Section 7 of DO-254 tells us “The configuration management process is intended to provide the ability to consistently replicate the configuration item, regenerate the information if necessary and modify the configuration item in a controlled fashion if modification is necessary.” What do you do if you are using a tool to control some or all of your program data?


This is becoming more and more common as the industry has delivered a number of tools that assist with various aspects of DO-254 (and DO-178C) compliance. This automation may be extremely helpful in many cases, but it introduces a new paradigm of tool-based data control that requires understanding and exploration.


For example, you may have a tool that helps you with compliance by including checklists for various processes. These checklists might be modifiable, they must be reviewed by a team, actions may come from the review, and these actions need to be tracked. This is all done within the tool and all that data needs to be controlled and available, and subject to the pertinent requirements for Life Cycle Data (DO-254 Section 10.0 and DO-178C Section 11.0). (BTW, this is one of the many features of our tool called PACT. Learn more about PACT by clicking here.


So do we meet the content/retention requirements if the artifacts remain embedded in the tool? Or what if you are using Clearcase and you just have a path to a Version Based Object (VOB) for some compliance artifact? Does that meet data configuration and control requirements for that artifact? And what if your auditor doesn’t have access to the tool?


The underlying concern of the DO-254/DO-178C configuration management requirements are to ensure that the data is always available and always modifiable. So, you must ensure this happens even if the tool is not used again in the future. Because of the obligation to continued airworthiness, the applicant must maintain the data for the lifetime that the product flies. This may be far longer than a tool lifetime. Therefore long-term (20+ year) archive/data recovery is the responsibility of tool user, who must be able to extract, archive and potentially resurrect this data for their project.  So, ensure that whatever tool you are using allows you to do this, that you capture this as part of your plans and execute appropriately as part of your program.