Don’t Make These Mistakes!
The next few blogs are dedicated to discussing the top mistakes that are commonly encountered in the compliance process.
It seems that many folks mistakenly believe that compliance to DO-254 is simply an exercise in filling in the boxes with the documentation required, and that the order or timeline of document creation is not important. This is a serious misunderstanding of the intent of DO-254 design assurance.
DO-254 is needed because it is nearly impossible to show that today’s complex hardware functions comply to the Certification Authority (FAA/EASA/Etc.) regulation xx.1301 and xx.1309 “Perform intended function under all foreseeable operating conditions.” DO-254 was written as an agreed to industry design assurance strategy that can be used as a “means of compliance” to this regulatory requirement for complex hardware (see AC20-152).
As part of the DO-254 process, Planning is essential because it describes specifically “how” each of DO-254’s general objectives and activities will be met for a particular project. The plans then become the “contract” with the Certification authority for how a company will proceed in all development and testing aspects in order to meet the regulatory rules. Review and agreement of the plans is important because it shows that there is an understanding of the needed reviews, transitions and analysis throughout the development of the complex hardware in order to ensure that the system is “performing its intended function” and is as free of errors as possible.
The design assurance level (DAL) A-E is a way to communicate the potential level of impact a device failure would have on passengers (with DAL A being very critical). The DAL modulates the objectives of DO-254 such that there is more rigor required when the impact of failure is higher. The planning documents must show this additional rigor and compliance to these additional objectives based on the DAL level.
In addition to these considerations, planning documents need to acknowledge and address certification authority or aircraft specific issue papers or certification review items (CRIs). One such example is dealing with single event effects (SEE) in hardware, caused by high-speed neutron effects on SRAM based devices. Another example is certification considerations for using COTS IP, which must adhere to DO-254 standards. Planning documents should document the developer’s approach on these crucial subjects and applicants should reach agreement with authorities early in the process. Waiting until the end could potentially result in major product redesigns with major cost and schedule implications.
If your someone on your team is struggling to understand the purpose of planning within any sort of compliance program – whether it’s at the hardware, software or systems level – Patmos Engineering Services training can help. We offer a class called “Certification Overview” which covers the fundamentals of compliance (including the importance of planning) at all these levels.