System Safety Certification Using Safety-Certifiable COTS: How To Mend The Gap Between Assembly Level Artifacts and the System Safety Assessment

January 04, 2018

System Safety Certification Using Safety-Certifiable COTS: How To Mend The Gap Between Assembly Level Artifacts and the System Safety Assessment

Suppliers of commercial off-the-shelf (COTS) electronic modules have started to offer “safety-certifiable COTS” intended for use on certified avionics platforms in military and commercial applications. What exactly does this mean, and what can it do for avionics system integrators?

What is Safety-Certifiable COTS?

Safety-certifiable COTS is a COTS module or system intended to be used by multiple customers or programs, and has been designed according to a DO-254 process with all of the design assurance and artifacts that go with that process. Ultimately, this means safety-certifiable COTS with lower cost of certification, lower risks and decreased time to market.

This raises an important question: how can this be done, knowing that the system design process is a top down model according to ARP 4754A? While the hazard analysis and system safety analysis for a single system may be available, how do you deal with multiple systems? The certifiable COTS supplier does not have the luxury of the flow down of requirements from these analyses. The fact of the matter is that the certifiable COTS supplier must do the best they can to anticipate the safety flow down of requirements and the features and safety monitors necessary to meet the needs of a system.

Development Cycle Graphic




We see from the diagram above that the flow of requirements is a top down approach. In the absence of details from the upper level, the COTS supplier must still follow the design assurance guidelines, but will generate requirements based on assumptions and best practices. Remember, the COTS supplier is intending to have the certifiable COTS products suit many potential programs. The design artifacts will be made available to the system integrators that will then need to validate that the artifacts support the system level requirements and, ultimately, certification.

Let’s take a look at the best practices shown in the diagram above that guide the development of safety-certifiable COTS:

Aerospace Recommended Practices: ARP 4754A/ARP 4761 – System Design Practices.

A combination of two documents are used as an acceptable means of compliance to 14 CFR xx.1301 and 14 CFR xx.1309 as directed by Advisory Circular (AC) 20:

  • SAE ARP 4761 - Guides and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment
  • SAE ARP 4754A – Guidelines for Development of Civil Airborne Systems and Equipment

The ARP 4761 is the “how-to guide” for conducting the functional hazard analysis and system safety assessments, whereas the ARP 4754A document is the process to take the outcome of the analysis and flow the results down into requirements. The process flows down the first function design assurance levels (FDALs) and then down item design assurance levels (IDALs) to the items in the system. These IDALs determine the DAL level required to be met by the item performing the function, and the design of that item falls under the design assurance guidance of RTCA DO-178C and RTCA DO-254.

RTCA DO-178C and RTCA DO-254

The first design assurance guideline from Radio Technical Commission for Aeronautics (RTCA) is DO-178C, Software Considerations in Airborne Systems and Equipment Certification. The U.S. Department of Transportation Federal Aviation Administration’s AC 20-115 made this guidance document an acceptable means, but not the only means, of showing compliance with the applicable airworthiness regulations for software aspects of airborne systems and equipment certification. The second guideline is DO-254, Hardware Considerations in Airborne Systems and Equipment Certification, which is formally recognized by the FAA as an acceptable means of compliance for the design of electronic hardware in airborne systems.

Taking the Next Step

Ultimately, the system integrators must work with the certifiable COTS supplier to fit the artifacts into the process to assess any gaps and make any adjustments required. In the end it will come down to a partnership between the system integrator and the COTS supplier to work the requirements as the system design details emerge.

Download our Accelerate Time-To-Market With Safety-Certifiable Airborne Electronics Hardware White Paper to learn more.

See how Curtiss-Wright works with partners to bring your safety-certifiable avionics systems to market faster and at a lower cost.