Software Life Cycle Process - DO-178B

(1)

Cross reference tables for H ProgSäk (E) and DO-178B

A comparison has been made between requirement areas covered by H ProgSäk (E) and DO-178B respectively. Tables for correspondences and differences are presented below.

An exact mapping of requirements from one document on associated requirements of another document is not possible. Formulation, structuring and refinement of the requirements within a specific area will always differ between compared documents. The presented tables are therefore only indicative of where matching requirement areas can be found.

Section 1 summarizes the main differences between the compared documents.

Section 2 contains tables for all requirements of H ProgSäk1, each identified by a unique label (cf. “Legend”). Section 3 includes requirements of DO-178B not covered by H ProgSäk (E).

Section 4 and 5 present acronyms and references used in this document.

1. Comparisons between H ProgSäk (E) and DO-178B

Both H ProgSäk and DO-178B include guidelines as well as requirements for safety-critical software and describe processes for development of such software.

DO-178B requires a System Safety Assessment Process (SSA), which not is described in DO-178B or in any of

its referenced documents.

1

Basic requirements (i.e. requirements common to safety-critical as well as non-critical software) are found in

H ProgSäk: Chap. 5. General safety requirements for software can be found in H ProgSäk: Chapters 2-4.

Software Life Cycle Process - DO-178B

SW Development Environment Re sourc es Standards Plans

Quality Assurance SQA Records

Problem Reports

Configuration Management SCM Records, SCM Index, SW Life Cycle Environment Configuration Index, Traceability, Archive SW Development Environment Re sourc es Standards Plans

Quality Assurance SQA Records

Problem Reports

Configuration Management SCM Records, SCM Index, SW Life Cycle Environment Configuration Index, Traceability, Archive

P lanning SW D e ve lo pm en t p la n S W V e rif ic a tion pl an SW C M P la n S W Q A pl an SW R e q . s td . SW D e s ig n s td SW C o d e st d.

Software Planning Process

S W Cer tifi ca tio n p la n de v en v co m p ile r te s t e n v P lanning SW D e ve lo pm en t p la n S W V e rif ic a tion pl an SW C M P la n S W Q A pl an SW R e q . s td . SW D e s ig n s td SW C o d e st d.

S W Cer tifi ca tio n p la n de v en v co m p ile r te s t e n v De v e lopme n t SW Development Process

System req alloc to sw, hw interfaces, system architecture De v e lopme n t SW Development Process

System req alloc to sw, hw interfaces, system architecture Pr od uc ts

Executable Object Code

SW Verification Cases, Procedures & Results Source Code, compiler instructions, linking&loading data

Baseline

Design Description, SW architecture & low-level requirements SW Requirements Data, high-level requirements & derived requirements

Lo w -le v e l re q S our c e c o d e Ob je c t c o d e h igh-le v e l So ur ce co d e So ur ce code sw ar c h itec tu re Pr od uc ts

Executable Object Code

SW Verification Cases, Procedures & Results Source Code, compiler instructions, linking&loading data

Baseline

Design Description, SW architecture & low-level requirements SW Requirements Data, high-level requirements & derived requirements

Lo w -le v e l re q S our c e c o d e Ob je c t c o d e h igh-le v e l So ur ce co d e So ur ce code sw ar c h itec tu re Previously developed SW Prototyping Iterations Requirement

process Design process

Integration process SW r e q st d SW de si gn st d Coding process SW co de st d Previously developed SW Prototyping Iterations Requirement

process Design process

Integration process SW r e q st d SW de si gn st d Coding process SW co de st d Int egral SW Accomplishment Summary

Configuration Management process

Certification Liaison process Verification process

Quality Assurance process

SW Verification Result Ve rific a ti on Ca s e s & P roc edu re s Int egral SW Accomplishment Summary

SW Verification Result Ve rific a ti on Ca s e s & P roc edu re s Ve rific a ti on Ca s e s & P roc edu re s

Ouput to System Life Cycle Process

Fault Containment Boundaries, Error Sources identified/ eliminated, SW requirements & architecture

Ouput to System Life Cycle Process

Fault Containment Boundaries, Error Sources identified/ eliminated, SW requirements & architecture

Input from System Life Cycle Process

System Requirements allocated to SW, SW Level, Design Constraints, HW Definition

Input from System Life Cycle Process

System Requirements allocated to SW, SW Level, Design Constraints, HW Definition

(2)

DO-178B specifies requirements for:

x A Certification Liaison Process aiming towards an airworthiness certificate.

x Project plans for the development project including plans for development, verification, configuration management (CM), and quality assurance (QA). The planning involves establishment of standards for requirement specification, design and coding.

x The processes for requirements, design, coding and integration

x The support processes for verification, configuration management and quality assurance x Documentation to be produced within the defined processes.

DO-178B defines Failure Condition Categories and Software Levels. Some guidance for technical solutions and how to handle COTS and reused software is provided.

DO-178B is not a complete lifecycle standard but a complement focused on safety-critical issues for projects developing software for airborne equipment.

H ProgSäk requires also a system safety process, described and specified in H SystSäk for the parties involved

in procurement of systems for the Swedish Armed Forces (FM), e.g. the FM, the Defence Materiel Administra-tion (FMV), and the Industry.

H SystSäk includes safety requirements for all types of systems, the activities and organisation of the system

safety work, methods for safety analyses and how to specify and refine the requirements on system and component level. H SystSäk also describes how to attain, maintain and verify safety requirements on system level during development, operation and disposal. For development of safety-critical software the 1996 edition of H SystSäk2 refers to unspecified sectors of the MIL-STD-498 and the DOD-STD-2168 standards.

H ProgSäk specifies safety requirements for the entire software lifecycle from the conceptual phase to

development, operation, maintenance and retirement of the safety-critical software. The 2001 edition of

H ProgSäk refers to specific parts of the software lifecycle standard IEC 12207 and the software quality standard ISO 9000-3.

Compared to DO-178B, H ProgSäk covers a larger part of the lifecycle, specifying more detailed requirements for the lifecycle processes, the software products and their stakeholders. H ProgSäk also contains explanations of different software safety concepts, discussions on various safety issues, safety analysis techniques suitable for software as well as overviews and comparisons between safety standards and handbooks of interest to the defence sector.

2

A new version is planned.

Society: The public tolerance of deaths and injuries expressed

in

laws and ordinances.

FM specifies the tolerable risk level for a new FM system in a

TTFO/ TTEM. FMV produces a system specification including safety requirements. Industry applies a

system safety methodology on

the system under development and compiles the safety effort

in a SCA. FMV produces a Safety Statement, including recommended Safety Restrictions. FM issues a

Safety Release/ BOA

including Safety Restrictions.

(3)

2. DO-178B compliance with H ProgSäk (E) requirements

Compliances and differences in relation to requirements areas covered by H ProgSäk (E). Legend:

Column Explanation

H ProgSäk Id x H ProgSäk Id is a unique requirement identity consisting of 3 parts: q The 1st

part (6.) is a unique number for the handbook H ProgSäk within FMV. q The 2nd

part is the section number in H ProgSäk where the requirement statement is found. q The 3rd

part is letter K followed by the sequence number for the requirement in the section. x For a H ProgSäk Id associated to a basic requirement1

a reference is given to the section in table 5.1 or 5.2 where the basic requirement is listed (e.g. “6.321K1: Cf. 5.2.2.1”).

x A single H ProgSäk Id addressing several sections in ISO/IEC 12207 is below refined by appending the section number within quotes (e.g. 6.5121K1 ”6.3” in Table 5.1). One table entry per section is provided (see table 5.1 below). A further refinement into subsections is made if needed for the comparison (e.g. 6.5223K1 ”6.4.2.1” in Table 5.2).

Critic. x The criticality categories for which the requirement H ProgSäk Id applies are specified: q H(igh), M(edium), L(ow) for software of high, medium or low criticality,

q B(asic) for a requirement relevant to safety-critical as well as non-critical software. DO-178B

paragr. x References to matching requirements in DO-178B are provided in the following format: a) Specified references are either one or a few direct references to matching sections in DO-178B, or a broader reference to an entire chapter (the latter denoted “Chap.”).

b) A parenthesized reference means that the referred section is in the spirit of the H ProgSäk requirement, but without any obvious match.

c) “-“ denotes that the requirement area is not at all covered by DO-178B (further explanations may then be provided in the “Comments” column).

d) “+” indicates that matching DO-178B references are listed in the subtable specified in the “Comments” column (may be relevant to a H ProgSäk Id representing a basic requirement). Comments x The column includes remarks concerning

q the type of partial coverage that the specified DO-178B reference involves (case a-b above), q requirement areas not covered by DO-178B (case c above),

q the subtable in this document, where –for a basic requirement– matching DO-178B sections are listed (case d above), or

q other explanations or exceptions. DO-178B

Annex A x Capital letters A-D in references to DO-178B Annex A refers to DO-178B software levels. _{x Letters in}reverse background denotes software lifecycle data which must be created with independence (from the developing organisation).

(4)

H ProgSäk E Chapter 2. CLIENT/END-USER (FM)

2.1 Personnel

H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B DO-178B Annex A.

6.21K1 HML -

6.21K2 HML -

6.21K3 HML -

No requirements for the client.

2.2 Control processes

2.2.1 System safety planning, management and assessment

6.221K1 HML -

6.221K2a HML -

6.221K2b HML -

6.221K2c HML -

No requirements for the client.

2.3 The FM Defence Materiel Acquisition Process

No requirements

2.4 Products

2.4.1 TTFO, TFOTM (TTEM, TEMU)

6.241K1 HML -

6.241K2 HML -

6.241K3 HML -

6.241K4 HML -

6.241K5 HML -

(5)

Chapter 3. ACQUIRER (FMV)

3.1 Personnel

6.31K1 HML - No requirements for the purchaser.

3.2 Control processes

3.2.1 Project planning, management and assessment 6.321K1: Cf.

5.2.2.1

HML

B - No requirements for the purchaser. 3.2.2 System safety planning, management and assessment

6.322K1 HML -

6.322K2 HML -

6.322K3 HML -

6.322K4 HML -

6.322K5 HML -

No requirements for the purchaser.

3.2.3 Quality control 6.323K1: Cf. 5.2.2.2

HML

B - No requirements for the purchaser. 3.2.4 Quality assurance 6.324K1: See 5.1.2.1 HML B -6.324K2a HML - 6.324K2b HML - 6.324K2c HML - 6.324K2d HML - 6.324K2e HML -

3.3 The FMV Defence Materiel Acquisition Process

H ProgSäk Id DO-178B paragr. Comments on DO-178B DO-178B Annex A.

3.3.1 Studies 3.3.2 Procurement 6.332K1: See 5.1.3.1

HML

B - No requirements for the purchaser. 3.3.3 Operation and Maintenance (Lifecycle Management, LCM)

6.333K1: See 5.1.3.2

HML

B - No requirements for the purchaser. 3.3.3.1 Modifications of a completed system

6.3331K1 HML -

6.3331K2 HML -

6.3331K3 HML -

6.3331K4 HML -

3.3.4 Disposal

3.4 Products

3.4.1 Statement of Work (SOW)

(6)

3.4 Products

6.341K2 H - 6.341K3 HML - 6.341K4 HM - 6.341K5 H - 6.341K6 HML - 6.341K7 HML -

3.4.2 Time Plans (Operational Plans) (TP) 3.4.3 Lifecycle Management Support (LCMS)

6.343K1a HML -

6.343K1b HML -

6.343K2 H -

3.4.4 Technical Specification (TS) 6.344K1 HML - 6.344K2 HML - 6.344K3 H - 6.344K4 HML - 6.344K5 HM - 6.344K6 HML -

H ProgSäk E Chapter 4. SUPPLIER

4.1 Personnel

6.41K1 HML - 6.41K2a HML - 6.41K2b HML - 6.41K3 H - 6.41K4 M - 6.41K5 HM - 6.41K6 HML - 6.41K7 HML - 6.41K8 HML - 6.41K8a H - 6.41K8b M - 6.41K8c L - 6.41K8d HML -

Requirements for personnel can only be derived from the process requirements.

4.2. Control processes

4.2.1 Project planning, management and assessment 6.421K1: See

5.2.2.1

HML

B + See 5.2.2.1

6.421K2 HML - No requirements for staff. 4.2.2 System safety planning, management and assessment

(7)

4.2. Control processes

6.422K1 HML - A System Safety Program Plan (SSPP) is assumed to exist on the level above the one addressed by DO-178B. 4.2.3 Quality control 6.423K1: See 5.2.2.2 HML B -4.2.4 Quality assurance 6.424K1: See 5.2.2.3 HML B + See 5.2.2.3 6.424K2 HML 6.3, 6.4 4.2.5 Configuration management 6.425K1a: See 5.2.2.4 HML B 7.1a + See 5.2.2.4 6.425K1b: See 5.2.2.4 HML B 7.2.9 + See 5.2.2.4 6.425K1c: See 5.2.2.4 HML B 11.0h + See 5.2.2.4

4.3. Production processes

6.43K1: See 5.2.3

HML

B + See 5.2.3

6.43K2 H 1.1 A SSA Process is assumed to exist on the level above the one addressed by DO-178B.

6.43K3 H - 6.43K4 H - 4.3.1 Development model 6.431K1: See 5.2.3.1 HML B + See 5.2.3.1 4.3.2 Development methodology 6.432K1: See 5.2.3.2 HML B + See 5.2.3.2 4.3.2.1 Formal methods 6.4321K1 HM 12.3.1

6.4321K2 HML (6.4.1a) Does not cover formal methods. 4.3.2.2 Verifications

4.3.2.2.1 Reviews (manual verification)

6.43221K1 HML 6.3

4.3.2.2.2 Static analysis (source code verification) 6.43222K1 HML 6.3.4 6.43222K2a HML 6.3.4b A-5.2(ABC) 6.43222K2b HML 6.3.4d A-5.4(ABC) 6.43222K2c HML 6.3.4d A-5.4(ABC) 6.43222K2d HM 6.3.4d A-5.4(ABC) 6.43222K2e H (6.3.4f) A-5.6(ABC) 6.43222K3 HML 11.14 4.3.2.2.3 Behaviour analysis

(8)

4.3. Production processes

4.3.2.2.4 Object code analysis

6.43224K1 H (6.4.4.2b), 6.1d, 12.2

6.43224K2 H 11.14

4.3.2.2.5 Dynamic analysis (verification by test) 6.43225K1:

See 5.2.3.3

HML

B + See 5.2.3.3

6.43225K2 HML 2.1.1 Safety requirements are handled as high-level requirements allocated to software.

6.43225K3a HML 6.4 6.43225K3b HM 6.4 6.43225K3c H 6.4

Different test levels not explicitly addressed.

6.43225K4a HML - 6.43225K4b HML - 6.43225K4c HML - 6.43225K5 HM 6.4.4.2a, 6.4.4.3c-d A-7.7(ABC) 6.43225K6 H 6.4d, 6.4.4.2a, 6.4.4.3a A-7.6(AB) A-7.7(ABC) 6.43225K7 H - Same as 6.43225K6 in the spirit of DO-178B.

6.43225K8 HML 6.4.4.1b, 6.4.4.2a, 6.4.4.3a

DO-178B has no specific requirements for testing of multiple simultaneous error conditions.

A-7.6(AB) A-7.7(ABC) 6.43225K9 HML - No requirement for when testing shall be

conducted.

6.43225K10 HML 6.4.4.2a, 6.4.4.3a A-7.6(AB)

A-7.7(ABC) 6.43225K11 HML 6.4.2.2

6.43225K12 HM 6.4.4.3c-d Deals with all code which is not used in operational modes.

6.43225K13 HML 6.4.4.3d

6.43225K14 HML 6.2c, 6.4.1a The term final test does not exist in DO-178B. 6.43225K15 HML -

6.43225K16 HML -

4.3.2.2.6 Statistical failure analysis – Failure forecasting 6.43226K1 H - 6.43226K2 H - 4.3.2.2.7 Resource analysis 6.43227K1 HML - 6.43227K2 HML 6.3.1c, 6.3.2c A-4-3(AB) 6.43227K3 HML 6.4.3a-bullit-2 6.43227K4 HML 6.4.3a

4.3.3. Software safety analysis

6.433K1 HML - 6.433K2 HML - 6.433K3 HML - 6.433K4 HML - 6.433K5 H - 6.433K6 HML - 6.433K7 HM - 6.433K8 HML -

(9)

4.3. Production processes

6.433K9 H - 6.433K10 HML - 6.433K11 HML - 6.433K12 HML - 6.433K13 HML -

4.4 Production environment

4.4.1 Support tools

4.4.1.1 Configuration management system

6.4411K1 HM Chap. 7 DO-178B dictates no requirements for tools. Tools are however necessary to fulfill the requirements. 6.4411K2: See

5.2.4.1.1

HML

B + See 5.2.4.1.1

4.4.1.2 Failure reporting system

6.4412K1 HML 7.2.3 DO-178B only covers software development and documentation for the continued life-cycle. DO-178B dictates no requirements for tools. 6.4412K2: See

5.2.4.1.2

HML

B + See 5.2.4.1.2

6.4412K3 HML (7.2.3) However not nearly as detailed as in 4412K3. 6.4412K4 HML - No requirements for how tools shall work. 4.4.1.3 Requirement management tools

6.4413K1 H (6.3.1f, 6.3.2f, 6.3.4e)

DO-178B dictates that requirements shall be traceable. There is however no requirement for any tools.

6.4413K2a H (7.1h) 6.4413K2b H (7.1h) 4.4.2 Software tools

6.442K1a HML 4.4

6.442K1b H 12.2 No requirements for independent qualification nor for official standards.

6.442K2 H 12.2.1a-b

6.442K3 HML (12.2) Necessary SSA done outside DO-178B.

6.442K4 HML -

4.4.2.1 Formal tools

6.4421K1 HML 12.2

4.4.2.2 Code generators

6.4422K1 H 4.4.1, 12.2

6.4422K2 HM (12.2.3.2) Known bugs can be perceived as an operational limitation.

6.4422K3 H 12.2

6.4422K4 HML 12.2

6.4422K5 HML 4.4.2c

6.4422K6 HML 4.4.2c

6.4422K7 HM (12.2) DO-178B allows any optimization as long as such are qualified.

(10)

4.4 Production environment

6.4422K9 H - 6.4422K10 H -

6.4422K11 ML 4.4.2b, 6.4.4.2b A-7.7(ABC)

4.4.2.3 Static and dynamic analysis tools

6.4423K1 HM -

6.4423K2 HM -

6.4423K3 HML -

DO-178B dictates no requirements for usage of tools.

4.4.3 Emulated target machine

6.443K1 HML 4.4.3 DO-178B does not dictate any minimum level of similarity between target and emulator.

6.443K2 HML (12.2.3) DO-178B requires qualified tools to be documented.

6.443K3 HML - Not explicitly stated in DO-178B, however understood.

4.5 Products

4.5.1 Standard products – Reused components – Off the shelf items

6.451K1 H 12.1.6 - 6.451K2a ML (12.3.5) 6.451K2b ML - 6.451K2c ML 12.1.4, 11.3i, 6.451K3 HML 12.1 6.451K4 HML -

6.451K5 HML 2.3.1 The requirement is true for all software. 6.451K6 HML 6.451K7 HML 6.451K8 HML 6.451K9 HML 6.451K10 HM 6.451K11 HM 6.451K12 HML 6.451K13 HML

(12.1) Falls within possibly necessary tasks to satisfy 12.1, but not nearly this detailed in DO-178B.

6.451K14a HML 6.451K14b HML 6.451K14c HML 6.451K14d HML 6.451K14e HML 12.1, 7.2.4d, 7.2.5b, 11.3h

Regression tests are not mentioned in DO-178B. It is however in practice necessary to achieve a certification if changes are made.

4.5.2 New software development 4.5.2.1 Specification 6.4521K1: See 5.2.5.2.1 HML B + See 5.2.5.2.1 6.4521K2 H 5.1.2h, 5.1.2i, 5.1, 5.5 6.4521K3 M 5.1.2h, 5.1.2i, 5.1, 5.5

4.5.2.2 Software architecture / top level design

(11)

4.5 Products

4.5.2.3 Fundamental design principles

6.4523K1 HML 4.1e, 4.5c, 5.2.2a A-1.5(ABC)

6.4523K2 HML 2.1, 5.2.2c-e, 11.10

6.4523K3 HML - A fraction of this is covered in 11.10.l 4.5.2.4 Safety-oriented design principles

4.5.2.4.1 General principles

6.45241K1 HML 4.5c, 6.3.3d-e, 6.3.4c-d

6.45241K2 HML - Follows automatically from using DO-178B.

6.45241K3 HML -

6.45241K4 HML -

6.45241K5 HML 7.2.1, 11.4

6.45241K6 HML 2.3.1 No strict correspondence between DO-178B partitioning and SW configuration items in general.

6.45241K7 HM (5.1.2a) In a general sense.

6.45241K8 HM - 6.45241K9 HML 6.4.4.3c 6.45241K10 HM 6.4.4.3c 6.45241K11 HML 6.4.4.3d 6.45241K12 HM 5.5c, 6.4.4.3d 4.5.2.4.2 Risk reduction 6.45242K1a HML 6.45242K1b HML 6.45242K1c HML

2.1.2, How to handle risks is part of the SSA and not described in DO-178B. 6.45242K2 HM 2.3.3c 6.45242K3 HML - 6.45242K4 HML - 6.45242K5 HML 2.3.1 6.45242K6 HML 2.3.1 6.45242K7 ML 2.3.3c

6.45242K8 H 2.3.3 No requirement for physical separation. 6.45242K9 HML - SSA not part of DO-178B.

4.5.2.4.3 Resource and time allocations (real-time) - Scheduling algorithms 6.45243K1 HML 6.3.2c, 6.3.4f,

6.4.2.2e

6.45243K2 HML - No requirement for memory allocation. 4.5.2.4.4 Defensive programming 6.45244K1 HML - 6.45244K2 HML - 6.45244K3 HML - 6.45244K4 HML - 6.45244K5 HML - 6.45244K6 HML - 6.45244K7 HML - 6.45244K8 HML - 6.45244K9 HML - 6.45244K10 HML - 6.45244K11 HML -

DO-178B contains no instructions on defensive programming.

(12)

4.5 Products

6.45244K12 H -

4.5.2.4.5 Error handling - Error recovery - Fault tolerance

6.45245K1 HML - 6.45245K2 HML - 6.45245K3 HML - 6.45245K4 HML - 6.45245K5 HML - 6.45245K6 HM -

Must be handled in external system requirements or design standards.

6.45245K7 HML -

6.45245K8 HML -

6.45245K9 HML -

4.5.2.5 Language and language constructs

6.4525K1 HML 12.2 6.4525K2 HML - 6.4525K3 HML 11.8 6.4525K4 HML - 6.4525K5 HML - 6.4525K6 HML - 6.4525K7 HML - 6.4525K8 HML - 6.4525K9 HML - 6.4525K10 HML - 6.4525K11 HML - 6.4525K12a HML - 6.4525K12b HML - 6.4525K12c HML - 6.4525K13a HML - 6.4525K13b HML - 6.4525K13c HML - 6.4525K13d HML - 6.4525K13e HML - 4.5.2.6 Language constraints 6.4526K1 HML 4.5c, 11.8 6.4526K2 HML 11.8a 6.4526K3 HM - 6.4526K4 HML - 4.5.2.7 Coding Instructions 6.4527K1a HML 11.8 6.4527K1b HML 11.8b, 11.8c 6.4527K1c HML 11.8d 6.4527K1d HML 11.8e

6.4527K1e HML 11.8 Not explicitly mentioned but may very well be part of a good coding standard.

6.4527K2 HML - 6.4527K3 HML 6.3.4d 4.5.2.8 Interfaces 6.4528K1 HML - 6.4528K2 HM - 6.4528K3 HML -

(13)

4.5 Products

6.4528K4 HML - 6.4528K5 HML - 6.4528K6 HML - 6.4528K7 HML - 6.4528K8 HML - 6.4528K9 HML - 6.4528K10 HML - 6.4528K11 HML - 6.4528K12 HML - 6.4528K13 HML - 6.4528K14 HML - 6.4528K15 HM - 6.4528K16 HML - 6.4528K17 HML - 6.4528K18 HML - 6.4528K19 HM - 6.4528K20 HM - 6.4528K21 HML - 6.4528K22 HML - 6.4528K23 HM - 6.4528K24 M - 6.4528K25 H - 6.4528K26 HML - 6.4528K27 HML - 4.5.2.9 Detailed design

4.5.2.10 Test software for operation and maintenance

6.45210K1 HML -

6.45210K2 HML 6.4.4.3d

6.45210K3 HML -

6.45210K4 HML -

4.5.2.11 Implementation / Code 4.5.2.12 Changes during production

6.45212K1a HML 7.2.5b SSA is not part of DO-178B. 6.45212K1b HML 7.2.5

6.45212K1c HML - 6.45212K1d HML 7.2.4b

6.45212K1e HML 12.1.1, 11.3h Regression tests are not explicitly mentioned. 6.45212K1f HML 12.1.1, 11.3h Regression tests are not explicitly mentioned. 4.5.2.13 Documentation / Information

6.45213K1: See 5.2.5.2.2

HML

B + See 5.2.5.2.2

6.45213K2 HML 11.20 DO-178B defines the “Software Accomplishment Summary” as the primary data item to show compliance with the “Plan for Software Aspects of Certification”. Aimed to airworthiness certification of SW controlled equipment.

6.45213K3 HM (Chap. 7) No strict requirements addressing the level of granularity.

(14)

4.5 Products

4.5.2.13.1 Development

6.452131K1a HML 11.9-11.14 Approximately 11.9, 11.10. 6.452131K1b HML 11.9-11.14 In particular 11.10

4.5.2.13.2 System Lifecycle Management (LCM) 6.452132K1a HML - 6.452132K1b HML - 6.452132K1c HML - 6.452132K1d HML - 6.452132K1e HML - 6.452132K1f HML - 6.452132K1g HML - 6.452132K1h HML - 4.5.2.13.3 Software maintenance 6.452133K1a HML - 6.452133K1b HML - 4.5.2.13.4 Documentation list 4.5.3 Target computer environment

6.453K1a HML 2.3.3

6.453K1b HML (2.3.3)

6.453K1c HML -

4.5.3.1 Operating and run-time systems

6.4531K1 HML -

6.4531K2 HML 2.4f 2.4f deals with all COTS (including O/S). 6.4531K3 HML 2.4f 2.4f deals with all COTS (including O/S).

6.4531K4 HML - 6.4531K5: See 5.2.5.3.1 HML B -6.4531K6a HML - 6.4531K6b HML - 6.4531K6c HML - 4.5.3.2 Hardware equipment 6.4532K1 HML -

H ProgSäk E Chapter 5. BASIC REQUIREMENTS

5.1 Acquirer

5.1.1 Personnel (blank section) 5.1.2 Control processes

5.1.2.1 [3.2.4. Quality assurance]

6.5121K1”6.3” - No requirements for the purchaser. 6.5121K1”6.4” -

6.5121K1”6.5” - 6.5121K1”6.6” - 6.5121K1”6.7” -

(15)

5.1 Acquirer

5.1.3.1 [3.3.2. Procurement]

6.5131K1 - No requirements for the purchaser. 5.1.3.2 [3.3.3. Operation and Maintenance (Lifecycle Management, LCM)] 6.5132K1 - No requirements for the operational phase. 6.5132K2 -

5.2. Supplier

5.2.1 Personnel (blank section) 5.2.2 Control processes

5.2.2.1 [4.2.1. Project planning, management and assessment]

6.5221K1 “7.1” Chap. 4 DO-178B does not cover project management tasks such as time schedules, resource allocation, responsibilities, costs or progress reports.

6.5221K2a - Resource and time estimates are not covered by DO-178B. 6.5221K2b Chap. 4

6.5221K2c Chap. 4 4.4.1 Environment, 4.4.2 Language and compilers. See also 12.2 Tool Qualification.

6.5221K2d Chap. 4

6.5221K2e - DO-178B does not explicitly cover stepwise development. 6.5221K2f - Covered at some extent in additional considerations 12.1

A-1.1 (ABCD) A-1.2 (ABC) A-1.3 (ABC) A-1.4 (ABCD) A-1.5 (ABC) A-1.7 (ABC) 6.5221K2g - DO-178B does not explicitly handle how-to introduce

corrections with respect to regression tests. 5.2.2.2 [4.2.3. Quality control]

6.5222K1 - 6.5222K2 -

DO-178B does not cover any general QA-system. 5.2.2.3 [4.2.4. Quality assurance]

6.5223K1 ”6.3” Chap. 8 DO-178B SQA-process dictates no requirements for the commercial contracts, staff knowledge/training or for any general organisational QA-system (e.g. ISO9001).

A-9.1 (ABCD) A-9.2 (AB) A-9.3 (ABCD) 6.5223K1 ”6.4.2.1” (Contr. verif.) - 6.5223K1 ”6.4.2.2” (Process verif.) 4.6 A-1.6 (ABC) A-1.7 (ABC) 6.5223K1 ”6.4.2.3” (Req:s verif.) 6.3.1, 6.3.2 A-3.1 (ABCD) A-3.2 (ABCD) A-3.3 (AB) A-3.4 (ABC) A-3.5 (ABC) A-3.6 (ABCD) A-3.7 (ABC) A-4.1 (ABC) A-4.2 (ABC) A-4.3 (AB) A-4.4 (AB) A-4.5 (ABC) A-4.6 (ABC) A-4.7 (ABC)

(16)

5.2. Supplier

6.5223K1 “6.4.2.4” (Design verif.) 6.3.3 A-4.8 (ABC) A-4.9 (ABC) A-4.10 (AB) A-4.11 (AB) A-4.12 (ABC) A-4.13 (ABCD) 6.5223K1 “6.4.2.5” (Code verif.) 6.3.4 A-5.1 (ABC) A-5.2 (ABC) A-5.3 (AB) A-5.4 (ABC) A-5.5 (ABC) A-5.6 (ABC) 6.5223K1 “6.4.2.6” (Integr. verif.) 6.3.5 A-5.7 (ABC) 6.5223K1 “6.4.2.7” (Doc. verif.) Chap. 11

6.5223K1 ”6.5” - 9.0 Certification Liaison Process covers the aspects of presenting records to authorities for certification. 6.5223K1 ”6.6” -

6.5223K1 ”6.7” 8.2d, 8.3

5.2.2.4 [4.2.5. Configuration management]

6.5224K1 ”6.2” Chap. 7 A-8.1 (ABCD

A-8.2 (ABCD) A-8.3 (ABCD) A-8.4 (ABCD) A-8.5 (ABCD) A-8.6 (ABCD) 6.5224K2 7.1b 5.2.3 [4.3. Production process]

6.523K1 “5.3” Chap. 3 IEC 12207 Development Process is in general covered in the DO-178B life-cycle processes.

5.2.3.1 [4.3.1. Development model]

6.5231K1 Chap. 5 DO-178B does not specify a development process in detail.

6.5231K2 Chap. 5, 3.3 A-2.1 (ABCD)

A-2.2 (ABCD) A-2.3 (ABCD) A-2.4 (ABCD) A-2.5 (ABCD) A-2.6 (ABCD) A-2.7 (ABCD) 5.2.3.2 [4.3.2. Development methodology]

6.5232K1 Chap.5, 4.5 DO-178B does not specify any methodology. 4.5 does however call for specifying standards to be used.

A-1.5 (ABC)3 5.2.3.3. Verifications [4.3.2.2.5. Dynamic analysis (verification by test)]

6.5233K1 6.4.4.1 A-7.3 (ABCD)

A-7.4 (ABC)

3

(17)

5.2. Supplier

6.5233K2 4.3-bullit-3, 11.3 No requirements for during which phases. A-1.1 (ABCD)4 6.5233K3 -

6.5233K4 7.2.4d, 11.3h

6.5233K5 6.4 DO-178B specifies the test levels HW/SW, SW integration and object code level. In DO-178B all tests must be formal (as in contrast to ad-hoc).

6.5233K6 - DO-178B does not cover the precise activities. 6.5233K7 - DO-178B does not cover the precise activities. 6.5233K8 11.3c 6.5233K9 6.4 6.5233K10 6.4d 6.5233K11 6.4.4.2a A-7.5 (A) A-7.6 (AB) A-7.7 (ABC) A-7.8 (ABC) 6.5233K12a 6.4.2.1a, 6.4.2.2a

6.5233K12b 6.4.2.1a 6.5233K13a 6.4.2.2c

6.5233K13b (6.4b) If a feature = requirement specified functionality, it will be covered in the requirement based testing.

6.5233K13c 6.4.2.2 6.5233K13d 6.4.2.2 6.5233K13e -

6.5233K13f 6.4.2 If performance is considered a requirement, it will be covered in the requirement based testing.

6.5233K13g - DO-178B does not explicitly cover recovery. 6.5233K14 6.2

5.2.4. Production environment 5.2.4.1. Support tools

5.2.4.1.1 [4.4.1.1. Configuration management system]

6.52411K1 Chap. 7 DO-178B dictates no requirements for tools. Tools are however necessary to fulfill the requirements.

5.2.4.1.2 [4.4.1.2. Failure reporting system]

6.52412K1 - DO-178B dictates no requirements for a Problem

Resolution Process. 7.2.3 and 7.2.4 stipulates that the

CM-process shall provide control over such tasks.

6.52412K2 7.2.3, 11.17 A-8.3 (ABCD)

6.52412K3 - 6.52412K4 - 6.52412K5 -

DO-178B does not dictate any requirements for organisation, staff or roles.

5.2.5. Products

5.2.5.1 Standard product (blank section) 5.2.5.2 New software development 5.2.5.2.1 [4.5.2.1. Specification] 6.52521K1 5.1.2

6.52521K2 5.1.2h, 5.5 DO-178B dictates no explicit traceability requirements for defect reports.

4

(18)

5.2. Supplier

6.52521K3 5.1.2e

5.2.5.2.2 [4.5.2.13. Documentation / Information]

6.52522K1 - DO-178B only dictates content and purpose of documents (life-cycle data), not how to produce and maintain such. 6.52522K2 11.0 DO-178B does not explicitly dictate that documentation

must be correct and current. It will however not pass verification unless it is.

6.52522K3 (11.10d) 5.2.5.3. Target computer environment

5.2.5.3.1 [4.5.3.1. Operating and run-time system] 6.52531K1a - 6.52531K1b - 6.52531K1c - 6.52531K1d - 6.52531K1e - 6.52531K1f -

(19)

3. Features in DO-178B not covered by H ProgSäk

A summary of areas or requirements covered by DO-178B but not by H ProgSäk.

H ProgSäk divergence from DO-178B

DO-178B Requirement section DO-178B requirement number Comments on H ProgSäk sections 2.4 System Considerations for

User-Modifiable Software

2.4a-d Modified COTS addressed in 4.5.1 2.5 System design Considerations

for Field-Loadable software

2.5 9.0 Certification Liaison Process 9.0

10.0 Overview of Aircraft and Engine Certification

10.0 12.3.2 Exhaustive Input Testing 12.3.2

12.3.5 Product Service History 12.3.5

4. Acronyms

BOA/SR Beslut om Användning /Safety Release (Decision on system usage issued by FM) CM Configuration Management

COTS Commercial Of The Shelf

FM Försvarsmakten (the Swedish Armed Forces)

FMV Försvarets Materielverk (the Swedish Defence Materiel Administration)

QA Quality Assurance

Software Level Criticality category defined in DO-178B

SS Safety Statement (a formal safety approval by FMV submitted to FM)

SSA System Safety Assessment. DO-178B assumes a SSA process (System Lifecycle process) generating input to the Software Life Cycle processes.

TTEM/TTFO Taktisk Teknisk Ekonomisk Målsättning / Tactical Technical Financial Objective

Swedish Armed Forces requirements for defence materiel purchasing

5. References

[1] Försvarsmaktens handbok för programvara i säkerhetskritiska tillämpningar, M7762-000531, H ProgSäk 20015.

[2] Handbook for Software in Safety-Critical Applications, M7762-000621-7, H ProgSäk E (English version)6. [3] Försvarsmaktens handbok för Systemsäkerhet, M7740-784851, H SystSäk 1996.

[4] System Safety Manual, M7740-784861, H SystSäkE 19966.

[5] Information technology – Software life cycle processes, ISO/IEC 12207, 1995.

[6] Software Considerations in Airborne Systems and Equipment Certification, RTCA DO-178B, Dec. 1, 1992.

5

See http://www.fmv.se under “Publikationer: Handböcker: H ProgSäk 2001”.

6

A translation from Swedish of previous reference (for H ProgSäk E see web site listed in footnote 5 under ‘Engelsk version’).