Streamlining Certification

In 2013, the FAA was given a Congressional mandate to remove current prescriptive design requirements and replace them with performance-based airworthiness standards.

A current goal of the FAA is to simplify the certification process and reduce burdens on both the FAA and applicants while ensuring the same level of safety. This NPRM applies to Part 23 aircraft (aircraft with 19 passengers or less and weighing less than 19,000 lbs). The FAA has also been active in defining new objectives for Part 25 aircraft. Verocel has been active in a working group that consists of government regulators from the U.S., Canada and Europe chartered with defining a framework for certification.

The Aviation community has been using DO-178 guidance for certification of airborne software for over 3 decades. The document is accepted by many certification authorities as a means (but not the only means) of showing compliance with their regulations governing safety of the software-based systems on an airplane.

Technology has advanced faster than the regulations and so an approach was proposed to help streamline the software approval process. The proposal also included a review of the way that systems and complex electronic hardware are approved using ARP 4754A and DO-254. Although there is some flexibility with the way information is presented, all three standards are prescriptive. They describe objectives and activities. These are not based on any engineering principles, they are based on the sound engineering judgement of the members of the committees present at the meetings.  The standards list objectives that reference document sections to provide some justification for the objectives and explain what they are expecting to achieve.  The justification may say “… test cases …correctly developed into test procedures.”

Auditors look for evidence which demonstrates that prescribed activities have been performed and corresponding artifacts exist.

In December 2015, the FAA invited a group of interested organizations that represented the interests of the avionics community to a workshop.  It included the certification authorities, developers, and suppliers.  The intent of this workshop was to develop a document that could form the basis for approval of systems to be used on aircraft. Several meetings and many teleconferences later, the Overarching Properties document was produced.  It was presented to the public at an FAA meeting in Richardson, Texas in September 2016.  To date, the document has not been finalized and work is continuing to refine and produce material that could become official at some future date.

2016 Overarching Properties document

The description below is one interpretation of the direction in which the document is going.  It may not be a unanimous interpretation yet, but the group is working to form full consensus.

There are just three overarching properties (OPs):

 

INTENT –

for any system to which these OPs apply, what we want the system to do and the safety impacts are understood, documented, and evaluated. The desired system behavior is the collective wisdom of the stakeholders that corresponds to the defined intended functions.  The defined intended functions document the requirements at the top level.  This does not imply that they appear at one level only, they may capture the expected behavior at various levels of granularity, and also cover system, software and complex electronic hardware.

CORRECTNESS –

the system should be implemented correctly by behaving in accordance with the defined intended functions. We could trust “magic” that the implementation is correct, but we don’t. Instead, we rely on a documented set of processes for implementation and verification that result in evidence stored under configuration control. This is a very traditional approach, the difference is that the particular activities and artifacts used to satisfy objectives are no longer prescribed.  It is up to the applicant to gather the evidence they think is necessary to demonstrate satisfaction of this property.

NECESSITY –

during the implementation process, it may happen that functionality is added erroneously. A process should be defined that demonstrates that this has not happened, or if it has, then safety is not impacted. Evidence of such checks must be presented.

As can be seen in the OP document ,each of the properties is accompanied by Definitions, Pre-requisites, Constraints and Assumptions.  Collectively, these should cover all scenarios, such that if the properties are satisfied, then we have sufficient evidence to trust the system.

Over the last 30 years, many have got used to DO-178 type of prescriptive certification. Auditors are comfortable interpreting DO-178C.  Applicants follow the objectives and hope that their evidence shows compliance with the document.  They are not allowed to interpret the standard, that is the auditors role.

If the DO-178C developed evidence is sound and complete, then is should satisfy the Overarching Properties.  If there is something missing, or an alternative approach is proposed, then the OPs could be used to propose the alternative means.  (once the OP approach is approved by the authorities).  This would give some structure to the applicant so they could have a framework for their alternate means proposal.  Currently, it is a proposal and negotiation with the authorities. In the future, the hope is that the OPs could be used as an alternate approach to providing certification evidence.  Applicants would be able to choose if they want to use the existing standards, or to propose an OP based certification.  Note that this is not the same as a DO-178C submission with some alternate means based on OPs, but a real alternative submission using OPS.

At this point there is still work to be done.  For example the Design Assurance Leveling, by which the activities can be reduced based on assurance level, has not been worked out.  There are also areas that need further work to build consensus. Research is continuing with the development of case studies to see how the OPs would work.  The committee continues to press on with the expectation that providing an additional approach to certification could benefit cost and safety.

If you’d like to discuss your project needs or would like more information please get in touch