Planning for Complex Electronics Development and Assurance

This Overview page for the Planning Phase contains the following sections:

• Overview
• Planning Process
• Entrance Criteria
• Exit Criteria
• Update Criteria
• Roles and Responsibilities
• Planning Site Map

Overview

Planning is an often-overlooked process, especially for lower-level sub-systems. Project-level planning is performed, with schedules, budgets, and processes defined and (hopefully) implemented. At the level of a complex electronic device, the engineer's desire is to jump into the design, similar to a software developers desire to start coding. But a judicious amount of planning can prevent a considerable amount of debugging or rework to fix problems.

While most of the planning is performed before the start of a development activity, the process continues throughout the development life cycle, and into operations, as the project changes in design or activity. Plans that made sense at the beginning of the development may no longer describe the activities that are actually being performed. Periodic re-evaluation of the plan documents is an important part of the planning process. These documents have to be living documents and reflect the true processes and activities of the project. Otherwise, they are just piles of paper.

The complexity and assurance classification of the complex electronics directly influences the amount of planning required. Safety or mission-critical CE devices in highly complex systems require a lot of detailed planning, to ensure that the interfaces are correctly identified, the CE requirements are defined, the design process is defined, and the toolset is qualified. Devices with simple interfaces that perform well-defined functions will require a lot less in the way of planning activities (and documentation). For all complex electronic developments, the assurance activities need to be similarly scaled.

Planning Process

Step 1: Is the project using complex electronics?

As the system design evolves in response to the system requirements, some functions may be identified for implementation in a complex electronic (CE) device. CE includes Field Programmable Gate Arrays (FPGA), Complex Programmable Logic Devices (CPLD), Application Specific Integrated Circuits (ASIC), and System-on-Chip (SoC). If the project is using a programmable logic device, you should at least proceed to Step 2 to determine if the device is simple or complex. If the device is simple, you are done - it does not require any additional assurance activities.

The use of complex electronics within a project is not always obvious to assurance engineers, particularly if they are not familiar with the devices. The CE may be part of a larger electronic package, or may be buried deep within an off-the-shelf circuit board. If you suspect that complex electronics may be used within the system, you need to perform some detective work:

• Review project documentation. Look at the system concept, any overviews or descriptions, and system and sub-system requirements and design documents.
• Talk with the project system engineer and/or system safety. The system engineer should be aware of any complex electronics. System safety should be aware of any complex electronics that are part of a hazard control or otherwise safety-related.
• Talk with the project electrical engineer(s). These are the people who will develop the devices.

Review the following system documents if available

• Failure Modes Effect Analysis (FMEA)
• Fault Tree Analysis (FTA)
• Critical Items List (CIL)

Step 2: Simple versus Complex

The second decision that the project (and assurance) has to make regarding the complex electronic device is: Is it simple or complex? Simple devices do not require the additional assurance activities that are defined in this assurance process.

While the complexity of an implementation is a combination of the chip and design complexities, the process of defining what is a simple design is non-trivial. Therefore, for the purposes of this assurance process, designs implemented with complex hardware (listed below) are automatically considered complex. Designs using other programmable logic devices, such as PALs, PLAs, GALs, PLDs, and SPLDs, are considered simple.

Complex devices are:

• Complex Programmable Logic Device (CPLD)
• Field Programmable Gate Array (FPGA)
• Application Specific Integrated Circuit (ASIC)
• System-on-Chip (SOC)
• Field Programmable System Chip (FPSC)
• Variations of FPGAs and ASICs

Step 3: Determine Assurance Level

Not all complex devices and designs are created equal. Many factors, such as safety-criticality, mission-criticality of the functions, and complexity of the system, interfaces, or design, are important in determining the level of assurance to provide. Projects with higher risk (more critical, many interfaces, complex design) require more assurance activities, such as analyses and audits, to ensure that problems are identified as early as possible.

The Complex Electronics Classification page designates three levels of assurance for the devices. The project (in concert with the assurance engineer) will determine the classification for the complex electronics. Start at the top of the table (high) and determine if the classification applies. If not, go to moderate. If moderate does not apply, based on the criteria, then the classification is low.

Assurance activities are tailored based on this classification. A table is provided for each life cycle phase that lists all assurance activities and specifies if (or how much) they apply to projects of a particular level.

Step 4: Create and document plans

For complex electronics, the CE or electronic engineer creates (or provides inputs for) the following documents.

• Complex Electronics Development Plan. This plan describes the management of the complex electronics development, including schedule and resources. It describes the design methodology (including hardware description language) and toolset that will be used in creating, simulating, and testing the CE design. More detail can be found in the CE Development Plan page.
• Verification and Validation Plan. The project will have to demonstrate that the complex electronic device performs the necessary functions to meet system goals (validation), and to verify that all requirements are correctly and completely implemented in the device (verification). This plan describes how the project will validate (e.g., develop a prototype and test it with a system prototype) the CE. It also describes how each CE requirement is verified (e.g., by test, analysis, or inspection). This plan should include a discussion of the general testing strategy, which requirements are verified at the chip level and which at a higher level, whether simulation can be used in testing, and any other issues related to verification.
• Complex Electronics Configuration Management Plan. This plan can be a stand-alone plan, or the complex electronics configuration management process can be included in a higher-level configuration management plan. More detail is available in the CE Development Plan page.
• Problem Reporting and Resolution Process. The project should have a problem reporting, tracking, and resolution process. This process needs to include the types of problems found in developing the complex electronics. The problem reporting process should tie problems to both a chip (e.g., via serial number) and the design (via version number). More detail is available in the CE Development Plan page.
• Safety Plan. The system safety plan should already identify the system components that are safety-critical. If the complex electronics is one of those components, then the safety verifications need to address the design aspect of the programmable device.
• Risk Management Plan. Risk management is an important tool that projects can use in reducing the probability or impact of risks. Complex electronics has some similarities to software, including the fluidity of the requirements, interface problems with other elements of the system, integration issues (often a result of the interface problems), and the need to create a complex program within a defined period of time. These types of issues are ideal for risk identification and mitigation. While the project Risk Management plan should not need to be modified, risks specific to the complex electronics should be identified, classified, prioritized, and acted upon when necessary.
• Complex Electronics Assurance Plan. This plan identifies all the activities that the assurance engineer will perform throughout the complex electronics life cycle to assure that the final delivered product is of sufficient quality and meets all requirements. This assurance process web site is designed to provide all the information necessary to create a tailored CE assurance plan. The CE Assurance Plan page provides a template for the assurance plan and guidelines on using this assurance process to create the plan.
• Maintenance/Modification Plan. If the complex electronics can be reprogrammed in the field, the process of modifying and re-testing the CE should be documented. The plan should discuss the appropriate change control required, methods to assess impacts of the changes on the system, verification activities, and the physical process to modify the complex electronics. This plan does not have to be completed during early planning, but it is a good idea to think about these issues and document at least a draft plan. The system, as well as the complex electronics, has to be designed carefully to ensure that modifications can be implemented. The appropriate safeguards to prevent unintentional modification are very important to consider early in the design.

Step 5: Review and Approval

The project plans listed in step 4 need to be reviewed and approved by the appropriate personnel. Quality assurance should be both a reviewer and approver. If the project does not normally have quality assurance approve project management documents, then the organization needs a way for the quality assurance engineer to raise any concerns to the appropriate level of management.

Quality assurance is involved in project planning activities through:

• Creation of a Quality Assurance Plan that outlines the work that will be performed by QA throughout the project life cycle.
• Assessment of the project plans, including the management and development plans for complex electronics, for completeness, correctness, and other quality attributes.
• Assurance that the project produces the required plans.

Entrance Criteria:

The following criteria should be met prior to beginning the planning process for complex electronics:

• Project concept or initial system design implements one or more functions in a complex electronics device.
• The electronics device is considered complex, based on the list in step 2.
• The device is classified as high, moderate, or low assurance (step 3).

Exit Criteria (Initial Planning):

At the end of the planning phase, the following criteria should be met:

• The project has developed and approved the appropriate plans, as defined in step 4.
• The plans are approved no later than baselining of the complex electronics requirements.
• The plans are under configuration management.

Update Criteria:

The reality of any project is that change occurs. The documents created during the planning process need to be living entities, updated and modified in sync with project changes. Even without overt change, the plans should be reviewed periodically to ensure that they are still relevant and correct.

The plans created in step 4 should be reviewed at these project milestones:

• Completion of the architecture for the complex electronics.
• Prior to physical implementation in the chip.
• Whenever related project process changes significantly (e.g., major schedule changes or modifications to the configuration management process).
• Whenever the system design changes significantly (e.g., reallocation of functionality between hardware and software).

Roles and Responsibilities

Planning Site Map

The table below describes the information contained on other pages in the Planning section.