GM1 SPA.PBN.105(c) PBN operational approval    

CAA ORS9 Decision No. 1

FLIGHT OPERATIONAL SAFETY ASSESSMENT (FOSA)

(a) Traditionally, operational safety has been defined by a target level of safety (TLS) and specified as a risk of collision of 10-7 per approach operation. For RNP AR APCH operations, conducting the FOSA methodology contributes to achieving the TLS. The FOSA is intended to provide a level of flight safety that is equivalent to the traditional TLS, but using methodology oriented to performance-based flight operations. Using the FOSA, the operational safety objective is met by considering more than the aircraft navigation system alone. The FOSA blends quantitative and qualitative analyses and assessments by considering navigation systems, aircraft performance, operating procedures, human factor aspects and the operational environment. During these assessments conducted under normal and failure conditions, hazards, risks and the associated mitigations are identified. The FOSA relies on the detailed criteria for the aircraft capabilities and instrument procedure design to address the majority of general technical, procedure and process factors. Additionally, technical and operational expertise and prior operator experience with RNP AR APCH operations are essential elements to be considered in the conduct and conclusion of the FOSA.

(b) The following aspects need to be considered during FOSA, in order to identify hazards, risks and mitigations relevant to RNP AR APCH operations:

    (1) Normal performance: lateral and vertical accuracy are addressed in the aircraft airworthiness standards, aircraft and systems operate normally in standard configurations and operating modes, and individual error components are monitored/truncated through system design or flight crew procedure.

    (2) Performance under failure conditions: lateral and vertical accuracy are evaluated for aircraft failures as part of the aircraft certification. Additionally, other rare-normal and abnormal failures and conditions for ATC operations, flight crew procedures, infrastructure and operating environment are assessed. Where the failure or condition results are not acceptable for continued operation, mitigations are developed or limitations established for the aircraft, flight crew and/or operation.

    (3) Aircraft failures

      (i) System failure: Failure of a navigation system, flight guidance system, flight instrument system for the approach, or missed approach (e.g. loss of GNSS updating, receiver failure, autopilot disconnect, FMS failure, etc.). Depending on the aircraft, this may be addressed through aircraft design or operating procedure to cross-check guidance (e.g. dual equipage for lateral errors, use of terrain awareness and warning system).

      (ii) Malfunction of air data system or altimetry: flight crew procedure cross-check between two independent systems may mitigate this risk.

    (4) Aircraft performance

      (i) Inadequate performance to conduct the approach operation: the aircraft capabilities and operating procedures ensure that the performance is adequate on each approach, as part of flight planning and in order to begin or continue the approach. Consideration should be given to aircraft configuration during approach and any configuration changes associated with a missed approach operation (e.g. engine failure, flap retraction, re-engagement of autopilot in LNAV mode).

      (ii) Loss of engine: loss of an engine while on an RNP AR APCH operation is a rare occurrence due to high engine reliability and the short exposure time. The operator needs to take appropriate action to mitigate the effects of loss of engine, initiating a go-around and manually taking control of the aircraft if necessary.

    (5) Navigation services

      (i) Use of a navigation aid outside of designated coverage or in test mode: aircraft airworthiness standards and operating procedures have been developed to address this risk.

      (ii) Navigation database errors: instrument approach procedures are validated through flight validation specific to the operator and aircraft, and the operator should have a process defined to maintain validated data through updates to the navigation database.

    (6) ATC operations

      (i) Procedure assigned to non-approved aircraft: flight crew are responsible for rejecting the clearance.

      (ii) ATC provides ‘direct to’ clearance to or vectors aircraft onto approach such that performance cannot be achieved.

      (iii) Inconsistent ATC phraseology between controller and flight crew.

    (7) Flight crew operations

      (i) Erroneous barometric altimeter setting: flight crew entry and cross-check procedures may mitigate this risk.

      (ii) Incorrect procedure selection or loading: flight crew procedures should be available to verify that the loaded procedure matches the published procedure, line of minima and aircraft airworthiness qualification.

      (iii) Incorrect flight control mode selected: training on importance of flight control mode, flight crew procedure to verify selection of correct flight control mode.

      (iv) Incorrect RNP entry: flight crew procedure to verify RNP loaded in system matches the published value.

      (v) Missed approach: balked landing or rejected landing at or below DA/H.

      (vi) Poor meteorological conditions: loss or significant reduction of visual reference that may result in a go-around.

    (8) Infrastructure

    (i) GNSS satellite failure: this condition is evaluated during aircraft qualification to ensure obstacle clearance can be maintained, considering the low likelihood of this failure occurring.

    (ii) Loss of GNSS signals: relevant independent equipage, e.g. IRS/INS, is mandated for RNP AR APCH procedures with RF legs and approaches where the accuracy for the missed approach is less than 1 NM. For other approaches, operating procedures are used to approximate the published track and climb above obstacles.

    (iii) Testing of ground navigation aids in the vicinity of the approach: aircraft and operating procedures should detect and mitigate this event.

    (9) Operating conditions

      (i) Tailwind conditions: excessive speed on RF legs may result in inability to maintain track. This is addressed through aircraft airworthiness standards on the limits of command guidance, inclusion of 5 degrees of bank manoeuvrability margin, consideration of speed effect and flight crew procedure to maintain speeds below the maximum authorised for the RNP AR APCH procedure.

      (ii) Wind conditions and effect on FTE: nominal FTE is evaluated under a variety of wind conditions, and flight crew procedures to monitor and limit deviations to ensure safe operation.

      (iii) Extreme temperature effects of barometric altitude (e.g. extreme cold temperatures, known local atmospheric or weather phenomena, high winds, severe turbulence, etc.): the effect of this error on the vertical path is mitigated through the procedure design and flight crew procedures, with an allowance for aircraft that compensate for this effect to conduct procedures regardless of the published temperature limit. The effect of this error on minimum segment altitudes and the DA/H are addressed in an equivalent manner to all other approach operations.