Skip to main content

DAL Overview and Certification Mapping

Design Assurance Levels bridge the safety assessment domain (ARP 4761 failure condition classification) with the certification compliance domain (DO-178C for software, DO-254 for hardware). During FHA, failure conditions are classified by severity; the resulting classification automatically determines the required DAL and, consequently, the certification objectives that must be satisfied.
DALCertification StandardFailure Condition ClassificationSafety ImpactCertification Rigor
ADO-178C / DO-254CatastrophicPotential for multiple fatalities or loss of aircraftHighest rigor: formal methods, extensive testing, independent verification
BDO-178C / DO-254HazardousPotential for serious injury or major aircraft damageHigh rigor: structured processes, comprehensive testing, design reviews
CDO-178C / DO-254MajorPotential for minor to moderate injury or damageModerate rigor: standard development practices, standard testing
DDO-178C / DO-254MinorPotential for minor effects; crew can manage consequencesLower rigor: basic documentation, standard practices
EDO-178C / DO-254No Safety Effect (NSE)No impact on safety; not subject to certificationNo certification objectives; standard commercial practices acceptable

Classification-to-DAL Automatic Allocation

The Aerospace Safety Solution implements the standard ARP 4761 mapping from failure condition classification to DAL. When a failure condition is classified during FHA, the corresponding DAL is automatically assigned via formula, ensuring consistency across the project. Automatic DAL Assignment Formula: diagram This formula is embedded in the FHA risksheet. Once a failure condition is classified, the DAL column automatically populates. No manual DAL selection is required; classification determines DAL.
The automatic formula mapping is implemented in the FHA risksheet template. Confirm the exact formula expression and any override mechanisms in your configured risksheet.json.

DAL and System Element Hierarchy

DAL is assigned at two levels in the Aerospace Safety Solution:
  1. Failure Condition DAL — Assigned during FHA based on failure condition classification. This DAL drives the safety requirements allocation and verification strategy.
  2. System Element DAL — Assigned to physical system components (subsystem, assembly, component) in the System Structure Navigator. System element DAL establishes the baseline certification rigor for all documents associated with that element (design requirements, design characteristics, DFMEA, compliance objectives).
System Element Type Hierarchy:
Element TypeDecomposition LevelTypical DAL AssignmentExample
SystemTop-level productVaries by subsystemAircraft flight control system
SubsystemMajor functional groupTypically DAL A–DFlight control computer subsystem
AssemblyPhysical groupingInherited from parentHydraulic valve assembly
SubassemblyIntermediate componentInherited from parentServo actuator subassembly
ComponentLowest-level replaceable unitTypically DAL C–EPressure sensor component
Each system element’s DAL constrains the certification activities required for requirements, design characteristics, and test cases associated with that element.

DAL and Compliance Objectives

DO-178C and DO-254 define a set of certification objectives. Not all objectives apply to all DAL levels:
  • DAL A: All objectives must be satisfied. Represents the full certification compliance package.
  • DAL B: Most objectives apply. A few less-critical objectives may be waived by the DER.
  • DAL C: Subset of objectives apply. Standard development practices typically suffice.
  • DAL D: Minimal objectives. Basic verification and documentation.
  • DAL E: No certification objectives. Standard commercial development practices are acceptable.
The Aerospace Safety Solution tracks per-DAL compliance status for each certification objective. An objective can have different compliance states at different DAL levels (for example, “Satisfied” at DAL C but “In Progress” at DAL B). Per-DAL Compliance Status Values:
StatusMeaning
Not ApplicableThis objective does not apply at this DAL level.
Not StartedObjective applies but work has not begun.
In ProgressObjective work is underway.
SatisfiedObjective is complete and evidence is available.
WaivedObjective is waived by the Design Engineering Representative (DER).

DAL and Safety Requirements

When a failure condition is allocated to a safety requirement, the safety requirement inherits the DAL from the failure condition. The safety requirement’s DAL determines:
  • Verification Method — Required verification approach: Test, Analysis, Inspection, Demonstration, or Review.
  • Verification Level — Scope: Unit, Integration, System, Acceptance, or Qualification.
  • Traceability — Links to design requirements, design characteristics, and test cases at the corresponding DAL level.
Safety Requirement Custom Fields:
FieldTypePurpose
dalLevelEnumeration (DAL A–E)Inherited from failure condition classification. Read-only.
allocatedSubsystemStringTarget subsystem where the safety requirement is implemented.
verificationMethodEnumerationHow the requirement is verified: Test, Analysis, Inspection, Demonstration, or Review.
contributingFailureModesTextList of failure modes (from FMEA/SFMEA) that could violate this requirement.
The FHA risksheet automatically creates safety requirement work items from failure conditions. Each safety requirement is allocated to a subsystem and assigned its DAL. The allocation decision documents which subsystem is responsible for implementation and verification.

DAL and Design Requirements

Design requirements are classified by engineering discipline (subType: Electrical, Software, Mechanical, Labeling, Useability) and inherit DAL from their parent safety requirements through the requirements decomposition chain: Customer Requirement → System Requirement → Subsystem Requirement → Design Requirement At each level, DAL flows down through the decomposition, ensuring that design requirements at all levels maintain the safety classification rigor. Design Requirement Subtypes and DAL Allocation:
SubtypeEngineering DisciplineTypical DAL AssociationCertification Standard
SoftwareSoftware developmentDAL A–E; often DAL B–CDO-178C (Level 1–5)
ElectricalElectrical designDAL A–E; often DAL B–DDO-254 (Level A–D)
MechanicalMechanical designDAL A–E; often DAL C–EDO-254 (Level A–D)
LabelingDocumentation and placardingDAL A–DDO-178C / DO-254
UseabilityHuman factors and interfacesDAL A–ESpecial guidance (DO-178C App. B, etc.)

DAL and Design Characteristics

Design characteristics (measurable properties of design elements) are also classified and traced to environmental categories per DO-160G. Characteristics assessed in DFMEA inherit DAL from their parent design requirements. Characteristic Custom Fields:
FieldTypePurpose
classificationEnumeration (SC / CC)Safety-Critical or Control characteristic.
targetValueStringNominal or target value for the characteristic.
toleranceStringAllowable deviation (e.g., ±0.5 mm, ±5%).
When a characteristic is allocated to a failure mode in DFMEA, the DAL context is carried through, ensuring that design FMEA analysis rigor matches the assigned DAL.

DAL and Environmental Test Categories

Design requirements and test cases reference DO-160G environmental test categories. The Aerospace Safety Solution includes all 24 DO-160G sections:
SectionCategoryExamples
4Temperature and AltitudeHigh/low temperature, rapid change, altitude effects
5HumidityHumidity cycling, salt-fog exposure
6ShockMechanical shock, drop testing
7VibrationSinusoidal vibration, random vibration
8Explosive AtmosphereFlammability in fuels and oxygen
9Water IngestionEngine water ingestion capability
10FluidsFuel, hydraulic fluid, oil exposure and compatibility
11Sand and DustIngestion and deposit resistance
12FungusFungal growth prevention
13Salt SprayCorrosion resistance in salt environment
14Magnetic EffectsMagnetic field interference
15Power InputFrequency and voltage variation tolerance
16Voltage SpikeTransient over-voltage immunity
17Conducted SusceptibilityRF conducted immunity
18Signal SusceptibilityLow-level signal interference
19RF SusceptibilityRadiated RF field immunity
20RF EmissionRadiated emission limits
21Lightning TransientsIndirect lightning effects
22Lightning DirectDirect lightning strike effects
23IcingIce crystal ingestion and accretion
27ESDElectrostatic discharge immunity
26FireFire resistance and flammability
27Smoke and ToxicitySmoke emission and toxic fumes
Test cases and design requirements link to these environmental categories, enabling traceability from design specifications through environmental qualification test execution.
The complete list of DO-160G environmental categories and their application to your specific aircraft project is maintained in the Environmental Qualification PowerSheet. Verify which sections apply to your system in the project configuration.

DAL Color Coding in Risksheets and Dashboards

The Aerospace Safety Solution uses consistent color coding for visual DAL identification:
  • DAL A (Catastrophic): Red #E53935
  • DAL B (Hazardous): Orange #FB8C00
  • DAL C (Major): Yellow #FDD835
  • DAL D (Minor): Green #43A047
  • DAL E (No Safety Effect): Grey #607D8B
These colors appear in:
  • FHA risksheet DAL column and row headers
  • Compliance objective status tracking (per-DAL columns)
  • System structure navigator element badges
  • Certification readiness scorecard
  • Dashboard widgets showing safety-critical allocation

DAL Identifier Format

In the Aerospace Safety Solution data model, DAL levels are represented using the following enumeration identifiers: 
dalA     # Design Assurance Level A (Catastrophic)
dalB     # Design Assurance Level B (Hazardous)
dalC     # Design Assurance Level C (Major)
dalD     # Design Assurance Level D (Minor)
dalE     # Design Assurance Level E (No Safety Effect)
These identifiers are used in:
  • Failure condition DAL allocation fields
  • System element DAL properties
  • Safety requirement DAL fields
  • Compliance objective tracking (per-DAL status columns)
  • Risksheet and PowerSheet cell formulas and filters
Sources: Extracted from Polarion configuration files (.polarion/tracker/fields/dal-enum.xml, safetyRequirement-custom-fields.xml, FHA risksheet template), DO-178C and DO-254 standards definitions, and ARP 4761 safety assessment guidance.
Code: .polarion/tracker/fields/dal-enum.xml (0.75) · .polarion/tracker/fields/safetyRequirement-custom-fields.xml (0.58) · .polarion/tracker/fields/designRequirement-subType-enum.xml, environmentalCategory-enum.xml, fta-gateType-enum.xml, cca-analysisType-enum.xml, controlType-enum.xml, riskControlType-enum.xml, verificationMethod-enum.xml, testLevel-enum.xml (0.56) · .polarion/nextedy/models/rtm.yaml (0.56) · .polarion/tracker/fields/complianceObjective-custom-fields.xml (0.54) · .polarion/tracker/fields/testCase-custom-fields.xml, desReq-custom-fields.xml, processStep-custom-fields.xml, characteristic-custom-fields.xml, systemElement-custom-fields.xml, commonCauseEvent-custom-fields.xml, riskControl-custom-fields.xml, task-custom-fields.xml, custom-fields.xml (0.53) · modules/RiskTemplates/FHATemplate/attachments/risksheet.json (0.53) · .polarion/tracker/fields/complianceObjective-standard-enum.xml, complianceObjective-status-enum.xml, complianceRequirement-complianceStatus-enum.xml, complianceRequirement-evidenceType-enum.xml (0.52) · .polarion/tracker/fields/systemElementType-enum.xml, systemElement-status-enum.xml (0.50) · .polarion/nextedy/sheet-configurations/DO-254 Objectives Compliance Matrix.yaml (0.48)