Software assurance
Software certification liaison support for airborne software
Software certification liaison support helps an airborne-software team prepare for the authority interactions that pace a DO-178C program, from the plans through the stage-of-involvement reviews. It serves avionics and equipment suppliers developing software to a design assurance level. The trigger is a program where the planning documents, lifecycle data, and review readiness all have to line up before each audit. It examines the software plans, the lifecycle data against the objectives for the level, the readiness of each stage-of-involvement milestone, and the tracking of open items. You receive a review-readiness assessment against the DO-178C objectives and a finding-closure list scoped to the level the software was assigned.
When this review is needed
- A stage-of-involvement review is approaching and the lifecycle data has to be ready for it.
- The software plans were written early and may no longer match how the program is being run.
- Verification is generating results and the team needs them mapped to the objectives before an audit.
- The open problem reports and prior review findings need closing and tracking before the next milestone.
The problem
DO-178C programs are paced by the authority reviews, and a software team that treats the plans as a one-time deliverable arrives at each stage-of-involvement audit out of sync. The plans describe a process the program no longer follows, verification results exist but are not mapped to the objectives the level requires, and open problem reports accumulate without a closure path. The audit then spends its time on housekeeping instead of the engineering, and the milestone slips.
What gets reviewed
- The software plans and whether they describe the process the program actually runs
- Lifecycle data against the DO-178C objectives for the assigned level
- Readiness of each stage-of-involvement milestone the program is approaching
- The verification results and their mapping to requirements-based test objectives
- Tool qualification data where verification or development tools need it
- The open problem reports and prior findings, each with a tracked closure path
Scope this review
Tell us the asset, the event, and the evidence in scope, and we will outline a focused first engagement.
Identify what is missing against the means of compliance.
What gets validated
- The plans describe the process the program is actually following
- Lifecycle data is present for every objective the assigned level requires
- Verification results map to requirements and to the coverage the level demands
- Each stage-of-involvement milestone has the data the review expects
- Tool qualification is in place where a tool's output is relied on without review
- Open problem reports and prior findings have an owner and a closure path
Evidence normally required
- The software plans and the assigned design assurance level
- The lifecycle data and verification results produced so far
- The stage-of-involvement schedule and any prior review records
- The open problem report log and finding list
Common discrepancies
- Plans that describe a process the program has since diverged from
- Lifecycle data missing objectives the assigned level requires
- Results from verification not mapped to requirements or to the required coverage
- Tools relied on for verification without the qualification the use needs
- Open problem reports with no tracked path to closure before the milestone
What is at stake
A review that finds the lifecycle data not ready for its stage turns into re-work against a fixed certification calendar, and each slipped milestone compounds because the next stage cannot open until this one closes. Mismatched plans also undermine the objective evidence behind them, since the data was produced to a process the plans no longer describe.
How the work runs
Align the plans
Confirm the software plans describe the process the program is actually following.
Map to objectives
Check lifecycle data and verification results against the objectives for the level.
Ready the milestone
Confirm each stage-of-involvement review has the data it expects.
Track the closures
Produce a finding-closure list with owners and a path to the next milestone.
What the buyer receives
- A review-readiness assessment against the DO-178C objectives for the level
- A finding-closure list with owners and a closure path
- An objective-coverage view mapping lifecycle data to the level's requirements
Who uses the output
- Software certification leads preparing for the stage-of-involvement review
- Engineering teams closing the objective and coverage gaps
- Program management sequencing the milestones around the authority calendar
How the work fits into the transaction or program
The support focuses on the software assurance layer and its authority interactions. It works alongside the hardware assurance and system-level evidence in a fuller data package, and it readies the software data for each review rather than performing the development.
Start with a single asset
Reduce finding cycles by checking the package first.
Aircraft-specific considerations
The objectives that apply scale with the assigned design assurance level, so software driving a more severe failure condition carries more lifecycle data and a heavier review than software whose failure effect is minor.
Regulatory limits
Endeavor Elements prepares and reviews the applicant's software lifecycle data. It does not conduct the stage-of-involvement review, make the compliance finding, or guarantee the software is accepted. The authority conducts the review and makes the finding.
What this review does not cover
- Conducting the stage-of-involvement review or making compliance findings
- Developing the airborne software itself
- Issuing any approval or accepting the software data
Specific to this review
- DO-178C assigns objectives by design assurance level, so the amount of lifecycle data and the depth of review scale with the software's failure effect, not with the size of the codebase.
- Stage-of-involvement reviews are milestones in the program, and arriving with data that does not match the plans is what turns a review into re-work.
- Tool qualification under DO-330 is required where a tool's output is trusted without independent review, and a missing qualification is a common audit finding.
- Plans that no longer describe the process being run undermine the lifecycle data produced under them, because the evidence was made to a process the plans misstate.
Sources
RTCA. Objectives and lifecycle data for airborne software assurance, by design assurance level (DAL A-E).
U.S. Government (eCFR). Type certificates, STCs (Subpart E), TSO authorizations (Subpart O), PMA (Subpart K), and export airworthiness approvals (Subpart L).
SAE International. Development assurance process at aircraft and system level, including requirements capture and validation.
RTCA. Design assurance objectives and lifecycle data for airborne electronic hardware (FPGA/ASIC/PLD).
Frequently asked questions
Do you write our software or conduct the review?
Neither. We prepare and check the lifecycle data against the DO-178C objectives for the assigned level so the team is ready. The authority conducts the stage-of-involvement review and makes the finding.
Does the depth depend on our software level?
Yes. DO-178C assigns objectives by design assurance level, so software at a higher level carries more lifecycle data and a deeper review than software whose failure effect is minor.
Relevant glossary terms
Related pages
Where this fits
Talk to an engineer who has done this work
We will walk through your current state, the records or evidence involved, and a scoped first engagement.
Walk through your situation with an engineer who has done this work.