Sec. 25.1309 - Equipment, systems, and installations.
(a) The equipment, systems, and installations whose functioning is required by this subchapter, must be designed to ensure that they perform their intended functions under any foreseeable operating condition. (b) The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that -- (1) The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable, and (2) The occurrence of any other failure conditions which would reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions is improbable. (c) Warning information must be provided to alert the crew to unsafe system operating conditions, and to enable them to take appropriate corrective action. Systems, controls, and associated monitoring and warning means must be designed to minimize crew errors which could create additional hazards. (d) Compliance with the requirements of paragraph (b) of this section must be shown by analysis, and where necessary, by appropriate ground, flight, or simulator tests. The analysis must consider -- (1) Possible modes of failure, including malfunctions and damage from external sources. (2) The probability of multiple failures and undetected failures. (3) The resulting effects on the airplane and occupants, considering the stage of flight and operating conditions, and (4) The crew warning cues, corrective action required, and the capability of detecting faults. (e) Each installation whose functioning is required by this subchapter, and that requires a power supply, is an "essential load" on the power supply. The power sources and the system must be able to supply the following power loads in probable operating combinations and for probable durations: (1) Loads connected to the system with the system functioning normally. (2) Essential loads, after failure of any one prime mover, power converter, or energy storage device. (3) Essential loads after failure of -- (i) Any one engine on two-engine airplanes; and (ii) Any two engines on three-or-more-engine airplanes. (4) Essential loads for which an alternate source of power is required by this chapter, after any failure or malfunction in any one power supply system, distribution system, or other utilization system. (f) In determining compliance with paragraphs (e)(2) and (3) of this section, the power loads may be assumed to be reduced under a monitoring procedure consistent with safety in the kinds of operation authorized. Loads not required in controlled flight need not be considered for the two-engine-inoperative condition on airplanes with three or more engines. (g) In showing compliance with paragraphs (a) and (b) of this section with regard to the electrical system and equipment design and installation, critical environmental conditions must be considered. For electrical generation, distribution, and utilization equipment required by or used in complying with this chapter, except equipment covered by Technical Standard Orders containing environmental test procedures, the ability to provide continuous, safe service under foreseeable environmental conditions may be shown by environmental tests, design analysis, or reference to previous comparable service experience on other aircraft. [Amdt. 25-23, 35 FR 5679, Apr. 8, 1970, as
amended by Amdt. 25-38, 41 FR 55467, Dec. 20, 1976; Amdt. 25-41, 42 FR
36970, July 18, 1977] |