Home' RTCA Documents for Review : C2 Link Systems MASPS_Draft Contents Appendix C
© 2018 RTCA, Inc.
The SRMP identified potential hazards that may be introduced into the NAS by the use of
a C2 Link System. The SRMP based the determination of the hazards on the proposed
operations described in the CONOPS and the OSED and presented during the SRMP
Potential operational hazards were identified by reviewing and determining if specific
remote pilot activities and information exchanges identified in the OV-3 posed a risk. The
information exchanges are also referred to as use cases. The activities were categorize by
the operational activity model (Aviate, Navigate, Communicate, Integrate, and Manage the
C2 Link System) (basic OV-5: see Figure 1-5) and procedures of Air Traffic Services
Initial review and identification of potential hazards were from and operational perspective.
Once a potential operational hazard was identified, the hazard was discussed as to whether
the potential hazard was the result of the C2 Link System. Three functional areas of C2
Link System hazards were identified: FR-1: Failed or Corrupted C2 Link System; FR-2:
Failed or Misdirected Switchover; or FR-3: Failed or Corrupted C2 Link Status Reporting.
Each of these C2 Link System hazards are associated with the functional requirements
described in greater detail in the OPA.
The SRMP also identified the cause(s) leading to the hazards, the system state(s) in which
the hazards could occur, and the possible effects of the hazards.
The list of potential hazards was discussed and validated by the SRMP during the meetings.
This was an iterative process as described in B.1 and occurred over the course of several
months. Throughout the process, the hazards were reviewed on a regular basis for
consistency. Suggestions, comments, and disagreements were discussed at each meeting
and decisions were made by consensus.
The Power Line Scenario was assessed first. Potential operational hazards for each
information exchange and action (as described in the Use Cases for that scenario, see B.6.1)
were captured in a preliminary operational hazar d list. This list was then discussed, at
length, to determine if a C2 Link System hazard existed for potential operational hazard.
Many of the Use Case information exchange/actions were determined to cause no safety
hazard and were documented as such. In addition, some were determined to be the same
or part of other hazards and were documented as such but were not included as separate
The potential operational hazards and C2 Link System hazards were individually analyzed
and documented for their cause(s); the system state or environment; any existing controls;
and possible effects. After discussing all possible causes of the hazards, the team
determined that unavailability of the C2 Link System (defined as short or long
interruptions) and corrupted data were the prevalent causes. The team also discussed
whether hazards were detected or undetected and included the results in the Hazard
Analysis Worksheet (HAW).
The environment in which the UA is operating or system state is an important factor when
analyzing risk. The system state was defined in the use cases and listed in column G of the
HAW. System states included 1) controlled (Classes B, D, and E) or uncontrolled
(Class G); or 2) whether the UA was in transit; pre-flight; or takeoff/landing. Additional
information was also included such as whether the UA was using terrestrial or satellite link
and for the monitoring use cases all airspace as it was applicable to all airspace classes. In
particular, whether the UA was in controlled or uncontrolled airspace was important in that
Links Archive DO-XYZ_ED-ABC_FRAC_SC236_MASPS Navigation Previous Page Next Page