AC 25.1309–1 is an FAA Advisory Circular (AC) (Subject: System Design and Analysis) that identifies acceptable means for showing compliance with the airworthiness requirements of § 25.1309 of the Federal Aviation Regulations, which requires that civil aviation equipment, systems, and installations "perform their intended function under foreseeable operating conditions.
It recognizes Aerospace Recommended Practices ARP4754 and ARP4761 (or their successors) as such means:[3] AC 25.1309–1 provides background for important concepts and issues within airplane system design and analysis.
The circular provides a rationale for the upper limit for the Average Probability per Flight Hour for Catastrophic Failure Conditions of 1 x 10−9 or "Extremely Improbable".
With the emergence of highly integrated systems that perform complex and interrelated functions, particularly through the use of electronic technology and software-based techniques [e.g., Integrated Modular Avionics (IMA) ], concerns arose that traditionally quantitative functional-level design and analysis techniques previously applied to simpler systems were no longer adequate.
[6] A main task of AC 25.1309–1 is to provide standard definitions of terms (including hazard and probability classifications) for consistent use throughout the framework set up for the accomplishment of functional airplane safety.
Where regulations (FAR) and standards (ARP) may use such terms as failure condition, and extremely improbable, AC 25.1309–1 defines their specific meanings, both quantitatively and qualitatively.
Key definitions include: Classified failure conditions are assigned qualitative and quantitative safety objectives, giving guidance to development and operation.
[17] The concept of function criticality was replaced with classification of failure conditions according to severity of effects (cf., Probabilistic risk assessment).
In some proposed changes, definitions or conventions developed in previously released lower-level regulations or standards were adopted or revised within the Advisory Circular draft.
[23] The FAA and EASA subsequently accepted proposals by type certificate applicants to use the Arsenal Draft on development programs.
[6] (Similar guidance (Functional Safety framework) has been provided for highly integrated automotive systems through the 2011, release of ISO 26262.
This release is a significant expansion, elaborating on the FAA's Fail-Safe Design Concept and crystalizing and harmonizing FAA system safety terminology, such as the intent of “Extremely Improbable.” A particular matter in Revision B, which was the topic of a Notice of Proposed Rulemaking[28] completed in June 2024,[29] is the failure condition designated as Catastrophic Single Latent Failure Plus One (CSL+1).