A number of my blogs are dedicated to discussing the top mistakes that are commonly encountered in the compliance process. The # 1 mistake is…Creating Plans After the Fact.
It seems that many folks mistakenly believe that compliance to DO-254 or DO-178C is simply an exercise in filling in boxes with the required documentation, and that the order or timeline of document creation is not important. This is a serious misunderstanding of the intent of DO-254/DO-178C design assurance standards.
DO-254/DO-178C is needed because it is nearly impossible to show that today’s complex hardware/software functions comply to the Certification Authority (FAA/EASA/Etc.) regulation xx.1301 and xx.1309 “Perform intended function under all foreseeable operating conditions.” Both DO-254 and DO-178C were written as agreed to industry design assurance strategies that can be used as a “means of compliance” to this regulatory requirement for complex hardware and software.
As part of these design assurance processes, Planning is essential because it describes specifically “how” each of the general compliance objectives and activities will be met for a particular project. The plans then become the “contract” with the Certification authority for how a company will proceed in all development and testing aspects in order to meet the regulatory rules. This is a very important idea to grasp. Review and agreement of the plans is important because it shows that there is an understanding of the needed reviews, transitions, and analysis throughout the development of the complex hardware/software in order to ensure that the system is “performing its intended function” and is as free of errors as possible.
The Design Assurance Level (DAL) A-E is a way to communicate the potential level of impact a device failure would have on passengers (with DAL A being most critical). The DAL modulates the objectives of DO-254 and DO-178C such that there is more rigor required when the impact of failure is higher. The planning documents must show this additional rigor and compliance to these additional objectives based on the DAL level.
In addition to these considerations, planning documents need to acknowledge and address certification authority or aircraft specific issue papers or certification review items (CRIs). The plans also require teams to describe how they are going to deal with complicated situations that have potential safety impact – such as dealing with single event effects (SEE) in hardware, caused by high-speed neutron effects on SRAM based devices. Another example is certification considerations for using COTS IP, which must adhere to DO-254 standards, or COTS hardware/software, which are predesigned hardware components/boards or software modules/programs that must still be demonstrated to be compliant before they are used. You cannot wait until late in the program to think about these things.
Planning documents should describe the developer’s approach on these crucial subjects and applicants should reach agreement with authorities early in the process. Waiting until the end could potentially result in major product redesigns with major cost and schedule implications.
The fastest way to accomplish planning is to use the expertise of past successful programs. Start from those documents. If you don’t have access to any, then consider purchasing document templates.
Check out our document templates , which include a wealth of instructional text and examples, and are updated with the latest policy requirements. We have put a lot of effort into these templates and proudly believe we have the best in the industry.