Guys,
As ever, Tuc does a great job of filling in the important gaps I left in my brief post. The concept of 'functional' safety (aka fitness for purpose) is one I've been trying to get across to requirements managers for around seven years now, and Tuc is right on the money when he identifies the level of ignorance around the risks of assuming that if kit works on the bench (or worse, on the demo stand at the air show) it will work on the aircraft.
Perhaps this will help: here's my own (admittedly imperfect) 'take' on what I see as the three elements of safety.
First - the basic 'airworthiness' aspect - will the item stay in one piece/not catch fire/not fall out of the sky/not poison you/last the required service life, stop working next to a radar, etc. This is where a lack of airframe and systems related information on Rivet Joint could pose an issue.
Second - the 'Functional Safety' bit, or 'Fitness for Purpose': Does the item work as intended? Does it work with the other kit on the platform? Does it tell the aircrew when it is working and when it isn't? Is it reliable? Can it be used in a safe manner? This is where HMI issues can come in. (Example - requiring ten button presses to select an emergency frequency isn' a good thing). On Rivet Joint, this should pose less of an issue, but US sourced kit (or COTS kit) has a habit of springing some nasty little surprises - 'Hey, why isn't that light coming on when I press the button?', etc.
Third - does it support safe operations - does the radio have the required range and clarity, does the aircraft deliver the capability required to stay safe - does the DAS kit work, do data links link, etc. On Rivet Joint, this area will depend on high level agreements for information exchange with the USAF - I would guess (but don't know) that this should be less of an issue.
This is my own personal list - it's probably not right for all projects, but i've found it useful. I'm totally relaxed if others disagree.
The key to achieving all of this safety stuff in a quick and effective manner is a good set of requirements. If the team takes the time to set down a clear and achievable set of requirements in enough detail, the contractor and the PT have a fighting chance of getting across the line in good order.
And this is where the problems, in my view, usually arise.
If the requirement for Rivet Joint was 'we'll have three of those lovely Rivet Joint aircraft just like you've got, please' (I exaggerate to make my point) then problems are bound to arise. If the requirement was 'We'll have three RJ aircraft, but they've got to meet the UK's Air Safety requirements as set down in MAA regs xxxxx' then the issue would be getting the US Government to sign up to that. They would not have.
My personal observation is that too many Requirements Managers I have worked with on aircraft related projects are simply not equipped to do the job. It's not that they are aircrew (as most of them are), it's that they are aircrew who have not had the required training in systems engineering and requirements management. They are often freshly promoted SO2s straight out of flying jobs. As a result, many of them just don't understand what a good requirement set looks like, or what it takes to produce one. I would say straight away that there have been exceptions, and very good ones, who were keen, technically aware, very experienced and happy to learn. But they were exceptions.
Starting out with a poor requirements set throws the risks straight on to the project managers and engineers in the PTs, who are sometimes short of experience and technical expertise, or detailed knowledge about the systems they are dealing with. Again, not their fault, but it's another link in the accident chain.
Of course, variation in configuration within a (supposedly consistent) fleet of aircraft is just another honking great link in the chain. It's a source of real worry that this variation is often deliberately introduced by the customer (those RMs again) with no declaration of the consequent potential safety hazard.
Hope this ramble (sorry for length) is of passing interest to some people out there.
Best Regards as ever to all those trying to get over the line in good order,
Engines