Upload
zow-niak
View
133
Download
0
Embed Size (px)
DESCRIPTION
Electronic aviation equipment, composed of both hardware and software, plays a critical role to fulfillthe objective of a safe flight. The DO-254 standard, Design Assurance Guidance for Airborne ElectronicHardware, was created in April, 2000 and formally accepted by the FAA in 2005 as a means ofcompliance for the design of complex electronic hardware in airborne systems. The standard wasconceived as the complement to the well-recognized homologous guidance for software, DO-178B. Themain objective of DO-254 is to provide design assurance guidance to assist organizations in thedevelopment of electronic hardware. The intention of this paper is to provide a quick overview of theDO-254 standard for companies, engineers and managers.
Citation preview
Introduction to DO-254 Design Assurance Guidance for Airborne Electronic Hardware
By Esteban Snchez, Project Manager,
Avionyx, 2009
Introduction to DO-254: Design Assurance Guidance for Airborne Electronic Hardware 2
Electronic aviation equipment, composed of both hardware and software, plays a critical role to fulfill
the objective of a safe flight. The DO-254 standard, Design Assurance Guidance for Airborne Electronic
Hardware, was created in April, 2000 and formally accepted by the FAA in 2005 as a means of
compliance for the design of complex electronic hardware in airborne systems. The standard was
conceived as the complement to the well-recognized homologous guidance for software, DO-178B. The
main objective of DO-254 is to provide design assurance guidance to assist organizations in the
development of electronic hardware. The intention of this paper is to provide a quick overview of the
DO-254 standard for companies, engineers and managers.
Criticality and Complexity in DO-254
The DO-254 standard defines five system development assurance levels, A through E, that varies depending on the
criticality of the system (the effect that a system failure represents for the safety of the aircraft). Level A is the
most stringent and it applies to systems whose failures would not allow continued safe flight. , Conversely, level E
is applicable to all those systems whose failures do not affect the operational capability of the aircraft or increase
the workload of the flight crew. The design assurance level determination is performed by the System
Development Process (during this process the system is conceived as a whole from the highest level of the design
hierarchy as it is intended to fit in the aircraft) and flowed down to the Hardware Development Process, where it is
used to drive the level of design assurance required to satisfy certification objectives. The more design assurance
level needed, the more complex and expensive the project will become. In its Appendix A, the DO-254 standard
includes a comprehensive list of data to be produced for each level of design assurance. This appendix is
particularly useful to avoid increasing the scope of the project and produce documents that are not required for
the certification of the electronic hardware.
DO-254 is applicable at the device, board or LRU level, although the compliance is only required at the device level
by the FAA. DO-254 distinguishes between complex and simple electronic devices; however, it recognizes that such
a differentiation is not rigorously defined anywhere. Basically, the standard defines a Simple Electronic Device as:
One that can be demonstrated, through a comprehensive combination of deterministic tests and analyses
appropriate to the design assurance level, to have a correct functional performance under all foreseeable
operation conditions with no anomalous behavior.
In terms of verification, this implies that in order to classify an electronic device as simple, exhaustive testing may
be required. Based on this definition, a Complex Electronic Device can be simply defined as one that cannot be
classified as a Simple Electronic Device. Examples of complex electronic devices include all flavors of
Programmable Logic Devices (PLDs), such as Field Programmable Gate Arrays (FPGAs), Complex Programmable
Logic Devices (CPLDs) and Application Specific Integrated Circuits (ASICs). DO-254 is written to cover all complex
electronic hardware; however, FAA advisory circular 20-152 only requires the standard to be followed for complex
electronic devices with design assurance levels of A, B and C.
Introduction to DO-254: Design Assurance Guidance for Airborne Electronic Hardware 3
Hardware Development Life Cycle
Rather than specifying how the electronic hardware is to be designed, produced and manufactured, DO-254 offers
a comprehensive list of activities that should be performed and artifacts that must be produced during the
hardware development process. The document is not intended to explain how a design should be implemented or
what makes a design approach better than another. The standard focuses on the definition of the hardware
development life cycle, its phases, activities and artifacts.
From a high level perspective, three major groups of processes are identified: 1) Planning Process, 2) Hardware
Design Processes, and, 3) Supporting Processes. With the exception of the planning process, processes 2 and 3 are
further divided into more specific processes, which are described (below) in detail, including objectives, activities
and life cycle data. Figure 1 shows the big picture of the hardware development life cycle processes and their
interactions.
System Process
Requirements Capture
Conceptual Design
Detailed Design Implementation
Production Transition
Planning
Supporting Processes
Hardware Design Processes
Verification and Validation
Configuration Management
Process Assurance
Certification Liaison
DO-254 Hardware Development Life Cycle
Manufacturing Process
Figure 1 - Hardware development life cycle under DO-254
1. Planning Process The overall development of electronic hardware according to DO-254 starts with the Planning Process. No design
data, requirements, schematics or HDL (Hardware Description Language) code is produced in this process,
however it is one of the most important processes as it defines how the hardware development processes and the
supporting processes are to be executed. This definition takes the form of planning documents, which, according
to the standard, can be contained in one or more documents. In addition to the planning documents, DO-254 also
recommends the usage of quality standards to aid in the development of electronic hardware. Both the planning
and quality standards documents constitute the output of the planning process.
2. Hardware Design Process Once the foundations for the development activities have been established in the planning documents, the
Hardware Design Process can be started. The Hardware Design Process is subdivided into five major sub-
processes that are outlined in the following table:
Requirements Identifies the hardware item requirements. The requirements may include
architectural, performance, functional and environmental requirements, as well as
Introduction to DO-254: Design Assurance Guidance for Airborne Electronic Hardware 4
Capture requirements imposed by the system safety assessment. The output of this process is
the Hardware Requirements Data.
Conceptual Design
Produces a high-level design such as a block diagram, architecture description or
circuit card assembly outline. The output of this process is the Conceptual Design
Data.
Detailed Design Uses the hardware requirements and the conceptual design to produce a more
detailed design. The output of this process is the Detailed Design Data.
Implementation In this process, the detailed design is used to produce the actual hardware item. The
output of this process is the hardware item itself.
Production Transition All the resources, including manufacturing data and test facilities are evaluated to
ensure availability and correctness for production of the hardware item.
As part of the hardware design process, the standard mentions the creation of an Acceptance Test, which
demonstrates that the manufactured, modified or repaired part performs as intended. However, no additional
guidelines are provided because it is considered out of the document scope.
3. Supporting Processes Supporting Processes is a group of processes executed in parallel with the planning and hardware design
processes to ensure correctness and completeness of the outputs generated. It is recommended that the activities
in the Supporting Processes group are carried out using personnel that are independent from the personnel
participating in the hardware design processes. The following is a list and a brief description of the supporting
processes.
Validation and Verification
The validation process ensures that the hardware requirements are correct
and complete. The verification process provides assurance that the
hardware item implementation meets all the hardware requirements. All
this is accomplished through tests, analyses and reviews of the hardware
life cycle data.
Configuration Management
Provides the ability to control the hardware life cycle data, so that, if
required, the hardware item or any documentation can be consistently
regenerated in case a modification is required.
Process Assurance
Ensures that the objectives of the life cycle process are accomplished
according to the foundations established in the planning documents or that
deviations have been justified and documented.
Certification Liaison This process constitutes the communication channel between the applicant
and the certification authority.
Introduction to DO-254: Design Assurance Guidance for Airborne Electronic Hardware 5
Why DO-254?
There are several reasons for choosing DO-254 as your standard for electronic hardware development.
The first and most important reason is that DO-254 provides design assurance that will significantly help
to ensure that the electronic hardware performs its intended function with no anomalous behavior
under the foreseeable operation conditions. Secondly, the FAA recommends that the standard is used to
pursue certification of the equipment. Even though the standard is not mentioned to be mandatory,
getting another process approved by the FAA could be cost prohibitive and may greatly impact the
schedule as well.
If you are new to DO-254, Avionyx provides a 3-day Introduction to D-254 class that is offered at RTCA in
Washington, DC, or at your site for groups of 10 or more. For more info, contact us at
Avionyx, S.A.
www.avionyx.com
(321) 821-2365