Success-Plan Services
Chip Downing
Part 10 of the RTI Military Avionics Blog Series
Particularly for today’s busy avionics design teams, I’m pleased to share that managing airborne systems certification just got easier. RTI recently achieved another certification milestone by delivering RTCA DO-178C DAL A certification to a U.S. Army Future Vertical Lift (FVL) customer following the latest release of RTI Connext® Cert. This delivery immediately reduces risk on all future avionics programs that need to achieve commercial or military airworthiness.
This certification was performed on a North Atlantic Industries, Inc. (NAI) 68PPC2 QorIQ® T2080 quad-core processor and a Single Board Computer (SBC) board running DDC-I’s Deos™ RTOS, supporting the Future Airborne Capability Environment™ (FACE) Operating System Segment (OSS) Safety Base Profile and supporting ARINC 653 and POSIX capabilities. Both NAI and DDC-I have existing certification evidence to complement RTI’s capabilities, which now dramatically reduces risk for integrated solutions from all three companies and their joint customers.
RTCA DO-178C, “Software Considerations in Airborne Systems and Equipment Certification,” is the primary document that the global certification authorities, including FAA, EASA and Transport Canada, use to approve all commercial software-based aerospace systems. The document is published by RTCA, Incorporated, in a joint effort with EUROCAE, and replaces the previous avionics standard DO-178B. Completed in 2011, the new document is called RTCA DO-178C and EUROCAE ED-12C. DO-178C is recognized as the leading means to achieve airworthiness for the software aspects of airborne systems and equipment certification.
RTCA DO-178C Design Assurance Level (DAL) A is the highest level of DO-178C certification. DAL levels are determined from the safety assessment process and hazard analysis by examining the effects of failure conditions in aircraft systems. The failure conditions are categorized by their effects on the aircraft, crew and passengers. Any software that commands, controls and monitors safety-critical functions in large commercial aircraft demands the highest level – DAL A. There are five DAL levels as described below:
- Catastrophic – Failure may cause deaths, usually with loss of the airplane.
- Hazardous – Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers.
- Major – Failure significantly reduces the safety margin or significantly increases crew workload. May result in passenger discomfort (or even minor injuries).
- Minor – Failure slightly reduces the safety margin or slightly increases crew workload. Examples might include causing passenger inconvenience or a routine flight plan change.
- No Effect – Failure has no impact on safety, aircraft operation, or crew workload.
Achieving a given DAL level requires the completion of a select number of objectives described in DO-178C, some with independent review outside of the software development team that wrote the software. The number of DO-178C objectives is detailed in the table below:
| DO-178C DAL Level |
Failure Condition Level |
Number Of Objectives |
Objectives With Independence |
| A |
Catastrophic |
71 |
30 |
| B |
Hazardous |
69 |
18 |
| C |
Major |
62 |
5 |
| D |
Minor |
26 |
2 |
| E |
No Safety Effect |
0 |
0 |
An important observation is that the number of objectives is not linear – there is a large jump between DAL D and DAL C. Similarly, the difference in the number of objectives between DAL A and DAL C is only 9, so the effort to perform DAL C certification is only modestly less than DAL A.
The delivery of this DO-178C certification evidence complements our previously announced completion of the functional safety certification of Connext Cert to ISO 26262 ASIL D using QNX® OS for Safety on an Arm processor, supporting automotive and autonomous vehicles. Today, RTI Connext® is used in over 1,800 design wins, and in more than 200 avionics and over 250 autonomous systems programs.
These DO-178C and ISO 26262 certifications reduce both project cost and risk, while accelerating time to production and deployment for RTI customers developing these systems. RTI’s commercial certification evidence contains independently-audited design documents, high- and low-level requirements, project documents, audit memos, test results, and more. This eliminates the need for customers to generate thousands of certification documents that a customer will need to support over the life of their avionics project. And because RTI can share the cost of this commercial certification evidence over multiple customer programs, the cost of procuring and supporting this evidence from RTI is far lower than a single-project certification effort.
Stay tuned for more certification announcements as RTI continues to fill out its critical systems software product portfolio. For more information about Connext Cert, please click here.
About the author
Chip Downing is Senior Market Development Director, Aerospace & Defense, Real-Time Innovations, Inc.
Chair, FACE Business Working Group Outreach Subcommittee