Preliminary System Safety Assessment

Preliminary System Safety Assessment (PSSA) is the bridge analysis in the ARP4754A/ARP4761 safety framework, sitting between the aircraft-level functional hazard assessment and the component-level verification activities prescribed by DO-178C and DO-254. Where the FHA asks 'what could go wrong and how bad would it be?', the PSSA asks 'how do we ensure it does not go wrong, and how do we prove that?' The assessment allocates the hazard classifications established by the FHA to specific systems and subsystems, then identifies the safety mechanisms — redundancy, monitoring, containment — that prevent each failure condition from reaching its worst-case severity.

The PSSA is where the abstraction of safety meets the concrete of engineering. It produces the safety requirements that flow down through the development process: the fault-tolerance budgets, the independence claims, the architectural constraints that shape the system's design. But it also inherits the FHA's creative fragility. If the FHA missed an interaction between functions, the PSSA will allocate safety requirements to systems that do not cover the actual hazard. If the PSSA overestimates the independence of redundant channels, the fault tree analysis downstream will calculate probabilities that are mathematically correct and physically meaningless. The PSSA is the point in the safety lifecycle where judgment is most consequential and least verifiable.