2.5.2 The project shall assess options for software acquisition versus development. The assessment can include risk, cost, and benefits criteria for each of the options listed below: Risks are considered in software make/buy and acquisition decisions. The project needs to ensure that software products used in the design or support of human space flight components or systems include a level of rigor in risk mitigation as a software management requirement, regardless of software classification. The level of documentation needed for risk identification and tracking is defined by the Center processes. Class A_SC A_NSC B_SC B_NSC C_SC C_NSC D_SC D_NSC E_SC E_NSC F G H Applicable? Key: A_SC = Class A Software, Safety-Critical | A_NSC = Class A Software, Not Safety-Critical | ... | - Applicable | - Not Applicable When making any decision, it is important to assess the options available in order to obtain the greatest value and benefit. Software development is no different. Choices need to be assessed in order to identify the best use of available resources (budget, time, personnel, etc.) to address a defined and scoped need while providing the greatest benefit with the least risk to the project. When assessing solutions for software acquisition versus development, there are four possible options: Each option has its own benefits, costs, and risks which should be identified through trade studies (for off-the-shelf products), internal assessments (for existing products), and cost-benefit analyses. Checklists of questions to ask when assessing acquisition versus development can be found in SWE-027 of this handbook. The team should assess existing software products, whether off-the-shelf or in-house, to identify how well they meet the need of the current project and whether they are suitable for the intended environment. The following information should be weighed against the defined need, architecture, environment, requirements, safety classification, budget, etc. of the current project: The project responsible for procuring off-the-shelf software is responsible for documenting, prior to procurement, a plan for verifying and validating the off-the-shelf software to the same level of confidence that would be needed for an equivalent class of software if obtained through a "development" process. For more detail, see SWE-027 - Use of Commercial, Government, and Legacy Software. For development, whether internal or external, consider the following information: Identify risks associated with each assessed option, including: The team should document the results of the analysis as well as the raw data that was collected and evaluated to arrive at the final solution. Involve the relevant stakeholders in the assessment process to benefit from their experience and ensure all key information is considered. Consider the following, as applicable: See the Topic 7.03 - Acquisition Guidance topic in this Handbook for additional guidance. The references in this topic may also provide additional guidance on assessing acquisition versus development options. Additionally, Center procedures addressing decision analysis and resolution may be helpful in planning and carrying out the assessment and selection process. While assessing all available options is important for any software development project, it may be even more important for projects with limited budgets, personnel, or both. Small projects need to evaluate their available resources against the possible solutions to find the best fit with the least risk. Use of existing trade studies and market analyses may reduce the cost and time of assessing available options. Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider. A documented lesson from the NASA Lessons Learned database notes the following topics that should be kept in mind when assessing software acquisitions versus development. While many of these lessons seem hardware-oriented, some of these lessons can also be applied to software 551: "An additional risk in using 'off the shelf' units concerns the availability of the vendor. Can a user continue to use and maintain a product if the vendor goes out of business or stops producing and supporting the product?" "Some projects have failed since management was not given guidance concerning how to implement a faster-better-cheaper approach. 'Faster' and 'cheaper' are easily understood, but 'better' is difficult to define. This has also led to inconsistent application of faster-better-cheaper principles from one project to another." "A COTS policy is needed to help prevent cost, schedule and technical difficulties from imperiling projects that use COTS. Criteria for determining whether a COTS approach can be taken must be determined. Of prime importance is defining the level of insight needed into vendor software, software maintenance and certification processes." "Problems in COTS projects can arise when requirements are levied on the product that the vendor did not originally intend for the unit to meet. Using COTS may mean either compromising requirements on the COTS unit or on the integrated system. Whether or not new requirements have to be applied to the unit is a critical decision. Unfortunately, new requirements may not be recognized until the COTS product experiences difficulties in the testing and integration phases of the project." "The Shuttle Program created COTS/MOTS (Modified Off the Shelf) software guidelines for varying levels of application criticality. This recommended policy defines what considerations should be made before deciding to procure a COTS/MOTS product. The following should be examined based on the criticality (impact of failure on safety of flight or mission success) of the application and product in question: "Trade studies and risk identification must be performed before committing to the use of a particular unit and integration architecture."
See edit history of this section
Post feedback on this section
1. Requirements
1.1 Notes
1.2 Applicability Across Classes
X - Applicable with details, read above for more | P(C) - P(Center), follow center requirements or procedures2. Rationale
3. Guidance
4. Small Projects
5. Resources
5.1 Tools
6. Lessons Learned
SWE-033 - Acquisition vs. Development Assessment
Web Resources
View this section on the websiteUnknown macro: {page-info}
1 Comment
Anonymous
It should be noted that this requirement is usually satisfied at a level above the software development team. In other words by the time the software development team is on board on a project, the decision to develop the software has been made, either by modifying or enhancing existing similar software or developing the software.