Avionics Software Requirements in DO-178C – For Avionics Engineers and Managers
Good requirements are the foundation of good software, and the only road to “great” software is via great software requirements. In aviation, requirements are paramount in DO-178C for avionics software and DO-254 for avionics hardware logic. Great software requirements are also the cornerstone to DO-278A for CNS/ATM (ground-based systems) and DO-297, Integrated Modular Avionics. But how can you “prescribe” good software requirements? What should a DO-178C Software Requirements Standard contain? What are examples of weak, satisfactory, good, and great software requirements? These questions and more are answered herein.
First, please consider the following requirements “quiz” – do you know the answers? If you’re developing aviation software, you need to know these answers; these and many more are explained in the following pages.
AFuzion Requirements Quiz: Page 81 of 312-page AFuzion Private Training
As avionics system complexity increases, a single level of requirements is insufficient. Perhaps early aviation could suffice with a single level of requirements, but increasing complexity and larger engineering teams implies greater potential for mistaken assumptions. Therefore, aviation systems needing FAA certification or military compliance have multiple levels of requirements including:
Typical Aviation Requirements for ARP4761A, ARP4754A, DO-178C, DO-254, & DO-278A
Each of the above requirement domains likely represents successively increasing granularity, in the order depicted above. Throughout, additional Safety requirements can be decomposed or derived which further clarify necessary aspects of the system, hardware, and software. When systems are particularly complex, any one of the above requirement domains may be further subdivided into two or more levels of requirements. The end result is typified by multiple levels of requirements which enable higher quality through better understandability of the requirement relationships, and the ability to better validate, and then verify, those requirements. Aviation requirement development entails successively more detailed decomposition, with the requirements reviewed at each stage of refinement. For higher development assurance levels (DALs) associated with Hazardous or Catastrophic failure effects, requirement V&V must be proven to be independent, e.g. a different person or team following a process independent from the requirement developer. Safety requirements per ARP4761 (and ARP4754A) should be defined via the PSSA and SSA, and also reviewed by a Designated Engineering Representative (DER) or Compliance Verification Engineer (CVE, for Europe).
As depicted below, there are five inputs to a formal requirements review in ARP4754A, DO-178C, DO-254, and DO-278A; all five must be under configuration control and proven to be used to perform the actual review. These five inputs (which include derived requirements if applicable) to a formal requirements review comprise the entry criteria, whereas the completed requirements review checklist and action item/defect records comprise the exit criteria. This movement from activity entry to exit comprises a “transition”. The requirements verifier for DO-178C and DO-254 performs the transition, then quality assurance audits the transition. This transition is particularly important for DO-178C/DO-254 FAA certification and the equivalent ED-12/ED-80 EASA certification. For reviews, the number of reviewers is unimportant (in fact, it is this author’s experience that the best reviews are accomplished when fewer but better reviewers are used; team size in complex systems is generally inversely proportional to resultant quality and most certainly productivity.) The key to the ARP4754A, DO-178C, andDO-254 requirements review is the application of the corresponding Standard and as well as the Checklist. Typical high-quality safety-critical requirements standards are detailed and 20+ pages in length; high-quality requirements review checklists are similarly detailed and 6-8+ pages in length. This contrasts sharply with non-safety-critical products which often lack requirements standards and checklists, or, when present, are still very light. The following is from AFuzion’s Aviation Requirements Training for DO-178C, DO-254, and ARP4754A:
For the remaining 10 pages of this AFuzion Aviation Requirements Technical Whitepaper, please download below.
Information Request Form
Please provide the following information to receive your full WhitePaper