IEC TS 62143:2002

TECHNICAL IEC
SPECIFICATION
TS 62143
First edition
2002-07
Electrical installations for lighting
and beaconing of aerodromes –
Aeronautical ground lighting systems –
Guidelines for the development of a safety
lifecycle methodology
Installations électriques pour l'éclairage
et le balisage des aérodromes –
Systèmes de balisage aéronautique au sol –
Lignes directrices pour l'établissement d'une
méthodologie pour le cycle de vie de sécurité
Reference number
IEC/TS 62143:2002(E)
Publication numbering
As from 1 January 1997 all IEC publications are issued with a designation in the
60000 series. For example, IEC 34-1 is now referred to as IEC 60034-1.
Consolidated editions
The IEC is now publishing consolidated versions of its publications. For example,
edition numbers 1.0, 1.1 and 1.2 refer, respectively, to the base publication, the
base publication incorporating amendment 1 and the base publication incorporating
amendments 1 and 2.
Further information on IEC publications
The technical content of IEC publications is kept under constant review by the IEC,
thus ensuring that the content reflects current technology. Information relating to
this publication, including its validity, is available in the IEC Catalogue of
publications (see below) in addition to new editions, amendments and corrigenda.
Information on the subjects under consideration and work in progress undertaken
by the technical committee which has prepared this publication, as well as the list
of publications issued, is also available from the following:
• IEC Web Site (www.iec.ch)
• Catalogue of IEC publications
The on-line catalogue on the IEC web site (www.iec.ch/catlg-e.htm) enables
you to search by a variety of criteria including text searches, technical
committees and date of publication. On-line information is also available on
recently issued publications, withdrawn and replaced publications, as well as
corrigenda.
• IEC Just Published
This summary of recently issued publications (www.iec.ch/JP.htm) is also
available by email. Please contact the Customer Service Centre (see below) for
further information.
• Customer Service Centre
If you have any questions regarding this publication or need further assistance,
please contact the Customer Service Centre:
Email: custserv@iec.ch
Tel: +41 22 919 02 11
Fax: +41 22 919 03 00
TECHNICAL IEC
SPECIFICATION
TS 62143
First edition
2002-07
Electrical installations for lighting
and beaconing of aerodromes –
Aeronautical ground lighting systems –
Guidelines for the development of a safety
lifecycle methodology
Installations électriques pour l'éclairage
et le balisage des aérodromes –
Systèmes de balisage aéronautique au sol –
Lignes directrices pour l'établissement d'une
méthodologie pour le cycle de vie de sécurité
 IEC 2002  Copyright - all rights reserved
No part of this publication may be reproduced or utilized in any form or by any means, electronic or
mechanical, including photocopying and microfilm, without permission in writing from the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch  Web: www.iec.ch
PRICE CODE
Commission Electrotechnique Internationale
T
International Electrotechnical Commission
Международная Электротехническая Комиссия
For price, see current catalogue

– 2 – TS 62143  IEC:2002(E)
CONTENTS
FOREWORD . 3
INTRODUCTION .5
1 Scope . 6
2 Normative references. 6
3 Definitions. 7
4 Competence of persons . 8
4.1 Objective . 8
4.2 Requirements . 8
5 AGL safety management . 8
5.1 Objective . 8
5.2 Documentation. 9
5.3 AGL safety plan . 9
5.4 AGL safety assessment plan .11
5.5 Verification plan .12
5.6 AGL safety case.12
6 AGL system safety lifecycle.13
6.1 Objectives.13
6.2 Requirements .13
7 AGL system safety lifecycle phases in detail.15
7.1 Evaluation.16
7.2 Technical solutions .17
7.3 Realisation.18
7.4 Planning .19
7.5 Installation .20
7.6 Commissioning .21
7.7 Operations.21
7.8 Decommissioning.22
Bibliography .25
Figure 1 – AGL system safety lifecycle.15
Table 1 – Summary of the AGL System Lifecycle Requirements.23

TS 62143 © IEC:2002(E) – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
ELECTRICAL INSTALLATIONS FOR LIGHTING
AND BEACONING OF AERODROMES –
AERONAUTICAL GROUND LIGHTING SYSTEMS –
GUIDELINES FOR THE DEVELOPMENT OF
A SAFETY LIFECYCLE METHODOLOGY
FOREWORD
1) The IEC (International Electrotechnical Commission) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of the IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, the IEC publishes International Standards. Their preparation is
entrusted to technical committees; any IEC National Committee interested in the subject dealt with may
participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. The IEC collaborates closely with the International Organization
for Standardization (ISO) in accordance with conditions determined by agreement between the two
organizations.
2) The formal decisions or agreements of the IEC on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested National Committees.
3) The documents produced have the form of recommendations for international use and are published in the form
of standards, technical specifications, technical reports or guides and they are accepted by the National
Committees in that sense.
4) In order to promote international unification, IEC National Committees undertake to apply IEC International
Standards transparently to the maximum extent possible in their national and regional standards. Any
divergence between the IEC Standard and the corresponding national or regional standard shall be clearly
indicated in the latter.
5) The IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with one of its standards.
6) Attention is drawn to the possibility that some of the elements of this technical specification may be the subject
of patent rights. The IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. In
exceptional circumstances, a technical committee may propose the publication of a technical
specification when
• the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts, or
• the subject is still under technical development or where, for any other reason, there is the
future but no immediate possibility of an agreement on an International Standard.
Technical specifications are subject to review within three years of publication to decide
whether they can be transformed into International Standards.
IEC 62143, which is a technical specification, has been prepared by IEC technical committee 97:
Electrical installations for the lighting and beaconing of aerodromes.
The text of this technical specification is based on the following documents:
Enquiry draft Report on voting
97/72/CDV 97/83/RVC
Full information on the voting for the approval of this technical specification can be found in the
report on voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 3.

– 4 – TS 62143  IEC:2002(E)
The committee has decided that the contents of this publication will remain unchanged until
2005-11. At this date, the publication will be
• reconfirmed;
• withdrawn, or
• replaced by an international standard.

TS 62143 © IEC:2002(E) – 5 –
INTRODUCTION
Aeronautical ground lighting (AGL) at an aerodrome or heliport provides the pilots of aircraft on
approach to or take-off from an aerodrome, and pilots of aircraft or drivers of vehicles moving
on the aerodrome surface, with location, orientation and alignment information. An AGL system
therefore provides a safety-related service and functions. In order to assure that the safety of
the service and functions provided by the AGL system is adequately addressed, specific safety
assessments should be performed at various instances during the lifecycle of the system. This
technical specification provides a methodology whereby this may be done.
This technical specification is primarily concerned with the safety lifecycle of aeronautical
ground lighting (AGL) systems. To conform to this technical specification it should be
demonstrated to the relevant bodies that the requirements have been satisfied and therefore
that the clause objective(s) has been met.
NOTE 1 Examples of relevant bodies would include the following:
• aerodrome management;
• certification and licensing authorities;
• safety regulators;
• notified bodies for international or European directives;
• national standards bodies.
NOTE 2 This technical specification is based on the system and safety lifecycle methodology described in
IEC 61508-1. IEC 61508, in all seven parts, provides a methodology to address the safety of safety-related systems
and contains an abundance of guidance material, which may be applicable to an AGL system or may be of use to
the reader of this technical specification. IEC 61508 contains requirements that are particularly relevant to risk
reduction in a software-based AGL system.

– 6 – TS 62143  IEC:2002(E)
ELECTRICAL INSTALLATIONS FOR LIGHTING
AND BEACONING OF AERODROMES –
AERONAUTICAL GROUND LIGHTING SYSTEMS –
GUIDELINES FOR THE DEVELOPMENT OF
A SAFETY LIFECYCLE METHODOLOGY
1 Scope
This technical specification:
− outlines a methodology to address the safety at all lifecycle phases of an AGL system,
including the evaluation, design, procurement, manufacture, installation, commissioning,
operational use, maintenance, modification, and decommissioning of the AGL system;
NOTE 1 This document contains guidelines of a high-level, objective-based, and non-prescriptive nature. This
is intended to permit a flexible approach to meeting the requirements.
− applies to an AGL system at an aerodrome or heliport which provides visual guidance to a
pilot and is provided, operated and maintained by the aerodrome authority;
NOTE 2 This document may apply to all or a part of an AGL system as required by the aerodrome authority.
The equipment covered shall be defined and listed in the AGL safety case (see 5.6). Any subsequent addition
or modification to the AGL system shall be notified as directed in 7.7.3.
− applies primarily to a new AGL system;
NOTE It may also be applied to an existing AGL system or to an existing AGL system that is being modified;
however, the relevant documentation for the project phases may not be available. Therefore, retrospective
action to cover the applicable lifecycle phases could be carried out or alternative means of providing safety
information should be developed, e.g. historical data.
− covers all aspects of safety, including:
• operational (functional) safety of the AGL system;
• electrical safety for the installation, maintenance and decommissioning of the AGL
system;
• environmental safety and electromagnetic compatibility (EMC);
• health and safety at work.
− supports a regulatory regime based on the auditing of a safety management system at an
aerodrome, where the safety management system provides documented evidence that
safety has been or is being addressed at all phases of the lifecycle. This applies equally to
a project to install AGL or the routine operational use and maintenance of the AGL.
2 Normative references
The following referenced documents are indispensable for the application of this document. For
dated references, only the edition cited applies. For undated references, the latest edition of
the referenced document (including any amendments) applies.
IEC 60300-3-9, Dependability management – Part 3: Application guide – Section 9: Risk
analysis of technological systems
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-
related systems
IEC 61508-1, Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 1: General requirements

TS 62143 © IEC:2002(E) – 7 –
IEC 61508-7, Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 7: Overview of techniques and measures
IEC 61821, Electrical installations for lighting and beaconing of aerodromes – Maintenance of
aeronautical ground lighting constant current series circuits
3 Definitions
For the purpose of this International Standard the following definitions apply.
3.1
aerodrome authority
organisation accountable for the safety and security of persons, aircraft operations and
facilities at an aerodrome
3.2
AGL safety case
a controlled document, or set of controlled documents, which clearly and comprehensively
presents sufficient arguments, evidence and assumptions that all foreseeable hazards have
been identified and controlled for both engineering and operational areas to demonstrate that
an AGL system is adequately safe
3.3
AGL system safety lifecycle
the safety activities involved in the implementation of an AGL system, occurring during a period
of time that starts at the concept phase of the system and finishes when it is no longer
available for use and has been decommissioned
3.4
hazard
potential source of harm
NOTE The term includes hazards to persons arising within a short time scale (for example, fire and explosion) and
also those that have a long-term effect on a person’s health (for example, release of a toxic substance).
3.5
hazard analysis
activity of identifying and evaluating those hazards, often following from some initiating event,
that can lead to an accident
3.6
hazardous event
occurrence, with possible hazardous consequences, arising as the result of a hazardous
condition
3.7
impact analysis
activity of determining the effect that a change to a function or component in a system will have
on other functions or components in that system as well as on other systems.
3.8
safety audit
systematic and independent examination to determine whether the procedures specific to the
safety requirements comply with the planned arrangements, are implemented effectively and
are suitable to achieve the specified objectives
NOTE A safety audit may be carried out as part of a safety assessment.
[61508-4, definition 3.8.4, modified]

– 8 – TS 62143  IEC:2002(E)
4 Competence of persons
4.1 Objective
The objective of this clause is to ensure that persons who have responsibility for any activity or
are directly engaged in any aspect of the lifecycle of an AGL system are competent to
discharge those duties or perform those tasks.
4.2 Requirements
4.2.1 It is recommended that the appropriate administration or aerodrome authority encourage
the development of a formal and structured competency training programme(s). The training
programme(s) should consist of multiple tiers that enhance progressively a person’s skills and
ensure a recognised level of competency for those persons who have satisfactorily completed
the programme(s).
4.2.2 All persons involved in any activity, including management and maintenance activities,
shall have the appropriate and verifiable training, technical knowledge, experience and
qualifications relevant to the specific duties they have to perform. In particular, where involved
in work on AGL equipment, they shall be knowledgeable of the specific risks and the safety
procedures involved in the work. The training, experience and qualifications of all persons
involved in any activity shall be justified taking into account all the relevant competence factors.
The justification shall be recorded in appropriate documentation (see 5.3.2 g)).
NOTE The following competence factors should be addressed when assessing and justifying the competence of
persons carrying out their duties:
• engineering appropriate to the application area;
• engineering appropriate to the technology (e.g. mechanical, electrical/electronic/software engineering);
• safety engineering appropriate to the technology;
• knowledge of the legal and safety regulatory framework;
• knowledge of the operational aspects related to the AGL system at the aerodrome;
• the consequences in the event of a failure of AGL equipment;
• the consequences of failure to adhere to safety procedures when working on AGL equipment;
• the novelty of the design, design procedures or application;
• previous experience relevant to the specific duties to be performed and the technology being employed;
• relevance of qualifications to the specific duties performed.
5 AGL safety management
In order to prepare and deploy an AGL system fit for operational use at an aerodrome, it is
essential that safety is implicit throughout the lifecycle of the system. It is also essential that
the organisations involved in all phases of the lifecycle have an embedded culture that
addresses safety at all levels of management and work. It should be reminded that technical
protection devices do not guarantee a level of safety and, in being able to prevent an accident
from occurring, that there is no substitute for safety procedures, and the competence and
vigilance of the persons involved. The following subclauses outline those aspects of a safety
management system that should, at minimum, be in place within any organisation associated
with the lifecycle of an AGL system.
5.1 Objective
The objective of this clause is to define and document all management and technical activities
during the AGL system safety lifecycle (clause 6) that may have a direct impact on the
operational safety at aerodromes and to ensure the safety of personnel engaged in those
activities.
TS 62143 © IEC:2002(E) – 9 –
5.2 Documentation
5.2.1 The documentation developed as suggested by this technical specification shall be
controlled by an appropriate document control scheme. The development of the documentation
shall be initiated before the completion of the evaluation phase of the AGL system safety
lifecycle and each document shall be reviewed, amended and approved by the aerodrome
authority as necessary throughout the entire lifecycle.
5.2.2 For the purpose of audit, it is essential that all activities required by this technical
specification be documented. The documentation produced shall:
a) suit the purpose for which it is intended;
b) comprehensively describe the safety assessment, test, system or equipment and the use
of it;
c) be accurate, concise and easy to understand;
d) be assessable and maintainable.
NOTE The majority of the documentation should be considered as “live” documents, i.e. they are subject to review
and revision throughout the lifecycle of the AGL system.
5.2.3 The documentation shall have:
a) unique identities so it will be possible to reference the different parts;
b) titles/names as specified in this technical specification;
c) a revision index (version numbers) to make it possible to search for relevant information. It
shall be possible to identify the latest revision (version) of a document or set of information.
NOTE 1 The physical structure of the documentation will vary depending upon a number of factors such as the
size of the system, its complexity and the organisational requirements.
NOTE 2 If relevant, other documents, such as applicable regulations and other standards, should be referenced.
5.3 AGL safety plan
5.3.1 An AGL safety plan shall be prepared by the aerodrome authority that outlines the
responsibilities and procedures to be undertaken by management and staff engaged in
the design, installation or maintenance of an AGL system or its components.
NOTE The AGL safety plan focuses on safety. It may be included in:
• a section in the Quality Plan entitled “AGL Safety Plan”,
• a separate document entitled “AGL Safety Plan”,
• several documents which are referenced in either of the above (e.g. one document could be for the overall AGL
system or one document for each component (e.g. CCR), or
• an overall aerodrome safety management system.
5.3.2 The AGL safety plan shall define all management and technical activities for the design,
installation or maintenance of an AGL system or its components. In particular the following
items shall be specified or referenced in the AGL safety plan:
a) the scope of the AGL safety plan;
b) the policy and strategy for achieving safety, together with the means for evaluating its
achievement, and the means by which this is communicated within the organisation to
ensure a culture of safe working;
c) the person nominated by the aerodrome authority as responsible for the AGL system and
owner of the AGL safety plan;
d) identification of the persons, departments, organisations or other units which are
responsible for carrying out and reviewing safety procedures and their applications in each
phase (including where relevant, licensing authorities and safety regulatory bodies) and a
description of the relationship between them;

– 10 – TS 62143  IEC:2002(E)
e) a description of the safety procedures to be applied;
f) the appropriate safety assessment processes as contained in the AGL safety assessment
plan (see 5.4) for activities within the relative AGL system safety lifecycle phase;
g) the procedures for ensuring that all staff involved in the design, installation or maintenance
of the AGL system are competent to carry out activities for which they are accountable. In
particular the following shall be defined:
1) the training of persons in diagnosis and repair of failure and in system testing;
2) the training of operations staff;
3) the re-training of staff at periodic intervals or after prolonged absence from duty;
4) the plans for identifying and dealing with cases of diminished capacity to perform
activities necessary for achieving safety;
h) the procedures which ensure that hazardous incidents or incidents with potential to create
hazards are analysed and recommendations made such that the probability of repeat
occurrence is minimised;
i) the procedures for analysing operations and maintenance performance. In particular:
1) procedures for recognising systematic failures and faults;
2) procedures which ensure that demand and failure rates during operation and
maintenance are recorded in a suitable log and are compared with the predicted or
assumed conditions made during the system specification and design phases. Such
comparison will enable a judgement to be made as to whether the actual levels of
dependability being achieved are less than required;
j) the requirements for periodic reviews or audits of procedures required to ensure safety. In
particular, these requirements will define:
1) the procedures to be reviewed;
2) the required independence of the reviewers;
3) the procedures for initiating reviews (including routine, essential and emergency);
4) the minimum frequency of review for each activity;
5) the procedures for the analysis of the results;
6) the procedure for recommending corrective actions;
k) the required safety approval process and authority for modifications;
l) the procedures for initiating modifications as a result of recommendations arising from:
1) analysis of hazardous events or incidents with potential to create hazards, including the
procedures for ensuring prompt follow-up and satisfactory resolution of recommend-
ations arising from
i) incident reports;
ii) any safety assessment;
iii) verification activities;
iv) validation activities;
v) configuration management and change control procedures;
2) performance below the specified level of safety (i.e. the actual performance gives rise
to a risk level above that necessary to meet the level of safety);
3) systematic fault experience (both hardware and software);
4) new or amended safety legislation;
5) modifications to the AGL system or its use;
6) modification to any safety requirement;
7) analysis of maintenance and operations performance which indicates that the required
level of safety is not being achieved;
8) routine safety reviews;
TS 62143 © IEC:2002(E) – 11 –
m) the procedure for maintaining accurate documentation on potential hazards;
n) the procedure for configuration management of the AGL system, including the following
activities:
1) the phase at which configuration control is to be implemented;
2) the procedures to be used for uniquely defining all constituent parts of an item
(hardware and software);
3) the procedures to prevent unauthorised items from entering operational service;
o) where appropriate, the provision of training and information for relevant external
organisations, for example, the emergency services in the safety procedures and hazards
they may encounter.
5.3.3 Each of the components of the AGL safety plan shall be formally reviewed by the
organisations concerned and agreement gained on the contents.
5.3.4 All those involved in implementing the AGL safety plan shall be informed of
responsibilities assigned to them under the plan.
5.4 AGL safety assessment plan
5.4.1 An AGL safety assessment plan shall be developed as a means of co-ordinating,
conducting, and determining the objectives of the assessments of the safety of the AGL system
or one of its components.
5.4.2 The person nominated in 5.3.2 c) shall approve the AGL safety assessment plan.
5.4.3 An AGL safety assessment plan shall be provided that identifies
• the scope of the safety assessment;
• the safety assessment schedule;
• the appropriate safety assessment that shall be carried out at all phases throughout the
AGL system safety lifecycle;
• the outputs from each safety assessment at each lifecycle phase;
• the safety assessment team, including the nominated leader;
• the level of independence of the assessors within the safety assessment team;
• the competence of the assessors relative to the application;
• the safety bodies and other participants involved;
• the resources required.
5.4.4 The typical safety assessments at each defined AGL system safety lifecycle phase shall
a) consider any work done since the last safety assessment was performed and the extent to
which changes, as a result of that safety assessment, have been made to the system
and/or the strategy for implementing further safety assessments;
b) identify the hazardous events, and the event sequences or failure modes of the AGL
system that could lead to the hazardous event, under all reasonably foreseeable
circumstances;
c) consider all relevant human factor issues;
d) evaluate the frequencies (or probabilities) of the hazardous events for the conditions
specified;
e) evaluate the potential consequences associated with the hazardous events identified;

– 12 – TS 62143  IEC:2002(E)
f) assign a level of safety (or risk criticality classification) for each hazardous event;
g) determine the safety requirements.
NOTE 1 The frequency of the events or other criteria may be specified quantitatively or qualitatively.
NOTE 2 There are many forms of safety assessment available. The type of safety assessment chosen shall be
appropriate for the scope of the task, the technology involved and the required deliverables. Throughout this
technical specification, a specific safety assessment may be given a specific name (e.g. preliminary hazard
analysis); however they are all essentially a “hazard analysis” and this generic term is often used. IEC 60300-3-9
outlines the type of safety assessments that are appropriate for technological systems and IEC 61508-7 contains
many examples and guidelines on safety assessments.
NOTE 3 The type of accident-initiating events that need to be considered include component failures, procedural
faults, human error, and dependent failure mechanisms that can cause accident sequences to occur.
5.4.5 Consideration shall be given to the elimination of hazards. Risk reduction exercises
shall be carried out in order to achieve or reduce the level of safety for each identified hazard.
NOTE Where sufficient mitigation of identified hazards by system design is considered unfeasible, the use of
operational procedures should be investigated as an alternative means of reducing the level of risk.
5.4.6 The safety assessment team leader shall approve the results acquired from a safety
assessment.
5.4.7 The information and results acquired in subclauses 5.4.4 and 5.4.5 shall be documented
in the AGL safety case (see 5.6).
5.4.8 The person nominated in 5.3.2 c) shall consider the activities carried out and the
outputs obtained during each phase of the AGL system safety lifecycle,
...