Functional Hazard Assessment (FHA) is critical in safety assessment processes, particularly in aviation, aerospace, and high-reliability industries. It serves as a structured approach to evaluating potential hazards linked to system functions, ensuring safety objectives are defined and met.
This guide will provide an in-depth look at FHA, its purpose, methodology, and practical applications. By the end of this article, you’ll have a thorough understanding of how FHA contributes to system safety and regulatory compliance.
What is Functional Hazard Assessment (FHA)?
Functional Hazard Assessment (FHA) is a top-down, qualitative analysis that examines potential failure conditions associated with system functions. The primary goal of FHA is to determine how safe a system needs to be by identifying and assessing failure modes and their impact on operations and safety.
FHA is performed early in the system development lifecycle, typically during the System Definition phase, before specific technologies, procedures, or human elements are assigned to functions. It is an iterative process that evolves as the system design progresses.
Why is Functional Hazard Assessment (FHA) Important?
FHA is essential for several reasons:
- Ensures System Safety – Identifies hazards and evaluates their impact before implementation.
- Supports Regulatory Compliance—Helps meet aviation safety standards such as EASA CS-25.1309, FAR Part 25.1309, and SAE ARP4761.
- Guides System Design – Provides a foundation for functional allocation and helps define necessary safety requirements.
- Forms the Basis for Further Safety Analysis – Serves as input for Preliminary System Safety Assessments (PSSA) and other risk evaluation methods such as Fault Tree Analysis (FTA) or Markov Analysis (MA).
How is Functional Hazard Assessment (FHA) Applied?
Functional Hazard Assessment (FHA) is a systematically applied process throughout the system development lifecycle, primarily in industries such as aviation, aerospace, and high-reliability systems. It is an iterative, top-down process used to identify, assess, and mitigate hazards associated with system functions.
When is FHA Conducted?
FHA is conducted early in the system lifecycle, typically during the System Definition phase. This allows for identifying potential hazards before system functions are assigned to specific equipment, software, procedures, or human roles.
- Initial FHA: Performed before allocating functions to subsystems, focusing on what the system should do rather than how it will be implemented.
- Iterative Updates: FHA is revisited and refined as the system design progresses, integrating new insights and modifications.
Levels of FHA Application
FHA can be applied at different levels of system design:
Aircraft-Level FHA (AFHA):
- Conducted at the entire aircraft or system level to evaluate high-level functional hazards.
- Identifies potential failure conditions that impact overall aircraft operations and safety.
System-Level FHA (SFHA):
- Focuses on specific subsystems within the larger system (e.g., avionics, flight controls).
- Evaluate how component failures can cause system-wide hazards.
Sub-System Level FHA:
- Applied when modifying an existing system or designing a component-level function.
- Ensures that subsystems meet higher-level safety objectives.
Ideally, FHA should be performed at the Air Navigation System (ANS) level, but in practice, it is often applied at the sub-system level due to practical constraints.
Steps in Applying FHA
The Functional Hazard Assessment process follows a structured approach to ensure a thorough safety analysis.
Step 1: Identify System Functions
Before assessing hazards, a clear understanding of the system’s functional requirements is necessary. This involves:
- Defining the purpose and operational objectives of the system.
- Identifying key functions necessary for system performance.
- Establishing interactions between system components and external factors (e.g., environmental influences).
Step 2: Identify Potential Failure Conditions
For each function, potential failure conditions are identified based on:
- Single Failures: A single component or function failure that leads to hazardous conditions.
- Multiple Failures: A combination of failures that results in system degradation.
- External Factors: Environmental influences such as weather, human error, or cyber threats.
Failure conditions are assessed in different operational environments, including normal, degraded, and emergency scenarios.
Step 3: Assign Operational Phases
Each failure condition is linked to specific flight or operational phases where it could occur, such as:
- Takeoff
- Cruise flight
- Landing
- Ground operations
Step 4: Assess the Effects of Failure Conditions
This step evaluates the impact of failure conditions on:
- Aircraft safety and performance
- Crew workload and operational decision-making
- Passenger and public safety
Effects are considered based on detectability and available mitigations.
Step 5: Classify the Severity of Failure Conditions
Each failure condition is categorized according to industry-standard severity levels, typically:
- Catastrophic – Total loss of aircraft or multiple fatalities.
- Hazardous – Severe safety impact, extreme crew workload.
- Major – Significant safety margin reduction and increased crew workload.
- Minor – Small reduction in system efficiency, minimal safety impact.
- No Safety Effect – No direct impact on safety.
The classification aligns with aviation safety standards such as EASA CS-25.1309 and FAA FAR 25.1309.
Step 6: Define Safety Objectives
Each hazard is assigned a safety objective, specifying:
- The level of safety performance required.
- Mitigation strategies are needed to prevent or reduce failure effects.
Step 7: Establish Probability Requirements
Safety standards define acceptable failure probabilities based on severity levels. For example:
- Catastrophic failures must have an extremely remote probability (~1 in 10⁹ flight hours).
- Minor failures can occur more frequently but should not significantly impact safety.
Step 8: Document FHA Results
A Functional Hazard Assessment Report (FHA Report) is created, including:
- Function descriptions.
- Identified failure conditions.
- Severity classifications and probability requirements.
- Regulatory compliance considerations.
This document guides system design decisions and serves as an input for further safety analyses.
FHA as a Foundation for Other Safety Assessments
FHA results are critical inputs for other safety processes:
- Preliminary System Safety Assessment (PSSA): Examines how system architecture mitigates the hazards identified in FHA.
- System Safety Assessment (SSA): A more detailed analysis, often using Fault Tree Analysis (FTA) or Failure Mode and Effects Analysis (FMEA).
- Certification Compliance: FHA helps demonstrate compliance with safety regulations (FAA, EASA, ICAO).
Practical Considerations When Applying FHA
Best Practices for Conducting FHA:
- Understand the System – Gather comprehensive information before starting the assessment.
- Engage Experts – Collaborate with engineers, pilots, and safety specialists.
- Maintain Clear Documentation – Record all findings, discussions, and decisions transparently.
- Iterate Throughout Development – FHA should evolve with system modifications.
- Align with Industry Standards – Follow SAE ARP4761, EASA, and FAA guidelines.
- Peer Review the FHA – Conduct reviews to identify any overlooked hazards.
The Functional Hazard Assessment (FHA) process is a fundamental safety tool that enables organizations to proactively identify, classify, and mitigate hazards before system implementation. It plays a crucial role in system safety certification, compliance with aviation regulations, and risk management.
Key Steps in Functional Hazard Assessment
To perform an FHA effectively, the following structured process is followed:
1. Define System Functions
Before assessing hazards, it’s crucial to identify and describe all functions of the system. This includes:
- The purpose of the system.
- The interactions between subsystems.
- The operating environment.
2. Identify Potential Failure Conditions
This step involves determining how a function could fail under different scenarios:
- Single failures (e.g., sensor malfunction).
- Multiple failures (e.g., loss of communication and navigation simultaneously).
- External environmental factors (e.g., weather conditions).
3. Assess the Impact of Failure Conditions
Each identified failure condition is evaluated for its impact on:
- Aircraft operations (e.g., flight performance, control).
- Crew workload and decision-making (e.g., increased pilot workload).
- Passenger safety (e.g., emergency response).
4. Classify the Severity of Hazards
Failure conditions are categorized based on their severity. A common classification is:
- Catastrophic – Total loss of aircraft or fatal injuries.
- Hazardous – Serious safety impact, high workload for crew.
- Major – Reduction in safety margins and increased workload.
- Minor – Slight reduction in efficiency, minimal effect on safety.
- No Safety Effect – No direct impact on safety.
5. Determine Safety Objectives
Each failure condition is assigned a safety objective based on its severity. These objectives guide system safety measures’ design, implementation, and testing.
6. Establish Probability Requirements
Probability targets are assigned for each failure condition. This ensures that high-risk hazards are mitigated effectively. Aviation safety standards typically define the relationship between failure severity and probability.
7. Document and Review
All findings from the FHA process are documented in a Functional Hazard Assessment Report (FHA Report). This report includes:
- Functional descriptions.
- Identified hazards and their impact.
- Severity classification.
- Assigned safety objectives.
- Compliance with regulatory requirements.
Since FHA is an iterative process, the analysis must be updated as the system design progresses.
Best Practices for Conducting FHA
To ensure an effective FHA, consider the following best practices:
1. Understand the System Fully
Gather all necessary technical, operational, and regulatory information before starting. This prevents incomplete assessments and reduces revision cycles.
2. Collaborate with Experts
FHA should involve safety engineers, system designers, and operational experts to ensure a well-rounded evaluation.
3. Maintain Clear Documentation
Every step of the FHA process should be well-documented, including:
- Findings and discussions
- Decisions made and justifications
- Supporting data (accident history, test results, industry best practices)
4. Keep FHA Iterative
Since system designs evolve, FHA should be updated regularly to reflect new insights and modifications.
5. Align with Industry Standards
Use SAE ARP4761 and relevant regulatory frameworks to ensure compliance. Many standards provide templates and structured methodologies that streamline the process.
6. Conduct Peer Reviews
A peer review of the FHA analysis helps identify missed hazards, inconsistencies, and areas for improvement.
Conclusion
Functional Hazard Assessment (FHA) is a vital process for ensuring system safety in high-risk industries. By systematically identifying failure conditions, assessing their impact, and defining safety objectives, FHA helps build safer, more reliable systems.
Conducting FHA early in the design phase, iterating the process as the system evolves, and following industry best practices ensures that safety objectives are met efficiently. Whether applied at the aircraft, system, or sub-system level, FHA provides the foundation for comprehensive safety assessments.
By implementing a well-structured FHA, organizations can comply with regulations, enhance safety, and optimize system performance, ultimately reducing the likelihood of hazardous events.
