Tag: Configuration Management

Mistake 2: Treating Configuration Management as an End of Process

Posted on by

The # 2 mistake is…Treating CM as an End of Process Activity

DO-254 requires Configuration Management (CM) and control of the data not only during the service life but also during development and verification of the item.  Hardware developers commonly misunderstand the intent of DO-254 as it is applied to FPGA/PLD/ASIC development programs and treat CM as an end of process activity.  Sometimes this is done to avoid the overhead of the change control (problem reporting) process. This clearly violates the objectives and concepts associated with a DO-254 development assurance process.

The DO-254 process requires change control (and data storage) objectives to be maintained throughout the development life cycle, starting at the Planning Phase.  Data utilized to satisfy a DO-254 objective, and which is then relied upon for downstream development or verification activities, must be controlled formally with proper change management.  This is done to ensure that proper evidence and data control is maintained for these downstream activities and data items (requirements, design, code, tests, review results, etc.).

Data items that are identified in DO-254 as hardware control category 1 (HC1) can then only be changed after a release using a formal change process, which is facilitated through a Problem Report (PR).  This formal process ensures that the impact of any changes to data items, which are crucial in establishing the design and verification of the FPGA/PLD/ASIC, is understood and agreed upon by all affected participants in the development life cycle.

The focus of DO-254 is about controlling the process, not the output. Thus, these in process rather than end of process configuration management activities are a vital part of the development assurance that DO-254 mandates.

If you need help understanding how to implement configuration management in your DO-254 program, this is covered in the Patmos Engineering Services DO-254 Airborne Electronic Hardware Certification training

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.

Tool Controlled Artifacts and Evidence

Posted on by

Section 7 of DO-254 tells us “The configuration management process is intended to provide the ability to consistently replicate the configuration item, regenerate the information if necessary and modify the configuration item in a controlled fashion if modification is necessary.” What do you do if you are using a tool to control some or all of your program data? This is becoming more and more common as the industry has delivered a number of tools that assist with various aspects of DO-254 (and DO-178C) compliance. This automation may be extremely helpful in many cases, but it introduces a new paradigm of tool based data control that requires understanding and exploration.

The inside scoop on what to do and what not to do in your DO-254 program, direct from the expert.

For example, you may have a tool that helps you with compliance by including checklists for various processes. These checklists might be modifiable, they must be reviewed by a team, actions may come from the review, and these actions need to be tracked. This is all done within the tool and all that data needs to be controlled and available, and subject to the pertinent requirements for Life Cycle Data (DO-254 Section 10.0 and DO-178C Section 11.0). So do we meet the content/retention requirements if the artifacts remain embedded in the tool? Or what if you are using Clearcase and you just have a path to a Version Based Object (VOB) for some compliance artifact? Does that meet data configuration and control requirements for that artifact? And what if your auditor doesn’t have access to the tool?

The underlying concern of the DO-254 configuration management requirements are to ensure that the data is always available and always modifiable. So you must ensure this happens even if the tool is not used again in the future. Because of the obligation to continued airworthiness, the applicant must maintain the data for the lifetime that the product flies. This may be far longer than a tool lifetime. Therefore long-term (20+ year) archive/data recovery is the responsibility of tool user, who must be able to extract, archive and potentially resurrect this data for their project. So ensure that whatever tool you are using allows you to do this, that you capture this as part of your plans and execute appropriately as part of your program.

If you need help understanding how to manage tools in your program, this is covered in the Patmos Engineering Services “DO-254 Airborne Electronic Hardware Certification” training.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.