Zalt,
Always thought it is hillarious that the only major part of an entire rotorcraft that is subject to a rigorous reliability based system safety assessment (the engine iaw Part 33) is the one bit the CAA seem to believe fails so regularly that you need a whole host of kit and extra procedures in JAR-OPS3 just to protect against failure in the first and last few seconds of the flight when PC2/PC2e.
I think it goes wider than that, examination of 29.1309 indicates that there is an overall system reliability standard in certification:29.1309 Equipment, systems and installations
(2) For Category A rotorcraft:
(i) The occurrence of any failure condition which would prevent the continued safe flight and landing of the rotorcraft is extremely improbable; and
(ii) The occurrence of any other failure conditions which would reduce the capability of the rotorcraft or the ability of the crew to cope with adverse operating conditions is improbable.
Where ‘extremely improbable’ is defined as a probability of 1 x 10-9 and ‘improbable’ as 1 x 10-5
Meeting of this standard is achieved by methods which include redundancy or implied system reliability. Thus, it is of no consequence that the reliability of engines is close to 1 x 10-5 because there are (at least) two of them. Exposure, as permitted in JAR-OPS 3, is a way of getting close to the ‘extremely improbable’ standard by limiting the probability of a failure leading to a hazardous event to 5 x 10-8 - and the conditions of PC2e make up any deficiency.
In fact, there is logic in the way that the system of regulations is integrated: firstly, there are certification standards which are provided to ensure that a failure leading to a hazardous outcome is ‘extremely improbable’; secondly, there are operational standards to ensure that if a redundant unit fails, the remaining unit(s) prevent a hazardous event; thirdly, manning levels, qualification, training and testing are provided to ensure that failure of the human in the loop is at the lowest level possible.
Where there is only one engine (with its probability of failure of 1 x 10-5), there exists a standard to ensure that the consequence of the failure is considered; this standard -already referenced – is contained in Rules of the Air and consideration for a safe-forced-landing.
Obviously achieving all of this is problematical because helicopters are flexible, humans are less than predictable and it is not possible to describe all operational concepts. It therefore comes as no surprise that there is a move for operators to take responsibility for their own operational (and maintenance) risk assessment - hence the inexorable move towards Safety Management Systems.
Jim