How Should a Small Aerospace Startup Approach DO-178C Compliance Without a Full Avionics Team?

This is the question hardware AI review receives more than almost any other from founders and engineering leads at venture-backed aerospace companies. You have a real aircraft system, a small but capable team, a Series A runway, and a certification path that was designed in an era when Honeywell could dedicate 200 engineers to a single avionics program. The question is not whether DO-178C applies to you — it does — but how to build a credible, defensible compliance program without burning your entire headcount on process.

The answer exists, but it requires stripping away the mythology that has grown up around DO-178C and replacing it with a concrete understanding of what the standard actually demands.

What DO-178C Actually Requires (And What It Does Not)

The single most damaging misconception about DO-178C is that it is a checklist of documents. It is not. DO-178C is a process standard. It defines the objectives that a software development and verification process must satisfy — and it requires evidence that those objectives were met. The documents are the evidence, not the deliverable.

This distinction matters enormously for a small team. You do not need a 400-page Software Requirements Specification in the style of a 1990s defense contractor. You need requirements that are unambiguous, traceable, testable, and verifiable. A 40-page SRS that satisfies those properties is certifiable. A 400-page SRS that contains unmaintained prose is not.

The other critical clarification: DO-178C applies to the software in your system, not your company. The FAA does not certify companies. It certifies aircraft and components. Your job is to show that the software you shipped to your customer, or that runs in your own product, was developed under a process that satisfies the appropriate DO-178C objectives for the assigned Design Assurance Level.

DO-178C is organized around five plans, eight software life cycle processes, and a set of objectives that scale with DAL level. Understanding those three layers — plans, processes, objectives — is more useful than memorizing the table numbers.

DAL Levels: What They Actually Demand

Design Assurance Level is assigned to the software based on the failure condition category of the function the software performs. The categories come from ARP4761 and the system safety assessment, not from the software team.

  • DAL A: Catastrophic failure condition. Loss of the function could cause a catastrophic aircraft accident. Full independence between development and verification. Every objective in DO-178C applies. Structural coverage to MC/DC is required.
  • DAL B: Hazardous failure condition. Most objectives apply. Modified Condition/Decision Coverage is not required; decision coverage is sufficient.
  • DAL C: Major failure condition. Significantly reduced objective set. No structural coverage requirement beyond statement coverage. This is where many startup avionics systems legitimately land.
  • DAL D: Minor failure condition. Minimal objectives. Most small teams are surprised by how tractable DAL D is.
  • DAL E: No safety effect. No DO-178C objectives apply.

The implication for a startup: your system safety engineer (or your DER, if you’re engaging one early) should be pushing hard to understand exactly what DAL is appropriate for each software component. A display system that shows non-critical information is not the same safety case as a flight control law. Many startups default to assuming everything is DAL A or B because their product is installed on an aircraft. That assumption is often wrong and always expensive.

If you can partition your software architecture so that safety-critical functions are isolated in a small, well-defined software component, you can pursue DAL A for that component and DAL C or D for the majority of your codebase. This is not a compliance trick — it is exactly what ARP4754A and DO-178C encourage.

The Role of the Software Quality Assurance Function

DO-178C requires a Software Quality Assurance function. It does not require a full-time SQA engineer. On a small team, this is commonly misread as “you need to hire someone whose job title is software quality assurance.” You do not.

What DO-178C requires is that someone performs SQA activities — auditing life cycle processes, ensuring plans are followed, confirming that problems are tracked and resolved — and that this role has sufficient independence from the development activities it is auditing. On a ten-person team, that independence can be achieved by assigning SQA responsibilities to an engineer who is not directly responsible for the component being audited, and by documenting that separation clearly in your Software Quality Assurance Plan.

The SQA function is most valuable, and most commonly neglected, during the early plan-writing phase. The SQAP should define what SQA audits will be performed, at what points in the life cycle, and what records those audits will produce. If you write the SQAP honestly — accounting for your actual team size and cadence — you can execute it without a dedicated headcount.

The failure mode to avoid: writing an SQAP that describes a formal audit process you cannot actually execute, and then having a DER or ACO discover during a stage-of-involvement review that your audit records are incomplete or absent.

Engage a DER Before You Write Your Plans

If there is one piece of advice in this article worth the entire reading time, it is this: engage a Designated Engineering Representative with DO-178C authorization before you finalize your Software Development Plan.

A DER is not an auditor who shows up at the end of your program to find problems. A good DER is a technical advisor who has seen what the FAA’s Aircraft Certification Office will actually accept, and who can help you scope your certification program to your DAL level and team size before you commit to a process architecture.

The ROI calculation is straightforward. A DER engagement early in the program — even a single scoping review of your draft plans — typically costs between $15,000 and $40,000. The cost of redesigning your compliance artifacts after the ACO rejects your Software Accomplishment Summary is measured in months and hundreds of thousands of dollars.

Specific things to resolve with your DER before writing plans:

  • Tool qualification: Which of your development and verification tools require qualification under DO-330? A DER who understands your toolchain can help you identify where you have qualification obligations and where you can use operational constraint arguments to avoid them.
  • Reuse strategy: If you are using open-source libraries or previously developed software, what is the compliance strategy? DO-178C section 12 covers this but leaves significant room for interpretation.
  • Independence approach: For your DAL, what level of independence between development and verification will the ACO accept? On a small team, this question has more flexibility than most startups assume.
  • Stage-of-involvement plan: The DER should help you define the specific review and approval points where FAA involvement is expected. Planning these gates early prevents schedule surprises.

Writing a Software Development Plan That Reflects Reality

The Software Development Plan is the document that defines your software life cycle processes — how you develop, verify, manage configuration, control quality, and coordinate with the system team. It is also the document that most small teams write aspirationally rather than accurately.

An aspirational SDP describes a process your team cannot actually follow. A certifiable SDP describes a process your team will actually follow, and provides evidence that you followed it.

For a startup with five to fifteen engineers working on a DAL C avionics component, a credible SDP will:

  • Define a software life cycle with phases that map to your actual sprint or milestone structure, not to a waterfall template downloaded from a legacy contractor’s document library.
  • Identify specific team members by role, acknowledge that some individuals hold multiple roles, and document the independence provisions that prevent role conflicts from compromising verification integrity.
  • Define your requirements management process in terms of the tool you actually use, with explicit statements about how traceability is maintained and how requirement changes trigger reverification.
  • Define your problem reporting process at a level of specificity your team will execute — a Jira workflow is acceptable; a description of a hypothetical formal change board is not.
  • Reference your test environment accurately, including any known limitations and the operational constraints or workarounds that address them.

The ACO and your DER are not grading your SDP on sophistication. They are assessing whether your SDP describes a process that, if followed, would satisfy DO-178C objectives. A simple, honest, accurate SDP is preferable to a complex, aspirational one every time.

Requirements Traceability and Verification Evidence: The Operational Core

The work that consumes the most ongoing compliance effort for a small team is not writing plans. It is maintaining the requirements traceability matrix and the verification evidence that connects your software requirements to your test results.

DO-178C requires bidirectional traceability: from system requirements down to software requirements, from software requirements to design, from design to source code, and from software requirements to test cases and test results. For a DAL C product, this traceability must exist and must be current. For DAL A or B, it must also be formally reviewed and audited.

On a small team, manual traceability maintenance is a debt that compounds. Engineers update requirements during development, tests change as implementations evolve, and the RTM falls out of sync. When the DER asks for a trace from system requirement SR-047 to its verification test cases, the answer cannot be “let me reconstruct that manually.”

This is where modern requirements tooling changes the economics of certification for small teams. Tools like Flow Engineering are built specifically around the traceability graph — not as a report you generate at the end, but as the living data structure that connects your requirements, design artifacts, test cases, and verification results throughout development. When a requirement changes, the tool surfaces every downstream artifact affected. When a test case fails, the impact on requirement coverage is visible immediately.

For a startup without a dedicated compliance engineer, this matters because it removes the human labor of RTM maintenance and replaces it with a process that is correct by construction. The compliance artifacts are not assembled at the end of the program — they are continuously maintained as a byproduct of normal engineering work.

Flow Engineering’s graph-based model also maps cleanly to how DO-178C thinks about software artifacts: as nodes with defined relationships, not as rows in a spreadsheet or sections in a Word document. The verification evidence — test case definitions, test results, analysis records, review records — can be linked directly to the requirements they satisfy, producing the traceability reports your DER will request during stage-of-involvement reviews without requiring a manual assembly effort.

The broader point is not specific to any single tool. It is that managing DO-178C traceability in spreadsheets or linked Word documents is a process that collapses under engineering reality. A startup that chooses a requirements tool with genuine traceability support before its first requirements are written will spend dramatically less compliance overhead over the life of the program than one that retrofits traceability onto a document-based process.

Practical Starting Points

If you are reading this at the beginning of your certification program, the sequence that works for lean aerospace teams is:

  1. Complete your system safety assessment first, or in parallel with software architecture. You cannot write a credible SDP until you know your DAL assignments.
  2. Engage a DER for a scoping review before finalizing any plans. Spend $20,000 now to avoid spending $200,000 later.
  3. Write your plans accurately, not aspirationally. Name your actual people, describe your actual tools, define your actual processes.
  4. Choose a requirements tool with bidirectional traceability as your first technical infrastructure decision. Do not start capturing requirements in a format you will have to migrate.
  5. Define your test strategy before writing test cases. The Software Verification Plan should specify exactly what verification activities will be performed for each requirement type, what tools will be used, and what records will be produced.
  6. Establish your configuration management baseline early. CI/CD integration with your SCM is acceptable and, for most modern teams, superior to manual baseline procedures.

Honest Summary

DO-178C is rigorous, but it is not inaccessible to a small team. The standard was written to ensure that airborne software is developed under a disciplined, traceable, verifiable process — not to ensure that only large organizations can participate in aviation.

A five-person software team can certify a DAL C avionics component. It requires honest planning, early DER engagement, disciplined traceability from day one, and a willingness to write compliance artifacts that reflect your actual capabilities rather than the processes described in a legacy contractor’s template library.

The teams that fail DO-178C certification are rarely the ones who lacked engineering talent. They are the ones who wrote plans they couldn’t follow, captured requirements they couldn’t trace, and discovered late that their verification evidence didn’t cover their requirements. All three of those failure modes are preventable with the right process architecture and the right tooling, regardless of team size.