Upload
hoangngoc
View
224
Download
3
Embed Size (px)
Citation preview
www.thalesgroup.com
Th
ale
s A
vio
nic
s –
30th
octo
ber
2012
Feedback on IMA certification and on-going
regulatory work in Europe
Cédric ChevrelSystem & IMA Referent Certification Expert
Airworthiness Certification Directorate
THALES Avionics
International IMA Conference – Moscou 2012
2 /2 / IMA System Certification Manager
Life of a System Certification
Manager before IMA ...
Life of a System Certification
Manager with IMA ...
3 /3 / Content
IMA perimeter in Avionics System
Certification Process
Incremental Certification
Lessons Learned
On-going Regulatory work in Europe
www.thalesgroup.com
Th
ale
s A
vio
nic
s –
30th
octo
ber
2012
Avionics System IMA perimeter
International IMA Conference – Moscou 2012
5 /5 / Avionics System Perimeter
Avionics
System
Flight
Management
Cockpit
Integrated Modular Avionics
Communication Utilities / Cabin
A trend : from Equipment, to Subsystem and Open Avionics System Package
Flight Guidance
& Envelope
Surveillance
Recording
Maintenance
Display and Warning
Localisation
Navigation
6 /6 / Integrated Modular Avionics (IMA)
Now with IMABeforePlatform composed by a set of non system specific and highly configurable computers
ARINC 429
1 function = 1 computer
Multiple systems applications are executed on the same platform and network
Allowing highly integrated architecture, IMA permits recurrent, development
and maintenance cost savings optimizing industrial business model
7 /7 / IMA business model
Platform / Module supplier :
Production, Supply chain, component obsolescence management and
capacity to F3 design in the future
In Service Experience on COTS hardware component (Certification constraint)
RT Operating System (such as A653) skills
Robust Partitioning demonstration (Partitioning) skills
Sub-System Designers / Application Suppliers
Functional domain (Flight Management, Fuel, Cabin...) skills
Functional oriented Software engineering skills
IMA system integrator
Complex integration (mixing software and functional aspects) skills
Incremental Integration & Acceptance
IMA objective : Select the best supplier for each task taking into
each specificity
www.thalesgroup.com
Th
ale
s A
vio
nic
s –
30th
octo
ber
2012
Integrated Modular Avionics Certification Process
THALES Avionics
International IMA Conference – Moscou 2012
9 /9 /
System Development &
Type Certification Contribution
Avionics System
Supplier
(Thales)
Suppliers
Sub-contractors
Contract
Certification Actors
Aircraft
Manufacturer
Type Certification
Airworthiness
Authority
Country A (IAC-AR)
TC Validation
Airworthiness
Authority
Country C (ex:FAA)
Agreements
Arrangements
between AAs
Airworthiness
Authority
Country B (EASA)Technical Standard Order
(TSO) Authorization
TSO installation
TSO Equipment
10 /10 /A
ircra
ft
Aircraft
Certification
Basis
Aircraft
Certification Basis:
- CS 25/AP25/FAR 25
Determination of
Certification Basis
AUTHORITY
CRI F-xx/IP S-xx
A/C Manufacturer
Eq
uip
ment
DO-254
DO-178B
DO-160
HW
SW
Environmental
Equipment
“Qualification”
Basis
Standards
System Supplier
Syste
m
System
ARP4761
ARP4754
IMA
DO-297
System
“Qualification”
Basis
Equipment Supplier
Certification basis flow-down
- Special Conditions,
Exemptions, ESF
AMC (generic)
IM (specific CRI / IP)
11 /11 / IMA FAA/EASA Regulatory materials
FAA :
2002 : TSO C153 « IMA hardware elements »
2003 : AC20-145 about TSO C153 (obsolete with AC20-170)
2004 : AC20-148 about « reusable software component (RSC) »
2010 : AC20-170 making the link between TSO C153, AC20-148 "reusable software component" and DO-297
2012 : PS-ANM-25-08 provides criteria to determine if the guidance in AC 20 170 is applicable (Am I an IMA ?)
EASA :
CRI-Fxx : Interpretative Materials for Integrated Modular Avionics System
CRI-Fxx : Interpretative Materials for Incremental Certification
These regulatory materials are calling on industrial standards as means
of compliance
12 /12 / System/Hardware/Software Industrial Standards
Guidelines for Integrated
Modular Avionics
(DO-297/ED-124)
Electronic Hardware
Development Process
(DO254 / ED-80)
Software
Development Process
(DO178 / ED-12)
Aircraft & System Development
Process
(ARP-4754 / ED-79)
ARP4754 (+ARP4761) and more recently DO297 are structuring IMA system development and certification processes
ARP4754A
DO297
13 /13 / IMA definitions
According to DO-297 :
Generic Perimeter
=
Platform independent from
Avionics functions
Aircraft functions
DO297 shall be used to structure IMA definitions in order to avoir misleading interpretation at the beginning of the certification program
14 /14 / Authority Involvement
PLAN
PHASE
Certification Plan,
Syst. FHA, EQTP,
PSAC, PHAC, PCAC
Specifications and
Design data
Flight/Lab Test
procedures
and results
Certification summary,
SSA, EQTR, SAS, HAS,
CAS, PAS (IMA)REQUIREMENT
PHASE
ARCHITECTURE
PHASE
DESIGN
PHASE
VERIFICATION
PHASE
Accomplishment
Status to the Plan
Manufacturer
requirements
Certification basisSYSTEM / SUB-SYSTEM / EQUIPMENT Development cycle
SOI : Airworthiness Authority Stage of Involvement
SOI1
Plan Review
SOI 2
Development/
Design Audit
SOI3
Verification
Audit
SOI4
Certification
Review
Which kind of authority involvement
and audit reviews with IMA ?
www.thalesgroup.com
Th
ale
s A
vio
nic
s –
30th
octo
ber
2012
Integrated Modular Avionics Incremental Certification
International IMA Conference – Moscou 2012
16 /16 / Integrated Modular Avionics (IMA) certification
Highly Integrated
Architecture
Multi-system
Integration
Open Industrial
Workshare
Robust
Partitioning(*)
One function with
DAL A / DAL D
DO178B
partitioning definition
IMA system
Incremental
Certification
Now with IMABefore
(*) DO297/ED124 definition
In the frame of each TC , specific CRI/IP (IM) are published considering IMA
architecture as a system. But a system whose certification shall be handled via
an incremental process (see DO297)
17 /17 / What was at stake ?
2 ways are identified to manage resources sharing issues at system level:
IMA conventional way (API ARINC 653):
Multi system integration on platform
IMA Incremental way (API ARINC 653 + Incremental process):
Replacement of multi-system integration by qualification credit based on Usage Domain qualified at
platform level
Sub-System 1
Platform
Sub-System n
Platform
Sub-System 1
Sub-System n
Platform
Sub-System 1
Sub-System n
Platform
Sub-System 1
Sub-System n
Platform
Simu/Aircraft
+ other systems
Usage Domain &
IMA Process
Sub- System 1
Platform
Sub- System n
Platform
Sub- System 1
Sub- System n
PlatformCREDITS
Sub-System 1
Sub- System n
Platform
Simu/Aircraft
+ other systems
!
« AA warned about potential difficulties during the compliance demonstration in case of
Incremental approch is not followed. This is derived from the complexity of IMA systems »
V&V activities
18 /18 / What is at stake regarding IMA certification?
What is at stake :
Performance and safety of integrated module in any operational situation. The IMA architecture (including networks) is considered as a complex system of the aircraft.
Independent qualification of some components and credit from some components pre-qualification is needed to simplify final approval.
Qualification credits :
Credit n°1: Bare Module & Tools pre-qualification : Modules & tool chain properties (partitionning, configurability, performances) is demonstrated and guaranteed in a frame of a Usage Domain.
Credit n°2 : A qualified tool chain guarantes that Modules are well configurated compliantly to Usage Domain
Credit n°3: Standalone qualification of Avionic applications are expected to be granted in the context of an integrated module with several functions
Keys Points :
Incremental qualification process shall be defined to master the interactions between the industrial players
Incremental qualification taking benefit from Module & Tool properties (partitionning, configurability & usage domain)
19 /19 / Certification program breakdown
development
Bare module
and Tools
development
Configuration
developmentApplication
Software 1
development
qualification qualification qualification
Aircraft
Certification
Function 3
Function 2
Function 1
Application
acceptationModule
acceptation
Usage Domain
&
PartionningCredit n°1 + n°2 + n°3Credit n°1
Credit n°2 Credit n°3
Qualified
Integrated Module
IMA PROCESS
SYNTHESIS
Tools
functional
performances
Module
Audit Domain
Module Integrator
Audit Domain
Avionic Application (Function)
Audit Domain(s)
IMA system
Domain
Functional Vs
Qualification
1
3
3 2
3
4
x DO297 task
Full incremental
Certification Approach
www.thalesgroup.com
Th
ale
s A
vio
nic
s –
30th
octo
ber
2012
Lesson learnt from recent IMA certification
International IMA Conference – Moscou 2012
21 /21 / Lessons Learned (1)
A/C Certification Basis understanding and good anticipation (Special Conditions, Issue Papers, etc)
Including additional requirements from Importing Authorities.
Including Interpretative Materials about Integration & Incremental Processes (which credit in which context ?).
Good sharing of the Certification Basis by A/C manufacturer with the IMA System Integrator, Application Suppliers and IMA Platform supplier
Joint Certification Strategy
TSOs / ETSOs
Incremental Certification Approach in line with business workshare.
Management of the Sub-contractors with correct cascading of certification requirements
22 /22 / Lessons Learned (2)
Bilateral Agreements or Arrangements between Authorities facilitate and optimize the Certification
Early agreement on a Certification Program structured in several audit domains
IMA System & Integration domain
Application software qualification
Platform qualification (hardware, Operating system and Tools)
Early validation by AA of the HW, SW, SYS Certification Plans (SOI 1) reduce the risk
Simple and Complex Hardware Components classification
Clear roadmap for COTS components (In Service Experience, Errata...)
Keep AA in the loop along the development process
SOI audits in good phasing along with development reviews
Relationship and confidence between Offices of Airworthiness is essential
www.thalesgroup.com
Th
ale
s A
vio
nic
s –
30th
octo
ber
2012
IMA Rulemaking in Europe
What else ?
International IMA Conference – Moscou 2012
24 /24 / Reuse Vs Certification credit
The IMA platforms are composed of elements/modules which are
both generic and configurable.
The IMA elements/modules are designed to be reusable in order to
reduce cost development and facilitate certification programs.
Nevertheless, « reuse » does not mean « certification credit » from
an aircraft to another. The certification credit from the Incremental
Acceptance is only granted for a dedicated Type Certificate (TC).
This credit should be granted independently of the aircraft thanks
to a [European] Technical Standard Order (TSO - Equipement
Certificate) and their certification data package recognised as
certification credit when reused for a new aircraft.
25 /25 / Regulatory materials
IMA Hardware TSO
C153
FAA system EASA system
Functional ETSO
Cxxx
ETSO 2C153
AC 20.170 Certification Review Item
CRI-Fxx : Integrated Modular Avionics System
CRI-Fxx : Incremental Certification
(E)TSO
Authorization
IMA system
Approval
TC
Functional TSO
Cxxx
(Incomplete TSO)Ex : C9c, C52b, C54,
C92c, C101, C106,
C115b, C151b
Functional TSO
Cxxx
(Complete TSO) Component
Qualification
Software
Qualification
Domain# 2, 5, 3, 4, 7
Hardware
Qualification
Domain#1
IMA System Installation(domain#6)
IMA System Installation
Complement
Qualification DO160
Thales promotes an European System (ETSO, AMC) facilitating reuse and
certification credit in IMA systems via an ETSO IMA platform (2C153) and
Software Functional ETSO approach (AMC)
26 /26 / Rulemaking Task (RMT) 0456
ETSO IMA and AMC will be created in EASA regulatory
corpus
ETSO 2C153 shall be developed and published enabling
authorizations at IMA platform/module level, independent from
aircraft.
FAA TSO C153 cannot simply be transposed into an ETSO,
because it does not contain sufficient Mimimum Performance
Specifications (MPS) and do not cover Core Software.
ETSO 2C153 to be complemented by AMC 20-170 (based on
ED124/DO297) to provide more guidance for integration at
function and aircraft level without needing dedicated
Certification Review Item (CRI)
26
RMT.0456 included in EASA Rulemaking Programme 2013-2016
27 /27 / ETSO 2C153 – key concepts
This ETSO refers to IMA platform modules which are appliances composed of Hardware and Core Software or any embedded software module contributing to the intended function of resources sharing.
Seven basic types of IMA platform modules are identified :
TYPE A : Rack Module (only relevant for Cabinet architecture)
TYPE B : Processing Module.
TYPE C : Graphical Processing Module.
TYPE D : Mass Data Storage Module.
TYPE E : Interface module. (Input/Output Module and/or network module)
TYPE F : Power Supply Module (only relevant for Cabinet architecture)
TYPE G : Display Head Module
En equipment can combine several types (e.g B+D)
28 /28 / Thank you for your attention
Any questions? [email protected]