Certification evidence review before authority submittal

When this review is needed

• A package is close to submittal and the team wants a reviewer who did not build it to read the evidence.
• A program is reusing evidence from a prior effort and needs to know whether it still substantiates the current claim.
• The assigned assurance level changed and the lifecycle data has to be checked against the new objectives.
• Findings from a prior submission point at the evidence and the team needs to know which artifacts fall short.

The problem

The evidence behind a submission is produced by the people closest to the design, and they read their own data the way they intended it. Test reports cover the categories the team expected rather than the ones the installation imposes, software lifecycle data carries open problem reports that were never dispositioned, and structural coverage analysis stops short of the objective for the assigned level. An examiner reading cold sees the gaps the authors are conditioned not to.

What gets reviewed

• Qualification test reports against the environmental categories the installation requires
• Airborne software lifecycle data against the objectives of the assigned software level
• Airborne electronic hardware lifecycle data against the design assurance for the complexity involved
• Requirements-based test coverage and structural coverage to the objective for the level
• Problem reports and their disposition across the lifecycle data
• Internal consistency between requirements, design, test, and verification status

What gets validated

• Qualification reports cover every environmental category the installation environment imposes
• Software lifecycle data satisfies the objectives of the assigned software level
• Structural coverage meets the objective the level requires, with justified exceptions documented
• Hardware lifecycle data matches the design assurance expected for the hardware's complexity
• Open problem reports are dispositioned and their effect on the claim is assessed
• Reused evidence is shown to apply to the current configuration and claim
• Requirements, design, and verification artifacts tell a consistent story

Evidence normally required

• The qualification, software, and hardware lifecycle data assembled to date
• The requirements set and the verification evidence behind it
• The assigned software and hardware assurance levels and the objectives they invoke
• Open problem reports and the disposition record
• Any reused or prior-program evidence offered for credit

Common discrepancies

• Qualification gaps against the environmental categories the installation actually imposes
• Software lifecycle data short of the objectives for the assigned level
• Structural coverage that stops below the objective without a documented justification
• Open problem reports left undispositioned in the package
• Reused evidence offered for credit without showing it applies to the current configuration

What is at stake

Evidence that does not survive a cold read turns review into a sequence of clarification requests, and each request reopens an artifact the team had closed. Schedule erodes against the open items, and an article waiting on its authorization cannot ship while the data is reworked.

How the work runs

What the buyer receives

• Findings on evidence that is missing, inconsistent, or short of the assigned level
• A traceability view from requirements through verification with the gaps marked
• An assessment of any reused evidence against the current claim
• A closure list ordered by review risk and effort

Who uses the output

• Certification leads deciding whether the package is ready to submit
• Engineering teams closing the flagged artifacts
• Quality functions confirming objectives are met before release

How the work fits into the transaction or program

The review is an independent read of the substantiating data, deeper than a matrix check and focused on the artifacts themselves. It pairs with the data-support work that builds a package and with a matrix review that checks coverage.

Regulatory limits

The review checks the applicant's evidence against the applicable standards. It does not make compliance findings on the authority's behalf, assign assurance levels, or guarantee that the evidence will be accepted.

What this review does not cover

• Making official compliance findings or assigning assurance levels
• Generating the missing qualification, software, or hardware data
• Issuing any approval or authorization

Specific to this review

• The value of an independent evidence read is the cold reviewer: the authors of substantiating data are conditioned to read it as intended, which is how undispositioned problem reports and short coverage survive an internal check.
• Structural coverage analysis under DO-178C is level-driven, so the same software can be complete at one level and short at another once the objectives change.
• Reused evidence is only as good as its applicability argument; data carried from a prior program is a frequent finding when nothing shows it still fits the current configuration.

Sources

Frequently asked questions

Relevant glossary terms

Related pages

Where this fits