Aerospace design assurance and system certification

Verocel’s tools and services enable aerospace customers to meet regulatory compliance for software and complex hardware.

We have helped our customers achieve the highest level of design assurance for products like Integrated Modular Avionics Operating Systems, Flight Management and Mission Computers, Global Positioning System Equipment, various systems controllers, compiler run time libraries and more. We have certified systems using many languages including C, C++, Ada, and Java.

Military and commercial aircraft and unmanned systems

Each of these submarkets follows a similar methodology of aircraft system design and approval. Commercial aircraft in the U.S. follow Federal Aviation Regulations in Title 14, CFR 25.1309 (European standards are similar) and DoD aircraft follow guidelines of MIL-HDBK-516C Airworthiness Certification Criteria.

Verocel has over 100 years of combined experience in supporting hardware and software certification standards in the aerospace industry. Our tools and services target RTCA/DO-178C/ED-12C and RTCA/DO-254 standards.

Aircraft systems and equipment certification process

At the aircraft level, the intended functions define the system-level requirements and are an input to the system safety assessment process. The system safety assessment follows guidelines in ARP 4761A: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment or MIL-STD-882E Department Of Defense Standard Practice System Safety.

The activities that comprise the safety assessment process include aircraft and system functional hazard assessments (FHA), fault trees, zonal analyses, failure modes and effects analyses, and common cause analyses.

Design assurance levels and system requirements

After the system design and preliminary safety assessment have taken place, design assurance levels can be assigned to aircraft functions, system, hardware and software using ARP 4754A: Certification Considerations for Highly-Integrated or Complex Aircraft Systems or MIL-HDBK-516C. The system requirements are allocated to either hardware or software high-level requirements resulting in the development and verification of hardware and software to their respective levels of RTCA/DO-254 and RTCA/DO-178C.

The goal of the safety analysis is to determine the outcome of all documented failure conditions. For example, if the safety analysis determines that a catastrophic failure condition could result from a possible development error in an aircraft/system function or item, then the associated development assurance process is assigned level A. By definition, this means that the probability of occurrence of a catastrophic failure should be less than 10-9/flight hour.

Verocel’s expertise in both DO-254 and DO-178C level A assurance provides our customers with the tools and skills to meet the complex objectives of either standard.

RTCA/DO-178C supplements

RTCA/DO-178C calls out supplements to address unique approaches to certification where qualified tools, model-based development, object-oriented design and formal methods are used. Verocel has expertise in each of these supplements to support aircraft, system and software certification:

Services for DO-178 certification

Verocel has assisted many customers in performing complete certification of their applications or specific components such as operating systems, network stacks, compiler run-time features and more.


Application Lifecycle Management for DO-178 Certification

VeroTrace is qualfied to meet RTCA/DO-330, TQL-5 objectives. The tool allows developers to manage all software aspects, from requirements, design, code and test cases. Traceability, Configuration Management, Problem Reporting and Change Impact Analysis are integrated capabilities supported by the tool.

Coverage Analysis Tools to meet Level A objectives of DO-178

VeroSource is qualified to DO-330 TQL-5 and supports MCDC coverage at the source level. VerOCode is qualified to DO-330 TQL-5 and supports coverage at the object level without instrumentation.

DO-178 Control Coupling Tool

VerOLink is qualified to DO-330 TQL-5 and supports control coupling coverage to ensure the integration requirements of DO-178 are met.

Stack Analysis Tool to support worst-case stack usage

VerOStack is used to calculate worst-case stack usage and supports Worst-Case Execution Time (WCET) analysis required for DO-178 certification.

If you’d like to discuss your project needs or would like more information please get in touch