Tag: FAA

How AMC/AC 20-189 Stops “Un-Accomplishment Summaries” in DO-178C or DO-254 programs

Posted on by

How Can the New AMC/AC 20-189 Help Manage Problem Reports in DO-178C and DO-254 Projects?

Your DO-178C or DO-254 Accomplishment Summary becomes a “un” accomplishment summary when too many open Problem Reports (PRs) remain unresolved at the end of a certification or TSO project. Both DO-178C (airborne software) or DO-254 (airborne electronic hardware) standards allow for a listing of open PRs in the accomplishment summary document.  However, many applicants have abused this and create long lists of unresolved and uncategorized PRs in the Software/Hardware Accomplishment Summary documents. This makes it difficult for applicants to show compliance and regulators to find compliance. The result, as one would guess, is equipment and aircraft level functional issues and airworthiness directives. 

The New AMC/AC 20-189 provides guidance on a means of compliance when applicants have unresolved (i.e., open) PRs at the end of a TC, STC or TSO project.  The reason for this is to provide a consistent expectation related to the communication, review and assessment of open PRs (OPRs) by all possible stakeholders who are integrating the software or AEH into their aircraft programs.  

AMC 20-189 was released on July 29, 2020 by EASA (and soon the FAA will release the harmonized AC 20-189). This document provides guidance on management and classification of OPRs for airborne electronic hardware, software and system development, at the time of product approval or ETSO authorization.

Background

The compliance of system, software and electronic hardware domains relies on managing PRs to ensure the product is safe at the time of approval. The problem is the existing guidance was inconsistent and unclear, especially across and between each of these domains. This new AMC provides consistent guidance on managing OPRs that works alongside existing guidance for each domain, and is harmonized between EASA and the FAA.

What AMC 20-189 Covers

This AMC provides consistent terminology to use to define Problem Report “states,” type classifications for PRs, and guidance on how to manage them to enable the consistent and timely management of PRs across domains to ensure visibility of critical issues remaining at the time of approval.

What Will this Mean for YOUR Project?

First and foremost, if you are starting or working on any airborne systems, software or hardware programs, you will need to review your configuration management procedures to see what gaps exist between those procedures and this AC/AMC.   You will then need to update your Configuration Management Plan document to ensure it aligns with this new guidance. (Don’t forget to have your certification liaison sign off on any significant changes).

The key things to keep in mind are:

  1. PR management plans and processes should span systems, software and hardware domains and be used throughout development and for continued airworthiness aspects.
  2. PRs that occur after a certification or authorization approval should be reported in a manner that is understandable to all affected stakeholders.  For example, an equipment level PR after certification authority approval (via TC, STC or TSO) may affect aircraft level functions and create a hazard if not reported and addressed. 
  3. Companies with distributed geographical organizations, especially across countries, should ensure that the tools and procedures for problem reporting are accessible (including viewing and resolution) by all affected stakeholders.
  4. Companies should strive to actively work to close problem reports throughout the development process to reduce the number of OPRs presented at the time of certification (or authorization in the case of a TSO/ETSO piece of equipment). 
  5. The PR process and configuration management plan should describe classification systems and ensure the OPR content aligns with AC/AMC20-189. This will ensure that all affected parties understand the types and seriousness of the OPRs.
  6. The PR process should review documentation of the assessment of each OPR to ensure it clearly captures functional limitations and/or operation restrictions at the equipment level or product level.
  7. Stakeholders at each level should manage OPRs (TSO, System and final product — aircraft, engine propeller).

What is the Impact of AMC 20-152A on Your DO-254 Project?

Posted on by

I have some exciting news for all the companies, teams and engineers working on airborne electronics products.

On July 29, 2020, EASA released the long-awaited and very important document, AMC 20-152A (which I’ve posted our website so you can easily find it). AMC 20-152A has been in development for four years and represents, at last, harmonization between the FAA and EASA regarding compliance of airborne electronic hardware. In addition to harmonization of the US agencies and industry groups, AMC 20-152A also provides state-of-the-art with regard to electronic hardware embedded in airborne systems and equipment.

Background

On April 19, 2000, the RTCA released the document DO-254, governing the development of airborne electronic hardware. On June 30, 2005, the FAA released Advisory Circular AC 20-152, recognizing RTCA/DO-254 as a means of approval by showing the equipment design of airborne electronic hardware is appropriate for its intended function. This established the use of DO-254 for airborne electronic hardware development for aircraft developers applying for certification through the Federal Aviation Administration (FAA).

The problem was that European Aviation Safety Agency (EASA) never took similar steps to formally recognize RTCA/DO-254. 

This inevitably led to some differences and discrepancies in compliance expectations for those trying to gain aircraft certification across both the FAA and EASA.

Significant Aspects of AMC 20-152A

This AMC is significant in four distinct ways:

  1. Formally Recognizing and Clarifying the use of DO-254
    AMC 20-152A finally recognizes the use of the development assurance standard EUROCAE ED-80/RTCA DO-254. It also clarifies its use on digital and mixed-signal custom devices, simple vs. complex devices, DAL D compliance objectives, and circuit board assemblies (CBAs or PCBs).
  2. Addressing Modern Aspects of Hardware
    It also provides guidance for development assurance when electronics use COTS (Commercial-Off-The-Shelf) and Intellectual Property (IP) components.
  3. Objective Focused
    AMC 20-152A focuses on providing new compliance objectives, offering development teams flexibility to determine the activities to meet these objectives. The format of this AMC provides objectives for each area of concern and leaves it to the applicant to determine the activities they will perform to meet these objectives.
  4. Harmonization
    This document was fully developed with the FAA. Together EASA and the FAA reviewed and processed all comments and additionally performed a joint legal review.  (Note: My contact at the FAA has reaffirmed that the FAA equivalent document, AC 20-152A, will be released soon.)

What Will this Mean for YOUR Project?

If you are currently working on an FAA certification project under the AC20-152 you will notice scope of work impact under the new AC20-152A.  The scope change affects the following:

  1. Compliance to DO-254 will include the circuit board assembly (CBA) when the CBA contains a complex custom device or complex COTS devices.   
  2. Compliance to DO-254 will include use and categorization of COTS devices (complex or simple). The reasoning for including this now as needing to be addressed under DO-254 is due to the increased complexity of embedded functions in a single COTS device.
  3. Validation is clarified to be for all requirements, not just derived.
  4. Simple device definition is different than previous guidance in FAA Order 8110.105
  5. DAL C will need to comply with design standards.  Currently DO-254 does not require design standards for DAL C.
  6. For DAL A and B the elemental analysis code coverage for HDL will need to consider more than just statement coverage.
  7. Errata clarifications for Table A-1 for DO-254 revises some of the HC1 and HC2 data control categories.
  8. More extensive section and objectives for COTS IP.  This is much like what was in CAST 32.
  9. Planning and compliance have added new objectives for the following areas:

Unique Identifiers

A unique identifier for each objective is defined with a prefix and an index number (i) as follows:

— for the development of custom devices, the identifier is ‘CD-i’; (CD-1 to CD 12 objectives)

— for the use of COTS IP in custom devices, the identifier is ‘IP-i’; (IP-1 to IP-7 objectives)

— for the use of COTS devices, the identifier is ‘COTS-i’; (COTS-1 to COTS-8 objectives)

— for the development of CBAs, the identifier is ‘CBA-i’. (CBA-1 objective)

The good news is that my companies, Patmos Engineering Services and Airworthiness Certification Services (ACS), LLC., have already been involved in the early work on this new guidance.   Templates and checklists available from ACS already include these new compliance items and are tailorable by design assurance level.   I understand and can provide guidance on how best to comply and perform a gap analysis on your existing processes if needed, to help your company better understand the new objectives of AMC 20-152A (and harmonized upcoming document AC 20-152A) and how to comply.

Tammy Reeve, FAA DER
President Patmos Engineering Services
President Airworthiness Certification Services

Understanding the Reason for DO-254

Posted on by

Many times I hear engineering and management teams complain that DO-254 costs them a lot of time and a lot of money. But when I get to review the work that they have done to comply with DO-254 and the latest guidance from the FAA and/or EASA it really comes down to poor planning and a lack of understanding of why they are applying this design assurance standard in the first place.

Always remember that the reason DO254 is being required is as a means of compliance to the CFRs (or EASA CSs) in order to demonstrate that it “performs its intended function under all foreseeable operating conditions”. The Design Assurance level (DAL) adjusts the amount of rigor required in order to demonstrate this. Keeping the primary goal and understanding of the Certification regulation in mind will keep you spending time and effort on what is important, that it functions as intended in the aircraft.

If your team is seeking to understand the purpose of DO-254, Patmos Engineering Services offers a class called “DO-254 Airborne Electronic Hardware Certification,” which covers the fundamentals of DO-254 compliance, including why you have to do.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.

Mistake 1: Planning After the Fact

Posted on by

The next few blogs are dedicated to discussing the top mistakes that are commonly encountered in the compliance process.

The # 1 mistake is…Creating Plans After the Fact

It seems that many folks mistakenly believe that compliance to DO-254 is simply an exercise in filling in the boxes with the documentation required, and that the order or timeline of document creation is not important.  This is a serious misunderstanding of the intent of DO-254 design assurance.

DO-254 is needed because it is nearly impossible to show that today’s complex hardware functions comply to the Certification Authority (FAA/EASA/Etc.) regulation xx.1301 and xx.1309 “Perform intended function under all foreseeable operating conditions.” DO-254 was written as an agreed to industry design assurance strategy that can be used as a “means of compliance” to this regulatory requirement for complex hardware (see AC20-152).

As part of the DO-254 process, Planning is essential because it describes specifically “how” each of DO-254’s general objectives and activities will be met for a particular project. The plans then become the “contract” with the Certification authority for how a company will proceed in all development and testing aspects in order to meet the regulatory rules.  Review and agreement of the plans is important because it shows that there is an understanding of the needed reviews, transitions and analysis throughout the development of the complex hardware in order to ensure that the system is “performing its intended function” and is as free of errors as possible.

The design assurance level (DAL) A-E is a way to communicate the potential level of impact a device failure would have on passengers (with DAL A being very critical). The DAL modulates the objectives of DO-254 such that there is more rigor required when the impact of failure is higher. The planning documents must show this additional rigor and compliance to these additional objectives based on the DAL level.

In addition to these considerations, planning documents need to acknowledge and address certification authority or aircraft specific issue papers or certification review items (CRIs).  One such example is dealing with single event effects (SEE) in hardware, caused by high-speed neutron effects on SRAM based devices.  Another example is certification considerations for using COTS IP, which must adhere to DO-254 standards.  Planning documents should document the developer’s approach on these crucial subjects and applicants should reach agreement with authorities early in the process. Waiting until the end could potentially result in major product redesigns with major cost and schedule implications.

If your someone on your team is struggling to understand the purpose of planning within any sort of compliance program – whether it’s at the hardware, software or systems level – Patmos Engineering Services training can help. We offer a class called “Certification Overview” which covers the fundamentals of compliance (including the importance of planning) at all these levels.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.