ࡱ> % !"#$@=4zkmՉ"Pߔb }YM;x=p]e]RNHB]يRʀ-RЂזQ: D}N m$UҖ?ΖSk\}vׂhTڕfW0Ӡ{y/}y/y휞Axa)]uO: 77oo|<U.gXGGatK=V_َW#\0-o URgiHڸ~SN3> .\tV" ϘbQ.>v7$B*,̤<߇w;1]ݤCi.mק:T%X=<_b^˼񸔈fGeSst_x3qN?IX gOA~S2F!Q2?f14ҨI&zz ~QYNZAݗ{"DH/'7~!Ժ'&QLRAؼ:\&CnvzHvW;<'ʆE}hlQ\,`>ggvJa{l`<{q w!3kn㱴cpXG$ dK;=4>>kllitttP.UgI&p;?҆jOڨ[nr~K=#㌤Qy;@gpҟ@ 9O3H};;˛ۂ~pqqpGqvՄ:aY˗#M]6Cϳ̙z%L+?='vvKHZ,tPfL-,t@~̑;ԧr񿰖53#A'%88}Y9 Yڃw{0wt?,ի;/NTgpp07[mE3L)V$vx?ϳl ibEϧgt"&/b&-/B"l,v ƔNiJ~K۬'f&{m^3ɗLk;wOGH~/L.{m^=eOHZ,tRcTvCך5(3ks^ q}_'iZ7Q䧚2#t옱!yRd&w\9Xg&C#]sdwUR4C!-DFJ]>}W[[:)әH$JtvvwuuQ7ex/Cwe.|W&BG&\Я+r|2E7 reowqY.IwQJɌMCƇdhh}`$cp`Yұ]?te-B˹ jA]H&joME\MFlMG|Mn[txwc1Xwtx:NV!>+ۺcqdy7| Y Y>d\|WKҴH+.d'?9'}H;QʌwFb?]ϰYұq4`?L:< .+J9N뮷MrV6F'Nw5:Iљjcep*CORc幜5!QhB! *PB!s]y\84.:+.Qy;$7$/竰]Ȓ؏ӻ 蜃%~tx6:0]u\Ӻ+w񼫉m 廚PgOȳ]L:< M!+Zw5~^ξKҴgXnudw|H;QLyW;]sdo?L:< M!k]ĕ:wf_0Hkoo_7IFWWj[wF}mZL:< KXw_)Lo`eXz)^deYziv]~jGmD}E|[=K٫3,tl,'+~L֋)'JRȣ: 6L:< *77љљYw~V'g8f47sgIN)ي2e&W^f~S)$cһAGs \ւ0,tPM+qS~SqzP_{O#&BGO~Ss.I~S}WKC24މRf|WRJwΑOwUR45YwE~eD`/bgg'G3ϞV4Ywtx:Rީ}]q^w x߇dhSuW3}F;]sd{jdeY/󺫮]Q_=̳wG}ݏ|:<;P#.B*xzyMv;;=GwI:=8xgx뮨ϻJ%3=|Ywtx:yE_S úy!x~F}vN`+2,t W!>ўwo6-~A 9:9.IӺc0w]B(#GQf}ˌ<*E~Uzw~:cZ&Jskr2N0̳wF}=|:<;[#.B*wk.IӺܾ+.%9C24މRf|Wϻމ#?.; =.}0_]|Wt{6]&1D{5<onз7-&}#kmn$Kn;$7$/aN2滢>*Ew]sd'f*) Fk]3?pi9""9#y###9$y ٯnqnPuŽZjceYh ]Q7B]+uUn041;.EU(#W̴@m?*yU,Jݍ #й"\ւ0,tP.]Gix޵y֪|-ȧVYkL:< [Ҿ+.]-wIλX->$C(e&wE.9-]MgcKy Zw9Jο䫫3x۔چmżjceYV=*7}VӸ4κK6%im>$C(eFۏJw[޵؏@Zh.k~tx:(]uWa-D@P}(NTS~u 9R)#ƺˤóБB ўwM'S]di\a%w ԔxR>$C(e&F}U,W~:׆@sY äóA陮Xvzn)i](_d3F!c| x/2~ex3 2>?1>eƯ્T]43՛Q׌_g|rw`|2>x1ƿgyNO0~ E!')azC Ŷn@7Hgw˿??Cr%, ʟ=Fv@kԗ0z\J>̧˿s;ʹl+/qDie"C:iґvO&Oi-9|E3x*e xJ}#zqo O+'i+ꧬysKS\;n0fBgϺ-z<_λrв}~g}1EgEx "•,QnO<\4|gv1|_^ۼzm#J5 bTd.[( ֨z7Hjo)]0I'ykdd>H^pGyyy\[#y|ކ@8dSm3s7F8?crL^Au91\ccO9m-fd%I/⻰@ =[[`[~֭R󎄭_h7A`\o!J/d빧3~%bνDeF =.שKajH>7Vzml:s+Z.P"C+myK9OG*|Jw؞f̻wԟcU: =~Kcz}ScA#/`SY)z8g{H{EzJuLs@z|#y#eMqc`'cw2LL"=JuLs@z< cHz9SzjW2s0c_i:uswOƣ,|ա^2F3^P1^;K_JFIFKK MSO Palette d^WucTwka|tlwr`yk|qoz~ȶɰʾ<70ZQGddagYNg\Qjc\kjgkTAo]NobVpf`pkeqeYsqkujaumewaTxfYyvqzqhz^F|ma}j\skqcxq|wfS|yskXpateulyk}uzyrufyjnX|q~tt|r]zmxfx{~u_~tnu}myd|fv}vx~mtx~iny{vdowozym~rzĻūŬůűƧƲƳƸǷȵȻ˴̮̻͸Ϳ¿ѼҵûſּĹŶ˽,*$55/?@pu$ő,/D@dSgTpwI2FBʹlrEZ[ˉla F_ۢ7`Wq!9G=!v0~H̪!`08' ziaw%hn MG뫶9H@ⵜ5`ZX #bEhx8ҒRdxt^[,ߢ2uQ0 PwcE`V}?PtC aYH;BlVF܀*Gy#W ;N6MY|sZWyOI3dgoƠ6rsD'dDGPȳ0@`nq\  $,Ɣu,hć>Csε17-4d6k7D4Ό1@VłO|{##eobr<@M$,)c.iƌ3G'O(Љ6"葌s+ 0;>/XiKԍ60t ]Ջ[t7rphbko ^1o%ܭ?hm"ilYhS8&5#one%Gqgְ")ٻQl ˆghuwoqne*NG;WkQP:GӼ[Eج'zy6gϨ Dgc3]Eձ'vQiJ!ڻ{RZt^_P U<cUXu W޵Z#.o n^5K4= e\cs qmF5ȰvĪQr\*MY݀hGiwz]H eXSI1WD,mM F@@o leʭc˜AȽ -fwh]bA/lǷ\*Mm1sFFh[lvOAP&-NGu's)F**#`"y4Qu-D|E5k&Sr4h4`,a' E^Xɱqc~TEudNMlxPoV&sWqP + Z5 c'hQy"Ea-ʃGy=dUM$|W#^وQdljv5gRVnʱNC]_5Z2Leb 7Fmx3Fwmq]:*E$jYj!#0$&U%Ġ)$ (6 dao(UbP_TB:ĝawaZmoi?akW$?S,+O`'BFq>RRl1"CWւPѿpvq ;Hpl,E%kR+4Yd @$o#+Yݢ{|O?Z29X ) Ղ@Fkxđ>K >k~7n#[ge&x?h%0;#H@68ɲ:QvJa;`5Հ=蘡Beg#aݛ@V{eV2. ɓȧ&54kOA;zxXE }2`xpai~r+}ϰ,>-DRj G"cF2! !f4Evivc|`c^'di[M`^5WnX(J5Vaǒy|fK&d`lnn0tuQ@~V" kp 2e0C55#MOx8L2jٶ8gFybL72h9TO:F,;\ P9$r/=4R[ "n|泩bF26B7Aİ&O%Nht̂v6)q :D˶G;rEo51L?(BHjufǁz{u#EQ[(Q&&sgA%eX%Iol~URMYIZmQΖ陟XfPG1$$rMK3!錑-K6ATo9Z hMNePIBA\nO洌HAL$(< #ch("F$ې?A܅%aGxjܢ4rycZtLl? )M 4 }괲Ԡ̱1 Csx:4$E^1}l,A&6rJFtTh1@Flt DR$RqWyj +nU2=ؑ[9 A-܅zY"8e,PI"od;p$y<7^}H#R` 3YυZ8Ό"`*Ny$~\r dV !XSGTh;t̢Y*v g lzΜQ(,@k+{3pnG̶ǷP$^@>9> c x @,m\( E;A)9U^,@. B@Q7WJ1G i&}"b$ $gAci $’#l[ q@~:R .˹,X_,$tr:Ҁ܇r04@&W>L,bjK#X r? D'l#j$F|4s^gtۚxz']p%~Ey7BX(2oiB1*c.WWNL u&9i(?O:3&?Ä TDwZp(c52@[TCƻGp拒, :h 4BYm$h,cfd.α䀛1pH@?`Y؏1 Hn vCrWpF[X`MQb"H`EtجU P:c23T1UE Z AQ3Rd'?"/f~$%SC eI*'9g`6y4w#k2n uZ4]}%I%Wv U}mXڨ#J֕SşkhF lp+5(r3*Es܂y |1΃v~.K =~ja^X.I$mD`A<uieTn^11 REڑ^@N- dꆔ#dtH+9$VM+g:`!"V5Eƈ\ %`) t\ExڵZOOGo0TAcPTTUPEKPZuذ6rnz%*["*= *X9778y7͛[@#Ih 4G>D%N*{NQ4Zi1,}A-׏rZp)"n b5hpۗ0F4΢7AF@ FwGq ?M;گ~FsˎmTQ3DwGeКr~`ێu`՚5+O'>}׌715_Z['y£Vo#31/ҟkiX wc߮ 4 o T|[ғwbO6W,`Xɿ>y}d2eq+'*+/_Z066K:;%GS w գsd*K2Ҋ4U3[|:f5Ez&QUcЖT/xMa RrUpOVʖ~\ _#:A?,ծ;"ѢF]viM/dUl6.^HF#\q{򕖡T 6x8k]]33hcon|,7ցY7`AYhvؑgc%A0 f(bhZʯSv ȏBOtzηwT9?8]".W=zIji9c Ve/.uؽZ/7;ΠiƟԓ係'|w}9]rqZέvE RXcſ[r[cV`5݀\WFJ$aa]Tׂ4krn⮮@s\sni8V`e݀uaer_F1)luUǥ݃X:)OrjY=8mR*<됌_ɗσN/σNhA*{IJư?V?u̶v8vf+{bY2ϮZZ VK@W'ݯVv^ݱIL[^i*s|{ Aݿ}VxO*=Ň/F)|Qk߶H sb\C鐩%w:$C+~Mfߍ!3;ly?9vx;JmԢ|ZѢV-69ijs%x^-a[TihUmjUckZCkGIfZԆִRP3 -ն-df/SA3`y&}7 j_-  l>Q"wRD@=+{*fՀ](m#x:xY]lTE>ӟPjB+R( OD1l-?m"ewmה-4h| + -Y䤾߳œV+4ut|T:ć >@jqXg~_ֹwe>hbݡ! ;qntlyp[E̾WP9\Jj} }> DjH|CԂ7nmz-G8y$b!O&߬龑 \;3 r/:nVtuDi&ʲYhx m !1(EZQEK7 ,ZzZˋ=w6Qv?^Y@[eaN y.b޼JqQ˸m@+c.icF=$5 ;꣚lT3r'ik}KZ=>3'=Kz.xi{o 3*;/eϬfԱ*=/~/hlG+'3²Yt( / bB[/7< -19е}c>*++6qO#@_-˺qA8?{(1rUۭ6xT_; 8A[M n;)[rU/i6J{e^27/tRarbT%0̇!uQ;!9/.󱬲=$ {`˸0g,rb^U<-ȝüر:s_N%;#o75 ;f`&]iXqOLks:?A=q>g_%1yG[ r3Y\K3s+gDp>P֡j'[eLOnhoa`[0rmv~0z$%&/&+9ry7qe2n`4$gur2欜Lͷ~̴^|\#w{B.nFqMXUZ.; oCy!Z I ˱^XeJ͛Ud×^7l뜚1!b 9Ͷb>G̰X9]tisM$nX!m 98/3b=o"gq=$r\b\8.{ϸvQ+}8\7¡~oxGs奺N9V ~+~Vz4^It'\=PU: nçU iuE vYJl7K0J)Njg ^w=@NR:g9MqFdeY..H) }Ζ䜏e<M|gIvqⲬ,#B3s$f<'&3PT̫G{<,c;F<1طj-X)vazRu潉e>9:`1(+_!o b'~Ŀ gjVkc`}>\w! fITѨLSec1~ VKê'\n@AS mdBؾPNG  IHDRc:sRGBPLTE3f3333f333ff3fffff3f3f̙3f3333f3333333333f3333333f3f33ff3f3f3f3333f3333333f3̙333333f333ff3ffffff3f33f3ff3f3f3ffff3fffffffffff3fffffff3fff̙ffff3fffff3f̙3333f33̙3ff3ffff̙f3f̙3f̙̙3f̙3f3333f333ff3fffff̙̙3̙f̙̙̙3f̙3f3f3333f333ff3fffff3f3f̙3fez|IDATx^IvkQwb<\ @|Ե%|Dg7vpwa|'x?% /0O` GLJ~K8:>_aty'5_§3~>y0ƿߏ6H /xn?+8-g_oC>OESa o7ghV@8AS/? `o跻c\hM8^&{Jj== q>(ö^ϐȏ%_ItNSf_ߎ3 $c13l+)_) Ы0;K C ;n 3~A/y_Ǥi~#4Tj 0e:ҺqG+D1. YH/9BRxW|,.T\tMWF\ph#3qA+sGEw=6Аt$1dfM"@.Sȹl.x+$2p>Va^E:k10 npq)ߘjuÏL[A6h_S03̖)r[%B-\z;/K(;v!q Ƨi xVǷC3c!\2˲L6)blu uW3Ƈ&,2H@ސ9I2+'jsZA^]BBUQS甫R(f;#Kc{ʀ}т.K[S[ 7VhBzrހ]sجpeTӉw똘s-kH@7(IW)ØlTL %U {}}G/:rҝPu.X֌$ֵiG~/xjRmy<8kމq1(R{a%rX]V}{H aUonBo//4 2 E)ߎqJ4(v$ c6Mb^r[rRpˮB'޽OA -*aQb),:)X5r3UVX4͌.LZlN;Co3Ϊf (BMw3.(P> {f 'T;T*2og܎\T[t?-V&QEggm䁯Po7`a`TrpˁrchL"7,i{{.9mє'26pэ.r&g}><d؜BTwcƥ(#NzAkIcCu-v@CmO`Ά5{zax{wB{ƀH@rgo.&ߛ3ᩐz5MOC\֌Mp=)!#>g7fq :1qu?&5&:IfnelhACYP*cWȡkirt}^֨u(АU dVb ;TR!k2.f*\bDωu}EʢXhujOCqGi&dȻsgfϗ*Xq<\ʻqϴTn!{uE N&V ÆJ-Z]qmߡb6IAZqrY>_ pQlRQh_ZOse>:kn̈5_qJ:"a{O<^5Uw+ ~'T;Y^nU::n} }4QZQ5vPb ̡YͰg:zx rޜTobVa,rS*!/ep5UƧ9b7JZUB6Sp(c^muh^KeƓݎ`lAjd_v2xI*`vD'`>z D@v"Ԉ)İ1a1nUd@/TQAgL ڄ};u?0S:po.^>$ +-ϯ3~r'h.8o!EvH)af/{upZQ)OAh0֯g՗Xo{ ~4dgarS*2C*H"i0 ^\+% [!4%̸#VA ceLN:ȏߣl{Tw*㦷 |+ֈBk2&SD6-q B|7Zdl_ |L+[C27&ȟoM"De.ک#/:@t$pC;UqeN,kv'%O0bn]ܱH ˘c%{cǙYmt2f`4NƜB6" Pш'dIZۯxwp+Ke<=[Z&ݯ&X]]*sc"}a2mJ20.v32pO}>}":\V_}g_cdD/]H+txEj^%mN= KLN;dPK_r\9nғPA=+[fL& R3 qoR[0fr-sҶ.'"^a !ygDτ={%}n"_1>_䑐Z+0(*LQb|֢mGt!㼠c8!쑼)g66zzƾ.h]i8o#+U90cgX-L̢%4q0^G1~IWIMx:tjy±L~Ƌ.:dWĘч0S ˤn+ A 8MIH<~ $ON~ڐ" 5IHDm Z$"?j,{>Q^!N݊kRϏ0Y} 6"XSKȸ<"߻x--~LQ9Th^:ɆqM1dkŜſEf#n܇e}Y3ejaP(u9 ȠEK_OO YblEUclIAʾ.xjzqLr<40 \b4L2^/uH[ǩjz(;8KOxWŅ˺c Z7<!ǝ_qM28Ok"Kcd͔g=%h!XtG2ō*x܍JufwZ2Y21n`F)w3wʌtj ݌ 2oyN BLhgるj܂Qz{c/t_ҡ͑1 &L`1>!\m)cA|j~ E(K5.7WP+?/ʂ1¥c w!&Ix,w_qxㆂ]X#cgc;{cZ;+tbWt900A'iN".-.OA'U 2');={Yl+>!+gri{G42Zn˭CS 05}VkBdp@̫Q1?d\VcbrM1tr{5UT_G&,hM`/z!azblt}WS9w.K2yDӨ8 "F:Ywj,orVR{Ǧ9 i1&;{-N}ݫfsRɦ~Fw :Tcoۼ[N4;q`?{ .V7.vf Y;͟ {cqIN8،kxF\A8SA!\ >\W#'B,aMwk[n}'M#A`Z1%$t$O̢5-);LTz辪̘MRR_̈́8' Ə2!K~.aH-wR%3'"]@ƶoٳɲs/Xϳ L/ c,dv;.\ :'kzgCF$5CUyNeҷ*@Bu򇓄dDqSW©C~Amz.\!M:=+u4+)ﭭGz%b_l;냼5 QeuBfps5Nkc8$-&PǨq<{Ewm/\ѱO2-B8nO}\E YE01lqhl^^?JQqܙu/b'ۢ RU % g{m :C- :nzty)L(tYc!ЎmQuifV@.d qƶV fS cVjډ'l:rܜo); pPG /QT2{N4 RF3l+u c5kepqgV3ݱe/1CN`lke^y7m]xe=jk N*%j!:Va x݀͟%ɝ!g|"cϙ=pLv2|*TIU^sS~AxCx?0O` GLJ~K8:>_apt|'x?% /0O` GLJ~K8:>_apt|'x?% /0O` GLJ~K8:>_apt|'x?% /0O` GLJ~K8:>_apt|'x?% /0O` GLJ~K8:>_\嚆IENDB``! y45mrLu4I {^XAe x͜og"M˲@UIۓa6!RB.r0-e2ihq97`PQmC/AAЃh ;;f?;hAz=}f4\b+>.󞷘ZKep^`;}qܸ̊=c{%ٗWm_Vqϭ9nG=~hg۲7V{&?ZH[~qվ}{#&{ͻ*_Hd=ڬ5ٝjzqfUkn]?fu5vG |dž}5ϔʜ½{g˧{YGX"zƞoLEX_BEwe,ߦq Wa&Xo=|p#%?MNE`!?-=4c 'W9/>'B6yqy"g(~/3m`5r>YEDH'_6cU=@$zJ'e|\{\ҙ W`g׵g?ygo5լt-d[}G l{+ҺzmQ ]] 2]O,[޳~{NNU.]bwjwc5T ӓ+bQkg+:kX\P'@UY? UTJjs<:'g*%OѕJGN_X'ʣsӋsq_O+9Wx^f)8:&v xS*m_mNήZd|\jίZȜj.^ɴcmzq5{TZ9f= V.,۱\{'Xfi<_Y+=HN4R|VPr^ANL%WR|",536Q^1—9d*'J/'rj[ 'V2{Iii[ǵWR:C:qԜ99)O=rC;nuߩެisib_|9֘ctF`V`tglC}0qXۆ0+a ?ⰶ a 8W|?TamZvh 7T:{`;ءjvh0'C5h|2}doo qȹs6f~1x#`6kxnݘ:~doێbvCjD3Usrf:'\—QmDeJmm%heW׼>+|)>U6m轭}1lk+];۶j/Нm`Nj/Ƣz'S1ΆO~oWNب7QVSgw'l.[16Y*Eѳz9trZ?L{c}L8{/b&N#Oa/Ģ- ֪ւ%-[! 53}SR|ZCϙOԬKimжB ]DkAfvQ<̿Qfj5D13nehDWOn/'fj[72Ss&Z}kER|bu(3Ek,|)>1V* b(^W WQ:%늁*jG b0'5#L%'τ߬6YdXީSgWgHf(qǑ$Q 8 )0qG)` T? mc#qG0qG6 UW0qG)` {n"vl$hot0j:9Dwc9&|2}7?yFHZ7z^víw8/#q^ y~{C'ʼn퉻?Icw'E`zwQ el _->c$QzxNL.WDom$Qzx|ڤdm$Jo,y}I!|)>[:It1{Gi{+;(mr@5[)t1T4|2ds9Uo;G߮7o޻{]Pw9Oq<4D#lޑVT:)I'Zoѳ |iB,Z993Q^—B,Z9ij}«QR|S(EkT6`DY`3h`O Ҷ0 ( x3x370?'i(iȿ?Ѕ@'/EY7Mן(P    Document Word.Document.80.Microsoft Word Document0"Document Word.Document.80.Microsoft Word Document0N Chart MSGraph.Chart.800Microsoft Graph 97 Chart0ZDocument Word.Document.80.Microsoft Word Documentb/ 0DTimes New Romant0Wo 0DArialNew Romant0Wo 0" ` .  @n?" dd@  @@``  l -] 66 #    #$$ )* -4#$5  "  ,   &   !  #     $"%&'    ,  ' *  !   &ox%'- , +"$4zkmՉ"P& R$3^P1^;K_%& 2$"V5Eƈ\ %. "${*f35 $ b$AS mdBؾH< $ $ $ 2$y45mrLu Z  0AA 3ff@ g4KdKd0ppp@ <4dddd 0L`g42d2d0pP p<4!d!d 0L`?O ʚ;l8ʚ;<4ddddЁ 00___PPT10 z___PPT9\/ 0z4=? -O =aTDO-254  Complex Hardware Design Assurance++ 8 Agenda / TOCIntroductions and Overview Hardware Design Lifecycle Planning Process Hardware Design Process Requirements Conceptual Design Detailed Design Implementation Production Transition*^nTn^T Supporting Processes Validation and Verification Configuration Management Process Assurance Certification Liaison Wrap-up Update and Summaryfn]nnn AAbstractDisclaimers/CopyrightvThe material in this presentation is intended to help the student understand and apply DO-254/ED-80 in their development projects. This material represents an interpretation of DO-254 and does not in any way establish policy or guidance. No express or implied warranty is provided as to the completeness of this material for supporting certification efforts. It remains the applicant s responsibility for demonstrating compliance to all necessary regulatory requirements throughout the equipment certification. Use of the information contained in this presentation is subject to your own judgement. The authors are not responsible for the manner in which this information is used or relied upon. Document AvailabilityDO-254 and ED-80 are copyrighted documents of RTCA and EUROCAE respectively. For the purposes of this presentation, DO-254 shall be used to refer to both the English version and the European equivalent. This convention was adopted solely as a means for brevity. Copies of DO-254 may be obtained from: RTCA, Inc. 1828 L Street, NW, Suite 805 Washington, D.C. 20036 U.S.A (202)833-9339 Copies of ED-80 (includes French translation) may be obtained from: EUROCAE 17, Rue Hamelin 75116 Paris, France 01 45 05 71 88 r/Z\ZDZDZ1ZDAScope of DO-254Guidance is applicable to, but not limited to: Line Replaceable Units (LRUs) Circuit Board Assemblies Custom micro-coded components such as ASICs, PLDs, FPGAs, including any associated macro functions. Integrated technology components, such as hybrids and multi-chip modules Commercial-Off-The-Shelf (COTS) hardware components Note: Functions are allocated to either software or hardware during the system definition. DO-254 does not recognize a third class of  stuff called firmware. The expectation is that you will either use the processes outlined in DO-254 or those in DO-178B to provide comprehensive design assurance.N/ZZ.Z/7d}.PGADocument Overview?  Appendix AProvides guidance for data and objectives to be satisfied on a level by level basis. Not all objectives may be applicable to all assurance levels. Identifies data that should be submitted. Some data is identified as  should be available if referenced in submitted data. Certain data items may not be used for  certification credit and therefore may not be required. Identifies configuration control data control category. Provides guidance on independence during verification. Organizational independence is not required 6,,6 Appendix B{Provides design assurance considerations for functions of level A and B Provides guidance to perform and use a Functional Failure Path Analysis (FFPA) for the purpose of developing a design strategy and guidance on specific design assurance methods Top-down iterative safety assessment strategy Begins with a Preliminary System Safety Assessment (PSSA) to identify system level functional failure paths Fault Tree Analysis is used to decompose the system. Decomposition may be complemented by Functional Failure Modes and Effects Analysis, Dependency Diagrams and Common Mode Analysis. Level of decomposition is subjective. But the goal is to separate functions of higher criticality so that higher level of design assurance have to performed on the least number of functions. Discusses additional design and verification assurances methods to support and validate the results of the FFPA.<ZZqZqHardware Design Assurance %Relationships between Safety, HW & SW&& /" Functional Failure Path Analysis > Hardware Design Life CycleDO-254 does not prescribe any particular life-cycle model. Processes noted here may occur in a sequence that is commensurate with the chosen life cycle model and the project specifics. Three life-cycle processes:The ASIC/PLD LifecycleP"Hardware Planning - The ObjectivesThere are four hardware planning process objectives. They are: 1. The hardware lifecycle processes are defined. 2. Standards are selected and defined. 3. The hardware development and verification environments are selected or defined. 4. The means of compliance of the hardware design assurance objectives, including strategies identified using guidance in Section 2.3.4, are proposed to the certification authority. ,@ZgZ!%Use of Previously Developed HardwareIntention to use PDH must be stated in PHAC Nature of use of PDH may be modified PDH Change of aircraft installation Change of application or design environment Upgrading a design baseline In all of these cases changes to the design from the previous use and configuration control considerations should be noted. Guidelines for COTS usage may have some elements that may be used for certification credit for PDH. Guidelines for product service history may also be used if applicable.6Hu'Hu'$(Commercial Off The Shelf Component UsageUse of COTS components is very common in HW designs. Intention to use COTS and means of compliance substantiation should be noted in PHAC. Procurement aspects of COTS usage are also discussed in DO- 254. Use of product service history for credit is encouraged. Component manufacturer s track record, quality control, established reliability of the component, technical suitability of intended use, environmental rating, additional testing are all discussed. &!Tool Assessment and Qualification?Tools may be hardware and software to be used during design and verification. Design tools generate the hardware item and hence have the capacity to introduce errors in the hardware. Verification tools may fail to detect errors in the hardware item or in its design. If the tool was successfully used for the same purpose, that history may be applied to current effort. Basic tool qualification is that the tool correctly functions. Design tool qualification requirements at levels A and B are essentially the same as development tool qualification as documented in DO-178B. [&Hardware Design ProcessesDO-254 defines five major design processes: Requirements Capture, Conceptual Design, Detailed Design, Implementation, and Production Transition.$Requirements Capture The ObjectivesThe three objectives for the requirements capture process are: 1. Requirements are identified, defined, and documented. This includes allocated requirements from the PSSA and derived requirements from the hardware safety assessment. 2. Derived requirements are fed back to the appropriate process. 3. Requirements omissions and errors are provided to the appropriate process for resolution.!Conceptual Design The ObjectiveslThe three objectives for the conceptual design capture process are: 1. The hardware item conceptual design is developed consistent with its requirements. 2. Derived requirements produced are fed back to the requirements capture process or other appropriate processes. 3. Requirements omissions and errors are provided to the appropriate process for resolution.mmDetailed Design The ObjectivesdThe three objectives for the detailed design process are: 1. The detailed design is developed from the hardware item requirements and conceptual design data. 2. Derived requirements are fed back to the conceptual design process or other appropriate processes. 3. Requirements omissions and errors are provided to the appropriate process for resolution.ee&Implementation Process The ObjectivesThe four objectives for the implementation process are: 1. A hardware item is produced which implements the hardware detailed design using representative manufacturing processes. 2. The hardware item implementation, assembly, and installation data is complete. 3. Derived requirements are fed back to the appropriate process. 4. Requirements omissions and errors are provided to the appropriate process for resolution.%Production Transition The ObjectivesThe four objectives for the production transition process are: 1. A baseline is established that includes all design and manufacturing data needed to support the consistent replication of the hardware item. 2. Manufacturing requirements related to safety are identified and documented and manufacturing controls are established. 3. Derived requirements are fed back to the implementation process or other appropriate processes. 4. Errors and omissions are provided to the appropriate processes for resolution.A Supporting Processes( The supporting processes can be thought of as an overlay to the life cycle processes. For each step of the life cycle process, there are corresponding activities to be accomplished for validation and verification, configuration management, process assurance, and preparation for certification. ))H"Validation Process The Objectives3The three objectives for the validation process are: 1. Derived hardware requirements against which the hardware item is to be verified are correct and complete. 2. Derived requirements are evaluated for impact on safety. 3. Omissions and errors are fed back to the appropriate processes for resolution.44J$Verification Process The ObjectivesThe four objectives for the verification process are: 1. Evidence is provided that the hardware implementation meets the requirements. 2. Traceability is established between hardware requirements, the implementation, and the verification procedures and results. 3. Acceptance test criteria are identified, can be implemented, and are consistent with the hardware design assurance levels of the hardware functions. 4. Omissions and errors are fed back to the appropriate processes for resolution.tHW Traceability DataTraceability data provides establishes the correlation between all elements of the hardware creation process including requirements, design, implementation, validation, and verification. Traceability can be especially problematic given the nature of hardware design documentation. To ensure traceability does not become a problem, plan for it up front. Understand how traceability can or will be mechanized via the design tools that you are using. Determining an appropriate level of granularity in your traceability is also helpful Always update your traceability data. Avionics hardware has a long lifetime. Good traceability is at the heart of good maintainability (even during iterative development).q<Configuration Management (CM)dConfiguration Management is defined as  the process of configuration identification and the control of issues and changes of configuration identities. Configuration Management (CM) must become a habit and should be built into the basic development processes employed on the project. Enforcement of CM through tools that provide strict versioning control on drawings, HDL, and related items should help accomplish the CM objectives. .ZZZr=CM - The Objectives%The three objectives of the Configuration Management process are: Configuration items are uniquely identified and documented. Consistent and accurate replication of configuration items is ensured. A controlled method of identifying and tracking modification to configuration items is provided.XB<1G2a3B[HW Control CategoriesU HW CM RecordsHardware CM records are the day-to-day results of an active configuration management process. Records should include: Configuration Identification Lists Baseline records Change History Reports Problem Report Summaries Tool Identification Records Archive Records Release Records &vv\!Process Assurance The ObjectivesThree objectives must be satisfied for process assurance for levels A, B, and C hardware: Life cycle processes comply with approved plans. Hardware design life cycle data produced complies with the approved plans. The hardware item used for conformance assessment is built to comply with the associated life cycle data In addition, note that the hardware process assurance records must also contain evidence of the second CM objective: Consistent and accurate replication of configuration items is ensured.LZuGZuGPHardware ConformityThe ultimate goal of the conformity process is to ensure that the AS-DELIVERED product matches the AS-BUILT/AS-VERIFIED product. DO-254 discusses hardware conformity in terms of a final review as the last step to close-out the hardware portion of a certification application. Conformity can and should be used throughout the development effort. Data items about to undergo a final inspection for credit should be conformed (i.e., item clearly identified with a version number and under configuration control). Hardware ready for final test or to be used in certification testing of the software or system should be conformed [e.g., a Conformed Test Article (CTA)].&Z@Z@SCertification Liaison Although specific objectives for this process are not provided, four guidance items are stated: The data required to be submitted should be provided for review early, i.e. at a time when impacts of design changes would be minimal. Issues raised by the certification authority should be resolved. Agreement on the contents of the PHAC should be obtained. Communication with the certification authority should continue throughout the development cycle with any issues raised being resolved in a timely manner.&aa^$The Hardware Accomplishment SummaryThe PHAC told the certification authority what you were going to do. The Hardware Accomplishment Summary tells them what you actually did. The Hardware Accomplishment Summary contents covers the following areas: System Overview  Hardware Overview Certification Considerations  Hardware Design Life Cycle Description Hardware Life Cycle Data  Previously Developed Hardware Additional Considerations  Alternative Methods This document must also identify differences from the approved PHAC and contain identification information for the hardware, the change history and status of the hardware, and finally, a compliance statement.6i The New ACAC 20-152 was released at the end of June (2005). The AC alters the application of DO-254 in fundamental ways: Scope is limited to complex devices ONLY  application of DO-254 to complete Line Replaceable Units (LRUs) and Circuit Card Assemblies (CCAs) is no longer required Application at level D is optional and not subject to FAA oversight/approval Strengthens exemption for Commercial-Off-The-Shelf (COTS) microprocessors The AC is applicable for every form of certification [e.g., Type Certification (TC), Technical Standard Order (TSO) authorizations, Parts Manufacturer Approval (PMA)]6q;q;,VgSummaryiDO-254 provides a comprehensive set of guidelines for design assurance activities for use during the development of complex electronic hardware. The standard loosely parallels DO-178B, the industry standard for design assurance for software. As with any standard, particularly new ones, expect to find some inconsistencies and apparent omissions. Before using DO-254 on a project, make sure you have an agreement with your certification authority as to exactly how and to what DO-254 will be employed for your project. Feedback your experiences with DO-254 to RTCA or the FAA so that future revisions can be improved._Additional Sources (1)6RTCA DO-254, Design Assurance Guidance for Airborne Electronic Hardware (see slide 5) FAA AC 20-152, RTCA, Inc., Document RTCA/DO-254, Design Assurance Guidance for Airborne Electronic Hardware Complex Electronic Hardware Interactive Video and Self-Study Course available at http://av-info.faa.gov/software/complexhdw.html Design, Test, and Certification Issues for Complex Integrated Circuits, DOT/FAA/AR-95/31 Technical Report available at: Department of Commerce National Technical Information Service 5285 Port Royal Road Springfield, VA 22161 (800) 553-6847nZZeZ =>F2|/`Additional Sources (2)|An Introduction to VHDL, David Pellerin, Accolade Design Automation available at http://www.acc-eda.com/h_intro.html Application Specific Integrated Circuits, Smith, Addison-Wesley Longman, 1997 RTCA DO-178B, Software Considerations for Airborne Systems and Equipment (see slide 5) RTCA DO-160D, Environmental Conditions and Test Procedures for Airborne Equipment (see slide 5) ARP 4754, Certification Considerations for Highly Integrated or Complex Aircraft Systems, SAE, http://www.sae.org ARP 4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, SAE, http://www.sae.org x}Z^(&HQXuP*#l  /8?P ` ̙33` ` ff3333f` 333MMM` f` f` 3>?" dd@$|?" dd@  " @ ` n?" dd@   @@``PR    @ ` ` p>> T\U(    6 P  T Click to edit Master title style! !  0   RClick to edit Master text styles Second level Third level Fourth level Fifth level!     SL  0t 88   z*Copyright 2005 by Ferrell and Associates Consulting, Inc. >>=XB  08c?PPJF p      c BC)DEF1?]ZUPKFA<731)}~n{iz[wMs>m0g#`Y RJD=:8642 1/.-,&) 7HYl"%jL-dDCCCDEFGIJKg oo(h(a(Z(Q'I&A$9#2",!' :yqic^[YWUTSSSSSTTUVWXXZ[\]]UX@p   s BC/DEFfff1?_\WRMHC>953+~o}j|\yMu>o0i#b[ TLE>;9753 20/.-')!7HZm #&lN.f  EDDDEFGHJKMltt.m.f._.V-N,F*>)7(1',&={ske`][YWVUUUUUVVWXYZZ\]^_ST@p   s BC3DEF1?)) $()+/38=CHLQRTVY\`cfi h e b ` ] [ ZZ\_2ST@{)T\ZB  s *1?E\`B  0@@@1?  c BCDEF1?  @.>  c B CDEF1? @?H  c BCDEF1? @KR  c BCDE F1?@DF  c BCDE F1?@BD  c BCDE F1?@?A  c BCDE F1?@8:  c BCDE F1?@56  c BCDE F1?@35  c BCDE F1?@13  c BCDE F1?@./  c BCDEF1? @,.  c BCDEF1? @v)x+  c BCDE F1?@g&i'  c BCDE F1?@34  c BCDE F1?@   c BCDE F1?@  ! c BCDEF1? @  " c BCDE F1?@   # c BCDE F1?@ $ c BCDE F1?@ % c BCDE F1?@ & c BCDEF1? @ ' c BCDEF1? @ ( c BCDEF1? @ ) c BCDE F1?@~ * c BCDE F1?@vx + c BCDE F1?@no , c BCDE F1?@fg - c BCDE F1?@^_ . c BCDEF1? @UW / c BCDE F1?@ 0 c BCDE F1?@ 1 c BCDEF1? @ 2 c BCDEF1? @ 3 c BCDE F1?@ 4 c BCDE F1?@  5 s B9C DE,F41? 81( @D } 6 c RBJC\DE`Fh1? #.9EPZd!IR&[e3V0I,<'/"$ 14@d 7 c RBHC\DE`Fh1? "-9DOY c"GS&[e3V0I,<'/"$ 14@b 8 c RBFC\DE`Fh1? "-8DOY!c#ES&[e3V0I,<'/"$ 14@` 9 c RBEC\DE`Fh1? ",8CNX"b$DS&[e3V0I,<'/"$ 14@_ : c RBCC\DE`Fh1? !,7BN X"b%BT&[e3V0I,<'/"$ 14@] ; c RBAC\DE`Fh1? !+7BM W#a&@T%[e3V0I,<'/"$ 14@[ < c RB@C\DE`Fh1? +6AM!V$a&?U%[e3V0I,<'/"$ 14@Z = c RB?C\DE`Fh1? *5AL"V%`&>U%[e3V0I,<'/"$ 14@Y > c RB=C\DE`Fh1? *5@L#V&`(<V%[e3V0I,<'/"$ 14@W ? c RB;C\DE`Fh1? )4@ K$U&`):W%[e3V0I,<'/"$ 14@U @ c RB:C\DE`Fh1? )4? J$U'`*9W%[e3V0I,<'/"$ 14@T A c RB8C\DE`Fh1? )3?!J%T(_*7X%[e3V0I,<'/"$ 14@R B c RB6C\DE`Fh1? (3>"I&T(_+5X%[e3V0I,<'/"$ 14@P C c RB5C\DE`Fh1? '2="I&S)^,4Y%[e3V0I,<'/"$ 14@O D c RB3C\DE`Fh1? '2=#H&S*^-2Y%[e3V0I,<'/"$ 14@M E c RB2C\DE`Fh1? &1<$H'R+].1Z%[e3V0I,<'/"$ 14@L F c RB0C\DE`Fh1? &1<$G(R+]//Z%[e3V0I,<'/"$ 14@J: G c BqCDEF1?//m |gR @ /  );Mas *5>Fpm_`@7\: H c BqCDEF1?//mzeP > ,  (;M`s *5>Fpm_`@7[: I c BrCDEF1?//nyd O < +   );Nat +6?Fqn_`@6Z: J c BrCDEF1?//nwb M : )   );Nat +6?Fqn_`@6Y: K c BqCDEF1?//nu _ J 8&   );Nat *6?Fpn_`@6Y: L c BqCDEF1?//ns ] I5$  );Mas *5?Fpn_`@6X: M c BqCDEF1?//nq [G3"  (;Mas *5?Fpn_`@6W: N c BrCDEF1?//o p ZF2   )<Nat +6?Gqo_`@5W: O c BrCDEF1?//o nXD0  );Nat +6?Gqo_`@5V: P c BrCDEF1?//o lVA- );Nat +6?Gqo_`@5U Q c BCDEF1?? @R:d R c BCDEF1?: @T:d S c BCDEF1? 6 @V:d T c BC DEF 1? 2  @W:d U c BC DEF 1? .  @X:d V c BC DEF1? ) @Z9d W c BC DEF1?% @[9d X c BCDEF1?! @]9d Y c BCDEF1? @_9d Z c BCDEF1? @`9d [ c BCDEF1? @b9d \ c BCDEF1? @c9d: ] c BnC_DE<FD1?NOQRUX[_dhmc+d^HN @q: ^ c BkC_DE<FD1?LNOQSVY]aej`*`^HL @q: _ c BjC^DE<FD1?LMOPSVY\`di^*]]HL @q: ` c BgC^DE<FD1?KLMOQTW[^bf[*Y]IK @q: a c BeC]DE<FD1?JKKMPRUY\_dX)U\IJ @q: b c BcC]DE<FD1?HIJLNQSWZ]bU)Q\IH @q: c c BaC]DE<FD1?HHJKNPSVX\`S)O\JH @q: d c B_C\DE<FD1?GGHJLNQTVZ^P)K[JG @q: e c B\C\DE<FD1?DEGIKMORTX[M(G[KD @q: f c BZC[DE<FD1?CDFGIKNPRUYJ(CZKC @q: g c BXC[DE<FD1?CDEGHJMOQTWH(AZKC @q: h c BVC[DE<FD1?ACDEGIKMORUF(=ZLA @q: i c BSCZDE<FD1?@ABDEGIKMORB'9YL@ @q: j c BQCZDE<FD1??@ABDFGIJMP?'6YL? @q: k c BNCZDE<FD1?>?@ABDFGHKM<'2YM> @q2 l c BMCXDE8F@1?>?ABCEFGJL:%/WL> @r2 m c BJCXDE8F@1?=>?@BCDEGI8%+WM= @r: n c BHCWDE<FD1?;<=>?@ABCEG5%(VM; @r2 o c BECWDE8F@1?:;<=>?@ACD3%$VM: @r* p c BDCVDE4F<1? :;<=>?@AC1$"UN:@r2 q c BBCVDE8F@1?89:;<=>?A.$UN98 @r" r c B?CWDE0F81? 789:;<=>+%VO7@q s s BC'DE F1? &@w t s BC7DE F1?6@`B uB 01? v s BRCMDE F1?KQL@s* w c B]CDE4F<1? \=71*#  @c( x c B.CDEF1?((       !$(*-)#    QT@b( y c BXCDEF1?    (07>DJNPQRSTUUV W R K B :1' AD@tRh z c BXCDEF1?    (07>DJNPQRSTTUVW Q K B 9 0& AD@tRh { c BXCDEF1?    (07>DJNPQRSTTUV W Q K B 90& AD@tSh | c BXCDEF1?    (07>DJNPQRSTTUVW Q J B 90& AD@tSh } c BXCDEF1?    (07>DJMPQRSTTUV W Q J B 90& AD@tTh ~ c BWCDEF1?    (07>DJMOQRSSTTU V Q J A 8/% AD@tTh  c BWCDE|F1?   (07>DJMOQRSSTU V Q J A 8/%?@@tUh  c BWCDE|F1?  (07?DJMOPRRST U V P J A 8/% ?@@tVh  c BWCDEF1?   (07?DJMOPRRSS T U V P J A 8/$ AD@tVh  c BWCDEF1?   (07?DJMOPRRSST T V P I A 8.$ AD@tVh  c BWCDEF1?   ( 07?DJMOPQRSS T T V P I A 7.$ AD@tWh  c BVCDEF1?   ( 07?DJMOPQRRS S T U O I @ 7.$ AD@tWh  c BVCDEF1?!!  ( 07?DJMNPQRRS S T U O I @ 7 .# CD@tWh  c BVCDEF1?!! ( 07?DJMNPQRR S S T U O I @ 7-# CD@tXh  c BVCDE|F1? ( 0 7 ?DJMN P Q R R S T U O I @7-# ?@@tYh  c BUCDExF1? ( 0 7 ?DJMN P Q R R S T O H ? 6-# =@@tYh  c zBUCDEtF|1? ( 0 7 ? D J M N P Q R S T O H ?6-# ;<@tZh  c BUCDE|F1? ( 0 7 ? D J M N P Q R R R S T N H ? 6,# ?@@tZh  c BUC DExF1? ( 0 7 ? D J M N O Q R R S T N H ?6," =@@t[h  c BTC DExF1? ( 0 7 > D J L N O P Q R R S N G > 5,"=@@t[h  c BTC DExF1? (0 7 > D J L N O P Q R R SNG>5,"=@@t\h  c zBTC DEtF|1? (0 7 > D J L N O P Q R SM G >5+";<@t\h  c BUCDEF1?%% "%+16= B HMQTTTTTTMF>4,#   KL@|)G  c BUCDEF1?%% "%+16= B HMQTTTTTTMF>4+#   KL@|)G  c BUCDEF1?$$ "%+16= B HMQTTTTTMF>4+"    IL@|)G  c BUCDEF1?$$ "%+16= B HMQTTTTTMF=3*"    IL@|)G  c BUCDEF1?$$ !%*16= B HMQTTTTTME=3*!    IL@|)G  c BUCDEF1?$$ !%*16= B HMQTTTTTME=3*!   IL@|)G  c BUCDEF1?$$ !%*16= B HMQTTTTTME<2* !   IL@|)G  c BUCDEF1?$$ !%*16= B HMQTTTTTMD<2)   IL@|)F  c BUCDEF1?$$ !%*16= B HMQTTTTTMD<2)   IL@|)F  c BUCDEF1?$$ !%*16= B HMQTTTTTMD;1(  IL@|)F  c BUCDEF1?$$ !%*16= B HMQTTTTTMD;1(   IL@|)F  c BVCDEF1?$$ !%*16= B HMQTTTUUMD;2 (   IL@|)E  c BVCDEF1?$$ !%*16= B HMQTTTUUMD;1 ' IL@|)E  c BVCDEF1?$$ !%*16= B HMQTTTUUMC:1 ' IL@|)E  c BVCDEF1?## !%*16= B HMQTTUUMC:1 ' GH@|)E  c BVCDEF1?$$ !%*16= B HMQTTTUUMC90 & IL@|)E  c BVCDEF1?## !%*16= B HMQTTUULB90 & GH@|)E  c BVCDEF1?## !%*16= B HMQTTUULB9 0 % GH@|)E  c BVCDEF1?"" !%*16= B HMQTTULB9 / % EH@|)D  c BVCDEF1?"" !%*16= B HMQTTULB8 / % EH@|)D  c BVCDEF1?"" !%*16= B HMQTTULA8 . $ EH@|)D  c BVCDEF1?## !%*16= B HMQTTUULA8 .$ GH@|)D   c BC/DEF1?)).-,*)&#        #&) * , -..ST@l*Y  s BC5DEF1?)) 4320.+($        $(+.02 3 4 4ST@l*_2  c BC DE8F@1?     @yFS2  c BC DE8F@1?     @zFS2  c BC DE8F@1?    @zFR2  c BC DE8F@1?   @zFQ*  c BC DE4F<1?  @{FP"  c BC DE0F81? @{FO  c BCDE,F41? @{FN  c BCDE(F01? @|FM  c BCDE,F41? @|FM  c BCDE(F01? @|FL  c BCDEF$1?@}FK  c BCDEF 1? @}FJ  c BCDEF 1? @}FJ  c BCDEF1? @~FI  c BCDE F1?@~FH  c BCDE Fmmm1?@~FG  c BCDEFddd1? @~EG  c BCDEF [[[1? @~DG  c BCDEF$RRR1?@~CG  c BCDEF III1? @~BG  c BCDEF@@@1? @~AG  c RBCDE`Fh1?     14@{+:  c RBCDE`Fh1?      14@{+:z  c JBCDE\Fd1?     /0@{+9r  c BBCDEXF`1?     -0@{+9j  c :BC DETF\1?    +,@{+8z  c JBC DE\Fd1?    /0@{+7z  c JBC DE\Fd1?   /0@{+6b  c 2BC DEPFX1?   ),@{+6j  c :BC DETF\1?  +,@{+5Z  c *BC DELFT1? '(@{+5J  c BC DEDFL1?#$@{+4R  c "BCDEHFP1?%(@{+3B  c BCDE@FH1?!$@{+2R  c "BCDEHFP1?