DO-178C quantifies the level of safety needed for an aircraft software system. In an aircraft there are various software systems. Some systems are benign, others are safety critical. Something like a reading light in a passenger compartment would be benign system, if a failure were to occur, the safety of flight is not compromised (unless the passenger throws a tantrum!). In a fly by wire aircraft the control system is generally considered critical to flight.
DO-178C is a standard maintained by the RTCA. The RTCA is a group of aviation professionals that manage standards. It provides a place for manufacturers, user and regulators to come together and provide a consensus of regulations and guidance to managing the technology used in aviation. DO-178C is the guidance the FAA (and other regulation bodies) use to insure avionics and other software systems are certified to the proper level.
DO-178C enhances DO-178B. DO-178C standard was available starting Jan 2012, and was used to update the FAA AC 20-115C during the summer of 2013. There are companion documents related to software, tools, formal methods and testing.
There are 5 safety or Design Assurance Levels (DAL) for DO-178C.
- Catastrophic - Failure may cause multiple fatalities, usually with loss of the airplane. (level A)
- Hazardous - Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers. (level B)
- Major - Failure significantly reduces the safety margin or significantly increases crew workload. May result in passenger discomfort (or even minor injuries). (level C)
- Minor - Failure slightly reduces the safety margin or slightly increases crew workload. Examples might include causing passenger inconvenience or a routine flight plan change. (level D)
- No Effect - Failure has no impact on safety, aircraft operation, or crew workload. (level E)
Like any software project safety, security and quality start with planning. It isn't very easy to add security to an existing product, likewise it may not be easy to add safety and redundancy to an existing product.
DO-178 requires documentation. Items such as the Software Requirements Document (SRD) and the Software Design Description (SDD) are a good idea for all software projects they are required for DO-178 certification. Additional documents include Software Verification Cases and Procedures (SVCP) outlines how the software will be tested, and Software Verification Results (SVP) kind of proves that the SVCP was actually done, and the items passed or not.
The typical deliverables for a DO-178 project will include the SRD, SDD, the executables, the SVCP and the SVP. Additionally there may be code coverage test results to insure the test results hits all good and bad situations. If the software product is an upgrade to an existing package, there may be other documents that include Software Configuration Index (SCI) like the source code control system documentation, and the Software life cycle Environment Configuration Index (SECI) to outline the development and improvement process.
Typically a Designated Engineering Representative (DER) will review the deliverable to insure the system meets the level of certification desired. The DER may work for the company developing the product, or be an external consultant.
There are various tools the developers and the testers can use to insure the certification process was followed. Starting with the documentation there are templates.Web based compliance verification tools are available. DO-178 software test suites are also used.
Some vendors will suggest that a level A certification is something to shoot for. Actually, for any system, the lowest possible level should be what the designers should seek. In an ideal situation, any failure should be an inconvenience, not an emergency. If the engines are running, and the flight controls work the aircraft can be flown to a suitable facility where repairs can be made.
DO-178C is a robust standard that can apply to all software development. DO-178C is required for aviation software systems, and provides customers with piece of mind with regard to systems on the aircraft.