Who is going to define software / software assurance level (SWAL) requirements for a particular ATM/ANS system? EASA, ANSP, ...?
The design or production organisation (DPO) should anticipate the SWAL that is expected by the air navigation service provider (ANSP). This SWAL needs to be incorporated into the DPO’s software development process of the equipment. The EASA attestation is granted according to that SWAL. It is the responsibility of the DPO to declare the SWAL that will be followed for the development of the equipment. This needs to be documented by the DPO in the certification programme.
The ANSP has the responsibility to select equipment in accordance with the safety assessment and the SWAL requirement for the functional system.
Did I understand correctly that the software assurance level (SWAL) assignment and stating that the equipment is safe for use is moved to design or production organisations (DPOs)? I got that impression from previous sessions and disagree since safety (as security) depends on the operational usage of the equipment. What is your opinion?
If the software design assurance level (SW DAL) of equipment depends on ATM functions of the air navigation service provider (ANSP), how do you guarantee that certified/declared equipment will be available with such an expected level? Aren't we creating a chicken-and-egg issue?
This is similar to the case of safety objectives; the market will tend to provide products that are demanded by the ANSPs. A design or production organisation (DPO) will develop products per their anticipated selected software assurance level (SWAL). The ANSP will select the equipment that meet the required SWAL to meet their safety objectives of the functional system.
See also answer to FAQ ‘Who is going to define software/SWAL requirements for a particular ATM/ANS system? EASA, ANSP, ...?’.