ASSC Workshop

1

• ASSC Workshop
• Kevin Moore Ian Glazebrook
• ERA Technology
• 15th November 2007

2
Agenda

• Welcome
• An introduction to the ASSC
• Current Tasks inc SRL Airworthiness
• The Application of Civil Standards RTCA DO-254
  DO-178B
• QUESTIONS

3
Aim of Today

• Give you an insight into the ASSC
• Objectives, Organisation Execution
• Provide an overview of some of the tasks we are
  currently undertaking
• Provide an understanding of two popular Civil
  Aerospace Standards for Complex Programmable
  Elements
• Discuss some common issues

4
ASSC Introduction includingCurrent Follow-on
Projects
5
ASSC History Makeup

• Formerly the Avionics Systems Standardisation
  Committee
• Now sponsored by the DES
• Emphasis on ASSC Tasks
• Managed by ERA Technology
• Membership 100
• Primes SMEs
• DES, DSTL, Capability Managers

6
ASSC History Organisation
7
ASSC History Organisation
8
ASSC Objectives

• Mission Statement
• To enhance and exploit the role which standards
  contribute to the development and use of military
  systems, to the advantage of the MoD and its
  commercial suppliers

9
ASSC Civil as Possible, Military as Required

• The ASSC will endeavour to provide expert advice
  on the application of existing standards and
  technologies, through the publication of guidance
  documents and hosting seminars and workshops
• Through its network of members it will assist in
  the clarification of opinion on the technical
  content of proposed national and international
  standards

10
ASSC Civil as Possible, Military as Required

• Use its considerable knowledge and expertise to
  influence the standardisation processes, for the
  good of the MoD and it suppliers
• It will seek to encourage the harmonisation of
  military and civil approaches to the definition
  and use of standards
• Promote knowledge transfer and closer working
  relationships between the civil and military
  sectors

11
ASSC Recent Current Projects

• Recent
• Guide to 1553
• Guide to Digital Interface Standards
• ASAAC Review
• Safety Critical C
• DO-178B Study Phase 1

12
ASSC Recent Current Projects

• Current
• Def Stan 00-970 Part 13 Common Fit Equipment
  Support
• DO-254 Study Hazard Analysis for COTS
• DO-178B Study Phase 2 Guidance
• System Readiness Levels Airworthiness Self
  Assessment
• Updated Guide to Open Systems for Military
  Avionics
• Guide to the Acquisition of Secure Systems

13
ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment

• Two AIR models
• Air Maturity Model (AMM) process based
• System Readiness Level Airworthiness (SRL AIR)
  Self assessment
• AMM Sponsored by DMSD
• SRL sponsored by FBG

14
ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment

• AMM is encouraged to assist with the
  understanding of and compliance with JSP 553 plus
  to establish release to service acceptance
  strategies
• SRL is mandatory to underpin the IPTs
  performance score card through the use of self
  assessment

15
ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment

• Uptake and use of the tools is limited due to
  three primary factors
• Limited awareness of the tools
• Lack of consistency between the tools (plus no
  phased deliverables identified and no in-service
  self assessment available)
• No available training or guidance to IPT AIR
  staff

16
ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment
Safety
EMC
SW
Certification

• Deliverables
• SRL AIRWORTHINESS Amendment
• Improved JSP553 Guidance notes separate report
  available
• Phased deliverables identified
• Better alignment to DMSD audits
• In Service Managementassessment introduced

Evidence Results
SRL Airworthiness Assessment
ASSC Mapping Process and Review
Certification
DMSD Airworthiness Maturity Model
Process Enabler
Phase 1 Gather and Analyse
Phase 2 SRL Amendment
17
AMM (Process) and SRL (Assessment)
Process
Assessment
18
Implemented Agreed Changes
Process
Assessment
Airworthiness Maturity Model Version
3.2 Incorp. JSP 553 Change 4
Develop and document top-level standards
and objectives for Airworthiness, Safety and
Environment
Identify potential Regulatory regimes Safety Air
worthiness Environmental
Identify safety stakeholders and Establish
intended methodologies for safety management
For each option
Requirements definition
AIR1
Definition of Baseline Safety Requirements
and High-level Safety Strategy
Develop and document safety management requirement
s, policies, standards and procedures
Develop framework of Safety and Environment Manage
ment Plan- submit for approval and acceptance
Undertake preliminary hazard assessment
(lessons learnt) submit for approval and
acceptance
Maintain and expand targets for Airworthiness
Safety and environment to be option specific
Document initial Safety, airworthiness and
environment Strategy for project- submit for
approval and acceptance
Establish Project Safety Panel,
identify competent persons and advisory bodies
Initial Gate
AIR1
Initial Gate Submission
Document and implement key findings and outcomes
of assessment phase and develop
outline In-Service safety Management system
Assess safety,environmental and airworthiness
evidence for chosenoption, reviewcontractor
strategiesand roles
Develop ITEA,organise independentsafety
activities andTE. Raise tasks withappropriate
bodiesand specialists
Operate project safety panel. Issue delegations/e
xternal tasking. Identify and evaluate
competent designer and trials organisation
Develop and Document Safety And
Environmental Management Plans Submit for
approval and acceptance
Develop initial draft of Safety Case and
hazard assessment-produce evidence submit for
approval and acceptance
Co-ordinate airworthiness and safety
management With interfacing project/teams
Establish formal regulatory regimes, design/safety
standards and policies
AIR2 to
Main Gate
AIR4
Main Gate Submission
Update Project Safety Management Panel
Procedures and initiate formal Hazard Controls
Complete design/ operating Safety Cases,
obtain independent assessment, document
RTS. Submit for Certification, Recommendation, Aut
horisation
Document and implement in-Service safety
management systems
Generateairworthinesscertification andsafety
evidencefrom test and trials
Undertake final production and validation of the
Aircraft Document Set
Construct and deliver certificates of design and
complete Type and Production Acceptance
Arrange Military Aircraft Registration
AIR5 to
Entry into Service
AIR8
Approval of initial RTS. Initial entry
into Service.
Design Changes/ Service Modifications/Repairs (inc
luding Role/ Support Equipment
Decommission/ Retention/ Disposal (Planned/ Uninte
nded)
Maintenance of Structures, Engine and System
Integrity
Emergency Clearances (CLE, TC, SD)
RTS Review and IPT/ RTSA Activity
Incident, Accident And Occurrence Reporting
In-service management
Ageing Management
AIR9
End
19
SRL Screen Save
20
ASSC Task 14 - System Readiness Levels
Implemented AIR Phases

• Air-1 Concept Phase Airworthiness baseline
  requirements, high level strategy
• Air-2 Main Gate Phase Airworthiness and Safety
  management implementation
• Air-3 Design, Test Evaluation Requirements,
  Management and Implementation
• Air-4 Main Gate Submission evidence, documents
  and processes

21
ASSC Task 14 - System Readiness Levels
Implemented AIR Phases

• Air-5 Release To Service Phase Airworthiness and
  Safety implementation
• Air-6 Construct and deliver certificates of
  design and complete Type and Production
  Acceptance
• Air-7 Military Aircraft Registration
• Air-8 Release To Service Submission evidence,
  documents and processes
• Air-9 In-Service Airworthiness process management
  and implementation

22
ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment

• ASSC follow-on Task will provide
• increased awareness and improved use of the SRL
  Air self assessment
• Guidance training workshops
• Scope of this task will include
• Briefing Air Safety Managers
• The provision of training 1st quarter 2008

23
ASSC Task 14 - System Readiness Levels
Airworthiness Self Assessment

• Tasking
• Briefing pack dissemination - Air Safety Manager
  working group meetings
• Training Pack preparation for the Air Safety
  Managers (and associated team members)
• Provision of 1 day Training at ABW, Wyton and
  Yeovilton (3 days total)

24

• Application of RTCA DO 178B and RTCA DO 254
• Ian Glazebrook

25
Guidance Hierarchy supporting Regulations
Regulations JSP 553, FAR, CS eg FAR/CS 25
Safety Assessment SAE ARP 4761
System SafetyDef Stan 00-56 (Issue 4), SAE ARP
4754,CS 251309
Software Safety RTCA DO-178B Def Stan 00-55
Hardware Safety RTCA DO-254 Def Stan 00-54
Environmental RTCA DO-160Def Stan Def Stan
59-41
26
Examples of Critical Failure Conditions

• Display of misleading attitude information to
  both pilots without a warning
• Autopilot hardover beyond structural limits.
• Uncommanded reverse thrust deployment at high
  engine power and critical flight phase
• Engine rotational overspeed together with loss of
  overspeed protection

100 such system Failure Conditions are assumed to
exist.
27
Relationship to Failure Conditions
28
Some Example Development Levels
29

• RTCA DO-178B, Software Considerations in Airborne
  Systems and Equipment Certification

30
Software Levels and Outputs

• RTCA DO-178B defines
• Objectives of the software life cycle processes
• Process activities
• Evidence of compliance required at different
  software levels. 
• Software levels are chosen by determining the
  severity of failure conditions that may affect
  the aircraft and its occupants.  

31
Software Levels and Outputs

• Failure conditions have a corresponding level
  and for each level, there is a set of process
  objectives that must be satisfied. 
• (Ref. AC 25-1309-1A, Advisory Circular, Federal
  Aviation Administration). 

32
Incremental Activities By Software Level
Level C Expanded planning. Verify requirements,
design, integral processes. Test Low level
requirements. Verify test plan, test procedures,
and results. Low Level Requirements test
coverage. Statement test coverage. Structural
coverage (data and control).
Level D Planning. High Level Req test
Coverage. High Level Robustness. Object
code-target Compatibility. Partitioning. Tool
Qualification. Configuration Management. Quality
Assurance Certification Liaison.
Level B Compatibility with target
computer. Decision coverage. Verifiability. Transi
tion criteria assurance. Independence.
Level A More independence. MCDC coverage. Source
to Object code (6.4.4.2b).
33
Hidden Objectives

• RTCA DO 178B sometimes requires the capture of
  evidence beyond Annex A objectives
• User Modifiable (2.4, 5.2.3)
• Option Selectable, COTS (2.4)
• Field Loadable (2.5)
• Language and compiler considerations (4.4.2)
• Deactivated Code (4.2, 5.4.3)
• Structural coverage analysis resolution (6.4.4.3)
  
• Tool Qualification (12.2)

34

• RTCA DO-254, Design Assurance Guidance For
  Airborne Electronic Hardware, dated April 19,
  2000

35
RTCA DO 254 Introduction

• Guidelines for the production of PLDs for
  airborne systems and equipment
• Given "force" by the FAA AC 20-152 on 30th June
  2005
• Field Programmable Gate Array (FPGA)
• Programmable Systems-on-Chip (PSoC)
• Complex Programmable Logic Device (CPLD)
• Application Specific Integrated Circuit (ASIC)

36
RTCA DO 254 Introduction

• Based on RTCA DO 178B (Software), often
  considered the same as SW as they are programmed
  like SW - Incorrect.
• Provides level of rigor based on severity
• Objectives for Hardware life cycle processes
• Descriptions of design considerations and
  activities for achieving those objectives
• Descriptions of the evidence that indicate that
  the objectives have been satisfied

37
Lifecycle Processes

• RTCA DO-254 defines Hardware Life-Cycle
  Processes
• Planning Process
• Hardware Design Processes
• Requirements, Design, Implementation, Production,
  Test
• Validation Process
• Verification Process

38
Lifecycle Processes

• Configuration Management Process
• Process Assurance
• Certification Liaison Process
• Similar to RTCA DO-178B

39
Objectives By Assurance Level
Based on Table A-1, RTCA DO 254, Page A-2
40
Additional Considerations for PLDs

• Issues over and above Software
• Performance of time-related functions
• Signal noise and cross-talk and signal timing
  relationships
• Signal glitches in asynchronous logic circuits
• Possible state transitions, anticipated or not
• Supply voltage and current demands
• Obsolescence
• Single Event Upset (SEU)

41
Common Problems

• Inadequate Requirements Specification
• No Requirements Traceability
• Compliance and Conformance Assessment following
  development
• Re-engineering of Processes
• Inadequate Configuration Management and Change
  Control

42
Common Problems

• Long time to issue and accept standards
• Proliferation of COTS / SOUP, including Tool
  Qualification
• Unrealistic timescales and cost restrictions
• Obsolescence

43
Questions?

• Web www.ASSConline.co.uk
• Email ASSC_at_ERA.co.uk
• Contact Christopher Hall
• ASSC Programme Manager 01372 36408
• MoD Contact Flt Lt Phil Gorse
• Software Support Division 0117 9130157
• E-mail DESSEMS-FT-Hard_at_mod.uk
• MoD Sponsor Sqn Ldr Mike Place
• Software Support Division