What Is DO-178C/ED-12C Compliance?

DO-178C, Software Considerations in Airborne Systems and Equipment Certification, is the principal certification document used by certification agencies including the Federal Aviation Administration (FAA), European Union Aviation Safety Agency (EASA), and Transport Canada to review and approve all commercial software-based aerospace systems submitted for their approval process. It is the standard that directs software certification for airborne systems for the commercial segment. (Its ramifications for military aerospace will be covered below.)

The document is published by RTCA (originally known as the Radio Technical Commission for Aeronautics) via a joint effort with European Organisation for Civil Aviation Equipment (EUROCAE) and replaces the previous version, DO-178B. ED-12C, the updated version of ED-12B, is the EUROCAE release of DO-178C. In November 2011, DO-178C/ED-12C was completed; the RTCA approved it in December of the same year. The joint contribution of RTCA and EUROCAE to DO-178C/ED-12C resulted in its joint designation.

DO-178C in the Avionics Industry

For the avionics industry, DO-178C provides important, detailed guidance for developing airborne software systems to ensure that these systems perform their intended function with a high level of reliability.

In the United States, the FAA, as part of its aerospace industry safety certification processes, uses DO-178C for software and RTCA DO-254 for complex electronic hardware.

DO-178C in the Military Aerospace Industry

The DO-178C standard must also be met within the military aerospace industry, with the following differences:

Distributed cloud network

DO-178C demonstrates compliance with the applicable airworthiness regulations for the software components of airborne systems and equipment.

  • While emphasis on safety analysis remains, the military version focuses more heavily on mission success probability (MSP).
  • There is focus on harsher operational environments.
  • There is also focus on the many onboard mission systems with only DO-178C flight-safety impact needed for mission success.
  • The emphasis is on DO-178 “Military Compliance” versus DO-178C “Certification.”
  • In most cases the target for approval is a military agency rather than the FAA or EASA (European Union Aviation Safety Agency).
  • The military/customer receives and reviews all documents, not just the Plan for Software Aspects of Certification (PSAC) and Safety Assurance System (SAS).

RTCA/EUROCAE Certification Bodies

As outlined by the RTCA, “RTCA Special Committees leverage the top and brightest experts in the aviation community to create recommendations. RTCA works with the Federal Aviation Administration (FAA) to develop comprehensive, industry-vetted and endorsed standards that can be used as means of compliance with FAA regulations.”

The Special Committees developed a series of documents: Safety Performance Requirements (SPR), Operational Services and Environment Definitions (OSED), Interoperability Requirements (INTEROP), Minimum Aviation System Performance Standards (MASPS), and Minimum Operational Performance Standards (MOPS), as well as other reports and guidelines. These documents guide the certification of new equipment and impact the competitive market for their use.

In Europe, EUROCAE leads in the development of globally recognized aviation industry standards. Drawing on the expertise of its members, EUROCAE creates operational, development, and regulatory standards that are designed for international adoption.

The RTCA/EUROCAE joint committee work was divided into seven subgroups:

  • SG1: SCWG Document Integration
  • SG2: Issues and Rationale
  • SG3: Tool Qualification
  • SG4: Model-Based Development and Verification
  • SG5: Object-Oriented Technology
  • SG6: Formal Methods
  • SG7: Safety-Related Considerations

DO-178 Development Assurance Levels

A major provision of DO-178C is the definition of Design Assurance Levels (DALs), which indicate the consequences of potential software failure to the system as a whole. The failure conditions are categorized by their effects on the aircraft, crew, and passengers. There are five DALs, determined from the system safety assessment process and hazard analysis.

Each DAL has stated objectives that must be satisfied. Some must be satisfied “with independence,” meaning that the person who verifies the requirement or source code cannot be the same person who wrote it. This separation of responsibilities must be clearly documented in the evidence provided.

DAL Failure Condition Resulting Conditions Objectives With Independence
Level A Catastrophic Failure may result in deaths and loss of the aircraft 71 30
Level B Hazardous Failure creates a major negative impact on safety or performance or reduces the aircraft crew’s ability to operate the aircraft. This can result in serious or fatal injuries. 69 18
Level C Major Failure causes significant reduction of the safety margin or significant increase in the aircraft crew workload. Passenger discomfort or minor injuries can result. 62 5
Level D Minor Failure slightly reduces the margin of safety or causes slight increase in aircraft crew workload. Results can include passenger inconvenience or changes to a routine flight plan. 26 2
Level E No Effect Failure causes no impact or effect on safety, crew workload, or operation of the aircraft. 0 0

Differences Between DO-178B and DO-178C

DO-178C/ED-12C was developed to address issues and errors and to use advanced software technologies to improve DO-178B/ED-12B. A comparison of DO-178C/ED-12C vs. DO-178B/ED-12B reveals seven major differences over seven different areas:

Category Differences/Changes
Error and Inconsistencies Known errors and inconsistencies in DO-178B/ED-12B were resolved.
Wording Improvements Wording changes were made to DO-178C for precision and to correct inconsistencies.
Consistent Terminology The glossary in DO-178C was updated to make terminology more consistent.
Objectives and Activities Objectives and activities were refined in DO-178C.
Supplements A new programming paradigm was added, as were software development techniques including object-oriented technology and model-based development and verification.
New Topics Parameter Data Item (PDI) files and their verification processes were included.
DO-178B Clarification The definition of modified condition/decision coverage (MC/DC) was updated.

DO-178C Processes and Documents

Safety assessment processes are meant to support the fundamental objectives stated in the DAL levels A through D (level E does not require the same level of documentation). Planners of a real project are responsible for defining and documenting the specific details and activities of their processes. During project work, all actual activities completed in each process must be tied to a demonstration of how they support the objectives.

The objective-based character of DO-178C supports flexibility in following different software lifecycle styles. Once an activity is defined within a process, however, the project must respect that activity. All processes and their concrete activities must have well-defined entry and exit criteria, and documentation must reveal how the project adhered to those criteria.

DO-178C Project Planning Process

To successfully achieve DO-178C certification, it is important to put into place a development project planning process. The five main process plans are outlined below.

PSAC: Plan for Software Aspects of Certification

The Plan for Software Aspects of Certification (PSAC) summarizes how the software engineering team for the system project will meet DO-178C requirements and the roles for FAA and EASA certification.

data-flow diagram

Five main process plans support DO-178C certification.

SDP: Software Development Plan

The Software Development Plan (SDP) details the developers’ plans for software development, specifically outlining how they will execute software requirements, design, code, and integration. The plan must also describe the use of any associated tools needed to meet and monitor DO-178C development objectives.

SVP: Software Verification Plan

The Software Verification Plan (SVP) outlines the activities for review, test, and analysis, along with any necessary linked verification tools.

SCMP: Software Configuration Management Plan

The Software Configuration Management Plan (SCMP) details how DO-178C change management and baseline and storage objectives will be performed for the project.

SQAP: Software Quality Assurance Plan

The Software Quality Assurance Plan (SQAP) outlines how the project’s quality assurance objectives for DO-178C will be met.

How Can Wind River Help?

With more than 40 years helping the world’s leading technology companies power generation after generation of the safest, most secure devices in the world, Wind River® has extensive experience in meeting the safety-critical standards of numerous crucial sectors, including flight safety (DO-178C DAL A).

Functional Safety Certifiable Software

VxWorks

VxWorks®, the world’s leading real-time operating system (RTOS), boasts an extensive portfolio of safety certification history, including 600+ programs over more than 360 individual customers. Its robust safety features provide advanced time and space partitioning capabilities to enable reliable consolidation of multiple applications with different levels of criticality on a single- or multi-core platform. Conformance to standards such as POSIX® and FACE have been leveraged in the certification of VxWorks to DO-178C, IEC 61508, IEC 62304, and ISO 26262 safety standards.

» Learn more

VxWorks is certified for DO-178C

VxWorks is certified for DO-178C, IEC 61508, IEC 62304, and ISO 26262 safety standards.

VxWorks 653 Multi-core Edition

VxWorks 653 Multi-core Edition is a safe, secure, and reliable RTOS. It delivers an ARINC 653–conformant system by providing robust time and space partitioning on the latest hardware platforms to ensure fault containment and the ability to upgrade applications with minimal test and integration demands.

» Learn more

Wind River Helix Virtualization Platform

Wind River Helix Virtualization Platform has been designed to simplify the certification of safety-critical applications according to the stringent requirements of DO-178C, IEC 61508, and ISO 26262 safety standards.

» Learn more

Wind River Professional Services

WInd River Professional Services offers safety-critical expertise, with years of experience in supporting certification planning, processes, and implementation. Contact Professional Services to discuss support for your certification efforts.

» Learn more

DO-178C FAQs

DO-178C is a standard developed by the Radio Technical Commission for Aeronautics (RTCA) that provides guidelines for the development of safety-critical software in airborne systems.
The purpose of DO-178C is to ensure that safety-critical software in airborne systems is developed to a high level of safety and reliability to reduce the risk of accidents or incidents caused by software failures.
Key principles of DO-178C include requirements-based testing, verification and validation, configuration management, and documentation.
Key objectives of DO-178C include ensuring that software requirements are complete, correct, and consistent; verifying that software implementation meets requirements; and ensuring that software is adequately tested and validated.
DO-178C certification has five levels, ranging from Level A (the most stringent) to Level E (the least stringent). The level of certification required depends on the safety criticality of the software and its impact on the safety of the aircraft.
The DO-178C certification process involves a series of activities including software planning, requirements analysis, software design, coding, testing, verification, and validation. The process must be documented and audited to ensure compliance with the standard.
Challenges associated with DO-178C certification include the complexity and cost of the certification process, its potential to cause delays in software development, and the need for highly specialized expertise.
Benefits of DO-178C certification include improved safety and reliability of airborne systems, reduced risk of accidents or incidents caused by software failures, and increased confidence in the software development process.
DO-178C is widely used in the aerospace industry as a standard for the development of safety-critical software in airborne systems, including avionics, flight control systems, and other systems that directly affect the safety of aircraft.
Organizations can ensure compliance with DO-178C by following the standard’s guidelines and processes, establishing a robust software development and testing framework, and engaging with independent certification authorities to ensure that the software meets the necessary safety requirements.