Identifying Compliance Gaps in Avionics Systems Development


Avionics Systems are delicate systems because of their safety risks. Most of the certification requirements for avionics systems are focused on safety. It is not hard to see why. The littlest loophole can result in the worst complication, and results may be fatal. Therefore, it is important for avionics engineers and suppliers to ensure that the safety of their systems is water-tight before they are deployed.

The best way to avoid errors is to perform a consistent gap analysis on systems right from the planning stage, up to development, and essentially deployment. In this article are important avionics certifications and a summary of their compliance requirements.

DO-178C Compliance

DO-178C is the technical code for ‘Software Considerations in Airborne Systems and Equipment Certification’. It is the primary document that details the global standards and certification requirements for avionics software. It was introduced in 2011 to replace and clarify the DO-178C and it was promptly adopted by the major aviation regulators and certification bodies such as FAA (Federal Aviation Authority) and EASA (European Union Aviation Safety Agency).

DO-178C sets out five different Design Assurance Levels that determine how safe the software of an aviation system is using failure conditions. The failure conditions, in decreasing risk order, are Catastrophic, Hazardous, Major, Minor, and No effect. The implication of this is that software systems with higher DALs are subjected to more rigorous assessment and must meet more conditions to be deemed safe.

DO-254 Compliance

DO-254, the counterpart of DO-178, addresses hardware systems. Its full title is ‘Design Assurance Guidance for Airborne Electronic Hardware’. It emerged to address the inevitable consequences of the growing adoption of firmware in avionics, a hitherto largely unregulated aspect of avionics development. DO-254 also features five Design Assurance Levels as its software counterpart. And usually, the system DAL level applies to the hardware. However, there is not cast in stone and there may be exceptions.

Compared to the Quality Assurance of DO-178C, assessment of hardware systems using the DO-254 model requires additional objectives, and thus earns the name, ‘Process Assurance’. While the software assessment focuses on the planning and the end product, hardware Process Assurance examines not just the hardware system, but also the manufacturing processes and standards adopted by the engineers-cum-suppliers.

DO-326A/ED-202A Compliance

The international standards, DO-326A and ED-202A, are essentially the same documents, and the only different point is that the former applies to the US, and the latter to Europe. They are both titled ‘Airworthiness Security Process Specification’. As the name suggests, they are documents specifying certification requirements for aviation cybersecurity airworthiness. As a ‘white-hat’ hacker demonstrated in 2015, poor aviation cybersecurity provides a criminal with a leeway to hack into a flying airplane and wreak havoc. This led aviation companies and regulators to tighten their cybersecurity systems and airworthiness requirements.

The Airworthiness Security Process in the DO-326A/ED-202A includes 62 objectives that must be met to be granted a security certification for airworthiness. The document also includes other aspects covering guidance for continuing airworthiness. Cybersecurity is not a one-time project, but a continuous process. Security systems must be continually reinvented in order to keep attackers perpetually at bay.

DO-278A Compliance

DO-278A has a rather lengthy title, which says ‘Guidelines for Communication, Navigation, Surveillance, and Air Traffic Management (CNS/ATM) Systems Software Integrity Assurance’. While DO-178 defines protocols for airborne systems, DO-278A addresses compliance requirements for ground management systems for aircraft. Because of this, DO-278A is often referred to as ‘DO-178 for the ground’.

Based on the requirements of DO-278A, CNS/ATM systems are subjected to similar Assurance Levels as the DALs of DO-178C. The first step is to determine the Assurance Level/failure condition of the system, followed by planning. Quality Assurance for ground-based aviation systems is based on five different plans as follows:

  • Plan for Software Aspects of Approval
  • Software Quality Assurance Plan
  • Software Configuration Management Plan
  • Software Development Plan
  • Software Verification Plan

DO-200B Compliance

DO-200B is titled ‘Standards for Processing Aeronautical Data’. It is the standard document governing avionics databases. DO-200B is similar in many ways to DO-178, but both documents are for different purposes. The purpose of DO-200B is for ‘preserving, ensuring, and proving data quality throughout the data processing chain’. DO-200B specifies the requirements for processing aeronautical data.

Navigation, flight planning, precision navigation, flight simulation, terrain awareness, and other aeronautical data are important for flight safety and it is important that the quality of such data is preserved. And data management includes error analysis. DO-200B is an upgrade to DO-200A and it is more of a handbook of guidelines rather than strict requirements, given the dynamicity of aeronautical data.

Conclusion

The original aviation compliance Gap Analysis was invented in 1989 by engineers at AFuzion, an aviation consultancy agency. The agency supplies aviation companies with personalized gap analysis consultancy and also suggests steps to close these gaps. This is carried out by auditing the avionics system(s) and matching their conditions against all the requirements set forth by the relevant certification documents.