If you wish to contribute or participate in the discussions about articles you are invited to join SKYbrary as a registered user
Regulation 482/2008 - Software Safety Assurance in ATM
|Category:||Single European Sky|
Commission Regulation (EC) N° 482/2008 of 30 May 2008 establishing a software safety assurance system to be implemented by air navigation service providers and amending Annex II to Regulation (EC) N° 2096/2005 - text published in the Official Journal of the European Union
The objective of this Regulation is to ensure that Air Traffic Services (ATS) providers implement within the framework of their Safety Management Systems (SMS) a software safety assurance system to manage and reduce risks associated with the use of software in the European Air Traffic Management network systems (EATMN software) to a tolerable level.
The Regulation lays down the requirements for the definition and implementation of a software safety assurance system by providers of ATS, air traffic flow management (ATFM) and air space management (ASM) for general air traffic, and providers of communication, navigation and surveillance (CNS) services. It identifies and adopts the mandatory provisions of the EUROCONTROL Safety Regulatory Requirement - ESARR 6 “Software in ATM Systems’.
This Regulation applies to the new software and to any changes to the software of the systems for ATS, ASM, ATFM, and CNS. It does not apply to the software of airborne and space-based equipment.
The Regulation does not cover military operations and training.
Within the scope of the risk assessment and mitigation process organisations providing ATS, ASM, ATFM, and CNS shall implement software safety assurance system (SSAS) to ensure and demonstrate the safety of software operational changes, including cutover and hot swapping.
The SSAS shall provide the evidence and arguments that:
- Correct and complete software safety requirments have been established in order to meet the safety objectives indentified in the risk assessment and mitigation process;
- The software implementation contains no functions which adversely affect safety;
- The software implementation satisfies the safety requirements.
An organisation shall demonstrate to the National Supervisory Authority (NSA) that its SSAS satisfies the above requirements.
A core requirement is that an SSAS shall ensure allocation of software assurance levels to all operational EATMN software. The software assurance level determines the rigour of the software assurances to be produced and depends on the criticality of EATMN software used. A minimum of four software assurance levels shall be identified, with software assurance level 1 indicating the most critical level (most severe effect that software malfunctions or failures may cause).
The riguor of safety asurances must be defined for each assurance level and must give sufficient confidence that the EATMN software can be operated tolerably safe.
The SSAS shall provide assurance that:
- Identified software safety requirements are valid and traceable to level of design at which their satisfaction is demonstrated;
- Software is adequately verified;
- Sofware configuration management is applied throughout the complete software life cycle.
Organisations shall use feedback from operational experience to confirm that the SSAS and the assignment of assurance levels are appropriate.
The SSAS shall be documented as part of the overall risk assessment and mitigation documentation of an organisation.
Requirements Applying to Software Changes
It is recognised that it may not always be possible to meet all software safety assurance requirements specified by the Regulation, in particualar when COTS or already used (legacy) software needs to be assessed or changed. In such cases the organisation shall ensure through other means the same level of confidence in the provided safety assurance as the relevant software assurance level, whenever defined.
The “other means” shall be agreed with the NSA. Those means must give sufficient confidence that the software meets the safety objectives and requirements, as identified by the safety risk assessment and mitigation process.
Entry into Force
The provisions of this regulation shall apply:
- From 1 January 2009 to the new software of EATMN systems;
- From 1 July 2010 to any changes to the software of EATMN systems in operation by that date.
- EUR-Lex Portal: Regulation 482/2008 (available in different languages and file formats)
- Air Transport Portal of the European Commission - Single European Sky