The presentation will describe the challenge and success of adapting the Civil Aerospace regulations for the Certification of High Integrity Software based around the DO-178 series of software development standards, the Federal Aviation Administration (FAA) Job Aid and European Union Aviation Safety Agency (EASA) Part 21 into the Submarines environment. I am currently seconded into the Submarines Enterprise from Rolls-Royce Submarines (RRS). The regulatory authorities for Submarines, the Defence Maritime Regulator (DMR) and Naval Authority Group (NAG), have requested a more formal approach to software certification compared to previous class of submarine. My team has been delegated responsibility for software certification due to limited software expertise in the Defence Maritime Regulator (DMR) and Naval Authority Group (NAG). Hence why I was seconded from one of the Industrial partners to manage this activity.

I will outline how I adapted the EASA regulations for software certification initially for the Submarines Environment, which is now being considered for future class submarines across the enterprise. This resulted in a process for certification of high integrity software for submarines that uses a risk-based Level of Involvement (LOI) to conduct the relevant Stage of Involvement (SOI) activity. This LOI is based on the considerations from the Aerospace regulations of novelty, complexity, design authority performance and safety integrity. The objective of the Certification process is to demonstrate that software has been developed to the required level of rigour for the relevant level of safety integrity. Due to the diverse technology, the software was developed to multiple standards including IEC 61508-3, DO-178 series, DEF-STAN 00-55 and in house standards. A common criteria was therefore defined in a software policy as a set requirements that read-across to these multiple standards, including between the safety integrity classifications (e.g. SILs, DALs etc), based on failure rates. Software certification was conducted against this software policy.

There were a number of challenges to implementation of this capability as it was not previously conducted by the Prime Contractor on this scale on a UK Submarine Platform. Therefore, a learning curve was required for the requirements and expectations for high integrity software development and software certification in the supply chain. This process was introduced relatively late into the programme. So, I will discuss issues with introducing this retrospectively for some of the software development that had already been completed and where COTS software had been used. This presented a challenge to examine software development to the required level of depth as it required additional effort to obtain the relevant information.

The improvement initiative conducted has resulted in development of a new capability, organisation and governance structure for software certification for the submarine enterprise. The "make submarines fly" software certification initiative is now successfully delivering with a mature and effective capability embedded into the Submarines Enterprise.