Software integrity is paramount in safety-critical domains like aerospace, life-sustaining medical devices, and safety-critical automotive systems, where operational failure carries catastrophic risks. Independent verification is like insurance in this critical assurance. As software’s role grows exponentially in these domains, the need for rigorous, unbiased assessment intensifies.
This article explores the indispensable role of independent verification activities specific to the safety-critical aerospace domain, drawing insights from pivotal guidance documents like DO-178C for airborne software and its supporting document DO-248C. By outlining a few effective implementation strategies, this discussion aims to highlight the vital contribution of independent verification in developing safe and dependable technologies in this crucial aerospace domain.
The Necessity of Unbiased Scrutiny
Any deviation from intended functionality can have severe consequences in high-stakes and safety-critical systems like aerospace, underscoring the absolute necessity for unwavering reliability. Independent verification, an objective verification conducted by individuals or specialised verification teams independent from the original development of a software lifecycle artifact, is a vital and indispensable requirement of this highly regulated industry.
This separation is not just sheer procedural compliance but stresses the fundamental principle carefully and consciously designed to eliminate inherent biases that can, often unintentionally, be overlooked during the development process. Independent verification provides a critical assurance of unbiased scrutiny, a crucial check that ensures a far more thorough and dependable evaluation of a given lifecycle artifact. This commitment to independence finally serves to significantly improve the trustworthiness and overall integrity of these safety-critical systems, promoting confidence in their safe, dependable, and predictable operation.
DO-178C: The Gold Standard for Aviation Software
In the world of aviation, where even minor errors can lead to serious consequences, independent verification is not only a good practice but is very much essential. DO-178C, the industry guidance for developing safety-critical software systems, provides guidance on the objectives to be satisfied to meet the intent of independence in verification. Annex-A to 178C specifically calls out these objectives that require independent verification, making it clear that development and verification need to be handled by separate individuals or teams to maintain objectivity.
Further, Section 6.0 of this guidance defines the verification process, stressing the essential role of independence in verification activities to ensure the accuracy and completeness of verification activities. This guidance document offers the foundational principles and provides practical implementation guidance. This enables organisations to incorporate independence within their software development lifecycle right from the planning phase of the project, thus cultivating a culture rooted in safety, objectivity, and rigorous quality assurance.
DO-248C: Illuminating the Path to Independence
DO-248C serves as an indispensable companion to the DO-178C guidance document, providing additional supplementary guidance, clarifications and insights into the software systems development and verification process objectives.
The DO-248C discussion paper #19 (DP #19) provides detailed guidance on the need for independence and practical insights for developing safety-critical software systems in aerospace with the DO-178C and DO-278A guidance documents. This discussion paper (DP #196 ) highlights that the principal practices of independence in verification activities are universally essential in the safety-critical aviation domain.
The technology supplements associated with DO-178C guidance, which facilitates the use of more advanced technologies in software development, such as DO-331 (for model-based development), DO-332 (for object-oriented technology), and DO-333 (for formal methods), provides specific guidance that adds to or modifies the guidance of DO-178C on independence in verification.
Meeting Regulatory Expectations: A Non-Negotiable Requirement
Aerospace regulatory bodies worldwide have set clear expectations on the topic of the independence of the verification process in safety-critical systems. It is a fundamental and non-negotiable requirement to achieve the regulatory compliance and certification of airborne software systems based on the widely accepted DO-178C guidance document and its associated technology supplements. Failure to demonstrate compliance with this can have a significant impact and delays in certification, project cost, time to market, and potential grounding of aircraft. Hence, meeting these regulatory requirements is critical to aerospace organisations. This further helps the organisations get public trust in the safety and reliability of these critical technologies and systems.
Navigating the Challenges: Best Practices in Implementation
Implementing independent verification processes in the domain of safety-critical aerospace systems, which requires adherence to DO-178C, presents several critical challenges. Below are some more frequent examples of hurdles faced by the industry, but not an exhaustive list:
Resource Allocation: Hiring and retaining adequately skilled team members who specialise in verification processes poses a significant challenge, especially for smaller project teams.
Budgetary Constraints: Projects are usually run on shoestring budgets, which might lead to staffing issues like employees’ conflicts of interest, which may hamper the true nature of effectiveness and independence in verification processes.
System Complexity: The exponentially increasing complexity of modern avionics systems demands that verification engineers required to have a deep understanding of the complexity of the architectures and interdependencies of the sub-systems. This puts a stress on providing specialised training to the engineers and their continuous professional development which further adds to the cost of talent retention.
Maintaining Objectivity: Maintaining objectivity might be affected by overlooked issues and can influence the verification engineer’s objective judgment, such as employee/human issues, like workload, reporting structures, and other biases. This may necessitate the organisations to look for external vendors to ensure no inherent biases and genuinely ensure impartiality, which could add to costs and other administrative and compliance issues.
These challenges emphasise that it is not just about hiring independent people for verification tasks. It needs good plans, a strong will to be fair, and the right set of tools and methods to deal with the tricky part of independence in the verification of complex aviation systems.
The Power of Qualified Tools
Tools that can automate some of the verification activities outlined in Section-6 of DO-178C can play a key role in eliminating human bias, saving cost, and improving the quality and objectivity of the verification process. At the same time, they can add trustworthiness and reliability to the verification results.
If qualified, such tools, as per the guidance enumerated in DO178C, which calls out DO-330 (Software Tool Qualification Considerations), can be a great value addition to substantiate the validity of independence in the verification process. Such qualified tools, in turn, replace human verification and may eliminate the need for deployment of independent personnel or organisations, leading to substantial cost and time savings to the organisation.
Such qualified tools help significantly improve the thoroughness and coverage of verification activities which are to be based on software requirements (high-level and low-level) as mandated by DO-178C and help in ensuring a more comprehensive end-to-end verification of the given software. Qualified tools can improve the efficiency and repeatability of verification process activities, making them more reliable and consistent.
The use of a qualified tool that can automatically generate adequate documentation to show compliance with relevant verification objectives of the standards further helps enhance confidence and trust in the verification outcomes among all the stakeholders, especially the regulators.
The Tool Challenges
Despite the unparalleled benefits such qualified tools can bring to organisations, they come with a few challenges that need to be considered right from the planning phase. Some of the key challenges that we can mention here are the initial investment, recurring costs of tool maintenance/updates, and the need for specialised training for the verification personnel.
Multiple tool vendors in the industry, like LDRA, provide specialised and integrated COTS tool suites specifically designed to support independent verification activities mapped to the software development lifecycle activities, distinct in standards like DO-178C.
Such COTS tools with tool qualification support packages add great value to the independent verification teams in an organisation as they provide crucial support all through the development, verification, and maintenance phases of a given project with required documentary evidence to meet the intent of DO-178C objectives on independence.
Conclusion: A Foundation of Trust
In the world of safety-critical systems, where the stakes are really very high, showing compliance with the objectives of independent verification stands as a fundamental requirement on which trust, and reliability are built. Diligent adherence to the established guidance of DO-178C and DO-248C, supported by DO-330, and strategically leveraging the advantage of using qualified tools, organisations can reap the benefits of unbiased and thorough verification activities that are not a mere necessity but are essential to ensure safer software systems.
The necessity for rigorous, independent, and unbiased verification is not limited to aerospace. It is a non-negotiable requirement to establish a robust foundation of trust in technological deployments within various safety-critical areas, which include, but are not limited to, systems in nuclear power plants, mission-critical military systems, autonomous driving systems, and life-sustaining healthcare and diagnostic systems. Robust independent verification is an important requirement to ensure safety and reliability in each domain.
