34th �

�EMBRAER
_ .

DASC ,....,-

Thank Thank
you foryou
your
forattention
your attention
Thank you for you
Thank yourfor
attention
your attention

Thank youThank
for your
youattention
for your attention

Johnny Marques
johnny.marques@embraer.com.br
EMBRAER / Brazilian Aeronautics Institute of Technology

Adilson Marques da Cunha

cunha@ita.br
Brazilian Aeronautics Institute of Technology
1 /18
Outline

• Introduction & Background

• The Aeronautical Data Chain
• The RTCA 00-330
• Tool Qualification in Aeronautical Databases
• The 00-330 Adaptations
• Conclusion

2 /18
Introduction & Background
• In aviation, there are two types of embedded
databases:
o Airborne System Databases � approved under aircraft
certification.
• These databases are a/so part of the systems.
• They may influence paths during code executions.
• Approved under the RTCA oO-17BC.

o Aeronautical Databases � not approved under aircraft

certification.
• These databases are used by an airborne system.
• Approved under the RTCA oO-200B.

3 /18
The A eronautical Data Chain (114)
• Aeronautical Data Chain involves many
organizations.
• Data Providers � organizations responsible for
data generation.
• Data Processors � organizations responsible for
using data from Data Providers.
• All data used to generate Aeronautical Databases
must meet Data Quality Requirements (DQR)
specified by the Data Processors.

4 /18
The A eronautical Data Chain (214)
• A typical Aeronautical Data Chain has the 6
activities to:
o Identify Sources of Data
o Assemble Data
o Convert Data
o Select Data
o Format Data
o Distribute Data

5 /18
The A eronautical Data Chain (314)

Sources of Data

State Data Private Data

(Source: This paper)

6 /18
 The A eronautical Data Chain (414)
• The RTCA 00-200B establishes three Data Process
Assurance Levels (OPAL).
• It represents the amount of verification and
validation tasks performed during data
processing to assure data quality.
• Preliminary system safety assessment defines the
OPAL.
Failure Condition Category OPAL
Catastrophic
1
Hazardous
Major
2
Minor
No Safety Effect 3
7 /18
RTCA DO-330 (112)
• Provides guidance on tool qualification for
airborne and ground-based software.
• Other domains such as automotive, space,
systems, hardware, Aeronautical Databases, and
safety assessment processes may also use it.
• This paper summarizes the tool qualification for
the development of Aeronautical Databases
approved under the RTCA DO-200B.

8 /18
RTCA DO-330 (212)
• 5 Tool Qualification Levels
(TQL) Number of
TQL
D TQL 1 is the highest
Objectives
1 76
stringent and TQL 5 is the =:===== ==
2 74
lowest one. ==
3 70
D On the TQL 1, 76 objectives ==
4 38
are distributed in 11 tables. � ==�
5 15
• For each TQL, a set of
objectives is applicable.
D Demonstrate that the outputs
generated by a qualified tool
are reliable.

9 /18
Tool Qualification in A eronautical
Databases (114)
• The equivalent intent of the DO-17BC is used.

Tools can be used to eliminate, reduce, or

automate the activities associated with an
aeronautical data chain, and which outputs are
not verified, need be qualified.

(Adapted from the DO-17BC)

10 /18
Tool Qualification in A eronautical
Databases (214)
• Tools are categorized in two different types:
D Data Processing Tools develop or
transform the aeronautical data.
• Ability to insert an error into the aeronautical

j
data.

E
�.Im.d
I Data
Dataset 1 Dataset 2
Generation Tool

D Error Detection Tools verify aeronautical

data for correctness. Check Qualified Check
r - - - - - - - Error Detection - - - - - - - ,

Fail to detect an error. : :

Tool
•
I
,

Unqualified
� Data �
Dataset 1 Dataset 2
Generation Tool

11 /18
Tool Qualification in A eronautical
Databases (314)
Does the- tool eliminate" reduce or No
automate- aeronautical data processes?

�
.
Yes

Yes
I s the tool outPLIt adequately verifliHd?

.� No

Y;es Can 111etool illsert an error illto the

aeronaLt
i ical1 data?

.� No

Can the tool fail to detect an error it was No

desig ned to ildentify?

�, .� Ye's

Qualify tool as Data Processing Qualify too II as E rro r 0 et,e cHon Tool does not need to be-
1001 1001 qualified

(Source: RTCA 00-2008)

12 /18
Tool Qualification in A eronautical
Databases (414)
• After the need of qualification is identified, the tool
categorized by type (Data Processing or Error
Detection) is associated to the required OPAL.
• In this case, TQL 1 and 2 will not be used.

Tool Qualification Level Determination

Data Processing Error Detection
OPAL
Tool Tool
1 TQL-3 TQL-5
2 TQL-4 TQL-5
3 Not required Not required
(Source: RTCA 00-2008)

13 /18
The DO-330 A daptations (112J
• Throughout 00-330 terms such as "software",
"software life cycle", "software life cycle
processes", and "software plans" are used.

Original Term in the Meaning in the context of

RTCA 00-330 Aeronautical Databases
Software Aeronautical Database
Software life cycle Aeronautical Data Chain

Plan for Software Aspects Data Processing

of Certification (PSAC) Procedures Document

(Source: This paper)

14 /18
The DO-330 A daptations (212)
• Tool Standards (Tool Requirements Standards,
Tool Design Standards, and Tool Coding
Standards) are not required.
• Objectives considered not required.
Objectives Description
T1-S Tool development standards are defined
I
T3-7 II Tool Requirements conform to Tool Requirements
Standards
Low- level tool requirements conform to Tool Design
T4-4
=
Standards
T4-9 Tool architecture conforms to Tool Design Standards
=

TS-4 Tool Source Code conforms to Tool Code Standards

Assurance is obtained that tool processes comply

T9-3
with approved standards
15 /18
Conclusion (112)
• The Aeronautical Database domain is the first to
attempt adaptation from the 00-330.
• The use of 00-330 provides needed
standardization and means to provide credit for
assurance, when necessary.
• The summary of adaptations include:
o Terminology adaptations.
o TQL determination.
o Tool standards are not required and some objectives
were eliminated.
o Use of the Data Processing Procedures Documents
instead of the PSAC.
16 /18
Conclusion (212)

• Comparison, when using the RTCA 00-330

with the 00-17BC and the 00-200B.

Applicable DO-330 Applicable DO-330

Objectives Objectives
(used with DO-17BC) (used with DO-200S)
TQL-3 _ LIQL-4 TQL-5 TQL-3 TQL-4] TQL-5
-.---
-
1
70 38 15 60 34 11
-

17 /18
 Questions?
MSc. Johnny Marques
Senior Product Developer Engineer - EMBRAER
PhD Student - ITA
johnny.marques@embraer.com.br
johnny.marques@gmail.com

Acknowledgements

-(EMBRAER
18 /18