Title: ASSC Workshop
1- ASSC Workshop
- Kevin Moore Ian Glazebrook
- ERA Technology
- 15th November 2007
2Agenda
- Welcome
- An introduction to the ASSC
- Current Tasks inc SRL Airworthiness
- The Application of Civil Standards RTCA DO-254
DO-178B - QUESTIONS
3Aim of Today
- Give you an insight into the ASSC
- Objectives, Organisation Execution
- Provide an overview of some of the tasks we are
currently undertaking - Provide an understanding of two popular Civil
Aerospace Standards for Complex Programmable
Elements - Discuss some common issues
4ASSC Introduction includingCurrent Follow-on
Projects
5ASSC History Makeup
- Formerly the Avionics Systems Standardisation
Committee - Now sponsored by the DES
- Emphasis on ASSC Tasks
- Managed by ERA Technology
- Membership 100
- Primes SMEs
- DES, DSTL, Capability Managers
6ASSC History Organisation
7ASSC History Organisation
8ASSC Objectives
- Mission Statement
- To enhance and exploit the role which standards
contribute to the development and use of military
systems, to the advantage of the MoD and its
commercial suppliers
9ASSC Civil as Possible, Military as Required
- The ASSC will endeavour to provide expert advice
on the application of existing standards and
technologies, through the publication of guidance
documents and hosting seminars and workshops - Through its network of members it will assist in
the clarification of opinion on the technical
content of proposed national and international
standards
10ASSC Civil as Possible, Military as Required
- Use its considerable knowledge and expertise to
influence the standardisation processes, for the
good of the MoD and it suppliers - It will seek to encourage the harmonisation of
military and civil approaches to the definition
and use of standards - Promote knowledge transfer and closer working
relationships between the civil and military
sectors
11ASSC Recent Current Projects
- Recent
- Guide to 1553
- Guide to Digital Interface Standards
- ASAAC Review
- Safety Critical C
- DO-178B Study Phase 1
12ASSC Recent Current Projects
- Current
- Def Stan 00-970 Part 13 Common Fit Equipment
Support - DO-254 Study Hazard Analysis for COTS
- DO-178B Study Phase 2 Guidance
- System Readiness Levels Airworthiness Self
Assessment - Updated Guide to Open Systems for Military
Avionics - Guide to the Acquisition of Secure Systems
13ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
- Two AIR models
- Air Maturity Model (AMM) process based
- System Readiness Level Airworthiness (SRL AIR)
Self assessment - AMM Sponsored by DMSD
- SRL sponsored by FBG
14ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
- AMM is encouraged to assist with the
understanding of and compliance with JSP 553 plus
to establish release to service acceptance
strategies - SRL is mandatory to underpin the IPTs
performance score card through the use of self
assessment
15ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
- Uptake and use of the tools is limited due to
three primary factors - Limited awareness of the tools
- Lack of consistency between the tools (plus no
phased deliverables identified and no in-service
self assessment available) - No available training or guidance to IPT AIR
staff
16ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
Safety
EMC
SW
Certification
- Deliverables
- SRL AIRWORTHINESS Amendment
- Improved JSP553 Guidance notes separate report
available - Phased deliverables identified
- Better alignment to DMSD audits
- In Service Managementassessment introduced
Evidence Results
SRL Airworthiness Assessment
ASSC Mapping Process and Review
Certification
DMSD Airworthiness Maturity Model
Process Enabler
Phase 1 Gather and Analyse
Phase 2 SRL Amendment
17AMM (Process) and SRL (Assessment)
Process
Assessment
18Implemented Agreed Changes
Process
Assessment
Airworthiness Maturity Model Version
3.2 Incorp. JSP 553 Change 4
Develop and document top-level standards
and objectives for Airworthiness, Safety and
Environment
Identify potential Regulatory regimes Safety Air
worthiness Environmental
Identify safety stakeholders and Establish
intended methodologies for safety management
For each option
Requirements definition
AIR1
Definition of Baseline Safety Requirements
and High-level Safety Strategy
Develop and document safety management requirement
s, policies, standards and procedures
Develop framework of Safety and Environment Manage
ment Plan- submit for approval and acceptance
Undertake preliminary hazard assessment
(lessons learnt) submit for approval and
acceptance
Maintain and expand targets for Airworthiness
Safety and environment to be option specific
Document initial Safety, airworthiness and
environment Strategy for project- submit for
approval and acceptance
Establish Project Safety Panel,
identify competent persons and advisory bodies
Initial Gate
AIR1
Initial Gate Submission
Document and implement key findings and outcomes
of assessment phase and develop
outline In-Service safety Management system
Assess safety,environmental and airworthiness
evidence for chosenoption, reviewcontractor
strategiesand roles
Develop ITEA,organise independentsafety
activities andTE. Raise tasks withappropriate
bodiesand specialists
Operate project safety panel. Issue delegations/e
xternal tasking. Identify and evaluate
competent designer and trials organisation
Develop and Document Safety And
Environmental Management Plans Submit for
approval and acceptance
Develop initial draft of Safety Case and
hazard assessment-produce evidence submit for
approval and acceptance
Co-ordinate airworthiness and safety
management With interfacing project/teams
Establish formal regulatory regimes, design/safety
standards and policies
AIR2 to
Main Gate
AIR4
Main Gate Submission
Update Project Safety Management Panel
Procedures and initiate formal Hazard Controls
Complete design/ operating Safety Cases,
obtain independent assessment, document
RTS. Submit for Certification, Recommendation, Aut
horisation
Document and implement in-Service safety
management systems
Generateairworthinesscertification andsafety
evidencefrom test and trials
Undertake final production and validation of the
Aircraft Document Set
Construct and deliver certificates of design and
complete Type and Production Acceptance
Arrange Military Aircraft Registration
AIR5 to
Entry into Service
AIR8
Approval of initial RTS. Initial entry
into Service.
Design Changes/ Service Modifications/Repairs (inc
luding Role/ Support Equipment
Decommission/ Retention/ Disposal (Planned/ Uninte
nded)
Maintenance of Structures, Engine and System
Integrity
Emergency Clearances (CLE, TC, SD)
RTS Review and IPT/ RTSA Activity
Incident, Accident And Occurrence Reporting
In-service management
Ageing Management
AIR9
End
19SRL Screen Save
20ASSC Task 14 - System Readiness Levels
Implemented AIR Phases
- Air-1 Concept Phase Airworthiness baseline
requirements, high level strategy - Air-2 Main Gate Phase Airworthiness and Safety
management implementation - Air-3 Design, Test Evaluation Requirements,
Management and Implementation - Air-4 Main Gate Submission evidence, documents
and processes
21ASSC Task 14 - System Readiness Levels
Implemented AIR Phases
- Air-5 Release To Service Phase Airworthiness and
Safety implementation - Air-6 Construct and deliver certificates of
design and complete Type and Production
Acceptance - Air-7 Military Aircraft Registration
- Air-8 Release To Service Submission evidence,
documents and processes - Air-9 In-Service Airworthiness process management
and implementation
22ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
- ASSC follow-on Task will provide
- increased awareness and improved use of the SRL
Air self assessment - Guidance training workshops
- Scope of this task will include
- Briefing Air Safety Managers
- The provision of training 1st quarter 2008
23ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
- Tasking
- Briefing pack dissemination - Air Safety Manager
working group meetings - Training Pack preparation for the Air Safety
Managers (and associated team members) - Provision of 1 day Training at ABW, Wyton and
Yeovilton (3 days total)
24- Application of RTCA DO 178B and RTCA DO 254
- Ian Glazebrook
25Guidance Hierarchy supporting Regulations
Regulations JSP 553, FAR, CS eg FAR/CS 25
Safety Assessment SAE ARP 4761
System SafetyDef Stan 00-56 (Issue 4), SAE ARP
4754,CS 251309
Software Safety RTCA DO-178B Def Stan 00-55
Hardware Safety RTCA DO-254 Def Stan 00-54
Environmental RTCA DO-160Def Stan Def Stan
59-41
26Examples of Critical Failure Conditions
- Display of misleading attitude information to
both pilots without a warning - Autopilot hardover beyond structural limits.
- Uncommanded reverse thrust deployment at high
engine power and critical flight phase - Engine rotational overspeed together with loss of
overspeed protection
100 such system Failure Conditions are assumed to
exist.
27Relationship to Failure Conditions
28Some Example Development Levels
29- RTCA DO-178B, Software Considerations in Airborne
Systems and Equipment Certification
30Software Levels and Outputs
- RTCA DO-178B defines
- Objectives of the software life cycle processes
- Process activities
- Evidence of compliance required at different
software levels. - Software levels are chosen by determining the
severity of failure conditions that may affect
the aircraft and its occupants.
31Software Levels and Outputs
- Failure conditions have a corresponding level
and for each level, there is a set of process
objectives that must be satisfied. - (Ref. AC 25-1309-1A, Advisory Circular, Federal
Aviation Administration).
32Incremental Activities By Software Level
Level C Expanded planning. Verify requirements,
design, integral processes. Test Low level
requirements. Verify test plan, test procedures,
and results. Low Level Requirements test
coverage. Statement test coverage. Structural
coverage (data and control).
Level D Planning. High Level Req test
Coverage. High Level Robustness. Object
code-target Compatibility. Partitioning. Tool
Qualification. Configuration Management. Quality
Assurance Certification Liaison.
Level B Compatibility with target
computer. Decision coverage. Verifiability. Transi
tion criteria assurance. Independence.
Level A More independence. MCDC coverage. Source
to Object code (6.4.4.2b).
33Hidden Objectives
- RTCA DO 178B sometimes requires the capture of
evidence beyond Annex A objectives - User Modifiable (2.4, 5.2.3)
- Option Selectable, COTS (2.4)
- Field Loadable (2.5)
- Language and compiler considerations (4.4.2)
- Deactivated Code (4.2, 5.4.3)
- Structural coverage analysis resolution (6.4.4.3)
- Tool Qualification (12.2)
34- RTCA DO-254, Design Assurance Guidance For
Airborne Electronic Hardware, dated April 19,
2000
35RTCA DO 254 Introduction
- Guidelines for the production of PLDs for
airborne systems and equipment - Given "force" by the FAA AC 20-152 on 30th June
2005 - Field Programmable Gate Array (FPGA)
- Programmable Systems-on-Chip (PSoC)
- Complex Programmable Logic Device (CPLD)
- Application Specific Integrated Circuit (ASIC)
36RTCA DO 254 Introduction
- Based on RTCA DO 178B (Software), often
considered the same as SW as they are programmed
like SW - Incorrect. - Provides level of rigor based on severity
- Objectives for Hardware life cycle processes
- Descriptions of design considerations and
activities for achieving those objectives - Descriptions of the evidence that indicate that
the objectives have been satisfied
37Lifecycle Processes
- RTCA DO-254 defines Hardware Life-Cycle
Processes - Planning Process
- Hardware Design Processes
- Requirements, Design, Implementation, Production,
Test - Validation Process
- Verification Process
38Lifecycle Processes
- Configuration Management Process
- Process Assurance
- Certification Liaison Process
- Similar to RTCA DO-178B
39Objectives By Assurance Level
Based on Table A-1, RTCA DO 254, Page A-2
40Additional Considerations for PLDs
- Issues over and above Software
- Performance of time-related functions
- Signal noise and cross-talk and signal timing
relationships - Signal glitches in asynchronous logic circuits
- Possible state transitions, anticipated or not
- Supply voltage and current demands
- Obsolescence
- Single Event Upset (SEU)
41Common Problems
- Inadequate Requirements Specification
- No Requirements Traceability
- Compliance and Conformance Assessment following
development - Re-engineering of Processes
- Inadequate Configuration Management and Change
Control
42Common Problems
- Long time to issue and accept standards
- Proliferation of COTS / SOUP, including Tool
Qualification - Unrealistic timescales and cost restrictions
- Obsolescence
43Questions?
- Web www.ASSConline.co.uk
- Email ASSC_at_ERA.co.uk
- Contact Christopher Hall
- ASSC Programme Manager 01372 36408
- MoD Contact Flt Lt Phil Gorse
- Software Support Division 0117 9130157
- E-mail DESSEMS-FT-Hard_at_mod.uk
- MoD Sponsor Sqn Ldr Mike Place
- Software Support Division