DO-330

DO-330, formally known as "Software Tool Qualification Considerations," is a critical guideline developed by the Radio Technical Commission for Aeronautics (RTCA). It focuses on providing a structured approach to ensure that software tools used in the development and verification of airborne systems and equipment are suitable for their intended purpose and do not introduce errors that could compromise safety.

Although the standard is deeply rooted in aerospace, its principles are broadly applicable to other safety-critical domains, demonstrating its foundational importance in functional safety. Before the release of DO-330, tool qualification guidance was often embedded within other standards, but DO-330 emerged as a standalone document to offer comprehensive and independent guidance.

DO-330 is essential for aerospace software development because it directly addresses the confidence required in the tools that create or verify safety-critical software. In airborne systems, where lives depend on the correct functioning of software, any undetected error introduced by or overlooked by a development tool could have catastrophic consequences.

By defining a clear qualification process, DO-330 helps to minimize the risk of such errors. It ensures that the tools are robust, reliable, and perform as expected, thereby contributing significantly to the overall safety and certification of airborne software and systems. Its principles also indirectly impact the supply chain by promoting the use of qualified and compliant tools.

Validas supports aerospace organizations by classifying and qualifying safety-relevant tools and software libraries in accordance with DO-330. Through reusable, audit-ready qualification evidence and cross-domain expertise, we help to reduce qualification effort while maintaining robust certification confidence across the toolchain.

The key principles of DO-330 revolve around an objective-based approach to tool qualification. It classifies tools based on their potential impact on software development and verification, and then specifies a set of objectives that must be met to demonstrate the tool's trustworthiness. These objectives cover various aspects of the tool's lifecycle, including its requirements, design, implementation, verification, and configuration management. DO-330 introduces Tool Qualification Levels (TQLs) from TQL 1 (highest) to TQL 5 (lowest), which are assigned based on how a tool's output is used and its potential to introduce or fail to detect errors. For example, a tool whose output becomes part of the airborne software itself typically requires a higher level of qualification rigor than a tool that solely automates a verification process in which the output is independently confirmed.

DO-330 is closely related to DO-178C, "Software Considerations in Airborne Systems and Equipment Certification," which is the primary standard for software used in civil aviation. While DO-178C outlines the objectives for the software development lifecycle, DO-330 specifically details the process and objectives for qualifying the tools used within that lifecycle.

Beyond aerospace, DO-330's systematic approach to tool qualification shares key principles with other functional safety standards, such as ISO 26262 for automotive and IEC 61508 for general industrial safety. While each standard has its specific nuances for tool confidence or qualification levels, the underlying goal of ensuring tool reliability to prevent safety impacts remains consistent. While most other standards treat tool qualification as a black-box activity that can also be performed by tool users, DO-330 has only TQL-5 that can be mainly applied as black box. All other TQLs require internal knowledge about the tool. Even code coverage is required for some TQLs.

Validas supports DO-330 compliance by offering model-based tool classification and qualification services, including ready-to-use Qualification Kits (QKits) to ensure tools meet the required safety and regulatory standards. Validas supports users in qualifying tools in compliance with TQL 5 and TQL 4. For “higher” TQLs, Validas recommends performing a toolchain analysis which can lower the TQLs such that the qualification requires less effort, while keeping compliance with DO-330 (“FAQ D.2 path”).