Methods to Address Specific Issues Related to COTS Electronic Components in Airborne Electronic Hardware
This ARP is not a certification document; it contains no certification requirements beyond those already contained in existing certification documents. The purpose of this ARP is to provide more detailed descriptions of the 12 hardware-related COTS issues listed in Appendix B, and to provide recommendations on existing practices, processes, and methods to address them. This ARP also describes artifacts that may be used as evidence that the issues have been addressed. The recommended practices and artifacts may be used to facilitate communication between, for example, the provider and the user of the avionics systems into which COTS components are integrated, or between the applicant for certification and the certification body.
This ARP does not claim that the recommended practices and artifacts described in this ARP are the only acceptable ones. They are, however, used widely today, and merit serious consideration where applicable in the avionics system design and certification processes.
COTS components, by definition, typically have not been designed specifically for the aerospace applications or environments in which they will be used. In many cases, the design data for COTS components is limited or not available, compromising the ability of the integrator of the COTS components into aerospace systems to fully assess their functions and failure modes, and consequently their impact on the system performance (intended and unintended) and safety. Nevertheless, the organization that integrates COTS components into avionics systems is responsible to assure that the system is functional and airworthy.
The avionics system design and development process, therefore, needs to take into account the use of COTS components, and the evidence and artifacts that are produced and used to demonstrate that the implementation satisfies the allocated requirements and provides the level of confidence, consistent with airworthiness requirements.
Various methods may be considered to accomplish the above, broad categories of which include (but are not limited to):
Design and conduct additional tests and analyses of the COTS component, beyond those conducted by its supplier, to assure that the COTS component will perform its allocated function reliably in its application;
Modify the avionics system design to reduce operating and environmental stresses on the COTS component;
Modify the avionics system design to provide assurance the system will perform its allocated function reliably, even if the COTS component were to fail;
Modify the avionics system operating and maintenance practices to prevent premature failure of the avionics system; and
Any additional practices needed by the application.
The 12 issues addressed in this ARP are likely to be relevant for the foreseeable future; however, it also is likely that additional issues will emerge, as COTS component technology continues to progress, and as avionics system reliance on their use continues to increase.
Use of commercial-off-the-shelf (COTS) electronic components is a necessity for airborne electronic hardware (AEH) in aerospace systems; but most COTS components are not designed or intended for long-life, safety-critical, or rugged-environment applications such as AEH. This presents challenges for the design, production, support, and certification of AEH systems. Although COTS hardware can have significant impacts on aerospace electronic system design, reliability assessment, quality, testing, production or support, there is no currently-agreed-upon method to assess those impacts in the certification process. This document describes an aerospace industry consensus process to do so, with respect to 12 specific COTS-related issues, as described in DOT/FAA/TC-16/57. For each of the 12 issues, this document contains (1) a brief description of the issue, (2) aerospace industry consensus processes to assure that the issue has been addressed adequately in the system design, and (3) acceptable artifacts to verify that the issue has been addressed adequately in the system design.