active, Most Current
Buy Now
Organization: EUROCAE
Publication Date: 1 April 2000
Status: active
Page Count: 194

This document provides guidance for design assurance of airborne electronic hardware from conception through initial certification and subsequent post certification product improvements to ensure continued airworthiness. It was developed based on showing compliance with certification requirements for transport category aircraft and equipment but parts of this document may be applicable to other equipment.

The relationship between the system life cycle and the hardware design life cycle is described to aid in the understanding of the interrelationships of the system and hardware design assurance processes. A complete description of the system life cycle, including system safety assessment (SSA) and validation, and the aircraft certification process is not intended.

Certification issues are discussed only in relation to the hardware design life cycle. Aspects concerning the ability to produce, test, and maintain the hardware item are addressed only as they relate to airworthiness of the hardware design.

The guidance in this document is applicable, but not limited to, the following hardware items:

1. Line Replaceable Units (LRUs).

2. Circuit Board Assemblies.

3. Custom micro-coded components, such as Application Specific Integrated Circuits (ASICs) and Programmable Logic Devices (PLDs), including any associated macro functions.

4. Integrated technology components, such as hybrids and multi-chip modules.

5. Commercial-Off-The-Shelf (COTS) components.

Additional considerations that refer specifically to COTS components are included in Section 11 since COTS component suppliers may not necessarily follow the design processes described by this document or provide the necessary hardware design life cycle data.

This document does not attempt to define firmware. Firmware should be classified as hardware or software and addressed by the applicable processes. This document assumes that during the system definition, functions have been allocated to either hardware or software. RTCA DO-178/EUROCAE ED-12 provides guidance for functions that are allocated to implementation in software. This document provides guidance for functions that are allocated to hardware.

NOTE: This allows an efficient method of implementation and design assurance to be determined at the time the system is specified and functions allocated. All parties should agree with this system decision at the time that the allocation is made.

Assessment and qualification of tools used for hardware item design and verification is addressed in Section 11.4.

This document does not provide guidance concerning organizational structures or how responsibilities are divided within those structures.

Environmental qualification criteria are also beyond the scope of this document.


This document has been prepared to assist organizations by providing design assurance guidance for the development of airborne electronic hardware such that it safely performs its intended function, in its specified environments. This guidance should be equally applicable to current, new, and evolving technologies. The purposes of this document are to:

1. Define hardware design assurance objectives.

2. Describe the basis for these objectives to help ensure correct interpretation of the guidance.

3. Provide descriptions of the objectives to allow the development of means of compliance with this and other guidance.

4. Provide guidance for design assurance activities to meet the design assurance objectives.

5. Allow flexibility in choice of processes necessary to meet the objectives of this document including improvements, as new process technologies become available.

This document recommends the activities that should be performed in order to meet design assurance objectives, rather than detailing how a design should be implemented.

The philosophy used to generate this guidance document is one of a top-down perspective based on the system functions being performed by electronic hardware and not a bottom-up perspective or one based solely on the specific hardware components used to implement the function. A top-down approach is more effective at addressing safety design errors by facilitating informed system and hardware design decisions, and efficient and effective verification processes. For example, verification should be performed at the highest hierarchical level of the system, assembly, and subassembly, component or hardware item at which compliance of the hardware item to its requirements can be achieved and the verification objectives satisfied.

Document History

April 1, 2000
This document provides guidance for design assurance of airborne electronic hardware from conception through initial certification and subsequent post certification product improvements to ensure...