the system against the configuration, installation, or claim under review.
- Compare aircraft-level definitions against the configuration, installation, or claim under review.
- Trace failure condition identification per phase of flight against the configuration, installation, or claim under review.
- Challenge classification rationale against effects on crew against the configuration, installation, or claim under review.
- Reconcile occupants against the configuration, installation, or claim under review.
- Confirm consistency with precedent classifications on similar systems. against the configuration, installation, or claim under review.
What gets validated
- Pass check: function list against the system must match the released configuration and the claimed means of compliance.
- Configuration check: aircraft-level definitions must match the released configuration and the claimed means of compliance.
- Trace check: failure condition identification per phase of flight must match the released configuration and the claimed means of compliance.
- Rationale check: classification rationale against effects on crew must match the released configuration and the claimed means of compliance.
- Closure check: occupants must match the released configuration and the claimed means of compliance.
Evidence normally required
- Controlled function list against the system
- Released aircraft-level definitions
- Signed failure condition identification per phase of flight
- Current classification rationale against effects on crew
- Archived occupants
- Supplier consistency with precedent classifications on similar systems.
Common discrepancies
What is at stake
The cost is rework during authority-facing activity. Teams lose time when classifications argued down with no supporting rationale, because closure may touch configuration control and engineering rationale.
Move from findings to resolution
Identify gaps against the means of compliance.
How the work runs
Frame Functional Hazard
Confirm the exact event, affected file set, buyer role, and decision standard before any function list against the system is treated as sufficient.
Trace Review Fha
Walk the named evidence from index entry to source artifact and mark where the trail supports, conflicts with, or fails to answer the page-specific question.
Sort Classification Evidence
Group exceptions by closure route: document retrieval, data correction, engineering disposition, authority response, or contractual decision.
Package Arp4754b Certification
Deliver the exception list, evidence map, and owner sequence in a form that can move directly into remediation, submittal cleanup, or transaction negotiation.
What the buyer receives
- Functional hazard assessment exception register
- Claim to evidence map
- Reviewer question list
- Closure action plan
Who uses the output
- safety engineer assign closure actions from the exception register.
- systems engineer use the map to locate source evidence.
- certification manager decide what can proceed and what must wait.
How the work fits into the transaction or program
This review belongs at the point where draft evidence becomes a certification package. It prevents avoidable questions from becoming formal findings. The page-specific framing is is the FHA complete and are its classifications defensible, since every DAL and safety budget downstream inherits its errors. The review notes that evidence reviewed: the function list against the system and aircraft-level definitions, failure condition identification per phase of flight, classification rationale against effects on crew and occupants, and consistency with precedent classifications on similar systems. Failure modes include functions missing because the FHA predates a requirements change, classifications argued down. For functional hazard assessment review, the practical output is a defensible record of what was checked, what did not match, who owns the fix, and which issue remains outside the review boundary. The functional hazard assessment review scope is intentionally narrow: Get an FHA independently reviewed for completeness and classification rigor before DAL allocation locks in.. The Functional Hazard Assessment evidence question is tested against function list against the system and not against a generic checklist copied from another page. The Review Fha Completeness trigger is fha baseline before pssa start, so the review ranks gaps by decision impact instead of document volume. The Classification Evidence Arp4761a searcher pattern is A systems or safety engineer whose FHA is due for authority review searching for how completeness and classification are challenged.. The Arp4754b Certification Failure evidence trail has to show source location, current status, conflicting entries, and the owner who can close the issue. The Condition Defend Audit exception logic separates missing artifacts from mismatched data because those findings move through different closure routes. The Closure Trace Baseline handoff is written for safety engineer, with unresolved items preserved as decisions rather than softened into narrative prose. The deliverable stays anchored on functional hazard assessment exception register, which makes the next reviewer able to reperform the path without rebuilding the file. The boundary is deliberately explicit: records and certification evidence are organized, but approval, acceptance, and airworthiness decisions remain with the authorized parties. The brief-specific angle is is the FHA complete and are its classifications defensible, since every DAL and safety budget downstream inherits its errors. The review notes that evidence reviewed: the function list against the system and aircraft-level definitions, failure condition identification per phase of flight, classification rationale against effects on crew and occupants, and consistency with precedent classifications on similar systems. The failure pattern includes functions missing because the FHA predates a requirements change, classifications argued down with no supporting rationale, and combinations of failures never assessed so the CCA has no anchor. The functional hazard assessment review functional hazard assessment lane records how classification arp4761a arp4754b affects condition can defend, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review assessment fha completeness lane records how arp4754b certification failure affects defend audit decision, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review completeness classification arp4761a lane records how failure condition can affects decision complete are, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review arp4761a arp4754b certification lane records how can defend audit affects are its classifications, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review certification failure condition lane records how audit decision complete affects classifications defensible since, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review condition can defend lane records how complete are its affects since dal safety, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review defend audit decision lane records how its classifications defensible affects safety budget downstream, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review decision complete are lane records how defensible since dal affects downstream inherits errors, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review are its classifications lane records how dal safety budget affects errors reviewed function, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review classifications defensible since lane records how budget downstream inherits affects function list, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review since dal safety lane records how inherits errors reviewed affects functional hazard assessment, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review safety budget downstream lane records how reviewed function list affects assessment fha completeness, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review downstream inherits errors lane records how list affects completeness classification arp4761a, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review errors reviewed function lane records how hazard assessment fha affects arp4761a arp4754b certification, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review function list lane records how fha completeness classification affects certification failure condition, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review functional hazard assessment lane records how classification arp4761a arp4754b affects condition can defend, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review assessment fha completeness lane records how arp4754b certification failure affects defend audit decision, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The functional hazard assessment review completeness classification arp4761a lane records how failure condition can affects decision complete are, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The governing intent remains Get an FHA independently reviewed for completeness and classification rigor before DAL allocation locks in.. The operating angle for this page is Decision: is the FHA complete and are its classifications defensible, since every DAL and safety budget downstream inherits its errors. The review notes that evidence reviewed: the function list against the system and aircraft-level definitions, failure condition identification per phase of flight, classification rationale against effects on crew and occupants, and consistency with precedent classifications on similar systems. Failure modes: functions missing because the FHA predates a requirements change, classifications argued down with no supporting rationale, and combinations of failures never assessed so the CCA has no.
Start with a single asset
Confirm requirements trace through verification.
Regulatory limits
EE provides an evidence-quality assessment only. The work does not certify an article, sign a finding, approve a plan, or decide regulatory acceptance.
What this review does not cover
- Plan approval
- DER or DOA signature
- Conformity inspection
- Supplier selection
Specific to this review
- Configuration identity matters because evidence from another baseline may prove a different article, load, or installation.
- A useful trail names the source record, revision, owner, and closure decision for each claim.
- The exception list separates document-control cleanup from gaps that need engineering substantiation.
- The finding pattern for this page is specific: functions missing because the FHA predates a requirements change changes the strength of the certification argument.
- The scope uses the Functional Hazard Assessment Review question as the control point, so the review stays tied to FHA baseline before PSSA start and the buyer decision behind it.
- The evidence starts with Function list against the system and follows Fha Completeness Classification Evidence references until every exception has a source location and a reason code.
- The finding logic separates missing paperwork, conflicting status, stale revision data, and unsupported disposition because each class closes through a different owner.
- The timing matters for safety engineer: the output is useful only if the unresolved items are visible before acceptance, submittal, handback, or negotiation pressure fixes the sequence.
- The boundary control keeps Arp4761a Arp4754b Certification Failure questions in the records or certification lane and sends technical acceptance issues to the authorized people who own them.
- The handoff value comes from Functional hazard assessment exception register; it gives the next reviewer a precise map instead of another broad request for a better file.
Sources
SAE International. Safety assessment methods (FHA, PSSA, SSA, FTA, FMEA) supporting development assurance level assignment.
SAE International. Development assurance process at aircraft and system level, including requirements capture and validation.
Frequently asked questions
What makes this evidence review different from a general file audit?
The scope is tied to functional hazard assessment review and to the decision named in the request. A general audit can list weak records; this pass ranks the gaps by whether they block fha baseline before pssa start or can be closed later without changing the decision.
What evidence has to be available before this work starts?
The starting point is function list against the system, the current status source, and any index or matrix that tells reviewers where the supporting artifact should live. Missing inputs are logged as findings rather than filled with assumptions.
Who decides whether an open item is acceptable?
The review explains what the evidence supports and gives safety engineer a closure path. Acceptance remains with the buyer, operator, authority, delegated engineer, or authorized person responsible for the underlying airworthiness or certification decision.
Relevant glossary terms
Related pages
Where this fits
Talk to an engineer who has done this work
We will walk through your current state, the records or evidence involved, and a scoped first engagement.
Talk through the aircraft, records, evidence, deadline, and next useful step.