Safety-Critical System Development

Safety-critical system development requires safety certification. Examples for railways are EN 50128 (software) and EN 50129 (hardware). For aerospace there are DO-178 (software) and DO-254 (hardware). Since it it not practically possible to have 100% test coverage for complex systems, these documents require that development processes adhere to practices that minimize risk of catastrophic failure.

Companies with no experience in these standards grossly underestimate time and budget requirements of making the necessary changes for compliance. It takes at least two years to get a company from zero to certified. If the company has the vision to enter the aerospace market, compliance preparations have to be started before any system development contract, because to both change company culture and develop the system at the same time is a sure way to fail.

One way to avoid these standards is to come up with a simple design, provided that the requirements are simple enough. For example, an aircraft climate controller consisting of temperature and airflow sensors and fan and valve actuators could be realized with a simple PID controller using only operational amplifiers. Since it has no software and the relatively simple hardware can be tested with 100% coverage, there is no need to demonstrate that company development processes are sound.