Avionics Development Transitions
Avionics development requires multiple activities, each with entry/exit criteria. Quality Assurance defines and enforces these “transition criteria”. Learn how to define and comply with DO-178C and DO-254 transition criteria.
When safety is critical, safety-critical systems must ensure the orderly, measured conduct of engineering activities and sustain attention to detail. Quite literally every activity has entry and exit criteria which must be defined and documented in advance with a corresponding set of product and process criteria (that will be used by the FAA) to assess and ensure adherence. For example, before implementing software logic (“coding”), critical systems must have various pre-defined, formally reviewed artifacts in place (under formal configuration control) including software requirements, design data, and software coding standards by which the code can be verified. The order of these engineering activities is thus predicated on “transitions” (mini gate reviews) which must be assessed by QA and sometimes approved by the certification agency (FAA, EASA, Military, etc.) before the development team can proceed to the next phase.
These engineering transitions can be defined in a separate document or embedded within the applicable Software Transition Plan (STP) as an optional document which defines the various software engineering lifecycle transition steps that are performed during planning, development, and V&V. While defined transitions are required per DO-178, many companies embed them within the Software Development Plan (SDP) and the Software Verification Plan (SVP) instead of placing them in a separate STP document. Also, since Quality Assurance (QA) is generally tasked with auditing and assessing adherence to transition criteria, the Software Quality Assurance Plan can detail such.
Transition planning is necessary to show that predefined entry and exit criteria exist for engineering transitions, and that those entry/exit criteria are followed and audited. For example, software requirements must be reviewed and baselined prior to initiating the high-level software design. The following items, i.e. “entry criteria”, must be present prior to the associated software requirements review:
Only when the above seven items are available can the associated Software Requirements Review be initiated. Upon completion of the Software Requirements Review, the following items, e.g. “exit criteria” will be completed:
As an additional example, consider an official for-credit software code review or hardware logic review. For a code review which adheres to DO-178 or DO-278, the following diagram shows the entry and exit artifacts for that review and each of these must be under configuration management (excerpted from AFuzion’s DO-178C training class; further training info in DO-178C available here: https://afuzion.com/private-training/avionics-software-advanced-do-178c-training-class/)
The above Entry and Exit artifacts thus form one “transition”. This transition process is repeated for all of the DO-178C and DO-278A engineering transitions, albeit with different entry and exit criteria defined for each such transition. Now consider the various transitions within a DO-178/278 optimal engineering route; each arrow below constitutes a “transition”:
In the preceding figure, each of the key DO-178C and DO-254 engineering activities is represented by a box and the arrows representing ‘transitions’ connect the boxes from start to finish. Each of these arrows has unique, pre-defined entry tasks, verification, and exit criteria associated with it and those criteria must be satisfied in order for the activity to be deemed appropriately performed. But wait you say: just because the process was followed and transition criteria satisfied, how does that prove product perfection per DO-178C and DO-254 ? It doesn’t. That is not the purpose of process-based transition criteria in avionics certification per DO-178C, DO-278A, DO-297, or DO-254. Assessing transitions is about “process”: ensuring advance consideration and formal definitions of entry/exit criteria, then assessing the degree to which engineering followed. Remember: the verification engineer should use the entry/exit transition artifacts in performing their verification activity; the Quality/Process Assurance personnel then assess that engineer to ensure such transition criteria were followed with evidence thereof. Remember:, there is no such thing as ephemeral product perfection, even in aviation (rather, the ecosystem of safety assessments ensure such imperfections meet acceptable risk factors). Second, engineering reviews are meant to assess product technical attributes while QA conducts transition assessments in order to provide the certification authority with independent objective evidence of process-based compliance aviation guidelines such as DO-178, DO-254, DO-278, et al.
To download the remaining 7 pages of this technical Aviation DO-178C and DO-254 Traceability whitepaper, please download below: