Originally Posted by
BDAttitude
Now as we know, that a fast speed trim runaway that cannot be stopped by counter trimming is considered a hazardous condition.
And now as we now that this Eaton actuator is a fancy modern microprocessor commutated and speed controlled brushless motor.
Could you please have a look if the actuators electronics - which is hardware and software - have been designed to a suitable design assurance level. Which would be
DAL-B? DAL-A?
Uncontrolled dive is just a bit-flip away.
I have had the same thoughts
In the area of industrial automation there are plenty of variable speed ac drives with ‘Safe Torque Off’ conforming to SIL3 (Corresponding to DAL B)
Usually the control part deciding what speed to run, is not safety certified, i.e. it can only be guarantied to stop (generating torque like the function of the cut-out switches).
However there is no problem in designing such a system.
The Falcon 7X FBW system clearly has the functionality to monitor runaway, I just failed in the case of HB-JFN loss of control after pitch trim runaway.
Looking at the electrical diagram for the electrical trimming, I’m not sure if I can get this approved for anything but SIL1.
There does not seem to be good diagnostic coverage, for detecting shorts between circuits, or welded contact sets.
The state of the art is to have different diagnostic pulses on each independent channel, and having a monitoring feedback of each relay (forcibly guided NC contact set).
Or to use safe communication channels.