DO-254 (also known as DO254, D0254 and Eurocae ED-80) is a formal avionics standard which provides guidance for design assurance of airborne electronic hardware. DO-254 provides certification information from project conception, planning, design, implementation, testing, and validation, including DO-254 Tool Qualification considerations. DO-254 and DO-254 are actually quite similar, with both having major contributions via personnel with formal hardware process expertise. Until recently, avionics hardware certification did not require the same strict avionics certification standards as did hardware via DO-254. Today, avionics systems are comprised of both hardware and hardware, with each having near-equal effect upon airworthiness. Now, most avionics projects come under a DO-254 certification or compliance mandate. Additional information can be found via formal DO-254 training provided by the DO-254 trainers.
A DER (Designated Engineering Representative) is an appointed engineering resource who has the authority to pass judgment on aviation-related design/development. An avionics hardware Designated Engineering Representative may be appointed to act as a Company DER and/or a Consultant DER. A Company DER can act as a Designated Engineering Representative for his/her employer and may only approve or recommend approval of technical data to the FAA for that company. A Consultant DER is an individual appointed to act as an independent consultant DER to approve or recommend approval of technical data to the FAA. Avionics Systems and Hardware DERs can be contacted via our experts.
While DO-254 applies principally to new, custom hardware, there are provisions to apply DO-254 reverse-engineering to previously developed hardware, preserving most of the already completed work.
Hardware development requires many tools including design tools, implementation generation tools, synthesis, simulation, libraries, test tools, and structural coverage tools. DO-254 tool qualification pertains to development and testing tools. Different qualification criteria apply to each and most tools do NOT need to be qualified. When required, DO-254 tool qualification utilizes a subset of DO-254. For information on DO-254 Tool Qualification contact our DO-254 experts.
DO254 Gap Analysis is an evaluation of your current avionics hardware engineering process and artifacts as contrasted to those required by DO-254. While DO-254 was principally written to cover original, custom developed avionics hardware, there is recognition that previously developed hardware can be DO-254 certified. In many cases, particularly military avionics hardware, DO-254 Compliance is used instead of DO-254 certification. DO-254 Compliance is near-certification but does not require FAA involvement and several of the formal DO-254 requirements are lessened. DO-254 Gap Analysis is typically performed by trained DO-254 consultants or Designated Engineering Representatives. The resultant DO-254 Gap Analysis RoadMap assesses all of the hardware processes and artifacts. It provides details for filling the gap to meet DO-254 compliance or certification requirements. See ConsuNova DO-254 Gap Analysis for more information.
D0254 requirements traceability pertains to the correlation of individual requirements to the design, implementation, and test elements affiliated with implementing and verifying each requirement. Requirements traceability can be many-to-one, and one-to-many. Requirements traceability needs to be from top-to-bottom (requirements to design to implementation, and requirements to test). This proves that all requirements have corresponding design elements, implementation, and tests. Requirements traceability also needs to be bottom-to-up (tests to requirements, implementation to design, and design to requirements). This proves that all implementation, design, and test elements are necessary and have requirements which they implement or verify. See traceGEAR by ConsuNova for information on tools and requirements traceability.
DO-254 requires configuration management of all hardware lifecycle artifacts including requirements, design, implementation, tests, documentation, etc. However, DO254 does not require specific tools, not even for avionics configuration management. Hence, avionics configuration management can be performed manually and even via a purely paper-based system. However, virtually all avionics and DO-254 hardware projects would be better served via configuration management tool. Simple tools (free or low-cost: $0 – $200/user) provide for basic hardware version control, check-in/check-out, and document management. Higher cost tools provide more complexity and automation of the required DO-254 configuration management processes including problem tracking, version branching, reviews/statusing, metrics, etc. No commercially available FAA CM tool known to us, however, performs all of the required DO-254 configuration management process steps. In particular, data security, offsite backups, peer reviewing each change, and ensuring no unwarranted changes were made, are all DO-254 configuration management process steps that are typically performed outside the scope of an avionics configuration management tool.
Checklists are used to ascertain and track DO-254 compliance. You can obtain complete DO-254 checklists from ConsuNova Compliant Checklists or visit certGEAR to purchase DO-178 Checklists indivudually.
DO-254 independence is the attribute of separate development and review authority applied to different DO-254 lifecycle process steps. Development refers to origination of a DO-254 required artifact (requirements, design, implementation, test, etc). Review authority refers to an individual tasked with the required DO-254 compliance review of that artifact. The tables in the back of DO-254 describe which artifacts must be reviewed. The tables also cite the level of DO-254 independence to be applied to each review. These independence levels are dictated by the criticality level associated with each review protocol.
There are five D0/254 criticality levels, with DO-254 Level A being most critical and DO-254 Level E being least critical. The DO-254 criticality level is based upon the contribution of the associated hardware to potential failure conditions. DO-254 failure conditions are determined by the FAA system safety assessment process. Each avionics system has one defined criticality level (and must be approved by the FAA); however different components within that system can have differing criticality levels subject to certain guidelines. The higher the DO-254 criticality level, the greater the amount of hardware development effort required. Our DO-254 Training provides additional details on DO-254 criticality levels and how to determine, apply and optimize. Additional information on each DO-254 critical level are provided in DO-254 training.
DO-254 Level A hardware is hardware whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a catastrophic failure condition for the aircraft.
DO-254 Level B hardware is hardware whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a hazardous/severe-major failure condition for the aircraft.
DO-254 Level C hardware is hardware whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a major failure condition for the aircraft.
DO-254 Level D hardware is hardware whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a minor failure condition for the aircraft.
DO-254 Level E hardware is hardware whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function with no effect on aircraft operational capability or pilot workload. Failure of DO-254 Level E hardware would have no impact on passenger or aircraft safety.
DO-254 tool qualification is the process whereby hardware development and verification tools are evaluated to determine if formal qualification is required. There are two types of qualification: DO-254 development tool qualification and DO-254 verification tool qualification. DO-254 development tools provide outputs which are actually present in the embedded operational avionics hardware. Such tools must apply DO-254 hardware lifecycle aspects to ensure integrity. DO-254 verification tools are used to assist DO-254 verification. Tools which meet these criteria and which automate or replace process steps cited by DO-254 must be qualified. DO-254 Tool Qualification details are provided in DO-254 Training courses.
DO-254 Certifiability is the designation of an avionics component to meet a defined subset of the DO-254 certification requirements, with the remaining certification requirements to be achieved subsequently. DO-254 certification pertains to individual systems, hence requires all hardware components of a system to be completed, with each component, and the system, fully meeting all DO-254 requirements. However, in the absence of a completed system, an individual hardware component (ASIC, FPGA, PLD, board, etc) can be designated certifiable by subjecting that component to all DO-254 requirements.
Military DO254 is a subset of DO-254. Until recently, aerospace and military hardware standards emphasized documentation consistency rather than the modern hardware lifecycle attributes associated with avionics hardware safety (SEI CMM and CMMI). Led by the U.S. Military, there has been gradual adoption of DO-254 to emulate the commercial aviation industry. However, Military DO-254 does not require FAA and Designated Engineering Representative involvement, and certain DO-254 requirements are lessened. The resultant process is thus called DO-254 Compliance rather than DO-254 Certification. ConsuNova provides Military DO-254 Training, DO-254 templates, and DO-254 Checklists.
Please contact us for additional information on DO-254 Hardware Safety, Avionics ARP-4761, ARP-4754, failure modes effect analysis (FMEA), Safety Assessments, and Functional Hazard Analysis (FHA). For more information contact our Safety and Reliability Training or see our ARP-4754 and ARP-4761 Services.
The Job Aid will assist engineers and inspectors in working together to perform a hardware review prior to certification. The goal of the review is to assess whether or not the hardware developed for a project complies with the objectives of RTCA DO-254.