Plan for Software Aspects of Certification Requirements Document Document Number RD-XXXX Revision: 1.1 Date: 07-24-2018 Plan for Software Aspects of Certification Revisio n Primary Author Description of Change Date Approved 1.1 Christine Gavlas De-branded sample version of a document which was initially created for company use 07-24-2018 Contents 1 Scope .................................................................................................................................. 6 1.1 2 Referenced Documents ................................................................................................................. 6 System Overview................................................................................................................ 7 2.1 Description ..................................................................................................................................... 7 2.2 System Functions .......................................................................................................................... 7 2.2.1 Supported Datatype ............................................................................................................... 7 2.2.1.1 Description ......................................................................................................................... 7 2.2.1.2 Hardware-Software Allocation ........................................................................................... 7 2.2.2 Text-Display Functions .......................................................................................................... 7 2.2.2.1 Description ......................................................................................................................... 7 2.2.2.2 Hardware-Software Allocation ........................................................................................... 7 Page | 2 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 2.2.3 3 2.2.3.1 Description ......................................................................................................................... 8 2.2.3.2 Hardware-Software Allocation ........................................................................................... 8 2.3 Physical Specifications .................................................................................................................. 8 2.4 System Architecture ...................................................................................................................... 9 2.5 Processor....................................................................................................................................... 9 2.6 Hardware-Software Interfaces ....................................................................................................... 9 2.7 Safety Features ............................................................................................................................. 9 Software Overview – DO-178C 11.1................................................................................. 11 3.1 Redundancy................................................................................................................................. 11 3.1.1 4 5 Keyboard-Input Functions ..................................................................................................... 8 Multiple-Version Dissimilar Software ................................................................................... 11 3.2 Resource Sharing ........................................................................................................................ 11 3.3 Fault Tolerance, Failure Detection Safety Monitoring ................................................................. 11 3.4 Software Timing and Scheduling Strategies ............................................................................... 12 Certification Considerations – DO-178C 2.0 ................................................................... 13 4.1 Software Level and Means of Compliance .................................................................................. 13 4.2 Justification of Software Level ..................................................................................................... 13 4.3 Potential Software Contributions to Failure Conditions ............................................................... 13 Software-Component Life Cycles – DO-178C 3.0 ........................................................... 14 5.1 Life Cycle of PD-XXX Development ............................................................................................ 15 5.1.1 Planning Process ................................................................................................................. 15 5.1.1.1 Software Development Plan ............................................................................................ 16 5.1.1.2 SCM Process ................................................................................................................... 16 5.1.1.3 SQA Process ................................................................................................................... 17 Page | 3 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 5.1.2 Development Process ......................................................................................................... 17 5.1.2.1 Software Requirements Process ..................................................................................... 17 5.1.2.2 Software Design Process ................................................................................................ 18 Coding Process ............................................................................................................................... 19 Release Process ................................................................................................................................. 19 Integration Process .......................................................................................................................... 19 Verification Process ......................................................................................................................... 20 5.1.3 5.2 6 Life-Cycle Data ............................................................................................................................ 21 5.2.1 Data Items ........................................................................................................................... 22 5.2.2 Data Formats ....................................................................................................................... 22 Schedule ........................................................................................................................... 23 6.1 7 Certification Liaison Process ............................................................................................... 21 Additional Considerations ............................................................................................................ 23 Additional Considerations – DO-178C 12.0 .................................................................... 24 7.1 Alternate Methods of Compliance – DO-178C 12.1 .................................................................... 24 7.2 Tool Qualification – DO-178C 12.2 ............................................................................................. 24 7.3 Previously-Developed Software – DO-178C 12.1 ....................................................................... 24 7.4 Option-Selectable Software – DO-178C 2.5.4 ............................................................................ 24 7.5 User-Modifiable Software – DO-178C 2.5.2 ................................................................................ 24 7.6 Commercial Off-The-Shelf Software – DO-178C 2.5.3 ............................................................... 25 7.7 Field-Loadable Software – DO-178C 2.5.5 ................................................................................. 25 7.8 Multiple-Version Dissimilar Software – DO-178C 2.4.2 .............................................................. 25 7.9 Product Service History – FAA AR-01/116 .................................................................................. 25 List of Tables Page | 4 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification Table 2.1: PD-xxxx physical specifications ................................................................................................... 8 Table 6.1 :Software Life-cycle data Release Schedule ............................................................................... 23 List of Figures Figure 1: Planning Process ......................................................................................................................... 15 Page | 5 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 1 Scope The purpose of this document is to outline the tests to be performed on the PD-xxxx to comply with environmental conditions outlined in the RTCA DO-178C: “Software Considerations in Airborne Systems and Equipment Certification” document. From this point forward, the PD-xxxxxxx will be referred to as the PD-xxxx. 1.1 Referenced Documents Other documents referenced with this test plan include: • Document 1 • Document 2, etc. Page | 6 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 2 System Overview 2.1 Description Refer to product documentation. What is the top-level concept for this product? Include such factors as: • Usability and user need (field loadable software, interface functions, user customization) • Design philosophy (compatibility, adaptability to change, etc.) • Safety and certification criteria What purpose does it serve? 2.2 System Functions What does the system do, in terms of computing? Summarize its functions in subsections below. (see examples) 2.2.1 Supported Datatype 2.2.1.1 Description The system shall provide X, so that design criteria Y will be met. 2.2.1.2 Hardware-Software Allocation This functionality is implemented in software. 2.2.2 Text-Display Functions 2.2.2.1 Description A set of functions shall be provided appropriate for outputting data to a text-oriented display. The types of functions provided by TNXXX shall include… 2.2.2.2 Hardware-Software Allocation The implementation of this functionality will vary depending on… Page | 7 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 2.2.3 Keyboard-Input Functions 2.2.3.1 Description Keyboard data is provided to the application software by means of a FIFO buffer and associated functions for adding/removing data to/from the buffer. Separate buffer events shall be generated for key-depression and key-release. 2.2.3.2 Hardware-Software Allocation An interrupt-service routine shall scan the keyboard with some (unspecified) degree of regularity, debounce the keystrokes, etc… 2.3 Physical Specifications Provide a table summarizing the hardware/device specifications, if applicable to this project. Table 2.1: PD-xxxx physical specifications Part Number PD-xxxx-xxx Model: Dimensions: Weight: Power: Cooling: Capacity (Add or remove additional specifications as required) WLAN: (Add or remove additional specifications as required) Operating Temperature Range: (Add or remove additional specifications as required) Cold Start Temperature (Add or remove additional specifications as required) Maximum Altitude (Add or remove additional specifications as required) Environmental Qualification: (Add or remove additional specifications as required) Page | 8 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 2.4 System Architecture • • For a standalone software product: o Describe the system architecture required for this product, as defined in the project documentation. o Define the requirements based on features and functionality of the product– min/max RAM, interface with peripheral hardware, etc. For the onboard software installed in a greater system (LRU, handset, etc.): o Describe the system architecture as defined in the project documentation. o Define how product functionality is supported by the system architecture 2.5 Processor For a standalone software product, define the processor requirements (min/max) for the product. For the onboard software in a greater system, describe the processor as defined in the project documentation. 2.6 Hardware-Software Interfaces Describe the hardware-software interface (HAL?) for the product, as defined in the project documentation. Describe all interfaces, abstractions or dependencies present in the system. 2.7 Safety Features Describe all software-governed safety features present in the system, such as: • Functions, constraints • Monitoring, failure detection • Partitioning • Multiple-version dissimilar software, redundancy Page | 9 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification • Dependencies Page | 10 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 3 Software Overview – DO-178C 11.1 Describe the top-level concept for the software, answering such questions as: • What is its intended use? • What is its range of effect within the system? • Which hardware system resources does it rely on? The following subsections may be further granularized as necessary. 3.1 Redundancy Define and describe software redundancies present in the system, answering such questions as: • What form of redundancy has been included in the product design? • How has independence between redundancies been established? See example below. 3.1.1 Multiple-Version Dissimilar Software PD-xxxx has been designed to incorporate two independently-functioning versions of feature X… 3.2 Resource Sharing Define and describe any resource sharing functions present in the system, answering such questions as: • Which peripheral systems has the system been designed to share with? • What is the nature of the data being shared between systems? 3.3 Fault Tolerance, Failure Detection Safety Monitoring Define and describe the software-based fault tolerance, failure detection and safety monitoring components present in the system, answering such questions as: Page | 11 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification • Which anomalies/failures has the component been designed to detect? • How has the component been designed to mitigate the risk of failure in its area of focus? • What assumptions have been made about the point of failure for the fault tolerance system? • How has functional independence between the component and its area of focus been established? 3.4 Software Timing and Scheduling Strategies Describe the timing/scheduling strategy for the product code, components, etc., including such factors as: • Scheduled tasks and services • Dependencies • Routines Page | 12 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 4 Certification Considerations – DO-178C 2.0 4.1 Software Level and Means of Compliance The PD-XXX software is suitable for certification via RTCA DO-178C at level X. 4.2 Justification of Software Level Provide explanation for the level ascribed to TNXXX in 4.1. Answer such questions as: • What is its range of effect within the greater system? • Which dependencies exist between the greater system and the software/its components? • How would catastrophic failure of the software or its components affect the greater system (see RTCA DO-178C, 2.2.3)? 4.3 Potential Software Contributions to Failure Conditions Describe how conditions of use of TNXXX may contribute to failure conditions for the system, based on the considerations outlined in 4.2. Page | 13 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 5 Software-Component Life Cycles – DO-178C 3.0 Describe the planned development life-cycle(s) for all components within the software system. Refer to the corresponding project documents when populating each section. See examples below. The figure below is based on a generic planning process, and may not reflect the processes being used for your project. Review the software life-cycle which has been established for your project and modify the following subsections as necessary. Page | 14 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification Figure 1: Planning Process 5.1 Life Cycle of PD-XXX Development 5.1.1 Planning Process Page | 15 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification The Planning Process precedes all other life-cycle processes. Standards and processes established during this stage of the PD-XXX life-cycle inform subsequent stages of the project, in accordance with RTCA DO-178C 4.0. PD-XXX is being ranked as software level D; consequently, in accordance with Annex A of DO178C, no external verification of these requirements is necessary. 5.1.1.1 Software Development Plan Describe the software planning process which will be established for this project, answering such questions as: • Which Software Development Standards system (ISO/IEE/etc.) will be used for the project? • How will changes to the product design (traceability) or development plan be managed? • Which Software Requirements Standards system will be used for the project? • Which stakeholders/teams will be responsible for developing this product? • How will coordination between different teams/processes be maintained throughout the project? • How will development life-cycle data be made secure and retrievable throughout the project? • What is the software development environment like? • How will additional considerations (previously-developed software, etc.) be managed? • How will systems and methods used for this project support the objectives established by the System Safety Analysis? 5.1.1.2 SCM Process Describe the Software Configuration Management Process which will be established for this project, answering such questions as: • How will software design changes be identified and managed throughout the development cycle? • How will problem reporting, tracking and revisioning be managed? Page | 16 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification • How will version control gates be established? o Baseline establishment o Identification o Documentation o Traceability o Certification • How will integration be managed? • Who will oversee configuration/change management for the project? 5.1.1.3 SQA Process Describe the Software Quality Assurance process which will be established for this project, answering such questions as: • How will system safety requirements for this product be met? • How will the verification process be managed? • How will software functionality/usability testing be conducted? • How will software certification testing be conducted? o • TSO, FAA, TC, etc. Who will oversee quality assurance for this project? 5.1.2 Development Process 5.1.2.1 Software Requirements Process High-level software requirements for PD-XXX have been established in accordance with DO178C 5.1. The following documents have informed this process: • System Requirements Document • Software Development Plan • Hardware Requirements Document • Software Requirements Standards • System Safety Assessment Document, etc. Page | 17 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification Describe the process used to define high-level software requirements for this project, considering such factors as: • Compliance/traceability with the System Requirements Document • Allocation of system requirements/resources • Functional and operational requirements • Compatibility • Performance criteria • Tolerances • Safety-related requirements • Failure detection and safety monitoring requirements • Verifiability 5.1.2.2 Software Design Process Low-level software requirements for PD-XXX have been established in accordance with DO-178C 5.2. The following documents have informed this process: • Software Requirements Data • Software Development Plan • Software Design Standards Describe the process used to define software design requirements for this project, considering such factors as: • Compliance/traceability with the Software Requirements Data • Robustness of: • o Low-level software requirements definition o Low-level software requirements analysis Safety-related requirements Page | 18 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification • Failure detection and safety monitoring requirements • Trace data generation • Additional concerns resulting from features known to affect overall system safety level (see DO-178C 5.2.3, 5.2.4) Coding Process The coding process for PD-XXX has been established in accordance with DO-178C 5.3. The following documents have informed this process: • Software Development Plan • Software Design Requirements Document • Software Code Standards Describe the process used to define source code development for this project, considering such factors as: • Compliance/traceability with the Software Design Requirements • Error detection • Error reporting • Trace data generation • Compliance with Software Code Standards Release Process Integration Process The integration process for PD-XXX has been established in accordance with DO-178C 5.4. The following documents have informed this process: • Software Design Requirements Document • Source Code Describe the integration process for this project, considering such factors as: Page | 19 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification • Integration environment • Error detection • Parameter Data Item File generation • Trace data generation Verification Process The verification process for PD-XXX has been established in accordance with DO-178C 6.0. The following documents have informed this process: • System Requirements Document • Software Verification Plan • Source Code, Executable Object Code • Trace Data Describe the verification process for this project, considering such factors as: • Compliance/traceability with the System Requirements Document • Verifiability • Software testing objectives • o High-level requirements o Low-level requirements o Source Code o Integration process Testing environment o Compatibility with target computer/peripherals • Error detection • Error reporting • Algorithm accuracy • Partitioning integrity Page | 20 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification • Reverification process 5.1.3 Certification Liaison Process The certification liaison process for PD-XXX has been established in accordance with DO-178C 9.0. Note: For software level D, external certification review is not required. For projects given software level D, an internal system should be established to ensure DO-178C compliance. Describe the certification liaison process for this project, considering such factors as: • Submitting software development documents for review by the certification authority: o PSAC o SVP o SDP o SCMP o SQAP o PSSA o SAS • Resolving issues identified by the certification authority during the review process. • Cooperating with the certification authority throughout the software life cycle. 5.2 Life-Cycle Data This section provides more detailed explanation regarding the documentation and reporting process which will be undertaken throughout the software life cycle to ensure compliance with RTCA DO-178C. As described in DO-178C 11.0, software life-cycle data should be: 1. Unambiguous: written with clarity and impossible to misinterpret 2. Complete: robust, presenting and describing all necessary data 3. Verifiable: measurable, can be confirmed or tested 4. Modifiable: structured so that it can be changed or amended without becoming less coherent/usable Page | 21 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 5. Traceable: presented with a clear point of origination 5.2.1 Data Items Describe the process flow for life-cycle data which will be produced during this project, e.g.: The following items or categories of life cycle data items are created as follows: The Preliminary System Safety Analysis (PSSA) is created by the Planning Process The Plan for Software Aspects of Certification (PSAC) is created by the PSSA and the Requirements Process The System Requirements Document is created by the Requirements Process The Software Requirements Document is created by the System Requirements Document The Software Development Plan is created by the Software Requirements Document and the Planning Process The Software Design Standards are created by the Software Development Plan The Software Code Standards are created by the Software Development Plan The Software Configuration Management Plan is created by the Software Development Plan The Software Verification Plan is created by the PSAC The Software Quality Assurance Plan is created by the PSAC 5.2.2 Data Formats Describe how life-cycle data will be made available to team members, stakeholders and the certification authority, answering such questions as: • What formats will be used for different forms of data (i.e. specifications vs audit forms vs EOC)? • Where will data be hosted? Page | 22 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 6 Schedule Describe the method and timeline for presenting life-cycle data to the certification authority during this project. The timeline should reflect the established schedule for this project. Note: For software level D, external certification review is not required. For projects given software level D, an internal system should be established to ensure DO-178C compliance. Table 6.1 :Software Life-cycle data Release Schedule Data Dependency Requirement For: Date Software Requirements Document System Requirements Document Software Development Plan mm/dd/ yyyy Software Development Plan • Project Plan • • Software Requirements Document Software Design Standards • Software Code Standards • Software Configuration Management Plan • Software Test Plan Software Verification Plan • PSAC mm/dd/ yyyy Dd/mm/ yyyy 6.1 Additional Considerations Describe any additional considerations or issues affecting life-cycle data for this project. Page | 23 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification 7 Additional Considerations – DO-178C 12.0 This section covers additional considerations or issues affecting the project, such as software type, product history, or tool use. 7.1 Alternate Methods of Compliance – DO-178C 12.1 Describe the RTCA DO-178C alternative/analogous qualification system being applied to this project. Otherwise, indicate that no alternative system is being used. 7.2 Tool Qualification – DO-178C 12.2 Software tool use is appropriate in situations where the tool will automate, eliminate or reduce software life cycle processes with the same confidence as the processes it is replacing. Any tools being incorporated into the software system which do not produce verifiable output must be qualified independently. Refer to RTCA DO-178C 12.2 and DO-330, “Software Tool Qualification Considerations” for more information. 7.3 Previously-Developed Software – DO-178C 12.1 If this software product is based on existing software which had previously been deemed compliant with DO-178C, describe the changes which are being applied to it, considering such factors as: • Changes to application environment (aircraft) • Changes to development environment • Changes to intended use Explain how the impact of changes in the product or its use will be analyzed. Explain how the product will be assessed and reverified to comply with DO-178C. 7.4 Option-Selectable Software – DO-178C 2.5.4 If this software product will be providing software-based governance of hardware-based system features, explain the measures which have been put in place to safeguard against faults related to this software. 7.5 User-Modifiable Software – DO-178C 2.5.2 Page | 24 Document Number RD-XXXX Your Company Confidential Plan for Software Aspects of Certification If this software product is designed to allow users to modify features and settings, explain the measures which have been put in place to safeguard against faults related to this software. 7.6 Commercial Off-The-Shelf Software – DO-178C 2.5.3 If this product will include pre-made commercial (COTS) software, explain the measures which have been put in place to certify and integrate the COTS software. 7.7 Field-Loadable Software – DO-178C 2.5.5 If this product is designed to allow installation/upgrades in situ, explain the measures which have been put in place to safeguard against faults related to this software. 7.8 Multiple-Version Dissimilar Software – DO-178C 2.4.2 If this product will include multiple-version dissimilar software, explain the measures which have been put in place to safeguard against faults related to this software. 7.9 Product Service History – FAA AR-01/116 If this software product is based on existing software, past testing and operation data may provide evidence of DO-178C software level and compliance for the product described in this document. If this software product has been deemed similar enough to its predecessor to warrant this consideration, explain the product service history here. Provide citations. Page | 25 Document Number RD-XXXX Your Company Confidential