Where FHA and FTA sit in safety engineering
Functional Hazard Assessment (FHA) and Fault Tree Analysis (FTA) are two core tools used in aviation system safety engineering.
They are not isolated techniques — they sit inside a structured safety lifecycle.
A simple way to position them:
FHA is used early in system definition
FTA is used later during design refinement and verification
FHA is top-down and functional
FTA is bottom-up and causal
Or in simple terms:
FHA asks what can go wrong and how bad is it
FTA asks how could this actually happen
What FHA actually does
FHA is a functional-level safety analysis, not a component-level analysis.
It starts with system functions, not hardware.
Examples of functions:
- Maintain aircraft altitude
- Provide airspeed information
- Control pitch attitude
- Detect terrain proximity
Then each function is evaluated for what happens if it fails or behaves incorrectly.
Step-by-step: Functional Hazard Assessment (FHA)
Step 1: Define system functions
You define what the system is supposed to do.
Not components — functions.
Example:
Instead of “pitot system”
You define:
“Provide accurate airspeed information to pilots and flight control systems”
Step 2: Define failure conditions
For each function, consider:
- complete loss
- partial degradation
- incorrect output
- intermittent behaviour
Example (airspeed function):
- no airspeed displayed
- airspeed displayed too high
- airspeed displayed too low
- intermittent or unstable airspeed values
Step 3: Determine operational effects
Now you ask:
What does this do to the aircraft in real operation?
You consider:
- pilot workload
- automation response
- aircraft control behaviour
- downstream system effects
Example:
Incorrect high airspeed indication may lead to unnecessary pitch or thrust corrections, potentially moving the aircraft away from optimal flight envelope management.
Step 4: Assign severity classification
Each failure condition is classified:
- Catastrophic
- Hazardous / Severe Major
- Major
- Minor
- No safety effect
This directly influences:
- design requirements
- redundancy architecture
- certification constraints
Key idea in FHA
FHA is not about hardware failure.
It is about:
what happens to the aircraft when a function is wrong
What FTA actually does
Fault Tree Analysis (FTA) works in the opposite direction to FHA.
It starts with a top-level failure event and breaks it down into causes.
Example top event:
Loss of controlled flight
Then we ask:
How could this happen?
Step-by-step: Fault Tree Analysis (FTA)
Step 1: Define top event
The top event must be clearly defined.
Examples:
- loss of pitch control
- uncommanded descent
- stall not recovered
- loss of navigation capability
Step 2: Identify immediate causes
Break the top event into direct contributors.
Example:
Loss of controlled flight could result from:
- incorrect attitude information
- pilot control input error
- flight control system malfunction
- extreme environmental conditions
Step 3: Continue decomposition
Each cause is broken further into deeper layers.
Example:
Incorrect attitude information may result from:
- AHRS failure
- sensor disagreement
- data fusion error
- electrical or power degradation
You continue until reaching basic events:
- hardware failures
- software states
- human actions
- environmental conditions
Step 4: Apply logic gates
FTA uses logic relationships:
- OR gate = any cause can trigger failure
- AND gate = multiple conditions must occur together
Example:
Loss of control may require:
- OR: flight control failure OR structural failure
- AND: sensor failure + incorrect pilot response
This is what allows FTA to model combinations of failures, not just single points.
Key idea in FTA
FTA is not asking:
what went wrong?
It is asking:
what combination of events leads to this failure?
How FHA and FTA work together
Closing Thought
Safety analysis is not about paperwork.
It is about structured understanding of how system behaviour emerges.
In modern aviation systems:
failures rarely come from single components breaking.
They come from interactions between systems that individually behave correctly, but collectively produce unsafe outcomes.
FHA and FTA are tools to expose that structure — from two different directions.
