It is generally accepted that the development of hardware and software for safety critical systems follow their own lifecycles as defined by standards such as RTCA DO254 and RTCA DO178C. What is less clear is what should be done to ensure the system safety objectives are met when the software is installed in the electronic hardware. This paper seeks to discuss the activities that may be undertaken do demonstrate not only that the integration of the software and hardware “work” together, but they do so in a manner that meets the safety objectives in line with the guidelines described in SAE ARP4754A.
According to ARP4754A, hardware and software are different “items” developed according to their own requirements and standards, when two or more items are brought together, they are a system, which may be part of a larger system. Therefore system level considerations need to be applied from the beginning of the development program addressing the system safety and certification activities. To achieve this, three sets of interfaces need to be considered:
- 1
From the system process to item processes (requirement validation and design)
- 2
Between the item processes (integration) looking for intended and unintended function
- 3
From the item processes to the system processes (verification).
The language in the ARP, when it refers to “a system” is often assumed to be a complete Flight Control (or other) system, but the guidelines are equally applicable if the system consists of only two items, one electronic hardware item and one software item. This paper will discuss the application of these guidelines to such a system.