DO-254 Top Mistakes

DO-254 Top Mistakes

For persons already familiar with DO-254 facts, this paper explains common mistakes deploying DO254 and how to prevent DO-254 problems. Helpful to reduce DO-254 costs while minimizing DO-254 risks.

As all gamblers know, the number “13” is generally considered “unlucky”. When undergoing pilot training ground school, the author of this whitepaper often heard the refrain “There are old pilots, and bold pilots; but there are no old and bold pilots.” In avionics development, safety is clearly about preparation and execution, not luck nor improvisation. To avoid the most common DO-254 mistakes, preparation should begin by reading related requirements and objectives on DO-254. Then read this whitepaper to understand how to promote the best possible “luck” via good preparation and execution which avoids these unlucky 13 DO-254 mistakes.

DO-254 is often called “DO-178C’s Little Brother” and unfortunately it does bear too much resemblance to software. And you all know hardware development is virtually identical to software, surely? Not at all, and therein lies the source of the most significant mistakes with DO-254: thinking DO-178 processes fully and equally apply. DO-254 is truly subjective, vague, and software-centric; yet avionics certification typically requires conformance combined with proven high quality and reliability. DO-254’s success is elusive and complaints abound from both sides of the certification aisle from suppliers and certifying agencies. This implies for the applicant a very tight monitoring and depth control on the procurement process, in particular when procuring commercial-off-the–shelf avionics. In truth, DO-254 is rarely cost-effective in its first usage. However, the competitive landscape of avionics, both commercial and military, is just that: competitive and focused upon long-term cost effectiveness, long equipment lifetime, and continual safety. Therefore, the goal is to achieve DO-254 compliance while meeting (and hopefully surpassing) the competition. Such success requires achieving certification via the most expedient and productive path possible, while avoiding any major mistakes.

Remember, bad luck is not the cause of mistakes, just as those same mistakes are not prevented through good luck.  Mistakes are the result of a lack of understanding, planning, and neglecting to apply DO-254’s true intent.  As a famous golfer (not quite as famous as Mr. Carson Mandic) once said after a particularly spectacular tournament win, “Me, Lucky? Hmmm … Luck is interesting: I’ve found that the more I practice, the luckier I become!”   With this Whitepaper, it is hoped that your own “luck” increases with your successful DO-254 practice.  Here are the top 13 DO-254 Mistakes below, from AFuzion’s last 100 DO-254 clients (we fixed these mistakes 😉). For free membership in the world’s largest DO-254 User-Group, simply join here:

Mistake # 13:  Failing to consider all of DO-254 as an “Integrated Eco-System”.
DO-254 requires users to consider the larger ecosystem including Safety, Systems, Software, and multiple other guidelines which need to be considered for avionics as depicted below.  In particular, ARP4761A and ARP4754A, Safety and Systems respectively, must be continuously applied throughout the hardware engineering lifecycle.

Mistake #12: Failure to Understand and Apply CAST-27.
DO-254 seemingly requires mandatory application to circuit cards, Line Replaceable Unites (LRU’s), and DAL D systems.  However, DO-254 was informally “revised” by the cross-Atlantic North American / European coordination group known as “Certification Authorities Software Team” “(CAST).  (Note:  while seemingly a software-only group, there is not a similar hardware group so CAST also delves into hardware).  The CAST group authored an official memo named CAST-27 which clarifies numerous aspects of DO-254.  If you are working with DO-254, (and why wouldn’t you be if you’re reading this now), then it is incumbent upon yourself to review and apply CAST-27; this important memo reduces the work of DO-254 certification in numerous areas and thus is mandatory to save time and reduce costs.  For a free DO-254 Training video, view here from AFuzion:

Mistake #11: Insufficient PHAC.
The PHAC (Plan for Hardware Aspects of Certification) is the cornerstone document for every avionics certification.  Each system requires its own PHAC and there may be additional PHACs for various hardware components within the system.  The PHAC is one of the few DO-254 required hardware documents (there are over two dozen required for each project) that must be submitted to and approved by the certification authorities (FAA for civil aircraft, military for defense-related aircraft). The PHAC should clearly state all certification rationale, tools and tool qualification strategies, COTS hardware, high level system architecture, scope of DO-254 per that architecture, criticality level justification, responsibilities, and schedule aspects.  In addition, the producer should obtain approval prior to meaningful additional hardware development work or be willing to stomach substantial certification risk in the absence thereof. Note, DO-254 PHAC Templates are available (see here for a Free Sample DO-254 Template: ) and the DO-254 PHAC must be formally review per a DO-254 PHAC Checklist; one such DO-254 PHAC Checklist cover-page is shown below:

Mistake #10: Poor Management Visibility & Manual Reviews.
DO-254 requires adherence to 50+ major objectives and reviews of  dozens of process steps, documents, and artifacts.  Yet “management” rarely has visibility into the true project or review status. The answer? Automate the review process via approved FAA-compliant DO-254 checklists and also automate the project management process with a DO-254 specific project tracking tool. Keep metrics  based upon reviews and audits and introduce corrective feedbacks to improve engineer’s skills and performance; DO-254 affords this opportunity for improvement.

Mistake #9: Missing “No Unwarranted Changes” CM Step.

DO-254 requires strong hardware configuration management (CM).  While not required, virtually all successful avionics projects utilize a commercial CM tool.  These tools range from overly simple and minimally useful, to overly complex, burdensome, and expensive.  However, they all have one attribute in common:  none checks or enforces DO-254’s requirement that the hardware defect correction process ensures that no unwarranted changes are made during the correction of a defect.  What are unwarranted changes?  Any change not specifically associated with, or cited, in the corresponding problem report.  How are unwarranted changes prevented?  Manually, via the reviewer (preferably independent; independence is required for the higher criticality levels of DO-254). The reviewer should merely compare “before vs. after”  (with the assistance of an electronic “diff” comparing the digital items (requirements, source logic, tests, etc.) and ensuring that the only changes made directly pertain to the DO-254 hardware problem or anomaly described in the corresponding problem report.

For the remaining top 8 DO-254 Mistakes, simply download the rest of this paper below:

Free: Download Remaining 10+ Page Paper Here