Understand the stringent standards for safety-critical operations in commercial software-based aerospace systems.
DO-178C, Software Considerations in Airborne Systems and Equipment Certification, is the principal certification document used by certification agencies including the Federal Aviation Administration (FAA), European Union Aviation Safety Agency (EASA), and Transport Canada to review and approve all commercial software-based aerospace systems submitted for their approval process. It is the standard that directs software certification for airborne systems for the commercial segment. (Its ramifications for military aerospace will be covered below.)
The document is published by RTCA (originally known as the Radio Technical Commission for Aeronautics) via a joint effort with European Organisation for Civil Aviation Equipment (EUROCAE) and replaces the previous version, DO-178B. ED-12C, the updated version of ED-12B, is the EUROCAE release of DO-178C. In November 2011, DO-178C/ED-12C was completed; the RTCA approved it in December of the same year. The joint contribution of RTCA and EUROCAE to DO-178C/ED-12C resulted in its joint designation.
For the avionics industry, DO-178C provides important, detailed guidance for developing airborne software systems to ensure that these systems perform their intended function with a high level of reliability.
In the United States, the FAA, as part of its aerospace industry safety certification processes, uses DO-178C for software and RTCA DO-254 for complex electronic hardware.
The DO-178C standard must also be met within the military aerospace industry, with the following differences:
DO-178C demonstrates compliance with the applicable airworthiness regulations for the software components of airborne systems and equipment.
As outlined by the RTCA, “RTCA Special Committees leverage the top and brightest experts in the aviation community to create recommendations. RTCA works with the Federal Aviation Administration (FAA) to develop comprehensive, industry-vetted and endorsed standards that can be used as means of compliance with FAA regulations.”
The Special Committees developed a series of documents: Safety Performance Requirements (SPR), Operational Services and Environment Definitions (OSED), Interoperability Requirements (INTEROP), Minimum Aviation System Performance Standards (MASPS), and Minimum Operational Performance Standards (MOPS), as well as other reports and guidelines. These documents guide the certification of new equipment and impact the competitive market for their use.
In Europe, EUROCAE leads in the development of globally recognized aviation industry standards. Drawing on the expertise of its members, EUROCAE creates operational, development, and regulatory standards that are designed for international adoption.
The RTCA/EUROCAE joint committee work was divided into seven subgroups:
A major provision of DO-178C is the definition of Design Assurance Levels (DALs), which indicate the consequences of potential software failure to the system as a whole. The failure conditions are categorized by their effects on the aircraft, crew, and passengers. There are five DALs, determined from the system safety assessment process and hazard analysis.
Each DAL has stated objectives that must be satisfied. Some must be satisfied “with independence,” meaning that the person who verifies the requirement or source code cannot be the same person who wrote it. This separation of responsibilities must be clearly documented in the evidence provided.
| DAL | Failure Condition | Resulting Conditions | Objectives | With Independence |
|---|---|---|---|---|
| Level A | Catastrophic | Failure may result in deaths and loss of the aircraft | 71 | 30 |
| Level B | Hazardous | Failure creates a major negative impact on safety or performance or reduces the aircraft crew’s ability to operate the aircraft. This can result in serious or fatal injuries. | 69 | 18 |
| Level C | Major | Failure causes significant reduction of the safety margin or significant increase in the aircraft crew workload. Passenger discomfort or minor injuries can result. | 62 | 5 |
| Level D | Minor | Failure slightly reduces the margin of safety or causes slight increase in aircraft crew workload. Results can include passenger inconvenience or changes to a routine flight plan. | 26 | 2 |
| Level E | No Effect | Failure causes no impact or effect on safety, crew workload, or operation of the aircraft. | 0 | 0 |
