If you wish to contribute or participate in the discussions about articles you are invited to join SKYbrary as a registered user

Regulation 482/2008 - Software Safety Assurance in ATM

From SKYbrary Wiki
Article Information
Category: Single European Sky Single European Sky
Content source: SKYbrary About SKYbrary
Content control: EUROCONTROL EUROCONTROL


Commission Regulation (EC) N° 482/2008 of 30 May 2008 establishing a software safety assurance system to be implemented by air navigation service providers and amending Annex II to Regulation (EC) N° 2096/2005 - text published in the Official Journal of the European Union

Objective

The objective of this Regulation is to ensure that Air Traffic Services (ATS) providers implement within the framework of their Safety Management Systems (SMS) a software safety assurance system to manage and reduce risks associated with the use of software in the European Air Traffic Management network systems (EATMN software) to a tolerable level.

Summary

Scope

The Regulation lays down the requirements for the definition and implementation of a software safety assurance system by providers of ATS, air traffic flow management (ATFM) and air space management (ASM) for general air traffic, and providers of communication, navigation and surveillance (CNS) services. It identifies and adopts the mandatory provisions of the EUROCONTROL Safety Regulatory Requirement - ESARR 6 “Software in ATM Systems’.

This Regulation applies to the new software and to any changes to the software of the systems for ATS, ASM, ATFM, and CNS. It does not apply to the software of airborne and space-based equipment.

The Regulation does not cover military operations and training.

General Requirements

Within the scope of the risk assessment and mitigation process organisations providing ATS, ASM, ATFM, and CNS shall implement software safety assurance system (SSAS) to ensure and demonstrate the safety of software operational changes, including cutover and hot swapping.

The SSAS shall provide the evidence and arguments that:

  • Correct and complete software safety requirments have been established in order to meet the safety objectives indentified in the risk assessment and mitigation process;
  • The software implementation contains no functions which adversely affect safety;
  • The software implementation satisfies the safety requirements.

An organisation shall demonstrate to the National Supervisory Authority (NSA) that its SSAS satisfies the above requirements.

SSAS Requirements

A core requirement is that an SSAS shall ensure allocation of software assurance levels to all operational EATMN software. The software assurance level determines the rigour of the software assurances to be produced and depends on the criticality of EATMN software used. A minimum of four software assurance levels shall be identified, with software assurance level 1 indicating the most critical level (most severe effect that software malfunctions or failures may cause).

The riguor of safety asurances must be defined for each assurance level and must give sufficient confidence that the EATMN software can be operated tolerably safe.

The SSAS shall provide assurance that:

  • Identified software safety requirements are valid and traceable to level of design at which their satisfaction is demonstrated;
  • Software is adequately verified;
  • Sofware configuration management is applied throughout the complete software life cycle.

Organisations shall use feedback from operational experience to confirm that the SSAS and the assignment of assurance levels are appropriate.

The SSAS shall be documented as part of the overall risk assessment and mitigation documentation of an organisation.

Requirements Applying to Software Changes

It is recognised that it may not always be possible to meet all software safety assurance requirements specified by the Regulation, in particualar when COTS or already used (legacy) software needs to be assessed or changed. In such cases the organisation shall ensure through other means the same level of confidence in the provided safety assurance as the relevant software assurance level, whenever defined.

The “other means” shall be agreed with the NSA. Those means must give sufficient confidence that the software meets the safety objectives and requirements, as identified by the safety risk assessment and mitigation process.

Entry into Force

The provisions of this regulation shall apply:

  • From 1 January 2009 to the new software of EATMN systems;
  • From 1 July 2010 to any changes to the software of EATMN systems in operation by that date.


Regulation (EC) No 482/2008 establishing a software safety assurance system to be implemented by air navigation service providers (OJ, 31.5.2008)

Further Reading

European Commission

EUROCONTROL