A320 Software goes on "3rd Party" maintenance

From:         Pete Mellor <pm@csr.city.ac.uk>
Date:         02 Apr 94 00:20:06 PST
Followups:    1
Next article
View raw article
  or MIME structure

While I was in Copenhagen earlier today, a Danish friend, who knows of my 
interest in the A320, drew to my attention an item in today's issue of the 
news magazine "Goddaj" (if I recall the spelling correctly - it means "Good 
Morning"). A translation of the article follows (courtesy of my Danish friend):- 

   --------Translation of Article in "Goddaj", 1st April 1994 -------- 

                   Danish Firm Scores Notable "First"
                   ---------------------------------- 

Thor Avionics, one of Denmark's most advanced high-tech firms, has secured 
a contract which makes it the first software house in the world to provide 
"third party" maintenance on a major safety-critical software system. 

In order to reduce the maintenance costs on its fleet of Airbus A320 aircraft 
(the first type of civil airliner in the world to have a computer-controlled 
"fly-by-wire" system), Air France has placed Thor under contract to provide 
all future maintenance on the software of this highly-automated aircraft. 

Wolf Larssen, director of Thor, said "This is the first contract of its type, 
and it won't be the last. Users of commercial software long ago discovered 
that there are great savings to be made by getting a "third party" firm to 
maintain their software. I am only surprised that it has taken users of 
safety-critical systems so long to discover the advantages. I expect other 
A320 operators to be placing similar contracts before too long." 

A "third-party" in this context means a firm which is independent of both the 
user and the supplier. Such firms, being "lean and mean" are usually capable 
of providing a much better and more cost-effective service than the original 
supplier, since they have fewer overheads and are less stifled by bureaucracy. 
In the commercial world, such contracts have usually gone to small, dynamic, 
organisations, and it seems that the world of safety-critical software will 
follow suite. 

"We had to beat some stiff opposition from Sextant Avionique, Matra, Logica, 
and similar large firms." said Mr. Larssen. "The fact that the software on the 
A320 will need to be maintained indefinitely means guaranteed jobs for highly 
qualified Danish workers for a long time to come." 

M. Theophile Gautier, spokesman for Air France, said "We have the utmost 
confidence in Thor to deliver the goods, both in terms of reduced cost, 
improved system performance, and increased safety." 

The automated systems on the A320, particularly the flight control and flight 
management systems, have sometimes been called into question following the 
various accidents involving this type of aircraft, although the accidents 
have generally been ascribed to pilot error. Even so, there is an obvious 
question mark over the ability of a third-party firm to maintain the level 
of safety. 

When asked about this, Mr. Larssen said "Our software maintenance and 
validation process is second to none. Although Airbus Industrie have refused 
to release the source code, so that we will have to strip out the binary and 
work from that, we anticipate no problems. Most of the modifications we will 
be making are fairly slight, so that regression testing can easily be done 
on a software flight simulator running on an Apple MacKintosh." 

A spokesman for the JAA (Joint Aviation Authority, which is responsible for 
certifying that any new or modified design of aircraft is airworthy) said 
"The basic design has already been certified. All that Thor will be doing 
are minor post-certification modifications. Thor themselves have been 
certified as conforming to the ISO-9000 quality standard and to SEI level 2, 
so it should not be difficult for them to meet the requirements for our own 
certification, which is based upon an industry standard referred to as 
RTCA-DO/178B." 

In response to questions about what the maintenance would actually involve, 
Mr. Larssen said "Occasionally, Airworthiness Directives are issued by the 
JAA which require changes to be made to the design of an aircraft in order 
to correct a fault. Where this change involved modifying the software, Thor 
will be responsible for doing this. The beauty of software is that the 
modified version can be installed on all existing aircraft in seconds, simply 
by inserting a new eprom. In addition to this corrective maintenance, we will 
also be offering Air France enhancements to improve the performance of the 
A320. The practice of "chipping", or modifying the firmware in the engine 
management system of an automobile such as a BMW in order to make it go 
faster, is well established. I don't expect that we could make your A320 
perform like an F-111, but we could certainly extend the "safe flight 
envelope" beyond the rather conservative limits originally set by the 
manufacturer." 

         -------------------- Article Ends ------------------------

I leave it to readers to draw their own conclusions! 

-------------- 
Peter Mellor, Centre for Software Reliability, 
City University, Northampton Square, London EC1V 0HB 
Tel: +44 (71) 477-8422, Fax.: +44 (71) 477-8585, 
E-mail (JANET): p.mellor@csr.city.ac.uk 
-----------------------------------------------------------------------------