Module 5: Digital Techniques and Electronic Instrument Systems

5.13 Software Management Control

DO178B DO178B is a document published by EUROCAE

(European Organization for Civil Aviation Equipment) dealing with the safety of software used in aircrafts. Provides guidance to determine if the software will

perform reliably in an airborne environment. DO178B is titled “Software Considerations

in Airborne Systems and Equipment Certification”.

Software Certification A software component to be approved for use in

the aircraft needs a document called Declaration of Design and Performance. This document is provided by the manufactures to the

CAA for approval. Certification procedure:

The manufacturers provide evidence to the CAA that the software component is designed and tested according to the CAA regulations.

The applicants use as a guidance DO178 document. The same procedure takes place in software

modifications (e.g. updates) made by the manufacturer.

Software Criticality Category The aircraft constructor has assigned a Software Critically category to each

software-based equipment. The classification is described in the DO178 document. Categories:

Level A: Catastrophic failure: Failure that prevents continued safe flight and landing. Must be extremely improbable: 10-9

Level B: Hazardous / Severe Major Failure: Failure conditions that reduce the capability of the aircraft or the crew ability to cope with operating conditions. Examples: A large reduction in safety margins, very high workload or physical distress of the

crew due to a failure, serious or fatal injuries to a small number of the occupants. Must be extremely remote: between 10-7 and 10-9

Level C: Major failure: Failure conditions that reduce the capability of the aircraft or the crew ability to cope with operating conditions. Examples: A significant reduction in safety margins, significant increase in workload or

physical distress of the crew due to a failure, discomfort to occupants, possible injuries. Must be extremely improbable: 10-5 and 10-7

Level D: Minor failure: Failure conditions that do not reduce the capability of the aircraft and involve crew actions which are within their capabilities. Examples: A slight reduction in safety margins, a slight increase in workload of the crew due

to a failure. (e.g. routine flight plan changes). Must be probable: more than10-5

Level E: No effect: Do not affect the capability of the aircraft or crew workload.

DO178B Contents System and Equipment description. Organization of software. Criticality Categories and Software Levels. Design Disciplines:

Development procedures that ensure quality. Development Phases Software Verification Plan.

Description of testing procedures that have been taken and results. Configuration Management:

Configuration principles (e.g. ways to modify it). Quality Assurance:

Procedures related with the quality assurance of the software and the relation between the software and other aircraft components.

Certification Plan: A schedule detailing the relationship between the current and past certified

software releases. Organization and Identification of the Documents Software Status:

Description of any known errors, functional limitations and future upgrades.