CS 25.1309 Equipment, systems and installations

(See AMC 25.1309)

The requirements of this paragraph, except as identified below, are applicable, in addition to specific design requirements of CS-25, to any equipment or system as installed in the aeroplane. Although this paragraph does not apply to the performance and flight characteristic requirements of Subpart B and the structural requirements of Subparts C and D, it does apply to any system on which compliance with any of those requirements is dependent. Jams of flight control surfaces or pilot controls covered by CS 25.671(c)(3) are excepted from the requirements of CS 25.1309(b)(1)(ii). Certain single failures covered by CS 25.735(b) are excepted from the requirements of CS 25.1309(b). The failure conditions covered by CS 25.810 and CS 25.812 are excepted from the requirements of CS 25.1309(b). The requirements of CS 25.1309(b) apply to powerplant installations as specified in CS 25.901(c).

(a)     The aeroplane equipment and systems must be designed and installed so that:

(1)     Those required for type certification or by operating rules, or whose improper functioning would reduce safety, perform as intended under the aeroplane operating and environmental conditions.

(2)     Other equipment and systems are not a source of danger in themselves and do not adversely affect the proper functioning of those covered by sub-paragraph (a)(1) of this paragraph.

(b)     The aeroplane systems and associated components, considered separately and in relation to other systems, must be designed so that -

(1)     Any catastrophic failure condition

(i)      is extremely improbable; and

(ii)     does not result from a single failure; and

(2)     Any hazardous failure condition is extremely remote; and

(3)     Any major failure condition is remote; and

(4)     Any significant latent failure is eliminated as far as practical, or, if not practical to eliminate, the latency of the significant latent failure is minimised; and

(5)     For each catastrophic failure condition that results from two failures, either one of which is latent for more than one flight, it must be shown that:

(i)      it is impractical to provide additional redundancy; and

(ii)     given that a single latent failure has occurred on a given flight, the failure condition is remote; and

(iii)     the sum of the probabilities of the latent failures which are combined with each evident failure does not exceed 1/1 000.

(c)      Information concerning unsafe system operating conditions must be provided to the flight crew to enable them to take appropriate corrective action in a timely manner. Installed systems and equipment for use by the flight crew, including flight deck controls and information, must be designed to minimise flight crew errors which could create additional hazards.

(d)     Electrical wiring interconnection systems must be assessed in accordance with the requirements of CS 25.1709.

(e)     Certification Maintenance Requirements must be established to prevent the development of the failure conditions described in CS 25.1309(b), and must be included in the Airworthiness Limitations Section of the Instructions for Continued Airworthiness required by CS 25.1529.

[Amdt 25/5]

[Amdt 25/6]

[Amdt 25/19]

[Amdt 25/20]

[Amdt 25/24]