Certification of the Galileo SIS The GALCERT Project

Transcription

1 Certification of the Galileo SIS The GALCERT Project Prepared by: Prof. Dr. P. Hecker - C. Butzmuehlen Presented by: K. Hartwig - DLR ZEL-GNSS 2008

2 TABLE OF CONTENTS 2 The Mission Goal of the GALCERT Project The Approach to the Project: The Study Logic Analysing the Requirements and Procedures Aviation Domain Specifics Creating a First-Level RoadMap for Certification GALCERT and GAUSS

3 GALCERT Mission Statement 3 Mission Statement: A certification scheme shall be implemented that covers both the validation of Galileo signals in space against the SRD [System Requirement Document] requirements and the Galileo services against the present MRD requirements. The certification shall be achieved through the implementation of an independent and impartial certification body.[ ].

4 GALCERT Study Logic 4 Domain specific activities and harmonisation for multi-modal transport

5 GALCERT System Boundaries 5 Galileo System Specific Requirements Acceptance Review/Transfer/Consolidation SIS Interface Receiver (black box) Application Galileo Certification Certification of Galileo Application DOMAIN REQUIREMENTS CERTIFICATION

6 GALCERT Safety Cases 6

7 Different transportation domains 7 Consolidation of Certification Requirements for Galileo Review of draft certification requirements Verification against MRD and SRD Interaction with the Committee of Experts Identification of open issues for the different application domains Requirements from SoL services in the aviation domain, rail and road domains, maritime domain Synthesis of the consolidated certification requirements

8 Baselining the Requirements 8

9 Evaluation Criteria for Requirements 9 criticality neutral none reference no further action required covered solved not required additional measures to be taken discussion ambiguity to be adopted critical Incompatible remark not a requirement; general remarks with no criticality identifies the reference between CRD and domain, but no evaluation concerning the compliance is given requirements are compatible in the past critical requirement/issue is now compatible/solved not needed by the respective domain the issue needs to be discussed further requirements definition to be checked/improved requirement should be added to comply with domain requirements the issue needs to be solved requirements are not compatible or contradictory

10 and Galileo is already being built 10 Analysis of ESA IOV Development Standards Review and analysis of ESA IOV development standards Comparison of requirements between ESA IOV development standards and applicable standards Mapping of requirements and identification of significant deviations and missing key requirements Critical assessment of standards for Software Engineering for SoL applications

11 Ex: Aviation Domain ESARR versus Galileo IOV 11 Galileo IOV ESARR ECSS

12 no requirement without a procedure 12 and no procedure without underlying requirement: Consolidation of Certification Procedures for Galileo Review draft Galileo Certification Rules Review draft Galileo Type Certification Procedures Review the Certification Rules and procedures valid for the application domains Elaboration of a cross reference and compliance matrix for certification rules Preparation of meetings with regulators Discussions with national or European regulators and respective boards Compiling of minutes and summarized outcomes of meetings with regulators Identification of any additional rules and procedures that may have to be developed to complete the Galileo certification process

13 example: aviation domain certification of an Air Navigation Service Provider (ANSP) 13 Application by ANSP Check on completeness by NSA Co mplete Document review By NSA Decisicion on documents by NSA ANSP Provides additional Not information complete ANSP Changes documents Not correct Desktop Review Correct On site Audits On site review by NSA Result Evaluation by NSA (Non - conformities) In compliance ANSP adresses Non conformities Not in compliance Certification By NSA ANSP Holding valid certificate On going oversight

14 Documentation for Certification 14 Analysis of necessary Documentation for Certification: the Safety Case Approach The Safety Case Concept will be baseline for the identification of the material & documents The analysis will be based on GSA/ESA high level documents Draft output from the Committee of Experts for Certification of Galileo ESA document list and extant ESA documents Draft consolidated certification requirements Draft consolidated certification procedures Draft reports on Analysis of ESA IOV development standards for the application communities

15 Putting it all together. 15 Development of Certification Plan for Galileo Develop a first draft of the Galileo Certification Plan which supports GSA together with the Galileo notified body to handle the certification activities for Galileo. First level certification plan will support strategic decisions by the GSA, describe all activities to be performed by the different stakeholders before reaching certification of Galileo related applications. The Certification Plan for Galileo will be developed based on the principles established for functional safety certification of industrial systems and products. Certification needs to be based on a strictly formal process.

16 but matching it with the existing methodology for the aviation domain 16 EUROCONTROL Safety Assessment Methodology Very high-level abstract definition of phases in the safety assessment task three steps: Functional Hazard Assessment (FHA): determination of how safe the system need to be Preliminary System Safety Assessment (PSSA): demonstration whether the assessed system architecture can reasonably be expected to achieve the Safety Objectives System Safety Assessment (SSA): demonstration that the system as implemented achieves an acceptable (or at least a tolerable) risk

17 GALCERT: A Recipe for the certification of the Galileo Signal-in-Space 17 The Mission Goal of the GALCERT Project The Approach to the Project: The Study Logic Analysing the Requirements and Procedures Aviation Domain Specifics Creating a First-Level RoadMap for Certification Outlook: GALCERT and GAUSS focussing on the certification of applications

18 GALCERT and GAUSS 18