www.thalesgroup.

com

Feedback on IMA certification and on-going

regulatory work in Europe

Cédric Chevrel
System & IMA Referent Certification Expert
Airworthiness Certification Directorate
Thales Avionics – 30th october 2012

THALES Avionics

International IMA Conference – Moscou 2012

2 / IMA System Certification Manager

Life of a System Certification

Manager before IMA ...

Life of a System Certification

Manager with IMA ...
3 / Content

 IMA perimeter in Avionics System

 Certification Process

 Incremental Certification

 Lessons Learned

 On-going Regulatory work in Europe

 www.thalesgroup.com

Avionics System
IMA perimeter
Thales Avionics – 30th october 2012

International IMA Conference – Moscou 2012

5 / Avionics System Perimeter

Cockpit

Localisation
Surveillance
Navigation

Flight Recording
Management Avionics
System
Flight Guidance Integrated Modular
Avionics Display and Warning
& Envelope

Communication Utilities / Cabin Maintenance

A trend : from Equipment, to Subsystem

and Open Avionics System Package
6 / Integrated Modular Avionics (IMA)
Before Now with IMA
Platform composed by a set of non system
specific and highly configurable computers

Multiple systems applications are executed

on the same platform and network
1 function = 1 computer

ARINC 429

Allowing highly integrated architecture, IMA permits recurrent, development

and maintenance cost savings optimizing industrial business model
7 / IMA business model

Platform / Module supplier :

 Production, Supply chain, component obsolescence management and
capacity to F3 design in the future
 In Service Experience on COTS hardware component (Certification constraint)
 RT Operating System (such as A653) skills
 Robust Partitioning demonstration (Partitioning) skills

Sub-System Designers / Application Suppliers

 Functional domain (Flight Management, Fuel, Cabin...) skills
 Functional oriented Software engineering skills

IMA system integrator

 Complex integration (mixing software and functional aspects) skills
 Incremental Integration & Acceptance

IMA objective : Select the best supplier for each task taking into
each specificity
 www.thalesgroup.com

Integrated Modular Avionics

Certification Process
Thales Avionics – 30th october 2012

THALES Avionics
International IMA Conference – Moscou 2012
9 / Certification Actors

Type Certification
TSO installation Airworthiness
Aircraft
Manufacturer Authority
Country A (IAC-AR)

Contract
System Development & TC Validation
Type Certification Contribution
Agreements
TSO Equipment Arrangements
between AAs
Airworthiness
Authority
Avionics System Country C (ex:FAA)
Supplier
(Thales)

Airworthiness
Suppliers Technical Standard Order
Authority
Sub-contractors (TSO) Authorization Country B (EASA)
10 / Certification basis flow-down

A/C Manufacturer AUTHORITY

Aircraft

Determination of
Certification Basis
Aircraft
Aircraft
Certification
Certification Basis:
- CS 25/AP25/FAR 25
Basis
- Special Conditions,
CRI F-xx/IP S-xx
Exemptions, ESF
AMC (generic)
System

IM (specific CRI / IP) System

System
ARP4761
“Qualification”
ARP4754 Basis
IMA
System Supplier DO-297
Equipment

HW
Standards
DO-254
SW Equipment
DO-178B “Qualification”
Environmental Basis
Equipment Supplier DO-160
11 /
IMA FAA/EASA Regulatory materials

FAA :
 2002 : TSO C153 « IMA hardware elements »
 2003 : AC20-145 about TSO C153 (obsolete with AC20-170)
 2004 : AC20-148 about « reusable software component (RSC) »
 2010 : AC20-170 making the link between TSO C153, AC20-148 "reusable
software component" and DO-297
 2012 : PS-ANM-25-08 provides criteria to determine if the guidance in AC
20 170 is applicable (Am I an IMA ?)

EASA :
 CRI-Fxx : Interpretative Materials for Integrated Modular Avionics System
 CRI-Fxx : Interpretative Materials for Incremental Certification

These regulatory materials are calling on industrial standards as means

of compliance
12 / System/Hardware/Software Industrial Standards

Aircraft & System Development

Process
(ARP-4754 / ED-79)

Guidelines for Integrated

Modular Avionics
(DO-297/ED-124)

ARP4754A
DO297
Electronic Hardware Software
Development Process Development Process
(DO254 / ED-80) (DO178 / ED-12)

ARP4754 (+ARP4761) and more recently DO297 are structuring IMA

system development and certification processes
13 / IMA definitions

According to DO-297 :

Aircraft functions

Generic Perimeter
=
Platform independent from
Avionics functions

DO297 shall be used to structure IMA definitions in order to avoir

misleading interpretation at the beginning of the certification program
14 / Authority Involvement
Manufacturer
requirements
Certification basis SOI4
SYSTEM / SUB-SYSTEM / EQUIPMENT Development cycle
Certification
Review
PLAN Accomplishment
PHASE Status to the Plan
SOI1
Certification Plan,
Plan Review Certification summary,
Syst. FHA, EQTP,
SSA, EQTR, SAS, HAS,
PSAC, PHAC, PCAC
REQUIREMENT CAS, PAS (IMA)
PHASE
Which kind of authority involvement
VERIFICATION
PHASE SOI3
Verification
and audit reviews with IMA ? Audit Flight/Lab Test
ARCHITECTURE procedures
PHASE and results

DESIGN
PHASE SOI 2
Development/
Specifications and
Design Audit
Design data

SOI : Airworthiness Authority Stage of Involvement

 www.thalesgroup.com

Integrated Modular Avionics

Incremental Certification
Thales Avionics – 30th october 2012

International IMA Conference – Moscou 2012

16 / Integrated Modular Avionics (IMA) certification
Before Now with IMA
One function with Highly Integrated
DAL A / DAL D Architecture

DO178B Multi-system Open Industrial

partitioning definition Integration Workshare

IMA system
Robust
Incremental
Partitioning(*)
Certification
(*) DO297/ED124 definition

In the frame of each TC , specific CRI/IP (IM) are published considering IMA
architecture as a system. But a system whose certification shall be handled via
an incremental process (see DO297)
17 /
What was at stake ?

 2 ways are identified to manage resources sharing issues at system level:

 IMA conventional way (API ARINC 653):
 Multi system integration on platform
V&V activities

Sub-System 1 Sub-System 1 Sub-System 1

Platform Sub-System 1
Sub-System n
Sub-System n Sub-System n
Platform
Sub-System n Platform
Simu/Aircraft
Platform Platform + other systems

!
 IMA Incremental way (API ARINC 653 + Incremental process):
 Replacement of multi-system integration by qualification credit based on Usage Domain qualified at
platform level

Sub-System 1 Sub- System 1

Sub- System n Platform Sub- System 1

Sub- System n
Usage Domain &
IMA Process CREDITS
Platform
Simu/Aircraft
Sub- System n + other systems

Platform Platform

« AA warned about potential difficulties during the compliance demonstration in case of

Incremental approch is not followed. This is derived from the complexity of IMA systems »
18 / What is at stake regarding IMA certification?
What is at stake :
 Performance and safety of integrated module in any operational situation.
The IMA architecture (including networks) is considered as a complex
system of the aircraft.
 Independent qualification of some components and credit from some
components pre-qualification is needed to simplify final approval.

Qualification credits :
 Credit n°1: Bare Module & Tools pre-qualification : Modules & tool chain
properties (partitionning, configurability, performances) is demonstrated
and guaranteed in a frame of a Usage Domain.
 Credit n°2 : A qualified tool chain guarantes that Modules are well
configurated compliantly to Usage Domain
 Credit n°3: Standalone qualification of Avionic applications are expected to
be granted in the context of an integrated module with several functions

Keys Points :
 Incremental qualification process shall be defined to master the
interactions between the industrial players
 Incremental qualification taking benefit from Module & Tool properties
(partitionning, configurability & usage domain)
19 /
Certification program breakdown

Module Module Integrator Avionic Application (Function)

Audit Domain Audit Domain Audit Domain(s)

Bare module
Configuration Application
and Tools development
development Software 1
development Function 3
1 development
3 2 Function 2
Tools Function 1

Credit n°2 Credit n°3

qualification functional
qualification qualification
performances

Module Application Functional Vs

acceptation acceptation Qualification
3
IMA system Full incremental
Domain Certification Approach

Usage Domain
& Credit n°1 IMA PROCESS Aircraft
Partionning SYNTHESIS
Credit n°1 + n°2 + n°3 Certification
3 4
x DO297 task Qualified
Integrated Module
 www.thalesgroup.com

Lesson learnt from recent IMA certification

Thales Avionics – 30th october 2012

International IMA Conference – Moscou 2012

21 / Lessons Learned (1)

 A/C Certification Basis understanding and good

anticipation (Special Conditions, Issue Papers, etc)
 Including additional requirements from Importing Authorities.
 Including Interpretative Materials about Integration & Incremental
Processes (which credit in which context ?).
 Good sharing of the Certification Basis by A/C
manufacturer with the IMA System Integrator,
Application Suppliers and IMA Platform supplier
 Joint Certification Strategy
 TSOs / ETSOs
 Incremental Certification Approach in line with business
workshare.
 Management of the Sub-contractors with correct
cascading of certification requirements
22 / Lessons Learned (2)

 Bilateral Agreements or Arrangements between Authorities

facilitate and optimize the Certification
 Early agreement on a Certification Program structured in
several audit domains
 IMA System & Integration domain
 Application software qualification
 Platform qualification (hardware, Operating system and Tools)
 Early validation by AA of the HW, SW, SYS Certification Plans
(SOI 1) reduce the risk
 Simple and Complex Hardware Components classification
 Clear roadmap for COTS components (In Service Experience, Errata...)
 Keep AA in the loop along the development process
 SOI audits in good phasing along with development reviews
 Relationship and confidence between Offices of Airworthiness
is essential
 www.thalesgroup.com

IMA Rulemaking in Europe

What else ?
Thales Avionics – 30th october 2012

International IMA Conference – Moscou 2012

24 / Reuse Vs Certification credit

 The IMA platforms are composed of elements/modules which are

both generic and configurable.

 The IMA elements/modules are designed to be reusable in order to

reduce cost development and facilitate certification programs.

 Nevertheless, « reuse » does not mean « certification credit » from

an aircraft to another. The certification credit from the Incremental
Acceptance is only granted for a dedicated Type Certificate (TC).

 This credit should be granted independently of the aircraft thanks

to a [European] Technical Standard Order (TSO - Equipement
Certificate) and their certification data package recognised as
certification credit when reused for a new aircraft.
25 / Regulatory materials

FAA system EASA system

AC 20.170 TC Certification Review Item
CRI-Fxx : Integrated Modular Avionics System
CRI-Fxx : Incremental Certification

IMA system
IMA System Installation Approval IMA System Installation
(domain#6)

Functional TSO Software Hardware

Cxxx Qualification Qualification
(Complete TSO) Component
Domain# 2, 5, 3, 4, 7 Domain#1
Complement Qualification
Qualification DO160

Functional TSO IMA Hardware TSO

Cxxx C153 (E)TSO Functional ETSO ETSO 2C153
(Incomplete TSO) Authorization Cxxx
Ex : C9c, C52b, C54,
C92c, C101, C106,
C115b, C151b

Thales promotes an European System (ETSO, AMC) facilitating reuse and

certification credit in IMA systems via an ETSO IMA platform (2C153) and
Software Functional ETSO approach (AMC)
26 / Rulemaking Task (RMT) 0456

 ETSO IMA and AMC will be created in EASA regulatory

corpus
 ETSO 2C153 shall be developed and published enabling
authorizations at IMA platform/module level, independent from
aircraft.
 FAA TSO C153 cannot simply be transposed into an ETSO,
because it does not contain sufficient Mimimum Performance
Specifications (MPS) and do not cover Core Software.
 ETSO 2C153 to be complemented by AMC 20-170 (based on
ED124/DO297) to provide more guidance for integration at
function and aircraft level without needing dedicated
Certification Review Item (CRI)

RMT.0456 included in EASA Rulemaking Programme 2013-2016

26
27 / ETSO 2C153 – key concepts

 This ETSO refers to IMA platform modules which are appliances

composed of Hardware and Core Software or any embedded
software module contributing to the intended function of resources
sharing.

 Seven basic types of IMA platform modules are identified :

 TYPE A : Rack Module (only relevant for Cabinet architecture)
 TYPE B : Processing Module.
 TYPE C : Graphical Processing Module.
 TYPE D : Mass Data Storage Module.
 TYPE E : Interface module. (Input/Output Module and/or network module)
 TYPE F : Power Supply Module (only relevant for Cabinet architecture)
 TYPE G : Display Head Module

 En equipment can combine several types (e.g B+D)

28 /
Thank you for your attention
Any questions?
cedric.chevrel@fr.thalesgroup.com