AC 20-115

Last updated
Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( )
US-FederalAviationAdmin-Seal.svg
FAA Publication
AbbreviationAC 20-115
Year started1982
Latest versionD
2017 (2017)
Organization Federal Aviation Administration
Domain Aviation safety
Website FAA

The Advisory Circular AC 20-115( ), Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( ) (previously Airborne Software Assurance), recognizes [1] the RTCA published standard DO-178 as defining a suitable means for demonstrating compliance for the use of software within aircraft systems. [2] [3] The present revision D of the circular identifies ED-12/DO-178 Revision C as the active revision of that standard and particularly acknowledges the synchronization of ED-12 and DO-178 at that revision. [4]

Contents

This Advisory Circular calls attention to ED-12C/DO-178C as "an acceptable means, but not the only means," to secure FAA approval of software. The earliest revisions of the Advisory Circular were brief, serving little more than to call attention to active DO-178 revisions. The Advisory Circular revisions C and D are considerably longer, giving guidance in modifying and re-using software previously approved using DO-178, DO-178A, or DO-178B (preceding revisions of the DO-178 standard). Additionally, the expanded AC now provides guidance for Field Loadable Software and User Modifiable Software within aircraft software. Transition of legacy tool qualification from DO-178B to DO-330 is also discussed, with comparison of ED-12B/DO-178B Tool Qualification Type with ED-12C/ED-215 DO-178C/DO-330 Tool Qualification Level. [5]

Revision History

History of AC 20-115
RevisionYearSummary
AC 20-1151982Called attention to RTCA DO-178. [6]
AC 20-115A1986Called attention to RTCA DO-178A. [6] [7]
AC 20-115B1993Called attention to RTCA DO-178B. [8]
AC 20-115C2013Calls attention to RTCA DO-178C [3] w/guidance for Rev B to Rev C change. [9]
AC 20-115D2017Minor updates largely to harmonize with EASA guidance. [10] [4] [11]
Additional Guidance for Field Loadable Software and for User Modifiable Software.

Related Research Articles

Avionics software is embedded software with legally mandated safety and reliability concerns used in avionics. The main difference between avionic software and conventional embedded software is that the development process is required by law and is optimized for safety. It is claimed that the process described below is only slightly slower and more costly than the normal ad hoc processes used for commercial software. Since most software fails because of mistakes, eliminating the mistakes at the earliest possible step is also a relatively inexpensive and reliable way to produce software. In some projects however, mistakes in the specifications may not be detected until deployment. At that point, they can be very expensive to fix.

DO-178B, Software Considerations in Airborne Systems and Equipment Certification is a guideline dealing with the safety of safety-critical software used in certain airborne systems. It was jointly developed by the safety-critical working group RTCA SC-167 of the Radio Technical Commission for Aeronautics (RTCA) and WG-12 of the European Organisation for Civil Aviation Equipment (EUROCAE). RTCA published the document as RTCA/DO-178B, while EUROCAE published the document as ED-12B. Although technically a guideline, it was a de facto standard for developing avionics software systems until it was replaced in 2012 by DO-178C.

A hazard analysis is used as the first step in a process used to assess risk. The result of a hazard analysis is the identification of different types of hazards. A hazard is a potential condition and exists or not. It may, in single existence or in combination with other hazards and conditions, become an actual Functional Failure or Accident (Mishap). The way this exactly happens in one particular sequence is called a scenario. This scenario has a probability of occurrence. Often a system has many potential failure scenarios. It also is assigned a classification, based on the worst case severity of the end condition. Risk is the combination of probability and severity. Preliminary risk levels can be provided in the hazard analysis. The validation, more precise prediction (verification) and acceptance of risk is determined in the risk assessment (analysis). The main goal of both is to provide the best selection of means of controlling or eliminating the risk. The term is used in several engineering specialties, including avionics, food safety, occupational safety and health, process safety, reliability engineering.

<span class="mw-page-title-main">ARP4761</span>

ARP4761, Guidelines for Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment is an Aerospace Recommended Practice from SAE International. In conjunction with ARP4754, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S. Federal Aviation Administration (FAA) airworthiness regulations for transport category aircraft, and also harmonized international airworthiness regulations such as European Aviation Safety Agency (EASA) CS–25.1309.

<span class="mw-page-title-main">ARP4754</span> Aerospace Practice

ARP4754, Aerospace Recommended Practice (ARP) ARP4754B, is a guideline from SAE International, dealing with the development processes which support certification of Aircraft systems, addressing "the complete aircraft development cycle, from systems requirements through systems verification." Revision A was released in December 2010. It was recognized by the FAA through Advisory Circular AC 20-174 published November 2011. EUROCAE jointly issues the document as ED–79.

RTCA DO-254 / EUROCAE ED-80, Design Assurance Guidance for Airborne Electronic Hardware is a document providing guidance for the development of airborne electronic hardware, published by RTCA, Incorporated and EUROCAE. The DO-254/ED-80 standard was formally recognized by the FAA in 2005 via AC 20-152 as a means of compliance for the design assurance of electronic hardware in airborne systems. The guidance in this document is applicable, but not limited, to such electronic hardware items as

DOD-STD-2167A, titled "Defense Systems Software Development", was a United States defense standard, published on February 29, 1988, which updated the less well known DOD-STD-2167 published 4 June 1985. This document established "uniform requirements for the software development that are applicable throughout the system life cycle." This revision was written to allow the contractor more flexibility and was a significant reorganization and reduction of the previous revision; e.g.., where the previous revision prescribed pages of design and coding standards, this revision only gave one page of general requirements for the contractor's coding standards; while DOD-STD-2167 listed 11 quality factors to be addressed for each software component in the SRS, DOD-STD-2167A only tasked the contractor to address relevant quality factors in the SRS. Like DOD-STD-2167, it was designed to be used with DOD-STD-2168, "Defense System Software Quality Program".

<span class="mw-page-title-main">DO-160</span>

DO-160, Environmental Conditions and Test Procedures for Airborne Equipment is a standard for the environmental testing of avionics hardware. It is published by the Radio Technical Commission for Aeronautics (RTCA) and supersedes DO-138.

<span class="mw-page-title-main">LDRA</span> Software companies of the United Kingdom

LDRA is a provider of software analysis, test, and requirements traceability tools for the Public and Private sectors. It is a pioneer in static and dynamic software analysis.

DO-178C, Software Considerations in Airborne Systems and Equipment Certification is the primary document by which the certification authorities such as FAA, EASA and Transport Canada approve all commercial software-based aerospace systems. The document is published by RTCA, Incorporated, in a joint effort with EUROC and replaces DO-178B. The new document is called DO-178C/ED-12C and was completed in November 2011 and approved by the RTCA in December 2011. It became available for sale and use in January 2012.

<span class="mw-page-title-main">Advisory circular</span>

Advisory circular (AC) refers to a type of publication offered by the Federal Aviation Administration (FAA) to "provide a single, uniform, agency-wide system … to deliver advisory (non-regulatory) material to the aviation community." Advisory circulars are now harmonized with soft law Acceptable Means of Compliance (AMC) publications of EASA, which are nearly identical in content. The FAA's Advisory Circular System is defined in FAA Order 1320.46D.

<span class="mw-page-title-main">AC 25.1309-1</span> American aviation regulatory document

AC 25.1309–1 is an FAA Advisory Circular (AC) that identifies acceptable means for showing compliance with the airworthiness requirements of § 25.1309 of the Federal Aviation Regulations. Revision A was released in 1988. In 2002, work was done on Revision B, but it was not formally released; the result is the Rulemaking Advisory Committee-recommended revision B-Arsenal Draft (2002). The Arsenal Draft is "considered to exist as a relatively mature draft". The FAA and EASA have subsequently accepted proposals by type certificate applicants to use the Arsenal Draft on development programs.

<span class="mw-page-title-main">FAA Order 8110.105</span> American regulatory order

FAA Order 8110.105B, Airborne Electronic Hardware Approval Guidelines is an explanation of how Federal Aviation Administration (FAA) personnel can use and apply the publication

<span class="mw-page-title-main">AC 20-152</span>

The Advisory Circular AC 20-152A, Development Assurance for Airborne Electronic Hardware, identifies the RTCA-published standard DO-254 as defining "an acceptable means, but not the only means" to secure FAA approval of complex custom micro-coded components within aircraft systems with Item Design Assurance Levels (IDAL) of A, B, or C. Specifically excluding COTS microcontrollers, complex custom micro-coded components include field programmable gate arrays (FPGA), programmable logic devices (PLD), and application-specific integrated circuits (ASIC), particularly in cases where correctness and safety can not be verified with testing alone, necessitating methodical design assurance.

DO-248C, Supporting Information for DO-178C and DO-278A, published by RTCA, Incorporated, is a collection of Frequently Asked Questions and Discussion Papers addressing applications of DO-178C and DO-278A in the safety assurance of software for aircraft and software for CNS/ATM systems, respectively. Like DO-178C and DO-278A, it is a joint RTCA undertaking with EUROCAE and the document is also published as ED-94C, Supporting Information for ED-12C and ED-109A. The publication does not provide any guidance additional to DO-178C or DO-278A; rather, it only provides clarification for the guidance established in those standards. The present revision is also expanded to include the "Rationale for DO-178C/DO-278A" section to document items that were considered when developing DO-178B and then DO-178C, DO-278A, and DO-330, as well as the supplements that accompany those publications.

CAST-32A, Multi-core Processors is a position paper, by the Certification Authorities Software Team (CAST). It is not official guidance, but is considered informational by certification authorities such as the FAA and EASA. A key point is that Multi-core processor "interference can affect execution timing behavior, including worst case execution time (WCET)."

DO-297, Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations is one of the primary document by which certification authorities such as the FAA and EASA approve Integrated Modular Avionics (IMA) systems for flight. The FAA Advisory Circular (AC) 20-170 refers to DO-297.

The Advisory Circular AC 00-69, Best Practices for Airborne Software Development Assurance Using EUROCAE ED-12( ) and RTCA DO-178( ), initially issued in 2017, supports application of the active revisions of ED-12C/DO-178C and AC 20-115. The AC does not state FAA guidance, but rather provides information in the form of "best practices" complementary to the objectives of ED-12C/DO-178C.

The Certification Authorities Software Team (CAST) is an international group of aviation certification and regulatory authority representatives. The organization of has been a means of coordination among representatives from certification authorities in North and South America, Europe, and Asia, in particular, the FAA and EASA. The focus of the organization has been harmonization of Certification Authorities activities in part though clarification and improvement of the guidance provided by DO-178 and DO-254.

<span class="mw-page-title-main">CAST-15</span>

CAST-15, Merging High-Level and Low-Level Requirements is a Certification Authorities Software Team (CAST) Position Paper. It is an FAA publication that "does not constitute official policy or guidance from any of the authorities", but is provided to applicants for software and hardware certification for educational and informational purposes only.

References

  1. Leanna Rierson (19 December 2017) [7 January 2013]. Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance. CRC Press. p. 49. ISBN   9781351834056 . Retrieved 2024-04-10. The recognition typically comes in the form of an Advisory Circular (AC) for the FAA and equivalent advisory materials by other certification authorities.
  2. Cary Spitzer; Uma Ferrell; Thomas Ferrell, eds. (2015). Digital Avionics Handbook, Avionics, Development and Implementation (3rd ed.). Boca Raton, FL: CRC Press. p. 12-2. ISBN   978-1138076983. Advisory circular (AC) 20-115B specifies DO-178B as an acceptable means, but not the only means, for receiving regulatory approval for software in systems or equipment being certified under a [TSO, TC or STC].
  3. 1 2 Cary Spitzer; Uma Ferrell; Thomas Ferrell, eds. (2015). Digital Avionics Handbook, Avionics, Development and Implementation (3rd ed.). Boca Raton, FL: CRC Press. pp. 13–9. ISBN   978-1138076983. The FAA formally recognized DO-178C, DO-330, and the three technical supplements via Advisory Circular (AC) 20-115C in July 2013.
  4. 1 2 "Harmonised Software EASA AMC and FAA AC 20-115D have been published!". www.easa.europa.eu. 24 Oct 2017. Retrieved 2022-07-01. It paves the way towards more harmonisation and mutual recognition of each other's activities in the domain of Software aspects of certification.
  5. AC 20-115C, FAA, 2013. "This AC also establishes guidance for transitioning to DO-178C when making modifications to software previously approved using DO-178, DO-178A, or DO-178B."
  6. 1 2 "Advisory Circulars" (PDF). Aviation Impact Reform. Retrieved March 28, 2018. – List of ACs made from the Special Collections of the United States Department of Transportation Library (AC's from 1982 / AC's from 1986)
  7. Malvern J. Atherton (2005). System Theoretic Framework for Assuring Safety and Dependability of Highly Integrated Aero Engine Control Systems (PDF) (Master of Science thesis). Massachusetts Institute of Technology. p. 16. Retrieved 24 Jan 2016. It refers to AC 20-115A (superseded by B), which itself identifies DO-178B as defining a suitable means for demonstrating compliance for the use of software within aircraft systems.
  8. AC 20-115B, FAA, 1993.
  9. AC 20-115C, FAA, 2013.
  10. AC 20-115D, FAA, Office AIR-134, 2017. "The technical content of this AC is as far as practicable harmonized with European Aviation Safety Agency (EASA) AMC 20-115D, equally based on ED-12C/DO-178C."
  11. S.L. Fuller (October 24, 2017). "EASA Publishes Means of Compliance Materials for Software Alongside FAA". Aviation Today. Retrieved 2022-07-01. This publication is a result of two years of work with the FAA and U.S. and European industry associations, EASA said. ... It has been issued simultaneously with FAA AC 20-115D, which EASA said is technically identical.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.