DO-178C compliance

Manage requirements efficiently and more accurately with IBM Engineering Requirements Management DOORS Next

Introduction

The unique challenges in developing safety-critical software for aviation

2 min read

01

DO-178C overview

A framework for developing airborne software systems

2 min read

02

Planning and development

The rigors of documentation that ensure traceability and requirements fulfillment

2 min read

03

Verification

Proving the absence of errors comes with a correct understanding of the requirements

4 min read

04

Configuration management and quality assurance

Achieving consistency in function, design performance and operational characteristics

2 min read

05

IBM solutions to support DO-178C compliance

Collaboration, automation and reporting capabilities that help achieve compliance

4 min read

06

Why IBM

Deep industry expertise that helps you build confidence, minimize risk and get ROI

1 min read

07

Next steps

IBM Engineering Requirements Management DOORS Next

IBM Engineering Requirements Management DOORS Next →

Deliver the connected products that the marketplace demands with a scalable solution to capture, trace, analyze and manage changes to requirements

Launch interactive demo

Launch interactive demo

Discover how managing requirements can help you develop the right features.

Watch the video

Watch the video →

Improve requirements management with IBM Engineering Requirements Management DOORS Next

DO-178C compliance

01

Introduction

2 min read

The unique challenges in developing safety-critical software for aviation

Companies designing and building safety-critical systems need robust methods and collaborative platforms. This white paper introduces best practices for software development and DO-178C compliance. It also looks at IBM Engineering Requirements Management DOORS Next solutions and approaches that can help organizations deliver safety-critical products, improve collaboration, and increase efficiency and profitability.

The cost of designing and building safety-critical systems is steadily increasing

In the aerospace and defense (A&D) industry, costs associated with product functionality are increasing over time1 — putting significant pressure on A&D companies to do more with less or to sacrifice functionality to meet cost pressures. Software development and testing alone may be a significant factor in these rising costs, and the DO-178C standard and its related technology supplements have the potential to drive costs up even further.

Consequences of a potential software failure

 
Level A: Catastrophic Cost: x 10

Projects that need to comply with DO-178C standards could see cost increases anywhere from 25 percent to 40 percent compared to projects that don’t require compliance.2

Original cost | 25% | 40%

The sources of additional costs may include the following:


Reduced developer productivity due to increases in process complexity


Manual reporting and documentation processes that are not suited to the level of detail required to comply with DO-178C


Qualification activities involved in compliance


02 DO-178C overview

DO-178C compliance

02

DO-178C overview

2 min read

The purpose of DO-178C is to provide guidance for developing airborne software systems to ensure that it performs its intended function with a level of confidence commiserate with its airworthiness requirement. DO-178C is objective driven and companies may use a variety of means to achieve compliance as long as they meet the objective(s) in question. To comply with DO-178C, companies must provide multiple supporting documents and records surrounding their development processes.

Different airworthiness levels within DO-178C — A, B, C, D and E — directly correspond to the consequences of a potential software failure: catastrophic, hazardous/severe-major, major, minor or no effect, respectively. Each software level has a defined number of objectives that need to be satisfied (some with independence). Objectives requiring independence need documentary evidence that the person verifying the item is not be the person who developed the item.

Levels Failure condition Objectives With independence
A Catastrophic 71 33
B Hazardous 69 21
C Major 62 8
D Minor 26 5
E No safety impact 0 0

Table 1. Objectives for each software level


These different software level certifications also determine the rigor required in testing and other aspects of development.

Software verification is the most challenging part of this process

DO-178C compliance involves six key processes: planning, development, verification, configuration management, quality assurance (QA) and certification liaison. Because the certification liaison process is not a development activity, this white paper only focuses on the first five areas.

One of the significant changes in DO-178C from DO-178B is that there are four additional supplements that may be used in conjunction with the DO-178C.

These supplements cover model-based development and verification supplement (DO-331.); object-oriented technology and related techniques supplement (DO-332); formal methods supplement (DO-333); and software tool qualification considerations (DO-330). These supplements have been used to avoiding the need to update or expand the text inside the main DO-178 document. For example, the qualification criteria for software development and verification tools has been deleted in version C and has been replaced with a section that details the criteria for determining if tool qualification is needed. The objectives, activities, guidance, and life cycle data required for each Tool Qualification Level are described in DO-330, “Software Tool Qualification Considerations”.

03 Planning and development

DO-178C compliance

03

Planning and development

2 min read

As with the other processes involved in proving compliance with DO-178C, planning requires associated output documentation, including the following:


Plan for software aspects of certification (PSAC)


Software development plan (SDP)


Software verification plan (SVP)


Software configuration management plan (SCMP)


Software quality assurance plan (SQAP)


System requirements


Software requirements standard (SRS)


Software design standard (SDS)


Software code standard (SCS)


Output documents associated with meeting DO-178C standards in the development process include software requirements data, software design descriptions, source code and executable object code.

According to DO-178C stipulations, without verifiable, unambiguous, consistent and well-defined requirements, you must create a problem report and submit the issue back to the input source to be clarified and corrected. You must also be able to trace those system requirements that will be realized by high level software requirements to one or more low-level software requirements, and a low-level requirement to one or more high-level software requirements. Plus, you need to provide all of your derived requirements to the system safety assessment process. In a nutshell, this means that all of the source code you develop needs to be traceable, verifiable and consistent, and it needs to correctly fulfill the low-level software requirements.

Your source code needs to correctly fulfill low-level software requirements, and be traceable, verifiable and consistent.

DO-178C requires effective capabilities for measuring and reporting project status deliverables. Automated measurement and reporting tools can fulfill DO-178C requirements by enabling you to do the following:


Gain access to data in multiple tools across the development workflow to avoid slow, costly and error-prone manual data collection


Automatically generate reports and dashboards to help ensure that you generate consistent evidence of compliance and provide stakeholders with the correct information in a timely manner


04 Verification

DO-178C compliance

04

Verification

4 min read

To help ensure that your software fulfills DO-178C requirements, you must submit a verification report that shows the absence of errors — not just that you have tested for and detected errors.

Minimal risk exposure is when opportunity cost and competitive threats outweigh risk reduction related to quality improvements

You need to prove that all lower-level artifacts satisfy higher-level artifacts, that you have accomplished traceability between requirements and test cases via requirements-based coverage analysis, and that you can show traceability between code structure and test cases through a structural coverage analysis. Each requirement in your software development process must be traceable not only to the code that implements it, but also to the review, test or analysis through which it has been verified. You must also ensure that you can trace implemented functionality back to requirements and that testing can prove this. In other words, you need to eliminate any dead code or code that is not traceable to requirements.

Output documentation associated with DO-178C includes the following:


Software verification cases and procedures (SVCP)


Software verification results (SVR)


Review of all requirements, design and code


Testing of executable object code


Code coverage analysis




Line, decision and condition coverage requirements are determined by the compliance level (A-E).

Levels Coverage Coverage requirements
A MCDC Level B + 100 percent Modified Condition/Decision Coverage
B DC Level C + 100 percent Decision Coverage
C SC Level D + 100 percent Statement (or line) Coverage
D 100 percent Requirements Coverage
E No coverage
Coverage criteria Statement coverage Decision coverage Condition coverage Condition/
Decision coverage
Modified
condition/
Decision coverage
Multiple
condition/
Decision coverage
Every point of entry and exit in the program has been invoked at least once.
Every statement in the program has been invoked at least once.
Every decision in the program has reached all possible outcomes at least once.
Every condition in a decision in the program has reached all possible outcomes at least once.
Every condition in a decision has been shown to independently affect that decision’s outcome.
Every combination of condition outcomes within a decision has been invoked at least once.

Figure 1. DO-178C stipulates coverage testing requirements by compliance level.

As shown in figure 1, DO-178C defines specific verification objectives, including requirements-based testing, robustness testing and coverage testing, depending on the software level for which you are complying. At Level E, DO-178C requirements don’t apply. Level D requires 100 percent requirements coverage. Level C stipulates that companies meet Level D requirements plus 100 percent statement or line coverage. To gain Level B compliance status, companies must meet Level C requirements plus 100 percent decision coverage. Level A requires that companies meet all Level B requirements plus 100 percent modified condition decision coverage. Each type of coverage is defined in the standard — for example, statement coverage means that every statement in the program has been invoked at least once, while decision coverage means that every point of entry and exit in the program has been invoked at least once and every decision in the program has reached all possible outcomes at least once.

05 Configuration management and quality assurance

DO-178C compliance

05

Configuration management and quality assurance

2 min read

Configuration management


To support compliance with DO-178C elements surrounding configuration management, companies are required to do the following:


Uniquely identify each configuration item


Protect baselines of configuration items from change


Trace a configuration item to the configuration item from which it was derived (lineage and history)


Trace baselines to the baselines from which they were derived


Reproduce builds (replicate executable object code)


Provide evidence of change approvals


Produce output documentation for a software configuration index (SCI) and a software lifecycle environment configuration index (SECI)


DO-178C also requires that companies implement a problem reporting system to document any change to the formal design baseline.

Quality assurance

The QA process in DO-178C requires reviews and audits to demonstrate compliance. Key output documents in this process include software quality assurance records (SQARs), a software conformity review (SCR) and a software accomplishment summary (SAS).

06 IBM solutions to support DO-178C compliance

DO-178C compliance

06

IBM solutions to support DO-178C compliance

4 min read

Showing compliance to DO-178C can be a challenge in terms of the rigor, traceability and reporting required. An effective platform and process can reduce both the burden and the costs of compliance. IBM Engineering Requirements Management DOORS Next solutions for systems and software development provide cross-team and cross-lifecycle collaboration, automation and reporting capabilities to address the needs of DO-178C projects.


IBM Engineering Lifecycle Management tools provide the de facto standard software solution for requirements management. In coordination with IBM Engineering Workflow Management, IBM Engineering Systems Design Rhapsody, and IBM Engineering Test Management, when integrated, it provides extensive traceability capabilities to help you meet DO-178C requirements.


IBM Engineering Requirements Management DOORS Next is the leading requirements management application that can help you reduce costs, increase efficiency and improve quality by enabling you to optimize requirements communication, collaboration and verification throughout your organization and across your supply chain. Requirements Management software integrates with Test Management software to enable you to demonstrate requirements-based test coverage.


IBM Engineering Requirements Management DOORS Next is a web-based collaborative requirements management application that allows teams to work more effectively across disciplines, time zones and supply chains.


IBM Engineering Lifecycle Optimization - Publishing software is an automated document generation solution with the capability to connect a variety of data sources, including Engineering Lifecycle Management solutions and select third-party tools. Using IBM Engineering Lifecycle Optimization - Publishing software to automate document generation for ad hoc use, formal reviews, contractual obligations and regulatory compliance can help you improve productivity and reduce risk and cost.


IBM Engineering Systems Design Rhapsody is a collaborative design, development and test environment for systems engineers and software engineers. It provides:


Rapid prototyping and execution to address errors earlier when they are least costly to fix.


Automatic consistency checking to enhance agility and improve reuse with collaboration to reduce both recurring and non-recurring costs.


The ability to share, collaborate, and review your engineering lifecycle artifacts created with IBM Engineering Systems Design Rhapsody or other design tools, such as Mathworks Simulink, with the extended engineering team.


IBM Engineering Test Management software is a collaborative and customizable solution for test planning, execution management, workflow control, tracking and metrics reporting that provides a central hub through which to manage the verification process. By providing open interfaces, this offering allows you to connect IBM and third-party testing solutions to manage testing, results and defects.

When implemented across teams, the IBM Engineering Lifecycle Management tools provide a cross-platform solution for software component testing, runtime profiling and coverage analysis that can help code writers debug and correct errors before they get into production code. When integrated, these software solutions help you effectively manage test coverage related to the DO-178C verification process.

IBM Engineering Lifecycle Management solutions for the planning process

Repeatable processes can significantly reduce the overall time and cost of software development. To address DO-178C requirements and effectively produce planning deliverables, companies need a defined systems and software engineering process that can delineate workflows, inputs, outputs, roles and responsibilities. IBM’s solutions for Aerospace and Defense - DO-178C offer a set of best practices to help organizations develop products for these industries and is a plug in to IBM Engineering Lifecycle Optimization. These best practices can help accelerate the adoption of common process support, practices and tools to reduce the time to value for the client’s process improvement initiatives. Each practice is mapped to the objects in DO-178C, or its associated supplements, that it helps support compliance to.

These practices can be exported as templates for IBM Engineering Workflow Management, providing a consistent, executable work flow to help ensure your documented processes are followed and provides a basis for creating automated reports to help with compliance. A variety of templates are included to help reduce the time required to produce the various plans, reports or artifacts required by DO-178C.

IBM solutions for the engineering development process

Effective requirements management — and especially traceability from requirements to related development artifacts — is a key component of DO-178C. The IBM Engineering Lifecycle Management solutions support a traditional development lifecycle as well as model-based development according to DO-331. Model-based development can translate to reduced development time and the earlier identification of design inconsistencies by using the model-driven development capabilities within the Engineering Systems Design family of software.

The IBM System Design Kit for DO-178B/C describes a comprehensive workflow for model-based development: how each step helps meet the relevant development and tool qualification objectives in DO-178C and DO-331. This kit contains the following artifacts:

  • ● IBM Engineering Systems Design Rhapsody Kit for DO-178B/C Overview
  • ● IBM Engineering Systems Design Rhapsody Reference Workflow Guide
  • ● IBM Engineering Systems Design Rhapsody - TestConductor Add On Reference Workflow Guide
  • ● IBM Engineering Systems Design Rhapsody - TestConductor Add On Safety Manual
  • ● IBM Engineering Systems Design Rhpaosdy - TestConductor Add On Qualification Kit for DO-178B/C Over-view
  • ● IBM Engineering Systems Design Rhapsody - TestConductor Add-On Validation Suite
  • ● IBM PSAC template for SMXF (Plan for Software Aspects of Certification)
  • ● IBM Engineering Systems Design Rhapsody SXF/SMXF Frameworks (C++/C)
  • ● IBM Engineering Systems Design Rhapsody SXF/SMXF Validation Suites

The formality of modeling in the Unified Modeling Language (UML) or the Systems Modeling Language (SysML) in IBM Engineering Systems Design Rhapsody software can help improve quality by providing automatic verification through syntactic and semantic model checking. With Engineering Systems Design Rhapsody software, you can execute models to provide early validation of designs and test your software throughout the development lifecycle.

With a model-based design process that is linked to requirements management through Engineering Systems Design Rhapsody and Engineering Requirements Management DOORS Next software, you can automatically generate critical deliverables including the following:

  • ● System specifications
  • ● Application and device code
  • ● Requirements traceability reports
  • ● Specification, design and test documentation
  • ● Test suites, test cases and scenarios

Effective modeling can enhance communication among teams to reduce errors and boost product safety and can help companies save money and time associated with maintenance and upgrades.

Leveraging Engineering Systems Design Rhapsody software and UML can help you support safety-critical development and provide stakeholders with key views and deliverables, such as a fault-tree analysis, a hazard analysis and constraint tables. The integration between Engineering Systems Design Rhapsody and Engineering Requirements Management DOORS Next software allows you to link UML models to textual requirements to provide key capabilities such as completeness checks (Are all requirements implemented?), gold plating checks (Does the design contain unnecessary or redundant elements?), and fast and comprehensive impact analysis of changes prior to software and hardware implementation. IBM Engineering Workflow Management software, which is designed to integrate with Engineering Systems Design Rhapsody and Engineering Requirements Management DOORS Next software through the IBM Jazz™ platform, provides effective change tracking capabilities to help ensure that approved changes are correctly implemented.

Model-based design also facilitates reuse of key components by allowing you to develop rich libraries of formally specified design elements to help you dramatically reduce your design, validation and verification burden as well as DO-178C overhead for future projects. Through effective asset management, you can successfully perform cataloging, asset reviews, an impact assessment of asset changes, and auditing and reporting activities to measure asset value.

The IBM Engineering Lifecycle Management solutions are also integrated with Mathworks Simulink models and can provide file or model level configuration management, model level traceability to other lifecycle artifacts, and co-model execution of SysML, UML and Simulink models.

IBM Engineering Lifecycle Management solutions for the verification process

Testing and validation are often the most expensive areas of the development process. In these phases, it is critical for companies to use effective tooling and best practices to automate as much of the process as possible. IBM testing and quality management solutions can help you meet DO-178C verification requirements by extensively automating the testing and validation process. Requirements can be traced to test plans, test cases and test steps in Engineering Test Management.

Test plans drive activity for distributed teams through all phases of the project lifecycle. The test plan defines the objectives and scope for the test effort and contains criteria to help teams determine the answer to the question, are we ready to release?

  • ● IBM Engineering Test Management provides robust manual test planning and connected or stand-alone (such as on field tests) test execution and documentation. Engineering Test Management’s integrated test execution environment supports running tests developed within the product as well as running tests created in other manual, functional, performance, and security testing tools. Options for test execution include running a test case directly, grouping test cases into test suites for parallel or sequential execution, or creating test case and test-suite execution records to map test environment information directly to the test cases and test suites.
  • ● Predefined reports help you get status on your project. You can trace the relationship between test artifacts, requirements, and development artifacts by browsing a list of certain test artifacts and opening the traceability view.

With the lab management capabilities that Engineering Test Management provides, you can create requests for the test environments that you specify in your test plan. You can then work with the lab manager to ensure that lab resources and test environments are available when needed. Lab managers can track all lab resources from a centralized resource repository and service requests from the test team.

Engineering Test Management helps ensure that your business processes comply with industry, corporate, and departmental standards and regulations. Throughout the testing lifecycle, Engineering Test Management provides the tools to obtain an up-to-the-minute measurement of software quality and project metrics. With its comprehensive test plan and integration with requirements management and defect tracking tools, Engineering Test Management helps streamline your test strategy and produce reliable records of test results and project history that can be used for auditing purposes.

IBM solutions for the configuration management process

DO-178C processes for configuration management require both configuration management and change control of development artifacts. If not done effectively, configuration management and change control activities can considerably increase your development costs.

IIBM Engineering Workflow Management brings together distributed teams on a unified change, configuration and release management platform. By coordinating software development around single or multiple configuration management repositories, you can take advantage of the benefits of application lifecycle management on a global scale.

IBM Engineering Workflow Management brings together distributed teams on a unified change, configuration and release management platform. By coordinating software development around a single or multiple configuration management repositories, you can take advantage of the benefits of application life-cycle management on a global scale.

Change and configuration management capabilities can also boost your organization’s efforts to develop, publish, reuse and distribute software components to support complex systems development projects. Engineering Workflow Management software connects dispersed teams to increase individual and team productivity, compress development cycles and rapidly deliver high-quality software that supports DO-178C compliance.

IBM Engineering Lifecycle Management solutions for the QA process

The QA process associated with DO-178C compliance is designed to show that you have implemented and carried out the processes documented in the planning stage. As noted above, the following deliverables are required as part of the quality assurance process: SQAR, SCR and SAS.

Reporting capabilities of the IBM Engineering Lifecycle Management solutions utilize the data accumulated across the development processes and can be used to demonstrate compliance through automated reporting.

07 Why IBM

DO-178C compliance

07

Why IBM

1 min read

By adopting best-practice processes designed around a development lifecycle tool platform, you can offset compliance overhead costs by improving efficiency and lower rework costs by reducing late-discovered errors and defects. Specifically, you can make improvements through the following:


Automation to offset increased process complexity


Reporting automation to efficiently support the level of detail required to comply with DO-178C


Automation of the qualification activities involved in compliance


The IBM Engineering Lifecycle Management (ELM) software platform for systems and software engineering is designed to help engineering teams find new, collaborative ways to develop and deliver the right demands on time, on budget, with the right quality and in compliance with DO-178C requirements — across the systems delivery lifecycle. IBM solutions for safety-critical software development are extensible, through both IBM and third-party offerings, to help you in other areas such as architecture management and specialized testing and analysis capabilities.

Offerings from IBM provide a measured, incremental implementation approach to help you build confidence, minimize risk and demonstrate return on investment.

By deploying IBM ELM solutions, you can reuse software assets and skills to improve development productivity and accelerate time to market and innovation. Comprehensive traceability functionality allows you to enhance collaboration and communication and enables teams from multiple disciplines to coordinate system and software architecture activities. Standards-based development capabilities provide an open and extensible technology platform as well as support for industry standards throughout the development lifecycle — from requirements to implementation. Leveraging IBM ELM solutions, you can enable global development and delivery by supporting communication among original equipment manufacturers, suppliers, agencies and contractors.

Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing

IBM is a top-performing technology company with more than 100 years of experience. Our solutions offer a proven track record, providing you with the confidence that you can tap into our expertise throughout the lifecycle of your solutions. Offering extensive service and research capabilities, IBM can help you reduce costs and align your capabilities with our innovations and expertise. A leader in the software development marketplace, IBM ELM software offers systems development solutions that can help you automate your development and documentation processes to realize efficiencies and reduce costs.

Next steps