1.1 Absolute safety cannot be achieved in any human activity. Naturally, this fact has to be taken
into account in developing safety requirements, which means that requirements should not
imply that safety is absolute. In the case of traditional craft, it has frequently been possible
to specify certain aspects of design or construction in some detail, in a way which was
consistent with some level of risk which had over the years been intuitively accepted without
having to be defined.
1.2 For dynamically supported craft, however, it would often be too restrictive to include
engineering specifications into the Code. Requirements therefore need to be written (where
this question arises) in the sense of "... the Administration should be satisfied on the basis of
tests, investigations and past experience that the probability of... is (acceptably low)". Since
different undesirable events may be regarded as having different general orders of acceptable
probability (e.g. temporary impairment of propulsion as compared with an uncontrollable
fire), it is convenient to agree on a series of standardized expressions which can be used to
convey the relative acceptable probabilities of various incidents, i.e. to perform a qualitative
ranking process. A vocabulary is given below which is intended to ensure consistency
between various requirements, where it is necessary to describe the level of risk which must
not be exceeded.
2. Terms Associated with Probabilities
Different undesirable events may have different orders of acceptable probability. In
connexion with this, it is convenient to agree on standardized expressions to be used to
convey the relatively acceptable probabilities of various occurrences, i.e. to perform a
qualitative ranking process.
An occurrence is a condition involving a potential lowering of the level of safety.
An occurrence in which a part, or parts, of the craft fail or malfunction, e.g. runaway. A
(a) a single failure;
(b) independent failures in combination within a system; and
(c) independent failures in combinations involving more than one system, taking into
(i) any undetected failure that is already present;
(ii) such further failures * as would be reasonably expected to follow the failure
* In assessing the further failures which follow, account should be taken of any resulting more severe operating
conditions for items that have not up to that time failed.
2.1.2 Event An occurrence which has its origin outside the craft (e.g.waves).
2.1.3 Error An occurrence arising as a result of incorrect action by the operating crew or
2.2 Probability of Occurrences
2.2.1 Frequency Likely to occur often during the operational life of a particular craft.
2.2.2 Reasonably Probable Unlikely to occur often but which may occur several times during
the total operational life of a particular craft.
2.2.3 Recurrent A term embracing the total range of Frequent and Reasonably Probable.
2.2.4 Remote Unlikely to occur to every craft but may occur to a few craft of a type over the
total operational life of a number of craft of the same type.
2.2.5 Extremely Remote Unlikely to occur when considering the total operational life of a
number of craft of the type, but nevertheless has to be considered as being possible.
2.2.6 Extremely Improbable So Extremely Remote that it does not have to be considered as
possible to occur.
An effect is a situation arising as a result of an occurrence.
2.3.1 Minor Effect An effect which may arise from a failure, an event, or an error (as defined
in 2.1.1, 2.1.2, 2.1.3 of this Annex) which can be readily compensated for by the
operating crew; it may involve:
(a) a small increase in the operational duties of the crew or in their difficulty in
performing their duties; or
(b) a moderate degradation in handling characteristics; or
(c) slight modification of the permissible operating conditions.
2.3.2 Major Effect An effect which produces:
(a) a significant Increase in the operational duties of the crew or in their difficulty in
performing their duties which by itself should not be outside the capability of a
competent crew provided that another major effect does not occur at the same time;
(b) significant degradation in handling characteristics; or
(c) significant modification of the permissible operating conditions, but will not
remove the capability to complete a safe journey without demanding more than
normal skill on the part of the operating crew.
2.3.3 Hazardous Effect An effect which produces:
(a) a dangerous increase in the operational duties of the crew or in their difficulty in
performing their duties of such magnitude that they cannot reasonably be expected
to cope with them and will probably require outside assistance; or
(b) dangerous degradation of handling characteristics; or
(c) dangerous degradation of the strength of the craft; or
(d) marginal conditions for, or injury to, occupants; or
(e) an essential need for outside rescue operations.
2.3.4 Catastrophic Effect An effect which results in the loss of the craft and/or in fatalities.
2.4 Safety Level
A safety level is a numerical value characterizing the probability of avoiding a specified
class of occurrence.
3. Numerical Values
Where numerical probabilities are used in assessing compliance with requirements using the
terms similar to those given above, the following approximate values may be used as
guidelines to assist in providing a common point of reference. The probabilities quoted
should be on an hourly or per journey basis depending on which is more appropriate to the
assessment in question:
Note: Different occurrences may have different acceptable probabilities according to the severity of their consequences.
|Frequent||Greater than 10 - 3 to 10 - 4|
|Reasonably Probable:||Less than frequent but more than 10 - 5|
|Remote:||10 - 5 to 10 - 7|
|Extremely Remote:||10 - 7or less=|
|Extremely Improbable:||Whilst no approximate numerical probability is given for
this, the figures used should be substantially less than 10 - 7|