What is CAP670 / SW01?

CAP670/SW01 assumes that software safety requirements have been derived from a full risk and safety analysis of the system. This will have established the overall safety requirements that have been refined and allocated in the design to software. This is a commonplace system safety process and is described in standards and guidelines such as IEC 61508 Part 1, ARP4754, and Def Stan 00-55/56.

The document does not prescribe how the assurance evidence is to be produced or its adequacy argued. International software assurance standards and guidelines, such as IEC 61508 Part 3, RTCA DO-178B / EUROCAE ED12-B, and Def Stan 00-55/56, when used in conjunction with this document may provide an effective way to produce timely and technically valid evidence to satisfy these assurance objectives.

RTCA DO-178B / EUROCAE ED-12 provides guidelines for the production of software for airborne systems and equipment that performs its intended function with a level of confidence in safety that complies with airworthiness requirements. The guidelines are in the form of:

• Objectives of software life cycle processes
• Description of activities and design considerations for achieving these objectives
• Description of the evidence that indicate that the objectives have been satisfied

The document discusses those aspects of airworthiness certification that pertain to the production of software for airborne systems and equipment used on aircraft or engines.

CAP670 / SW01 Assurance Evidence Levels:

Where DO-178B discusses criticality in terms of safety levels, CAP670/SW01 defines Assurance Evidence Levels. These are based on the ESARR 4 severity classification scheme as:

AEL	ESARR 4 Definition	Mandatory Occurrence Reporting (CAP382)
Level 5	Complete loss of safety margins	A UK reportable accident, actual risk of collision
Level 4	Large reduction in safety margins	Serious loss of separation
Level 3	Major reduction in safety margins	Loss of separation significant
Level 2	Slight reduction in safety margins	Increased ATC workload
Level 1	No immediate effect on safety	No effect on ATC workload

Note that the classification is the same as ESARR 4, but the level numbers are in the reverse order to that standard.

Why GNAT Pro High-Integrity Edition for Servers?

AdaCore’s High-Integrity Edition for DO-178B solution has passed DO-178B Level A certification multiple times as a part of avionics systems and is a proven solution to meet this safety-critical standard requirements. GNAT Pro High-Integrity Edition for Servers satisfies CAP670 / SW01 the UK Civil Aviation Authority, Safety Regulation Group, “Air Traffic Services Safety Requirement”, “Regulatory Objectives for Software Safety Assurance in ATS Equipment”.

The certification life cycle materials developed for DO-178B are available for GNAT Pro High-Integrity Edition for Servers, along with complete ISO Ada Conformity Assessment Test Suite (ACATS) results to show that the compiler and run-time system fully conform to the ISO Ada standard.

Further details on this standard can be found at:

• UK Civil Aviation Authority
• CAP670