Occasionally, we will enter into business agreements with third party software vendors to supply DO-178B Life Cycle Data developed using Plans and Procedures external to DDC-I. When this occurs, the oversight activities documented here will apply.

Unless explicitly delegated, the ultimate assessment of a supplier's compliance with DO-178B is a privilege held solely by the certification authority and the applicant, that is the entity integrating DDC-I and third-party supplied software within their system. Because of this, DDC-I will not attempt to perform any DO-178B compliance assessments on third-party supplied life cycle data. DDC-I will limit its role to ensuring the categories of data defined in DO-178B exist within the third party's life cycle data, and facilitating communication between the third party supplier and the certification authority or applicant.

The rationale for the approach above is to avoid non-expert compliance opinions from being injected into the third party life cycle data certification process, and to avoid having the third party receive conflicting guidance.

If the business arrangement puts DDC-I in the position of delivering third party supplied life cycle data on the third party's behalf, the life cycle data will not be stored at DDC-I except in the form of a backup copy of what is being shipped to the applicant. In essence, third party life cycle data is not DDC-I life cycle data thus the two should not be mingled.

We will limit the assessment of third party life cycle data to a determination of whether it exists, and in some cases as indicated below, to a determination of whether specific sub-categories exist as defined in DO-178B. The activities will not attempt any technical assessments of the data.

• The person assigned to perform the activity should use the criteria specified in the table below.
• Each life cycle data item listed below should be accompanied with appropriate identification that can be used to trace the data back to the third party, as well as indicate the life cycle data has been approved for transfer outside of the third party's configuration management system. While specific identification methods may differ between third party vendors, typical methods include a title page, document revision, publish or configuration management system escape date, and third party signatures where appropriate.
• When performing the assessment, use the following definitions:
  • Content exists per DO-178B <section> means we will ensure that the categories of data defined in DO-178B are present within the third party's DO-178B life cycle data.
  • <Life cycle data> exists means we will ensure that the specified category of life cycle data has been provided, without any further examination of the data.
• Results from the assessment should be stored within the relevant customer project folder. Note that this location will not be a location containing DDC-I life cycle data.
• A copy of this assessment guide should be included in the report. A PDF generated copy of this entire wiki page is an acceptable format.
• The assessment results and a copy of the criteria used (this wiki page) should also be provided to the third party vendor and customer that requested the activity to be performed.

The following categories of life cycle data are not included in the assessment because they would likely require an internal inspection of the configuration management and problem reporting systems used by the third party.

• Problem Reports as described in DO-178B, Section 11.17
• Software Configuration Management (SCM) Records as described in DO-178B, Section 11.18