- 1. The Requirement
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
- 7. Software Assurance
3.1.7 The project manager shall define and document the milestones at which the software developer(s) progress will be reviewed and audited.
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
Click here to view the history of this requirement: SWE-037 History
1.3 Applicability Across Classes
Classes F and G are labeled as "X (not OTS)" which means that the project is required to meet this requirement for all software that is not considered off-the-shelf.
Key: - Applicable | - Not Applicable
A & B = Always Safety Critical; C & D = Sometimes Safety Critical; E - F = Never Safety Critical.
For any software project, it is critical for management to review progress early and periodically to ensure the project remains on schedule, is progressing toward implementation of the requirements, and ultimately is addressing the customer's needs. It is also important for management to confirm periodically that the technical goals of the project are being achieved and that the technical direction of the project is appropriate (NPR 7123.1, NASA Systems Engineering Processes and Requirements). 041 Milestone reviews provide this type of management visibility into a project.
For software development that is acquired (supplied by a contractor), having regular progress reviews is even more important since these reviews are the keys to ensuring the contractor understood and will provide the product that NASA requested and that meets NASA's requirements for safety, quality, reliability, etc.
Milestone reviews can also serve to facilitate and ensure coordination between multiple development groups including development groups at multiple NASA Centers and contractors.
For acquired software development, milestone reviews are incorporated into the contract because the contract is the binding document for contractor performance and deliverables. Regardless of whether the development is in-house or contracted, the development agreement needs to contain, among other key elements, surveillance activities including monitoring activities, reviews, audits, decision points, meetings, known contract milestones, etc.
Other items related to milestone reviews to include in the development agreement are:
- Review periods for deliverables.
- The time period for making corrections to resolve findings.
- Formal reviews, such as those found in NPR 7123.1 041, NPR 7120.5 082, NPR 7120.7 264 (IT and Institutional Infrastructure) and NPR 7120.8 269(Research and Technology).
- Technical reviews.
- Progress reviews.
- Acceptance reviews.
Consult Center guidance on the following topics as Center guidance may provide insights into reviews and review topics to be considered for inclusion in the Statement of Work (SOW) and contract:
- Process Monitoring and Control (PMC).
See the 7.3 - Acquisition Guidance and 7.9 - Entrance and Exit Criteria topics in this Handbook for additional guidance on this topic. The references in 7.3 - Acquisition Guidance may provide additional guidance on project milestone reviews and topics for consideration. Topic 7.9 - Entrance and Exit Criteria describes inputs, material that will be reviewed, and outputs for each life-cycle milestone review which may be useful as input to the development of checklists for these reviews. Consult the NPR 7120 family of requirements documents for definitions of milestones and approaches for different project types.
Additional information and resources regarding software milestones are available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
Keep in mind that reviews not included in the contract may be difficult to require of the contractor, so it is important to ensure the SOW and other contract elements are reviewed by the proper project management and/or technical authority for completeness.
4. Small Projects
Project review plans and milestones are covered in NPR 7120.5 082, NPR 7120.7 264, NPR 7120.8 269, and NPR 7123.1 041. Projects are to ensure that software components are a part of specific project milestone reviews. Small projects need to determine a review process that meets the project requirements and contains adequate content to provide the greatest insights into progress toward the project's technical goals and the technical direction of the project.
6. Lessons Learned
6.1 NASA Lessons Learned
A documented lesson from the NASA Lessons Learned database notes the following:
- Acquisition and Oversight of Contracted Software Development (1999). Lesson Number 0921 528: Tailorable acquisition management and oversight processes for NASA contracted software development are essential to ensure that customers receive a quality product. A documented lesson from the NASA Lessons Learned database includes a cause of the loss of a mission "the lack of a controlled and effective process for acquisition of contractor-developed, mission-critical software." In this particular case, the quality of the contractor's product was not monitored as it would have been if the proper milestones for reviewing and auditing contractor progress were in place .
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
7. Software Assurance
7.1 Tasking for Software Assurance
- Confirm that milestones for reviewing and auditing software developer progress are defined and documented.
- Participate in project milestones reviews.
7.2 Software Assurance Products
- Software Assurance Status Reports
- SA audit schedule consistent with project schedule.
- List of any issues//risks identified with schedule or developer progress.
Definition of objective evidence
- Evidence of confirmations listed in Task 1.
- Evidence of SA participation in milestone reviews.
Objective evidence is an unbiased, documented fact showing that an activity was confirmed or performed by the software assurance/safety person(s). The evidence for confirmation of the activity can take any number of different forms, depending on the activity in the task. Examples are:
- Observations, findings, issues, risks found by the SA/safety person and may be expressed in an audit or checklist record, email, memo or entry into a tracking system (e.g. Risk Log).
- Meeting minutes with attendance lists or SA meeting notes or assessments of the activities and recorded in the project repository.
- Status report, email or memo containing statements that confirmation has been performed with date (a checklist of confirmations could be used to record when each confirmation has been done!).
- Signatures on SA reviewed or witnessed products or activities, or
- Status report, email or memo containing Short summary of information gained by performing the activity. Some examples of using a “short summary” as objective evidence of a confirmation are:
- To confirm that: “IV&V Program Execution exists”, the summary might be: IV&V Plan is in draft state. It is expected to be complete by (some date).
- To confirm that: “Traceability between software requirements and hazards with SW contributions exists”, the summary might be x% of the hazards with software contributions are traced to the requirements.
SA Products for Milestone Reviews
|Review||Software Assurance Product for Review|
|Additional Software Assurance /Safety Products for Milestone Reviews|
|System Requirements Review (SRR)|
|Software Requirements Review (SwRR)|
|Mission Definition Review (MDR)|
|System Definition Review (SDR)|
|Preliminary Design Review (PDR)|
|Critical Design Review (CDR)|
|Production Readiness Review (PRR)|
|System Integration Review (SIR)|
|Test Readiness Review (TRR)|
|System Acceptance Review (SAR)|
|Operational Readiness Review (ORR)|
|Flight Readiness Review (FRR)|
- # of Non-Conformances from reviews (Open vs. Closed; # of days Open)
List of tasks for the software development required for the project’s software developers. - look at the software development schedule milestones (see 7.8 - Maturity of Life-Cycle Products at Milestone Reviews, software products required, and software processes used. Related to the SA tasks on SWE-036.