EUROCAE - ED-79
CERTIFICATION CONSIDERATIONS FOR HIGHLY-INTEGRATED OR COMPLEX AIRCRAFT SYSTEMS
|Publication Date:||1 November 1996|
This document discusses the certification aspects of highly-integrated or complex systems installed on aircraft, taking into account the overall aircraft operating environment and functions. The term "highly-integrated" refers to systems that perform or contribute to multiple aircraft-level functions. The term "complex" refers to systems whose safety cannot be shown solely by test and whose logic is difficult to comprehend without the aid of analytical tools.
The guidance material in this document was developed in the context of Federal Aviation Regulations (FAR) and Joint Airworthiness Requirements (JAR) Part 25. It may be applicable to other regulations, such as Parts 23, 27, 29 and 33. In general, this material is also applicable to engine systems and related equipment. Final regulatory approval of all systems is assumed to be accomplished in conjunction with an aircraft certification.
This document has been prepared primarily for electronic systems which, by their nature, may be complex and are readily adaptable to high levels of integration. However, the guidance provided in this document may be considered for other aircraft systems.
This document addresses the total life cycle for systems that implement aircraft-level functions. It excludes specific coverage of detailed systems, software and hardware design processes beyond those of significance in establishing the safety of the implemented system. More detailed coverage of the software aspects of design are dealt with in EUROCAE/RTCA document ED-12B/DO-178B. Coverage of complex hardware aspects of design are dealt with in EUROCAE/RTCA document ED-80/DO-xxx, (working title: "Design Assurance Guidance for Airborne Electronic Hardware,") currently under development by EUROCAE WG-46 and RTCA special committee SC-180. Methodologies for safety assessment processes are outlined in SAE document ARP4761. Figure 1 outlines the relationships between the various documents which provide guidance for system development, safety assessment, and the hardware and software life-cycle processes.
This document is intended to be a guide for both the certification authorities and applicants for certification of highly-integrated or complex systems, particularly those with significant software elements. As such, the focus is toward ensuring that safety is adequately assured through the development process and substantiating the safety of the implemented system. Specific guidance on how to do the substantiation work is beyond the scope of this document, though references are provided where applicable.
This document is intended to cover the needs of current technology and, as far as possible, emerging technology. It is anticipated that this document will be revised periodically to incorporate future technological changes and engineering process improvements.
These guidelines are intended to provide designers, manufacturers, installers, and certification authorities a common international basis for demonstrating compliance with airworthiness requirements applicable to highly-integrated or complex systems. The guidelines are primarily directed toward systems that integrate multiple aircraft-level functions and have failure modes with the potential to result in unsafe aircraft operating conditions. Typically, these systems are software based and involve significant interactions with other systems in a larger integrated environment. Frequently significant elements of these system are developed by separate individuals, groups or organizations. Highly-integrated or complex systems require added design discipline and development structure to ensure that safety and operational requirements can be fully realized and substantiated. While these guidelines could be applied to the development of simpler systems, the formality of the development structure, processes, and documentation should be reduced substantially.
Since this document is intended to provide a common basis for certification, the guidelines concentrate primarily on safety requirements associated with JAR/FAR 25.1309. Other requirements that determine the basis for satisfactory functionality, such as JAR/FAR 25.1301, can be addressed using this same guidance or simple extensions.
Much of the material covered in this document is not new and, where relevant, references are included to related documents. Many of processes referred to in this document are undergoing rapid evolutionary development. Moreover, the extent to which different systems can be classified as complex or highly-integrated is subject to wide variation. By providing a single publication that addresses the generic, high-level aspects of certification of highly-integrated or complex systems, it is believed that a broader understanding of the fundamental issues will develop. This, in turn, should aid both the applicant and the certification authorities in reaching agreement on the detailed system certification process for a particular aircraft model.
This document does not provide guidelines concerning the structure of the applicant's organization nor how the responsibilities for certification activities are divided. Neither should any such guidance be inferred from the descriptions provided.