JAR 66 CATEGORY B1

CONVERSION COURSE

uk

SOFTWARE
MANAGEMENT CONTROL

MODULE 5
DIGITAL TECHNIQUES
ELECTRONIC
INSTRUMENT SYSTEMS

engineering
1

MODULE 5.13

SOFTWARE MANAGEMENT CONTROL

In the normal maintaining of aircraft, an assessment of system and function

criticality is made. With the increasing role of computers in today's aircraft,
responsible Design Organisations assign, to each software-based system or
equipment, software levels relating to the severity of the effect of possible
software errors within user systems or equipments.
Table 1 shows the relationship between function criticality category and software
level.
Effect on Aircraft

FAR 25.1309 &

No significant

Reduction of the aircraft capability or

and occupants of
failure conditions

JAR 25.1309

degradation of

of the crew ability to cope with

continued safe

definitions

aircraft capability

adverse operating conditions

flight and landing

or design error

or crew ability

Prevention of

of the aircraft
Large reduction

Slight reduction

Significant

in safety margins

of safety

reduction in

Physical distress

margins,

safety margins

or workload such

Slight increase in

Reduction in the

that the flight

ACJ No 1

workload, e.g.

ability of the flight

crew cannot be

Jar 25.1309

routine changes

crew such that

relied upon to

Loss of aircraft

definitions

in flight or plan or

they cannot be

perform their

and/or fatalities

Physical effects

relied upon to

tasks accurately

but no injury to

perform their

or completely, or

occupants

tasks accurately,

serious injury to

or injury to

or death of a

occupants

relatively small
proportion of the
occupants

ACJ No 1 to JAR 25.1309

Minor Effect

Major Effect

Hazardous Effect

Definition of Criticality Category

FAA Advisory Circular 25.1409-1

Catastrophic
Effect

Non-essential

Essential

Critical

Level 3

Level 2

Level 1

definition of Criticality Category

DO-178A/ED-12A
Software level*

Table 1
*

Using appropriate design and/or implementation techniques, it may be

possible to use a software level lower than the functional categorisation.
Refer to Section 5 of DO-178A/ED-12A, which provides further guidance.

JAR 66 CATEGORY B1
CONVERSION COURSE

uk
engineering

MODULE 5
DIGITAL TECHNIQUES
ELECTRONIC
INSTRUMENT SYSTEMS

MODULE 5.13
SOFTWARE
MANAGEMENT CONTROL

1.1 CERTIFICATION OF SOFTWARE

For initial certification of a software-based system or equipment, the responsible
Design Organisation provides evidence to the CAA that the software has been
designed, tested and integrated with the hardware in a manner which ensures
compliance with the relevant requirements of BCAR.
The primary document for use by certifying authorities is the Software
Accomplishment Summary. Its content is listed below to demonstrate the
stringency of software control both during certification and continued use when it
may be subject to further development and modification. The following is taken
from AWN 45A. Related document references have been left in but not clarified.
1.2 CONTENT OF SOFTWARE ACCOMPLISHMENT SUMMARY
As a minimum, information relevant to the particular software version should be
included in the summary under the following headings: (a)

i)

System and Equipment Description This section should briefly

describe the equipment functions and hardware including safety
features, which rely on hardware devices or system architecture.

ii)

Organisation of Software This section should identify the

particular software version and briefly describe the software
functions and architecture with particular emphasis on the safety
and partitioning concepts used.

The size of the final software design should be stated, e.g. in terms of
memory bytes, number of modules. The language(s) used should also be
stated.
(b)

Criticality Categories and Software Levels This section should state

the software levels applicable to the various parts of the software. The
rationale for their choice should be stated, either directly, or by reference to
other documents.

(c)

Design Disciplines This section should briefly describe the design

procedures and associated disciplines, which were applied to ensure the
quality of the software. The Organisations which were involved in the
production and testing (including flight-testing) of the software should be
identified and their responsibilities stated.

(d)

Development Phases The development phases of the project should be

summarised. This information could be included in sub-paragraph (h)
below.

uk
engineering

JAR 66 CATEGORY B1
CONVERSION COURSE
MODULE 5
DIGITAL TECHNIQUES
ELECTRONIC
INSTRUMENT SYSTEMS

MODULE 5.13
SOFTWARE
MANAGEMENT CONTROL

(e)

Software Verification Plan This section should briefly summarise the

plan (Document No. 11 as defined in DO-178A/ED-12A) and the test
results.

(f)

Configuration Management The principles adopted for software

identification, modification, storage and release should be briefly
summarised.

(g)

Quality Assurance The procedures relating to quality assurance of the

software should be summarised including, where applicable, those
procedures which applied to liaison between the equipment manufacturer
and the aircraft, engine or propeller constructor, as appropriate.

(h)

Certification Plan This section should provide a schedule detailing major

milestones achieved and their relationship to the various software
releases.

(j)

Organisation and Identification of Documents This section should

identify the documents, which satisfy, paragraph 8.1 of DO-178A/ED-12A.

(k)

Software Status Any known errors, temporary patches, functional

limitations or similar shortcomings associated with the delivered software
should be declared and the proposed timescale for corrective action
stated.

uk
engineering

JAR 66 CATEGORY B1
CONVERSION COURSE
MODULE 5
DIGITAL TECHNIQUES
ELECTRONIC
INSTRUMENT SYSTEMS

MODULE 5.13
SOFTWARE
MANAGEMENT CONTROL

1.3 MODIFICATION OF SOFTWARE

In respect of systems and equipment with Level 1 or Level 2 software, a
modification, which affects software, shall not be embodied unless it has been
approved by the responsible Design Organisation.
Modifications to software will be subject to the same approval procedures as are
applied to hardware modifications. Modified software will need to be identified
and controlled in accordance with the procedures stated in the software
configuration management plan.
The CAA will require the design and investigation of modifications, including
those proposed by the aircraft operator, to involve the support service provided by
the responsible Design Organisation. The re-certification effort will need to be
related to the software levels.
Aircraft operators will need to ensure that their defect reporting procedures will
report software problems to the responsible Design Organisation.

JAR 66 CATEGORY B1

MODULE 5

uk
engineering

DIGITAL TECHNIQUES
ELECTRONIC
INSTRUMENT SYSTEMS

MODULE 5.13
SOFTWARE
MANAGEMENT
CONTROL