It is not just applied to FPGAs/CPLDs and programmable logic anymore!
DO-254 from the Radio Technical Commission for Aeronautics (RTCA) is still a young guidance document, and as such has a number of ambiguities. Early on, the guidance was only being applied to and scrutinized on complex airborne electronic hardware such as Field Programmable Gate Arrays (FPGAs) and Complex Programmable Logic Devices (CPLDs). This meant that you could have an FPGA with very high design assurance, but an error elsewhere in the hardware design, such as on the circuit card, that could potentially go unnoticed. Because of this, a number of additional guidance documents have been released by the FAA (in the form of CAST Position papers) and EASA (in the form of Certification Memos).
A number of these additional guidance documents specify details on the design assurance required for circuit cards, Application-Specific Integrated Circuits (ASICs), System On-Chip (SOC), and Commercial Off The Shelf (COTS) components. It’s important to understand which of these apply to your project before you commit to a schedule and budget.
The Omnicon Group has designed, verified, and certified Complex Electronic Hardware in accordance with RTCA/DO-254 up to Design Assurance Level (DAL) A. We have experience on small projects such as a standalone FPGA or ASIC, to complex Printed Circuit Boards, Line Replaceable Units (LRUs), and systems comprised of multiple LRUs.
Below are some of our tips to look out for on your next project.
- DO-254 Planning is Not Project Planning
Normal project planning is centered on resources, estimates, schedules, budgets, milestones, and risk. Planning with respect to DO-254, however, is your chance to detail all of the planned development and verification tasks and activities ahead of time, and get your customer’s buy-in.
The saying “it’s easier to beg forgiveness than to ask permission” certainly does not apply here. In the DO-254 world, you must explicitly state exactly what you plan on doing and highlight any deviations from those plans. if you make it too far into your process and the certification authorities or customer find your activities inadequate, you will have no choice but to implement corrective actions at additional cost.
Your plans should include not only what you plan on doing, but also what you don’t plan on doing. For example, if you don’t think you need to qualify a tool you will use in development or verification, if you want to take credit for previous development or treat something as COTS, or will use a sub-tier supplier, it should all be stated early and agreed to as soon as possible.
- Create a Traceability Schema
This simple task will make it very easy for your developers when the work gets started and the pressure is put on to deliver to milestones. The traceability schema should show how customer requirements link to hardware requirements, and how hardware requirements link to design elements, test cases, procedures, and results. The schema should specify which hardware lifecycle deliverable data all of this information will be presented in.
- Integrate DO-254 Into Your Existing Process
We have seen development teams that treat DO-254 as a separate and disparate task from development. This occurs when there is a person or team other than the development team that is “responsible” for doing DO-254 tasks. This type of organization usually struggles with DO-254 until the entire development team is trained and has DO-254 in their minds when performing all development activities.
- Perform a Functional Failure Path Analysis
Depending on whether your team has system responsibility or not, a Functional Failure Path Analysis (FFPA) can prove the DAL levels of various components in your system, and may be required for showing quantitative evidence of the failure rate of your major functions and contributors to those failures. Note that this is similar to, but not the same as, a mean between failures (MTBF), or other related reliability number, which are usually concerned with any failure, not necessarily ones that result in failure, to perform your major functions.
Heather Bennett June 5, 2017
Posted In: Blog Series