Author: Patmos Engineering

The Top 3 Types of Information Typically Missing from DO-178C Plans

Posted on by

As a certification expert and auditor, I see my fair share of DO-178C plans. No matter where in the world, no matter the project DAL or team experience, I consistently see teams struggle with including the right kind of information in their plans. 

First, if you’ve never worked on a DO-178C program before, starting with a good set of templates (with lots of examples and explanatory text) is a very helpful thing. They will provide you the layout of the document with all the pertinent objectives you need to meet. But templates are just that – templates for you to fill in all your pertinent project and process data. Most teams focus on how they are going to meet an objective, which is good, but insufficient.

So what are the most common things missing from these plans? It’s simple really. Just remember the 3 W’s – Who, What and Where – on every objective you need to meet. To be clear, you must answer:

  • Who is going to do the work
  • How they are going to do it
  • What will be produced
  • Where this evidence will be located

Let’s look at these a little more closely and consider an example.

To answer the “Who” question, you need to identify the team member, not necessarily by name, but by role and/or function within the organization, who will perform the task. To answer the “How” question, this is really where you describe through what means you’ll perform the activities required to meet the objectives. Most folks focus on the “how” in their plans, since this ties to the activities they will perform, but forget about the three W’s. To answer the “What” question, this is the output or evidence from the activities. DO-178C is all about demonstrating compliance, so this output of the activity is the proof that an auditor will require to ensure you did what you were supposed to. So where will they find it? That’s the “Where” question.

So for example, consider the objective of capturing requirements. If your plan states that you will have requirements, this is insufficient. It’s a given your project will have requirements that someone will document that will exist somewhere.  You need to state who in the organization (i.e., what role) is the responsible party for documenting the requirements. This list of roles and responsibilities should be clearly documented in your plans. In terms of how, you may say that you will be using DOORs (or some other tool) to capture the requirements. This is fine, but insufficient without stating the final form of the data that will provide evidence of the requirements capture. You need to answer what the team and auditors will be reviewing, and where this data will be located. For example, you may export the requirements from DOORS into a Word document or Excel Spreadsheet, which will be located in a certain directory and controlled via a version management system. While it seems like a given, you’d be surprised at how many times I go into an audit and the project leads says “I know we did this, but I can’t find the data.” By clearly planning both the form of the data and where it will exist is sure to make your audits (and whole project) go a lot more smoothly.

As an auditor, this is how I evaluate plans and the teams themselves, to ensure they have done a good job of thinking through everything they need to do in their project. If you can keep these basic questions in mind and answer them (in your plans) for every objective you must meet, your project will be off to a great start.

If you need help talking through a project to determine what you need to do, reach out to us here at Patmos for a free consultation.   Or if you’d like to start with planning templates, contact our sister company, Airworthiness Certification Services, which offers aids such as documentation templates and review checklists for both DO-178C and DO-254 projects.

Sincerely,

Tammy Reeve
CEO and FAA DER

Live Chat Mar 30 & 31: Women in Aerospace Engineering

Posted on by

Tammy Reeve, President – Patmos Engineering Services and Airworthiness Certification Services, LLC will be joining the two day live chat on Women in Aerospace Engineering and will be addressing questions such as:

  1. Do you consider the need for safety in small 0-1 person flying cars or unmanned vehicles being any different that the safety of a larger commercial aircraft? Why?
  2. What is the metric we use to decide when women are no longer being discriminated against in male predominated fields such as engineering?
  3. Is it okay to share your personal life with work colleagues  and as part of meetings?

Is it OK to Provide or Use Hardware COTS IP in Avionics Designs?

Posted on by

The use of commercial off-the-shelf intellectual property (COTS IP, also known as IP cores or simply IP) has been exploding in every sector of the electronics industry for decades. Silicon area is readily available and using these pre-designed blocks has been a huge boon to design productivity. In fact, IP is a key enabler of cheaper, smaller, lighter, lower-power, more reliable, and more full-featured designs. Due to these benefits, this trend has even found its way into the highly conservative Aerospace and Defense (A&D) markets.

Initially, using IP seemed like an easy way around the tedious and complex compliance requirements for design mandated by RTCA/DO-254. It did not take long though before the certification authorities began to understand the risks and started clamping down on the unfettered use of IP in DO-254 programs.  

Seeing an opportunity, several companies dabbled in providing DO-254 compliant IP, but without clear guidance, the endeavor had some risk. Early on, seeing the issues, the DO-254 User Group developed a position paper entitled “Considerations for the Use of COTS IP in DO-254 Programs” in order to capture the issues and provide suggestions for the certification authorities to contemplate as they strove to establish guidance in this area. Now years later, the newly released EASA’s AMC 20-152A (and FAA’s AC 20-152A planned for release in 2021) has formally established guidance on the use of COTS IP within custom devices. (Learn more about AMC 20-152A and its impact on DO-254 programs by clicking here).

AMC 20-152A supplements DO-254 with six new objectives related to COTS IP. Objective IP-1 gives the applicant considerations for selecting appropriate IP.  Objective IP-2 specifies criteria for evaluating an IP supplier and associated IP data. Objective IP-3 guides the applicant on how to address gaps in the development assurance should the IP provider not fulfill all the requirements. Objective IP-4 guides the applicant to establish the verification strategy for the use of IP. Objective IP-5 guides the applicant on documenting hardware development assurance approach for the COTS IP in the PHAC. Objective IP -6 focuses on capturing the requirements representing the COTS IP functions to ensure thorough verification of the functions and the safety implications.

So can you or should you use COTS IP in avionics?

Sure! Just ensure you understand and meet the new guidance as specified in AMC 20-152A. Also, ensure you are getting IP from sources who take compliance seriously and have done the essential work required to provide the industry with IP developed with suitable assurance and the necessary documentation and data.

Can you provide IP to this market? 

Sure! Patmos has worked with several suppliers to ensure their COTS IP offerings meet the most stringent requirements for development assurance and documentation. See more information on the Patmos work with Holt IC’s MIL-STD-1553 DO-254 Certifiable IP Core here. Patmos has been on the leading edge of this trend, working with both Xilinx (on their compliant Avionics and UAV offering) and Logicircuit (on its Safe IPTM offering) on numerous IP compliance projects for nearly a decade. In addition, Patmos has worked on several compliant COTS and COTS IP projects with TTTech, including switches, end systems and components for their flight and rugged hardware product line.

If your company provides COTS and/or COTS IP and you want to begin supplying to the avionics market, or if you want to start using IP in your DO-254 compliant designs, contact us at Patmos Engineering Services for a free consultation on how to get started.

How AMC/AC 20-189 Stops “Un-Accomplishment Summaries” in DO-178C or DO-254 programs

Posted on by

How Can the New AMC/AC 20-189 Help Manage Problem Reports in DO-178C and DO-254 Projects?

Your DO-178C or DO-254 Accomplishment Summary becomes a “un” accomplishment summary when too many open Problem Reports (PRs) remain unresolved at the end of a certification or TSO project. Both DO-178C (airborne software) or DO-254 (airborne electronic hardware) standards allow for a listing of open PRs in the accomplishment summary document.  However, many applicants have abused this and create long lists of unresolved and uncategorized PRs in the Software/Hardware Accomplishment Summary documents. This makes it difficult for applicants to show compliance and regulators to find compliance. The result, as one would guess, is equipment and aircraft level functional issues and airworthiness directives. 

The New AMC/AC 20-189 provides guidance on a means of compliance when applicants have unresolved (i.e., open) PRs at the end of a TC, STC or TSO project.  The reason for this is to provide a consistent expectation related to the communication, review and assessment of open PRs (OPRs) by all possible stakeholders who are integrating the software or AEH into their aircraft programs.  

AMC 20-189 was released on July 29, 2020 by EASA (and soon the FAA will release the harmonized AC 20-189). This document provides guidance on management and classification of OPRs for airborne electronic hardware, software and system development, at the time of product approval or ETSO authorization.

Background

The compliance of system, software and electronic hardware domains relies on managing PRs to ensure the product is safe at the time of approval. The problem is the existing guidance was inconsistent and unclear, especially across and between each of these domains. This new AMC provides consistent guidance on managing OPRs that works alongside existing guidance for each domain, and is harmonized between EASA and the FAA.

What AMC 20-189 Covers

This AMC provides consistent terminology to use to define Problem Report “states,” type classifications for PRs, and guidance on how to manage them to enable the consistent and timely management of PRs across domains to ensure visibility of critical issues remaining at the time of approval.

What Will this Mean for YOUR Project?

First and foremost, if you are starting or working on any airborne systems, software or hardware programs, you will need to review your configuration management procedures to see what gaps exist between those procedures and this AC/AMC.   You will then need to update your Configuration Management Plan document to ensure it aligns with this new guidance. (Don’t forget to have your certification liaison sign off on any significant changes).

The key things to keep in mind are:

  1. PR management plans and processes should span systems, software and hardware domains and be used throughout development and for continued airworthiness aspects.
  2. PRs that occur after a certification or authorization approval should be reported in a manner that is understandable to all affected stakeholders.  For example, an equipment level PR after certification authority approval (via TC, STC or TSO) may affect aircraft level functions and create a hazard if not reported and addressed. 
  3. Companies with distributed geographical organizations, especially across countries, should ensure that the tools and procedures for problem reporting are accessible (including viewing and resolution) by all affected stakeholders.
  4. Companies should strive to actively work to close problem reports throughout the development process to reduce the number of OPRs presented at the time of certification (or authorization in the case of a TSO/ETSO piece of equipment). 
  5. The PR process and configuration management plan should describe classification systems and ensure the OPR content aligns with AC/AMC20-189. This will ensure that all affected parties understand the types and seriousness of the OPRs.
  6. The PR process should review documentation of the assessment of each OPR to ensure it clearly captures functional limitations and/or operation restrictions at the equipment level or product level.
  7. Stakeholders at each level should manage OPRs (TSO, System and final product — aircraft, engine propeller).

Overarching Properties

Posted on by
Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

What is the “Overarching Properties” initiative?

The Overarching Properties initiative seeks to provide flexibility and efficiency in the certification process across multiple levels of aircraft system design and disciplines. The FAA first discussed this publicly at the 2016 FAA “Streamlining Assurance Processes Workshop.” Initially the team working on this were referred to as the “Meta Objectives Working Group.” After several meetings, the name evolved from Meta Objectives into Overarching Properties.

“Overarching Properties” is sort of an odd terms so let’s look at this one word at a time. The term “Overarching” implies that it is bigger in scope that just hardware, or software, or systems. The word “Properties” refers to the concepts that guide the development assurance processes. Thus, the result of this initiative is an overarching set of properties that teams can apply at all levels of their design to demonstrate compliance to safe airborne system development practices under CFR Title 14 Parts 23/25/27/29/31/33.

The Overarching Properties Initiative may substantially change the way compliant development is done. It could even potentially replace or at least substantially increase the flexibility of DO-178C, DO-254, ARP 4754A and other processes typically used today under the concept of aircraft certification.

Overarching Properties Committee

The committee forming the Overarching Properties Initiative consists of about 20 industry experts. The FAA explicitly invited Tammy Reeve to participate and she has been an active contributing member since its very first incarnation several years ago.  The initial idea behind the initiative was to provide an “alternative means of compliance” to DO-254, DO-178C, and ARP 4754A, such that at all levels of development, any team on any project could demonstrate compliance to a consistent set of development assurance objectives. (Of course the activities associated with meeting those objectives would vary depending on the program and level of design).

After a number of meetings involving much debate and lively discussion, the committee came up with three Overarching Properties that should be met at any/all levels of design. Each Overarching Property contains the following:

  • Statement capturing the property
  • Definition
  • Pre-requisites
  • Constraints
  • Assumptions

The initial rollout of this at the 2016 FAA “Streamlining Assurance Processes Workshop” was met with confusion and concern. The concerns were tied mostly to the issues of training, consistency, oversight, acceptance by other authorities, and actual cost savings.  The committee has continued fine tune their efforts.

Overarching Properties

As of November 2017, the three overarching properties are:

  1. Intent
  2. Correctness
  3. Acceptability

In the context of each property, the design team must meet certain criteria, such as planning, coverage, evidence, process assurance, configuration management/change control, and interaction with safety assessment.

In a shift from their initial indications, the FAA has clarified that their goal is to publish these overarching properties as a “means of compliance” similar to what exists for DO-178CDO-254, and ARP4754A. The FAA now want this to be an “acceptable means” as opposed to an “alternative means” of compliance to the regulation.

Numerous non-USA certification authorities still have some reservations as to how they can recognize this new method within their regulatory process or if they can recognize it at all. This discrepancy between authorities creates the potential for significant technical differences with regard to certification across countries. Authorities must resolve discrepancies between certifying agencies before the FAA publishes Overarching Properties as policy.

What is the Impact of AMC 20-152A on Your DO-254 Project?

Posted on by

I have some exciting news for all the companies, teams and engineers working on airborne electronics products.

On July 29, 2020, EASA released the long-awaited and very important document, AMC 20-152A (which I’ve posted our website so you can easily find it). AMC 20-152A has been in development for four years and represents, at last, harmonization between the FAA and EASA regarding compliance of airborne electronic hardware. In addition to harmonization of the US agencies and industry groups, AMC 20-152A also provides state-of-the-art with regard to electronic hardware embedded in airborne systems and equipment.

Background

On April 19, 2000, the RTCA released the document DO-254, governing the development of airborne electronic hardware. On June 30, 2005, the FAA released Advisory Circular AC 20-152, recognizing RTCA/DO-254 as a means of approval by showing the equipment design of airborne electronic hardware is appropriate for its intended function. This established the use of DO-254 for airborne electronic hardware development for aircraft developers applying for certification through the Federal Aviation Administration (FAA).

The problem was that European Aviation Safety Agency (EASA) never took similar steps to formally recognize RTCA/DO-254. 

This inevitably led to some differences and discrepancies in compliance expectations for those trying to gain aircraft certification across both the FAA and EASA.

Significant Aspects of AMC 20-152A

This AMC is significant in four distinct ways:

  1. Formally Recognizing and Clarifying the use of DO-254
    AMC 20-152A finally recognizes the use of the development assurance standard EUROCAE ED-80/RTCA DO-254. It also clarifies its use on digital and mixed-signal custom devices, simple vs. complex devices, DAL D compliance objectives, and circuit board assemblies (CBAs or PCBs).
  2. Addressing Modern Aspects of Hardware
    It also provides guidance for development assurance when electronics use COTS (Commercial-Off-The-Shelf) and Intellectual Property (IP) components.
  3. Objective Focused
    AMC 20-152A focuses on providing new compliance objectives, offering development teams flexibility to determine the activities to meet these objectives. The format of this AMC provides objectives for each area of concern and leaves it to the applicant to determine the activities they will perform to meet these objectives.
  4. Harmonization
    This document was fully developed with the FAA. Together EASA and the FAA reviewed and processed all comments and additionally performed a joint legal review.  (Note: My contact at the FAA has reaffirmed that the FAA equivalent document, AC 20-152A, will be released soon.)

What Will this Mean for YOUR Project?

If you are currently working on an FAA certification project under the AC20-152 you will notice scope of work impact under the new AC20-152A.  The scope change affects the following:

  1. Compliance to DO-254 will include the circuit board assembly (CBA) when the CBA contains a complex custom device or complex COTS devices.   
  2. Compliance to DO-254 will include use and categorization of COTS devices (complex or simple). The reasoning for including this now as needing to be addressed under DO-254 is due to the increased complexity of embedded functions in a single COTS device.
  3. Validation is clarified to be for all requirements, not just derived.
  4. Simple device definition is different than previous guidance in FAA Order 8110.105
  5. DAL C will need to comply with design standards.  Currently DO-254 does not require design standards for DAL C.
  6. For DAL A and B the elemental analysis code coverage for HDL will need to consider more than just statement coverage.
  7. Errata clarifications for Table A-1 for DO-254 revises some of the HC1 and HC2 data control categories.
  8. More extensive section and objectives for COTS IP.  This is much like what was in CAST 32.
  9. Planning and compliance have added new objectives for the following areas:

Unique Identifiers

A unique identifier for each objective is defined with a prefix and an index number (i) as follows:

— for the development of custom devices, the identifier is ‘CD-i’; (CD-1 to CD 12 objectives)

— for the use of COTS IP in custom devices, the identifier is ‘IP-i’; (IP-1 to IP-7 objectives)

— for the use of COTS devices, the identifier is ‘COTS-i’; (COTS-1 to COTS-8 objectives)

— for the development of CBAs, the identifier is ‘CBA-i’. (CBA-1 objective)

The good news is that my companies, Patmos Engineering Services and Airworthiness Certification Services (ACS), LLC., have already been involved in the early work on this new guidance.   Templates and checklists available from ACS already include these new compliance items and are tailorable by design assurance level.   I understand and can provide guidance on how best to comply and perform a gap analysis on your existing processes if needed, to help your company better understand the new objectives of AMC 20-152A (and harmonized upcoming document AC 20-152A) and how to comply.

Tammy Reeve, FAA DER
President Patmos Engineering Services
President Airworthiness Certification Services

Understanding the Reason for DO-254

Posted on by

Many times I hear engineering and management teams complain that DO-254 costs them a lot of time and a lot of money. But when I get to review the work that they have done to comply with DO-254 and the latest guidance from the FAA and/or EASA it really comes down to poor planning and a lack of understanding of why they are applying this design assurance standard in the first place.

Always remember that the reason DO254 is being required is as a means of compliance to the CFRs (or EASA CSs) in order to demonstrate that it “performs its intended function under all foreseeable operating conditions”. The Design Assurance level (DAL) adjusts the amount of rigor required in order to demonstrate this. Keeping the primary goal and understanding of the Certification regulation in mind will keep you spending time and effort on what is important, that it functions as intended in the aircraft.

If your team is seeking to understand the purpose of DO-254, Patmos Engineering Services offers a class called “DO-254 Airborne Electronic Hardware Certification,” which covers the fundamentals of DO-254 compliance, including why you have to do.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.

What are Streamlining Processes?

Posted on by

This blog is a little different from my past ones. I was invited to participate in the “Streamlining Assurance Processes Workshop” (which internally we called the “Meta Objectives working group”). The idea behind this was to provide an “alternative means of compliance” to DO-254DO-178C, and ARP 4754A, such that at all levels of development, any team on any project at any level of design could demonstrate compliance to a consistent set of development assurance objectives. (Of course, the activities associated with meeting those objectives would vary depending on the program and level of design).

After three meetings, several web meetings, online commenting and much heated discussion, the committee came up with three Overarching Properties that should be met at any/all levels of design. Each Overarching Property contains the following:

  • statement capturing the property
  • definition
  • pre-requisites
  • constraints
  • assumptions.

That’s about all I can say about it in this forum as its being officially rolled out at the upcoming FAA Streamlining Assurance Workshop (being held September 13 -15, 2016).

FAA Streamlining Assurance Processes Workshop

What follows is a recap of what was presented to introduce this topic at this workshop. For further information, please contact the author himself or the FAA.

Streamlining Framework

Peter Skaves, Chief Scientist AEH, Security FAA
Peter covered a variety of topics at a high level, foreshadowing the contents of the conference. He mentioned that “streamlining” has been a goal and theme for 20-25 years, but has a newfound focus. The FAA, working with other authorities, is trying to 1) Reduce duplicate approvals across the authorities, 2) Reduce number of audits and stages of involvement, 3) Allow meeting of “Meta Objectives” (uniting objectives for 178C, 254 and ARP 4754A), 4) Use a risk-based approach when creating new policy for SW/HW/Systems.

In terms of the “risk-based” approach, this means doing things that prevent accidents – identifying areas where there have been systematic design escapes and focusing there (potentially relaxing other areas). So they are trying to use this rationale when modifying documents and guidance material. For example, up until five years ago, the focus was on software and hardware, with little policy at the system level. There were escapes in software and hardware, but these sorts of problems would have showed themselves earlier in the systems development process. Thus the need and invocation of ARP 4754A.

He discussed different aircraft types, with potentially different criteria for each type.
One of the more interesting things he discussed was the notion of new “00” advisory circulars. These will be published to provide examples and what was previously considered “prescriptive” guidance. (These were referred to later frequently, as an example of where some info currently in Order 8110.105 may move).

He mentioned streamlining SOI audits for software (which was covered in a later session in more detail).

He also talked about two types of focus for AEH: Programmable (custom microcoded components) and COTS. He talked about the questions and challenges surrounding COTS and how/where to address these concerns.

He then spent time talking about the effort to harmonize with EASA on AC 20-152(A), which has been in the works for a while, while getting rid of Issue Papers and Orders and putting content in ACs where they belong.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.

Mistake 1: Planning After the Fact

Posted on by

The next few blogs are dedicated to discussing the top mistakes that are commonly encountered in the compliance process.

The # 1 mistake is…Creating Plans After the Fact

It seems that many folks mistakenly believe that compliance to DO-254 is simply an exercise in filling in the boxes with the documentation required, and that the order or timeline of document creation is not important.  This is a serious misunderstanding of the intent of DO-254 design assurance.

DO-254 is needed because it is nearly impossible to show that today’s complex hardware functions comply to the Certification Authority (FAA/EASA/Etc.) regulation xx.1301 and xx.1309 “Perform intended function under all foreseeable operating conditions.” DO-254 was written as an agreed to industry design assurance strategy that can be used as a “means of compliance” to this regulatory requirement for complex hardware (see AC20-152).

As part of the DO-254 process, Planning is essential because it describes specifically “how” each of DO-254’s general objectives and activities will be met for a particular project. The plans then become the “contract” with the Certification authority for how a company will proceed in all development and testing aspects in order to meet the regulatory rules.  Review and agreement of the plans is important because it shows that there is an understanding of the needed reviews, transitions and analysis throughout the development of the complex hardware in order to ensure that the system is “performing its intended function” and is as free of errors as possible.

The design assurance level (DAL) A-E is a way to communicate the potential level of impact a device failure would have on passengers (with DAL A being very critical). The DAL modulates the objectives of DO-254 such that there is more rigor required when the impact of failure is higher. The planning documents must show this additional rigor and compliance to these additional objectives based on the DAL level.

In addition to these considerations, planning documents need to acknowledge and address certification authority or aircraft specific issue papers or certification review items (CRIs).  One such example is dealing with single event effects (SEE) in hardware, caused by high-speed neutron effects on SRAM based devices.  Another example is certification considerations for using COTS IP, which must adhere to DO-254 standards.  Planning documents should document the developer’s approach on these crucial subjects and applicants should reach agreement with authorities early in the process. Waiting until the end could potentially result in major product redesigns with major cost and schedule implications.

If your someone on your team is struggling to understand the purpose of planning within any sort of compliance program – whether it’s at the hardware, software or systems level – Patmos Engineering Services training can help. We offer a class called “Certification Overview” which covers the fundamentals of compliance (including the importance of planning) at all these levels.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.

Mistake 2: Treating Configuration Management as an End of Process

Posted on by

The # 2 mistake is…Treating CM as an End of Process Activity

DO-254 requires Configuration Management (CM) and control of the data not only during the service life but also during development and verification of the item.  Hardware developers commonly misunderstand the intent of DO-254 as it is applied to FPGA/PLD/ASIC development programs and treat CM as an end of process activity.  Sometimes this is done to avoid the overhead of the change control (problem reporting) process. This clearly violates the objectives and concepts associated with a DO-254 development assurance process.

The DO-254 process requires change control (and data storage) objectives to be maintained throughout the development life cycle, starting at the Planning Phase.  Data utilized to satisfy a DO-254 objective, and which is then relied upon for downstream development or verification activities, must be controlled formally with proper change management.  This is done to ensure that proper evidence and data control is maintained for these downstream activities and data items (requirements, design, code, tests, review results, etc.).

Data items that are identified in DO-254 as hardware control category 1 (HC1) can then only be changed after a release using a formal change process, which is facilitated through a Problem Report (PR).  This formal process ensures that the impact of any changes to data items, which are crucial in establishing the design and verification of the FPGA/PLD/ASIC, is understood and agreed upon by all affected participants in the development life cycle.

The focus of DO-254 is about controlling the process, not the output. Thus, these in process rather than end of process configuration management activities are a vital part of the development assurance that DO-254 mandates.

If you need help understanding how to implement configuration management in your DO-254 program, this is covered in the Patmos Engineering Services DO-254 Airborne Electronic Hardware Certification training

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.