Avionics Certification: Changes and Challenges

December 01, 2018

Avionics Certification: Changes and Challenges

Authored by Charlotte Adams, Avionics Magazine
Content contribution by Rick Hearn and Paul Hart

Safety Critical Avionics Certification: Changes and Challenges

The certification of computer hardware and software used in safety-critical aircraft systems is essential to the integrity of air transportation. The FAA and other civil aviation authorities have set a high bar for avionics safety and reliability, epitomized by RTCA guidelines such as DO-254 and DO-178C, which apply to electronic hardware and software, respectively. Within the safety-critical certification world, however, there have been changes and ongoing challenges. One change was the approval of the “C” version of DO-178, which consolidates and clarifies guidance on new technologies such as object-oriented programming (OOP).

Another is the evolution of certification processes to enable the use of complex multicore processors. Others are the advent of “safety-certifiable” commercial off-the-shelf (COTS) cards that bake in RTCA guidelines from the start and the gradual convergence of civil and military standards. In the more than five years since DO-178C was approved for use, many Level A projects have been completed, said John Mannarino, president and founder of Montreal-based Mannarino Systems & Software, a specialist in DO-178 and DO-254 software and hardware design and analysis. The firm has several DO-178C, Level A, projects to its credit.

Mannarino cites a real-time executive – essentially an operating system – and board support package for a gas turbine full authority digital engine control system for a Part 25 aircraft. He also notes a finding of compliance for Level A software for a Part 25 aircraft’s fly-by-wire flight control system. DO-178C, with its four new-technology supplements, is more voluminous than DO-178B “but I wouldn’t say that it’s imposed any new conditions that weren’t practically there before,” Mannarino said.

Safety Certifiable COTS

Safety-certifiable COTS cards — with guidelines such as DO-254 and DO-178 built in from the start — have generated buzz in the aerospace market, as this approach can save development time and money. Curtiss-Wright Defense Solutions has been on top of this trend for several years, said Rick Hearn, the company’s senior product manager of safety certifiable solutions.

As part of this effort, Curtiss-Wright and Mannarino Systems & Software have set up a cost and revenue sharing partnership, under which the firm performs DO-178C software and DO-254 firmware activities on the respective components on Curtiss-Wright’s COTS safety-certifiable boards, Mannarino explains. The idea of safety-certifiable COTS is to make hardware — with supporting artifacts and analysis — commercially available, Hearn said. These parts also can be certified under TSO 153 for integrated modular avionics, which reduces risk going into higher-level certifications, Hearn said. Boards that are designed from scratch using RTCA guidelines can be brought to market in one to two years, depending on the complexity of the card, Hearn says.

One of these cards, the VPX3-152 single board computer, is slated to be released with Level A artifacts in 2019. While it costs Curtiss-Wright 25 to 30 percent more to design and develop a board to DO-254 guidelines than to develop a board without the accompanying artifacts and analytics, the company amortizes these additional costs over multiple customers and provides integrators an up to five-fold savings as well as reduced risk and time to market, he adds. If there is a tradeoff in the safety-certifiable COTS world, it’s that some of the COTS components may not be the smallest possible size and weight, Mannarino said. Because they are COTS components, they “haven’t been optimized completely for an application.” But the upside is that they are ready, available, and affordable.

Civil/Military Convergence

""One trend in the safety certification business is the military’s willingness to recognize DO-254, a civil aviation standard"", Hearn said.

“They’re saying, if it’s good enough for commercial, it’s good enough for us – at a certain level.” The military tends to have a more “top-down, holistic” safety approach, whereas DO-254 and DO-178 are more prescriptive, process-intensive standards. But military and civil safety critical certification standards are converging, to some degree.

Although the military has been accepting the use of commercially derived standards for years, the U.S. Air Force’s highest certification document explicitly references DO-254 and DO-178 as “means of compliance,” said Paul Hart, Curtiss-Wright chief technology officer. This shift reflects in part the military’s need to use certain civil-certified equipment — ADS-B transponders and RVSM-compliant altimeters, for example — when flying in commercial airspace as a result of programs like the FAA’s NextGen. The military provides its own airworthiness approvals for its aircraft, Collins’ Tiedeman says. But then they have to go ask FAA or EASA to let them fly in their airspace. So the more closely the military follows guidelines that the civil authorities are familiar with, the easier they make it for the civil authorities to approve. The military, however, also has airworthiness standards that go above and beyond civil requirements, such as resistance to corrosive gas and gunfire, Hart points out.

Read the entire article on Avionics Magazine

RTCA DO-254 / EUROCAE ED-80 Safety Certifiable COTS

DO-254 safety certification for manned and unmanned aerial vehicles can be a costly and time-consuming undertaking, especially if the process is new to your organization. Working with a vendor that can provide safety certifiable COTS solutions that are designed for use in systems with Design Assurance Level A using AMC 20-152A as a means of compliance for safety certification can significantly reduce your program’s cost, development time, and overall certification risk.