M o d u l e 5 . 1 3 – L e v e l 2

Software Management

Control

Software Management Control

Manufacturers & Design Organisations assign software levels based on the strictness effect of possible software errors

Extensive use is now being made in aircraft of software based equipment and systems

Computers are now used extensively in modern aircraft

Typically, software may be used in:

Primary & Secondary Flight Controls

Engine controls

Electrical generation and distribution

Brakes

Radio and navigation equipment

Flight instruments

Automatic Flight Control, etc.

Software Management Control

In software engineering, Software Configuration Management (SCM) is the task of tracking and controlling changes in software

In aviation we call it Software Management Control (SMC)

SMC/SCM practices include Revision Control and the creation of Baselines

If something goes wrong, SMC/SCM can determine what was changed and who changed it.

Software Management Control

Software may have a direct influence on aircraft safety

Loading unapproved software programs may have catastrophic results

To meet the requirements for Controlled Items we must meet the Legislatory Requirements of EASA/BCAR/FAR, etc

In addition, we must control its certification & post-certification configuration in a way equivalent to that for conventional safety critical systems.

Software Management Control

Software is assigned levels in accordance with its

use as follows:

Level 1 Critical - prevention of continued safe flight and

landing of the aircraft

Level 2 Essential - reduction of the aircraft/flight crew

capability to cope with adverse operating condition

Level 3 Non-essential - no significant degradation of

aircraft capability or flight crew ability.

Software Management Control

For initial Software Certification of systems or equipment, the Design Organisation provides evidence to EASA that the Software has been designed, tested and integrated with the hardware that ensures compliance.

With Level 1 or 2 software, a modification that affects software must NOT be embodied unless it has been approved by the responsible Design Organisation

Aircraft operators need to ensure that their defect reporting procedures includes reporting software problems to the responsible Design Organisation.

Software Management Control

Software modifications are subject to the same approval

procedures as hardware modifications

Modified software is identified and controlled in

accordance with procedures laid down in the software

configuration management plan

Software is treated as an independent aircraft part

Hardware part numbers do not reflect or determine the

loaded software.

Software Management Control

A check of software part number (s) must always be made on replacing units that are on-board loadable, eg FMS Database

Spare hardware may, for economic reasons, be pre-loaded with software in workshops

Such parts are not a Configuration Control Unit until they have been installed on the aircraft and configured correctly for that aircraft

Pre-loading software seeks to avoid the need for loading on the aircraft but not the need for checking on the aircraft.

Software Management Control

Tie-on-tags and information in stock control systems

may indicate preloaded software state for

convenience

But software must still be checked on installation of

the unit in the aircraft

They are under control of the Software

Configuration Management process.

Software Management Control

The demonstration of capability for Design Organisations is managed by EASA

This is in accordance with Regulation (EC) 748/2012, which includes Design Organisation Approvals (DOA)

DO-178B, Software Considerations in Airborne Systems and Equipment Certification is a document dealing with the safety of software used in certain airborne systems.

Software Management Control

In the USA the FAA applies DO-178B as the document it uses for guidance to determine if the software will perform reliably in an airborne environment, when specified by the Technical Standard Order (TSO) for which certification is sought

The introduction of TSOs into the airworthiness certification process, and by extension DO-178B, is explicitly established in 14 Code of Federal Regulations (CFR) Part 21, Subpart O

It was published by RTCA Incorporated

Software Management Control

Development was a joint effort with the European

Organisation for Civil Aviation Equipment

(EUROCAE) who publish the document as ED-12B.

ED-12C/Software considerations in airborne

systems and equipment certification is now the

latest standard