Who Has to Comply with DO-254?
Any team developing custom airborne electronic hardware (AEH) for commercial aviation programs (and in some cases military programs) that may have a safety impact on system operation must comply with DO-254. The type of AEH includes chips (including PLDs, FPGAs, ASICs, including both digital and analog circuitry) and board-level designs (i.e., printed circuit boards, PCBs, or sometimes called circuit board assemblies, CBA). Note that the use of COTS (commercial off-the-shelf) and COTS IP (intellectual property) devices must also follow some aspects of compliance as noted in the new objectives detailed in AMC 20-152A.
Why Comply with DO-254?
DO-254 is a recognized means to show compliance with the applicable airworthiness regulations for the electronic hardware aspects of airborne systems and equipment in product certification or TSO/ETSO authorization. Specifically DO-254 supports US CFR Title 14: Aeronautics and Space (Title 14 → Chapter I → Subchapter C → Part XX), where Part XX is Part 23 (commuter aircraft), Part 25 (transport aircraft), Part 27 (normal rotorcraft), Part 29 (transport rotorcraft), or Part 33 (engines). These correspond to equivalent rules of the EU Certification Specifications (CS).
What Does DO-254 Compliance Entail?
DO-254 is a development assurance program. Complying with DO-254 requires performing thorough planning, complying with all the objectives of the DO-254 Life Cycle (i.e., Planning), having strict oversite of all processes i.e. Process Assurance), controlling all data items (i.e. Configuration Management), clear identification and validation of hardware requirements (i.e., Requirements Capture), a clearly documented design concept (i.e., Conceptual Design), thoroughly reviewed design/code that implements requirements (i.e., Detailed Design), a physically implemented hardware item (i.e., Implementation), that is thoroughly and possibly independently verified (i.e., Verification), with instructions for repeatedly producing a controlled hardware item (i.e., Production Transition) that meets all the requirements. The objectives of DO-254 are modulated depending on the Design Assurance Level (DAL) of the design. For more information, view this: Introduction to DO-254 Mini-Module (FREE) – (airworthinesscert.com)
What is Meant by the DO-254 Life Cycle?
This refers to the hardware development process that must comply with the objectives of DO-254. The main life cycle phases are Planning, Requirements Capture, Conceptual Design, Detailed Design, Implementation, and Production Transition. The “supporting processes” that operate alongside the development flow are Verification & Validation, Process Assurance, Configuration management, and Certification Liaison.
What is Common Terminology in a DO-254 Program?
See our Glossary here: DO-254 and DO-178C Glossary of terms and acronyms (airworthinesscert.com).
Is there a FREE DO-254 Glossary?
See our Glossary here: DO-254 and DO-178C Glossary of terms and acronyms (airworthinesscert.com).
Is DO-254 a Top-Down or Bottom-up Process?
DO-254 is a top-down process. Its starts with an extensive planning process to define how the hardware item will be developed to be compliant with all the objectives of DO-254. These regulatory approved plans must be followed at every step of development. Many development teams make the common mistake of treating it like a bottom-up process, meaning they do the development first and then think they can just create the compliance documentation. But this is an expensive mistake. See more at our Blog here: DO-254 and DO-178C are Top-Down Processes – ACS (airworthinesscert.com)
What is a Simple vs. a Complex design in DO-254?
AMC 20-152A Chapter 5.2 provides guidance on simple/complex classification for custom devices. The definition of simple is “if a technical assessment of the design content supports the ability of the device to be verified by a comprehensive combination of deterministic tests and analyses that ensure correct functional performance under all foreseeable operating conditions with no anomalous behavior.” In essence, a device becomes complex due to design features such as complex clocking, state machines and interactions between them, interfaces, data/signal processing or transfer functions, etc.
What is a DO-254 DER?
A DER stands for Designated Engineering Representative. This is a person who has, through rigorous education and experience, been authorized by the FAA to audit programs on their behalf. DERs, can also perform training, offer advice, and do work on behalf of applicants for DO-254 compliance as independent consultants. To learn more, view our Blog on this topic: Why Hire a FAA DER? – ACS (airworthinesscert.com).
Do you Need to Hire a DO-254 DER?
While you do not technically need to hire a DER to audit your DO-254, there are many benefits to doing so, including avoiding long wait times for FAA auditing and getting valuable advice throughout on your program. To learn more, view our Blog on this topic: Why Hire a FAA DER? – ACS (airworthinesscert.com). Why Hire a FAA DER? – ACS (airworthinesscert.com). To find a DER, view the FAA official DER Directory: DER Directory (airworthinesscert.com)
How Do You Find a Good DER?
be aware that not all DO-254 “consultants” or “certification experts” are DERs. Its best to screen folks closely, check multiple references, and verify their credentials by checking the FAA consulting directory, which identifies all the DERs authorized in various categories of expertise. We’ve found it for you and placed it on our website here: DER Directory (airworthinesscert.com)
Can you use Agile and be Compliant with DO-254?
Yes, while DO-254 is a Top-Down process, you can still utilize an Agile development process to validate requirements. For more on this topic, refer to our Blog: DO-254 and DO-178C are Top-Down Processes – ACS (airworthinesscert.com)
What are the Most Common DO-254 Mistakes?
Some of the top mistakes are: 1) Not taking planning seriously, 2) doing traceability after-the-fact (as opposed to throughout development), 3) not hiring an authorized DER, 4) not holding internal reviews before certification audits, 5) not baselining/controlling data items properly. We have blogs on each of these topics. See them here: Blog – Airworthiness Certification Services
What is a DAL?
DAL stands for Design Assurance Level, which is a measure of the criticality of a design. A hardware or software item is assigned an Item DAL (IDAL) during the system level Preliminary System Safety Assessment (PSSA). The assigned IDAL dictates the rigor of the objectives required to comply with the DO-254/DO-178C process.
What are the DO-254 Planning Documents?
DO-254 does not technically mandate specific documents, however it does mandate specific types of documentation that is usually found in the following Planning Documents:
- Plan for Hardware Aspects of Certification (PHAC)
- Hardware Development Plan (HDP)
- Hardware Verification and Validation Plan (HVVP)
- Hardware Process Assurance Plan (HPAP)
- Hardware Configuration Management Plan (HCMP)
- Hardware Requirements Standards (HRS)
- Hardware Design Standards (HDS)
- Hardware Verification and Validation Standards (HVVS)
For a complete set of DO-254 documentation templates, click here: DO-254 Templates and Checklists (airworthinesscert.com)
Why is DO-254 Planning So Important?
DO-254 plans guide everything you do in a DO-254 program, must be approved by the certification authorities, and is in essence a contract with the certification authorities regarding how you will meet compliance.
What are SOI Audits?
SOI stands for Stage of Involvement, referring to the involvement of the FAA when auditing a DO-254 compliance program. While not strictly required, there are typically 4 types of SOI audits held for a program: SOI-1 (Planning), SOI-2 (Requirements and Design), SOI-3 (Verification) and SOI-4 (Final Compliance Review). The number and depth of reviews depends upon a lot of factors. See Appendix C of FAA Order 8110.105A to understand how much involvement, and therefore the number and types of audits, your program may have.
What does DO-254 “Traceability” Mean?
The word traceability means linking one thing to another. For DO-254, this is usually referring to the Requirements Traceability Matrix (RTM), which links requirements to the design, test, and results. The reason for this traceability is 1) to ensure that the design only includes the defined requirements. 2) any additional functions are identified as “derived” and validated, and 3) that it has been demonstrated that the design performs those requirements with no anomalous behavior. Sometimes the word traceability in a DO-254 context may mean the ability to trace design changes back to a known baseline, i.e., tracing one version of a design to a known version.
What is a DO-254 “Top-Level Drawing”?
The original definition in DO-254 10.3.2.2.1 says “The top-level drawing uniquely identifies the hardware item and identifies all assemblies, subassemblies, components and relevant documentation that define the hardware item.” But this is confusing for developers of FPGAs and similar hardware. New policy clarifies that what is required is a description of the HW item that includes the source files and revision history, the hardware environment in which its built, all the related data items, and all the procedures to build the files into an implementation of the design that’s loaded into the target FPGA device. This is typically captured in a Hardware Configuration Index and Hardware Environment Configuration Index document. To read more about TLDs, click here: What the Heck is a “Top-Level Drawing” of an FPGA? – ACS (airworthinesscert.com)
What is “Target Testing” in DO-254?
Target testing refers to physical testing the implemented hardware in its “target” (or actual) environment that will be installed in the aircraft. This may mean testing a chip at the board or system level. While simulation is a common practice to verify the design during development, target testing of all requirements that are practical to physically test is expected.
What is Elemental Analysis in DO-254?
This method, introduced in DO-254 Appendix B as a potential “Advanced Verification” method for DAL A/B designs, means ensuring that testing covers all the design elements, and it is most commonly implemented by running code coverage analysis during simulation.
What is the Latest DO-254 Policy?
The latest policy documents affecting DO-254 compliance are as follows (click to find them on our website):
- AC 20-152A & AMC 20-152A: Development Assurance for Airborne Electronic
- Hardware (AEH)
- FAA Order 8110.105A: Simple and Complex Electronic Hardware Approval Guidance
- EASA CM SWCEH-001 Issue 1 Rev 2: Certification Memorandum
- Development Assurance of Airborne Electronic Hardware
- AC 00-72: Best Practices for Airborne Electronic Hardware Design Assurance Using EUROCAE ED-80( ) and RTCA DO-254( )
- AC 00-71: Best Practices for Management of Open Problem Reports
- EASA CM-AS-004 Issue 01: Single Event Effects (SEE) Caused by Atmospheric Radiation
- AMC 20-189: The Management of Open Problem Reports (OPRs)
- AMC 20-193: Use of multi-core processors
Where can I find the latest DO-254 Policy?
You can find latest policy documents regarding DO-178C and DO-254 by searching the FAA and EASA websites. We’ve made it easy for you by putting all the latest pertinent documents (that are free and publicly available) on our website in one place here: All the latest DO-254 and DO-178C Policy Documents in one place (airworthinesscert.com).
Note that DO-178C and DO-254 and the other RTCA documents (such as the DO-178C supplements) are available for purchase on the site www.rtca.org
Can you use IP in DO-254 Programs?
Absolutely! You can use COTS IP in DO-254 programs as long as you follow the new IP objectives detailed in AC/AMC 20-152A. For more information, see our Blog: Is it OK to Provide or Use Hardware COTS IP in Avionics Designs? – ACS (airworthinesscert.com)
Do Military Programs have to comply with DO-254?
The answer can vary, but more and more military programs (i.e., jets, helicopters, UAVs/drones and other VTOL aircraft) are having to comply with DO-254. Its usually a requirement when then aircraft could cause a safety concern in a civilian area.
Do UAVs (Drones) have to comply with DO-254?
The short answer is yes, probably. For the long answer, see our Blog: What’s Up with UAS (UAV) and eVTOL Certification? – ACS (airworthinesscert.com).
Have a Another Question We Haven’t Answered Here?
We are happy to answer it. Just submit it to us: info@airworthinesscert.com
