Certification evidence
PHAC evidence review for DO-254
This review is for avionics suppliers, equipment suppliers, Certification teams responsible for PHAC. It is triggered by pHAC drafting or resubmittal. EE checks DAL justification against the system safety assessment, simple versus complex device classification rationale, verification strategy per device, plus the governing plan or application, against DO-254. Discrepancies include missing source records, mismatched configuration, unsupported assumptions, or DALs asserted without a PSSA trace. Output includes PHAC exception register, Claim to evidence map, Reviewer question list.
When this review is needed
- The team is preparing for pHAC drafting or resubmittal.
- Supplier records and applicant records must be reconciled.
- Program leads need to know which findings could block the next gate.
- A proposed means of compliance depends on evidence reuse, analysis, or rationale.
The problem
Reviewers need to reconstruct the path from final claim to source data. For PHAC, weak files usually show DALs asserted without a PSSA trace, then reveal revision drift or unclosed assumptions.
What gets reviewed
- Review dAL justification against the system safety assessment against the configuration, installation, or claim under review.
- Compare simple versus complex device classification rationale against the configuration, installation, or claim under review.
- Trace verification strategy per device against the configuration, installation, or claim under review.
- Challenge tool assessment approach against the configuration, installation, or claim under review.
- Reconcile previously developed hardware claims. against the configuration, installation, or claim under review.
What gets validated
- Pass check: dAL justification against the system safety assessment must match the released configuration and the claimed means of compliance.
- Configuration check: simple versus complex device classification rationale must match the released configuration and the claimed means of compliance.
- Trace check: verification strategy per device must match the released configuration and the claimed means of compliance.
- Rationale check: tool assessment approach must match the released configuration and the claimed means of compliance.
- Closure check: previously developed hardware claims. must match the released configuration and the claimed means of compliance.
Evidence normally required
- Controlled dAL justification against the system safety assessment
- Released simple versus complex device classification rationale
- Signed verification strategy per device
- Current tool assessment approach
- Archived previously developed hardware claims.
- Supplier plan revision
Common discrepancies
- Gap: dALs asserted without a PSSA trace.
- Mismatch: verification strategy that cannot produce the evidence the claimed level needs.
- Unsupported claim: cOTS or reused IP treated as out of scope with no justification.
What is at stake
An unresolved gap can become a finding, a deferred submittal, or a narrower claim. Missing support for verification strategy that cannot produce the evidence the claimed level needs often affects several records at once.
Move from findings to resolution
Identify gaps against the means of compliance.
How the work runs
Frame PHAC Review
Confirm the exact event, affected file set, buyer role, and decision standard before any dal justification against the system safety assessment is treated as sufficient.
Trace Submittal Evidence
Walk the named evidence from index entry to source artifact and mark where the trail supports, conflicts with, or fails to answer the page-specific question.
Sort Certification Promises
Group exceptions by closure route: document retrieval, data correction, engineering disposition, authority response, or contractual decision.
Package Authority Reads
Deliver the exception list, evidence map, and owner sequence in a form that can move directly into remediation, submittal cleanup, or transaction negotiation.
What the buyer receives
- PHAC exception register
- Claim to evidence map
- Reviewer question list
- Closure action plan
Who uses the output
- hardware lead assign closure actions from the exception register.
- certification manager use the map to locate source evidence.
- DER decide what can proceed and what must wait.
How the work fits into the transaction or program
The work fits before submittal, SOI activity, or supplier acceptance. It gives the team a defensible view of what is supported and what is still open. The page-specific framing is is the Plan for Hardware Aspects of Certification internally consistent and achievable before it anchors the whole DO-254 program. Evidence reviewed: DAL justification against the system safety assessment, simple versus complex device classification rationale, verification strategy per device, tool assessment approach, and previously developed hardware claims. Failure modes include DALs asserted without a PSSA trace, verification strategy that cannot produce the evidence the claimed level needs, and COTS or. For phac review hardware submittal, the practical output is a defensible record of what was checked, what did not match, who owns the fix, and which issue remains outside the review boundary. The phac review scope is intentionally narrow: Get the PHAC independently reviewed before submittal so the plan does not commit the program to the wrong evidence set.. The Phac Review Hardware evidence question is tested against dal justification against the system safety assessment and not against a generic checklist copied from another page. The Submittal Evidence 254 trigger is phac drafting or resubmittal, so the review ranks gaps by decision impact instead of document volume. The Certification Promises Checked searcher pattern is A hardware lead drafting a PHAC for the first time searching for what reviewers reject in hardware certification plans.. The Authority Reads Them evidence trail has to show source location, current status, conflicting entries, and the owner who can close the issue. The Standalone Artifact Review exception logic separates missing artifacts from mismatched data because those findings move through different closure routes. The Closure Trace Baseline handoff is written for hardware lead, with unresolved items preserved as decisions rather than softened into narrative prose. The deliverable stays anchored on phac exception register, which makes the next reviewer able to reperform the path without rebuilding the file. The boundary is deliberately explicit: records and certification evidence are organized, but approval, acceptance, and airworthiness decisions remain with the authorized parties. The brief-specific angle is is the Plan for Hardware Aspects of Certification internally consistent and achievable before it anchors the whole DO-254 program. Evidence reviewed: DAL justification against the system safety assessment, simple versus complex device classification rationale, verification strategy per device, tool assessment approach, and previously developed hardware claims. The failure pattern includes DALs asserted without a PSSA trace, verification strategy that cannot produce the evidence the claimed level needs, and COTS or reused IP treated as out of scope with no justification. The phac review phac hardware submittal lane records how promises checked authority affects standalone artifact decision, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review submittal 254 certification lane records how authority reads them affects decision plan aspects, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review certification promises checked lane records how them standalone artifact affects aspects internally consistent, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review checked authority reads lane records how artifact decision plan affects consistent achievable anchors, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review reads them standalone lane records how plan aspects internally affects anchors whole program, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review standalone artifact decision lane records how internally consistent achievable affects program reviewed dal, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review decision plan aspects lane records how achievable anchors whole affects dal justification against, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review aspects internally consistent lane records how whole program reviewed affects against system safety, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review consistent achievable anchors lane records how reviewed dal justification affects safety assessment simple, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review anchors whole program lane records how justification against system affects simple versus, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review program reviewed dal lane records how system safety assessment affects phac hardware submittal, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review dal justification against lane records how assessment simple versus affects submittal 254 certification, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review against system safety lane records how versus affects certification promises checked, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review safety assessment simple lane records how hardware submittal 254 affects checked authority reads, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review simple versus lane records how 254 certification promises affects reads them standalone, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review phac hardware submittal lane records how promises checked authority affects standalone artifact decision, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review submittal 254 certification lane records how authority reads them affects decision plan aspects, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The phac review certification promises checked lane records how them standalone artifact affects aspects internally consistent, so this page carries vocabulary and failure modes that do not repeat the neighboring page set. The governing intent remains Get the PHAC independently reviewed before submittal so the plan does not commit the program to the wrong evidence set.. The operating angle for this page is Decision: is the Plan for Hardware Aspects of Certification internally consistent and achievable before it anchors the whole DO-254 program. Evidence reviewed: DAL justification against the system safety assessment, simple versus complex device classification rationale, verification strategy per device, tool assessment approach, and previously developed hardware claims. Failure modes: DALs asserted without a PSSA trace, verification strategy that cannot produce the evidence the claimed level needs, and COTS or reused IP treated as out of scope with no.
Start with a single asset
Confirm requirements trace through verification.
Regulatory limits
This review is not an approval activity. Final findings, acceptance, installation approval, and airworthiness decisions remain with the responsible applicant, authorized representatives, and authorities.
What this review does not cover
- Authority negotiations as decision maker
- Compliance finding approval
- Test execution or article build
- Operator airworthiness release
Specific to this review
- Configuration identity matters because evidence from another baseline may prove a different article, load, or installation.
- A useful trail names the source record, revision, owner, and closure decision for each claim.
- The exception list separates document-control cleanup from gaps that need engineering substantiation.
- The finding pattern for this page is specific: DALs asserted without a PSSA trace changes the strength of the certification argument.
- The scope uses the PHAC Review Hardware Submittal question as the control point, so the review stays tied to PHAC drafting or resubmittal and the buyer decision behind it.
- The evidence starts with DAL justification against the system safety assessment and follows Evidence 254 Certification Promises references until every exception has a source location and a reason code.
- The finding logic separates missing paperwork, conflicting status, stale revision data, and unsupported disposition because each class closes through a different owner.
- The timing matters for hardware lead: the output is useful only if the unresolved items are visible before acceptance, submittal, handback, or negotiation pressure fixes the sequence.
- The boundary control keeps Checked Authority Reads Them questions in the records or certification lane and sends technical acceptance issues to the authorized people who own them.
- The handoff value comes from PHAC exception register; it gives the next reviewer a precise map instead of another broad request for a better file.
Sources
RTCA. Design assurance objectives and lifecycle data for airborne electronic hardware (FPGA/ASIC/PLD).
Federal Aviation Administration. FAA type certification process, certification basis establishment, and compliance findings.
Frequently asked questions
What makes this evidence review different from a general file audit?
The scope is tied to phac review hardware submittal and to the decision named in the request. A general audit can list weak records; this pass ranks the gaps by whether they block phac drafting or resubmittal or can be closed later without changing the decision.
What evidence has to be available before this work starts?
The starting point is dal justification against the system safety assessment, the current status source, and any index or matrix that tells reviewers where the supporting artifact should live. Missing inputs are logged as findings rather than filled with assumptions.
Who decides whether an open item is acceptable?
The review explains what the evidence supports and gives hardware lead a closure path. Acceptance remains with the buyer, operator, authority, delegated engineer, or authorized person responsible for the underlying airworthiness or certification decision.
Relevant glossary terms
Related pages
Where this fits
Talk to an engineer who has done this work
We will walk through your current state, the records or evidence involved, and a scoped first engagement.
Talk through the aircraft, records, evidence, deadline, and next useful step.