DO-178C Guide: Introduction to RTCA DO-178 Certification
DO-178C Guide: Introduction to RTCA DO-178 Standard Certification
Table of Contents
The aviation industry relies heavily on software for critical systems, such as flight controls and avionics. To ensure the safety and reliability of these software systems, the Radio Technical Commission for Aeronautics (RTCA) developed a set of guidelines known as DO-178. This comprehensive standard, officially known as DO-178C, provides guidance for the certification of software used in airborne systems. This article serves as a guide to understanding the key aspects of DO-178C and its significance in aviation software development.
DO-178C is a set of standards and guidelines for the development of commercial aircraft software. It was published by the Radio Technical Commission for Aeronautics (RTCA) in 1992 and has since been updated several times, with the most recent version being DO-178C/ED-12C, released in 2011.
DO-178C is often referred to as the “Software Considerations in Airborne Systems and Equipment Certification” standard. It guides how to conduct a software development project to ensure that the resulting software is safe for use in an aircraft.
DO-178C is not a mandatory standard, but it is widely used in the aviation industry and is required by many aviation authorities, such as the Federal Aviation Administration (FAA) in the United States when certifying new aircraft.
Objective and Scope
The primary objective of DO-178C is to establish a standardized process for developing and certifying airborne software. It applies to all software that has a direct impact on the safety and performance of aircraft systems, including flight controls, navigation, communication, and surveillance systems. The standard provides a framework for software development, verification, and validation, emphasizing rigorous processes to achieve safety and reliability.
Software Life Cycle Processes
DO-178C outlines several software life cycle processes that must be followed to achieve certification. These processes include requirements capture, software design, coding, testing, verification, and configuration management. Each process has specific objectives and activities that must be performed, documented, and reviewed to comply with the standard. The standard also emphasizes the importance of traceability, ensuring that each requirement is linked to the corresponding design, code, and verification artifacts.
Verification is a critical aspect of DO-178C. It involves the systematic review and evaluation of software artifacts to ensure compliance with requirements and standards. Verification activities include code reviews, static analysis, dynamic testing, and software integration testing. The standard requires the use of rigorous verification techniques to achieve high levels of confidence in the software’s safety and reliability.
DO-178C places significant emphasis on configuration management to ensure control and traceability of software changes throughout the development life cycle. Configuration management involves the identification, control, and documentation of software items, including code, documentation, and test cases. Changes to these items must be carefully managed and tracked to maintain the integrity of the software and support accurate traceability.
Certification of software under DO-178C involves a thorough and systematic evaluation by regulatory authorities, such as the Federal Aviation Administration (FAA) in the United States or the European Union Aviation Safety Agency (EASA) in Europe. The certification process includes the submission of documentation, demonstration of compliance with the standard, and review by the authorities. The level of certification achieved depends on the DAL and the successful completion of all required activities outlined in DO-178C.
DO-178C defines five levels of software criticality, known as Design Assurance Levels (DALs). The DALs range from A (most critical) to E (least critical). The criticality level determines the level of rigor required in the software development and certification process. Higher DALs require more extensive documentation, testing, and verification activities to mitigate the associated risks.
DO-178C classifies safety into five levels, with each level corresponding to the consequence of a software failure:
- Level A (Catastrophic) – A catastrophic failure may cause deaths and usually results in the loss of the airplane.
- Level B (Hazardous) – A hazardous failure has a significant negative impact on safety or performance or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers.
- Level C (Major) – A major failure significantly reduces the safety margin or significantly increases crew workload and it may result in passenger discomfort or even minor injuries.
- Level D (Minor) – A minor failure slightly reduces the safety margin or slightly increases the crew workload. Examples of minor failures might include causing passengers inconvenience or a routine flight plan change.
- Level E (No Safety Effect) – This failure does not impact safety, aircraft operation, or crew workload. An example might include a bug in the in-flight entertainment system.
For each of the five safety levels, a certain number of objectives must be satisfied to meet airworthiness requirements and obtain approval for software used in civil aviation products:
No Safety Effects
The phrase “with independence” means that the objective cannot be satisfied unless there is a documented separation of responsibilities.
Since DO-178C became available for sale and use in January 2012, it has become the primary document by which the certification authorities such as FAA (a governmental body of the United States with powers to regulate all aspects of civil aviation), EASA (an agency of the European Union with responsibility for civil aviation safety), and Transport Canada (the department within the Government of Canada responsible for developing regulations, policies, and services of road, rail, marine and air transportation in Canada) approve all commercial software-based aerospace systems.
It’s important to note that DO-178C is a non-prescriptive standard, which means that it doesn’t describe what must be done to meet the safety objectives it provides. As such, it gives the developers of software systems used in civilian aircraft a lot of flexibility, but it also sometimes creates ambiguity.
Benefits of DO-178C Certification
Enhanced Safety and Reliability
DO-178C certification ensures that software used in airborne systems meets rigorous safety and reliability standards. By adhering to the guidelines and processes defined in DO-178C, the risk associated with software failures and malfunctions can be minimized. This certification provides confidence to both aviation authorities and passengers regarding the integrity of the software systems controlling critical aircraft functions.
DO-178C has become the de facto standard for aviation software certification worldwide. Its wide adoption ensures consistent practices across the industry, facilitating collaboration, interoperability, and shared understanding among various stakeholders, including developers, manufacturers, regulators, and certification authorities.
Legal and Regulatory Compliance
For software to be used in aircraft systems, it must meet the regulatory requirements set by aviation authorities. DO-178C certification demonstrates compliance with these regulations, making it easier to gain approval for software usage in aviation systems. Failure to comply with the certification guidelines may result in legal and regulatory consequences.
Cost and Risk Mitigation
Adhering to DO-178C guidelines from the early stages of software development can help identify and mitigate risks before they become costly problems. The standard’s emphasis on thorough documentation, rigorous testing, and verification processes aids in detecting and rectifying potential issues early on, reducing the risk of software failures and costly redesign efforts.
What difference between DO-178B and DO-178C?
DO-178B and DO-178C are both standards developed by the Radio Technical Commission for Aeronautics (RTCA) that provide guidance for the certification of software used in airborne systems. However, DO-178C is an updated version of DO-178B, incorporating improvements and enhancements based on industry experience and technological advancements.
Here are the key differences between the two standards:
- Structure and Organization: DO-178C introduced a new structure and organization, providing clearer guidance and making it easier to navigate and understand the standard. The revised structure improves the alignment with other related standards, such as DO-254 for hardware development.
- Risk-Based Approach: DO-178C incorporates a more explicit risk-based approach compared to DO-178B. It emphasizes the importance of identifying and managing risks associated with software development and certification. The standard provides guidelines for tailoring the certification process based on the software’s criticality level, allowing for more efficient and effective certification efforts.
- Enhanced Objectives and Activities: DO-178C includes updated and expanded objectives and activities for software life cycle processes. It provides more detailed guidance on requirements capture, software design, verification, and configuration management. The new standard also addresses topics that were not explicitly covered in DO-178B, such as model-based development and object-oriented technology.
- Supplemental Documents: DO-178C introduced the concept of Supplemental Documents, which are optional guidelines and best practices that can be used to complement the standard. These documents provide additional guidance on specific topics, such as formal methods, tool qualification, and software verification.
- Tool Qualification: DO-178C includes more comprehensive guidance on tool qualification. It provides detailed criteria for determining the qualification level of software development and verification tools used in the certification process. The standard emphasizes the importance of considering the tool’s impact on the software’s safety and reliability.
- Alignment with Certification Authorities: DO-178C aligns more closely with the certification requirements and processes of various aviation authorities, including the Federal Aviation Administration (FAA) in the United States and the European Union Aviation Safety Agency (EASA) in Europe. This alignment enhances the acceptance and recognition of DO-178C certification across different regulatory bodies.
- Integration of Industry Experience: DO-178C incorporates lessons learned from the industry’s experience with DO-178B. It addresses common challenges, clarifies ambiguities, and provides more practical guidance based on real-world implementation and feedback.
While DO-178B is still accepted and used in some contexts, DO-178C is the current industry standard for software certification in airborne systems. It represents an evolution and improvement over its predecessor, offering enhanced guidance, flexibility, and alignment with the latest practices and technologies in aviation software development.
How to support DO-178C?
There are DO-178C tools available from various software development companies which:
- help you create DO-178C artifacts,
- manage DO-178C compliance, and
- perform DO-178C audits.
Using such tools can save you a lot of time and effort in satisfying the DO-178C objectives for your software development project.
DO-178C certification optimization is streamlining your DO-178C compliance activities to minimize the cost and effort required to obtain DO-178C certification for your software system.
Certification optimization can be achieved through various means, such as using DO-178C tools, automating DO-178C activities, and improving DO-178C processes.
When used effectively, DO-178C tools can help you automate the creation of DO-178C artifacts, manage DO-178C compliance, and perform DO-178C audits. This can save you a significant amount of time and effort in satisfying the DO-178C objectives for your software development project.
DO-178C compliance doesn’t have to be costly or time-consuming. By using DO-178C tools and automating DO-178C activities, you can streamline your DO-178C compliance efforts and save both time and money.
Supporting DO-178C with Visure Requirements
Providing integral support to the complete requirement process, Visure Requirements is a state-of-the-art requirements management software solution capable of managing all requirement-related information (like requirements, tests, change requests, risks, etc.), their relationships, and their interactions with the users. Visure Requirements offers comprehensive and agile requirements management for the development and verification of avionic embedded systems, allowing the developers of avionics software systems to standardize and streamline their processes related to DO-178C by providing a single centralized repository for all DO-178C objectives.
Here’s an overview of how the Visure Requirements ALM Platform supports DO-178C:
The platform enables efficient requirements management by providing a centralized repository to capture, organize, and track software requirements. It allows users to define and document requirements, including their attributes, relationships, and dependencies. The platform’s intuitive interface simplifies the process of creating, editing, and managing requirements throughout the software development life cycle.
DO-178C places significant emphasis on traceability, ensuring that requirements, design elements, code, and verification activities are all interconnected and properly linked. The Visure Requirements ALM Platform offers robust traceability features, allowing users to establish and maintain traceability links between different artifacts. This includes bidirectional traceability, enabling easy navigation and impact analysis across the entire software development process.
Verification and Validation
The platform supports the verification and validation processes mandated by DO-178C. It provides capabilities for planning, executing, and documenting various verification activities, such as code reviews, static analysis, dynamic testing, and integration testing. The platform’s integrated test management functionality allows for the creation and execution of test cases, capturing test results, and generating test reports.
DO-178C requires strict configuration management practices to ensure control and traceability of software changes. The Visure Requirements ALM Platform offers built-in configuration management capabilities to manage software versions, baselines, and change control. It enables users to track and document configuration changes, ensuring that the software remains compliant with DO-178C requirements throughout its development and certification.
Documentation and Reporting
The Visure Requirements ALM Platform simplifies the generation of documentation required for DO-178C certification. It provides customizable templates and reporting capabilities to generate various documents, such as the Software Development Plan (SDP), Software Verification Plan (SVP), Software Configuration Management Plan (SCMP), and other deliverables specified by DO-178C. These documents can be easily generated in the required format, ensuring compliance with certification requirements.
Collaboration and Workflow
The platform supports collaboration and facilitates effective communication among stakeholders involved in the software development and certification process. It provides features such as task assignments, notifications, and real-time collaboration, enabling teams to work together efficiently. The platform’s workflow capabilities allow organizations to define and enforce processes and approvals required at different stages of the DO-178C certification process.
In summary, the Visure Requirements ALM Platform is a powerful tool for organizations seeking to comply with the DO-178C standard. Its comprehensive features for requirements management, traceability, verification and validation, configuration management, documentation, and collaboration provide the necessary support to streamline and simplify the certification process, ultimately helping organizations develop and certify software systems in accordance with DO-178C guidelines.
DO-178C is a critical standard for the Aerospace and Defense industry, and Visure has been a leading provider of software solutions to support compliance with this standard for many years. Our platform has been used by some of the largest companies in the world to manage their requirements and ensure that safety-critical systems are compliant with DO-178C. If you’re looking for a reliable and proven solution to help you achieve compliance with this important standard, contact us today for a free 30-day trial of our Requirements ALM Platform.
Don’t forget to share this post!