Different Design Assurance Levels are assigned to different software functions or hardware systems, depending on the failure conditions and associated risks. The DALs are used to determine the level of stringency that should be applied to different components of an avionics system. The greater the potential impact of a certain component’s failure, the more secure it must be.
The risks of failure that arise from the five Design Assurance Levels are explained below:
Failure of these components will significantly disrupt the operations (flight and landing) of aircraft, and the effects could be calamitous.
The failure of these components carries life-threatening risks. Crew members would have to work outside their usual conditions.
This carries similar risks as level B, but at a lower scale.
The effects are minimal, causing no more than slight inconvenience for passengers abroad and for the crew as well, who try to work to improve the situation.
At this level, the associated risk of failure is non-existent. This level usually applies to non-safety-critical components of the avionics framework.
The image below explains it better:
There is a caveat, though. These safety guidelines are due for overhauls. The landscape of air flights is not the same as it was years ago when these documents were originally created. For instance, passenger entertainment is defined under level E as a system whose failure does not affect the passengers’ safety and crew on the aircraft.
That used to be the assumption until Chris Roberts, in 2015, breached an airplane he was aboard and caused it to fly sideways briefly after he had hacked into the plane’s In-Flight Entertainment System. Now, airline companies must alter their cybersecurity to avoid any similar incidents.
As more planes and their components become connected (internet-enabled), many air travel companies rethink their approach to safety assurance to include cybersecurity. In any case, there are separate documents such as DO-326A/ED-202A, DO-355, and DO-356 that set guidelines for avionics cybersecurity certification.
Before moving on, let’s consider the two main splits across avionics development: hardware and software, as well as the certification standards guiding them.
- DO-178C: The full title of DO-178C is ‘Software Considerations in Airborne Systems and Equipment Certification.’ It is the holy grail of avionics software development. Its standards are used by the highest aircraft certification bodies. It was introduced to replace DO-178B and also to clarify the ambiguous aspects of the latter. DO-178C is mostly about airworthiness, and it covers aspects such as design, coding, testing quality, assurance, etc.
- DO-254: The main certification document for avionics hardware development is officially titled ‘Design Assurance Guidance for Airborne Electronic Hardware.’ It was introduced at a time when the firmware was seeing indiscriminate adoption in aircraft development. Over time, the details of its requirements have expanded to include complex hardware systems for avionics such as field-programmable gate arrays (FPGA), programmable logic devices (PLD), circuit boards, etc.
Design Assurance and Testing
For software development, these Design Assurance Levels correspond to the level of testing required. In the software aspect, the least level, ‘E,’ does not require any testing. At Level D, engineers must test the high-level requirements while reviewing both high-level and low-level requirements.
Up this level, each level incorporates the testing features of the lower levels, plus additional requirements. At Level C, the engineers must test low-level requirements and high-level requirements while also reviewing the design and code.
Level B includes testing requirements such as target testing as well as proving code decision-condition coverage. At the peak level, A, the extra requirements are to prove source to binary correlation and also modified decision-condition coverage.
Process Assurance and DO-254
Hardware development is more product. Hence, unlike DO-178, DO-254, which is concerned with hardware development, has extra certification requirements, known as Process Assurance. In software development, it is the end product that matters. But that’s not so for hardware components. For the latter, manufacturers are required to document the information of their suppliers and the whole manufacturing process.
According to Afuzion, the five key roles of Process Assurance are:
- Keep records of audits and metrics
- Audit HW suppliers
- Audit production transition
- Assess engineer’s conformance to plans, standards, checklists
- Ensure project’s plans, standards, checklists comply with DO-254
Safety is critical to aircraft development, hence creating design assurance levels to cover aspects of avionics development.
DepositPhotos – aircraft technology