Risk Management is a process whereby the project identifies and tracks threats to the success of the project. This process provides for mitigation strategies for potential problems and for early intervention with realized problems, lessening their impact to the project.
This guidance provides a set of risk checklists for each phase of the software lifecycle. Each checklist provides a set of potential risk items or areas for software development projects to consider as they plan their risk management activities. Not all items will be applicable to every project, but these checklists provide starter material for projects to use as the basis for planning risk management specific to their software project.
Ready-to-use NASA-specific risk checklists and resources are available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
2. Planning Phase
Do the customer & implementer (system and software) agree on what is to be built?
Has the software been evaluated and assigned a class per class definitions in NPR 7150.2?
Is the software assurance organization in agreement with the assigned classification?
Has the planning, programming, budgeting, and execution (PPBE) and basis of estimate (BOE) been prepared and approved?
Are all requirements known and understood?
Are roles and responsibilities for all project activities clearly defined, followed, and sufficient?
Has all needed equipment, including spares, been identified?
Is there sufficient lead time to get necessary equipment?
Is there a contingency plan for not getting all necessary equipment?
Is the necessary level of technical expertise known and planned for?
Is the appropriate level of expertise available within NASA and contractors?
Will expertise be available as the schedule demands?
Is there more than one person with a particular expertise/knowledge?
Are there adequate trained personnel on the project?
Is there enough time to train all personnel on the project?
Is the software project lead experienced at managing this size and/or type of team?
Is the software project lead familiar with the technology being used (e.g., OOA/OOD and C++)?
Is the budget sufficient for needed equipment?
Is the budget sufficient for needed resources and activities?
Are training needs identified?
Is the budget sufficient for travel?
Is funding likely to change from the originally project amount?
Is there a plan in place to handle possible funding changes?
Is the schedule reasonable considering needed personnel, training, and equipment?
Does the system level schedule accommodate the software lifecycle?
Is there sufficient time in the schedule to address design and/or requirements changes?
Has the schedule been defined in enough detail to meet the needs of software development or is it just a time/date when systems will need the software?
Is there a schedule for the development of ground and flight systems?
Is the software schedule reasonable, does it match reality, and is it being followed?
Does the schedule allow adequate time for test (including verification of all requirements, validation, regression test, and fixes) and delivery activities?
Are changes to the schedule being tracked?
Are changes to the schedule made by due process, in a planned manner, or are events changing the schedule with no decision regarding whether there is something wrong in the process or program?
Are schedules being maintained?
Have impacts been accounted for (technical, resources, cost, etc.)?
Are peer reviews and major milestone review activities adequately addressed on the schedule?
Has all the slack/contingency time on the critical path been expended?
Will new development techniques be used?
Will a new or different development environment be used?
Are deviations to the development plan being tracked/trended?
Are the trends reported in a manner to allow timely and appropriate software and project management decisions?
Will simulators need to be designed and built?
Are time and resources allocated for development, verification, and execution of simulators?
Will this be a distributed development (different groups or individuals working on parts of the project in different locations, e.g., out of state)?
Are there proper facilities and management structure to support distributed environment development?
Are interfaces with other developers, suppliers, users, management, and the customer understood and documented?
Is there a known way to resolve differences between these groups (i.e., conflict resolution; who has ultimate authority, and who is willing to make a decision)?
Is there a well-constructed, up-to-date software development plan (SDP) that outlines procedures, deliverables, risk, lifecycle, budget, etc.?
Is there a plan for tracking changes and are the reasons for the changes well understood?
Does the software lifecycle approach & time-frame meet the needs of overall project, and does it have a chance of being close to what is needed?
Is software measurement data collected and reported regularly?
Are risks collected, discussed and reported regularly?
Is there a need for incremental delivery? If so, does the schedule reflect the planned deliveries?
Has the software been assessed to determine safety criticality?
Is firmware and/or any other software developed outside of the software development organization?
Does work contracted out have sufficient controls and detail to assure quality, meeting the schedule, and meeting the requirements?
Are all planning documents complete, communicated, approved, and baselined?
Has time been allocated for safety, reliability, and quality assurance (QA) assessments?
Has software assurance had input on all standards, procedures, guidelines, and processes?
3. Requirements Phase
Is the requirement process adequately defined in the software development plan (SDP)?
Are the tasks and resources for the Requirements Phase identified in the project schedule?
Is the adequacy of the process and resources being evaluated and reported on a regular basis?
Have the relevant stakeholders been identified in planning for the requirements phase?
Are the risks identified and managed for the Requirements Phase?
Are there any metrics associated with this process area?
Has the project documented the software requirements?
Is the project identifying, developing, approving, and maintaining software requirements based on analysis of customer and other relevant stakeholder requirements and the operational concepts?
Is software assurance working with development to incorporate safety, reliability and quality assurance requirements?
Is the project performing software requirements analysis based on flowed-?down and derived requirements from the top-?level systems engineering requirements and the hardware specifications and design? Note: This analysis is for safety criticality, correctness, consistency, clarity, completeness, traceability, feasibility, verifiability, and maintainability. This includes the allocation of functional and performance requirements to functions and sub-functions.
Is the project performing, documenting, and maintaining bidirectional traceability between the software requirements and the higher level requirements?
Is the project collecting and managing changes to the software requirements? Is there a project wide method for dealing with future requirements changes? Is an impact analysis conducted for all changes to baseline requirements? Note: The project should analyze and document changes to requirements for cost, technical, and schedule impacts.
Is the project identifying inconsistency between requirements, project plans, and software products and initiating corrective actions as required?
Is the project performing requirements validation to ensure that the software will perform as planned in the intended environment?
Has the project held, or does the project have, a formal peer review scheduled for the software requirements specification (SRS)?
Are the requirement work products being properly managed and controlled?
Are the requirements team meetings being regularly held? Are attendance sheets and minutes being taken? Is stakeholder participation being monitored?
Is the requirements team following the defined process in the SDP? Are deviations to the SDP being tracked? Are trends reported in a manner to allow timely and appropriate software and project management decisions?
Have risks for those requirements that have cost/schedule/technical impacts been created, reported, and tracked?
Are the requirements process and products being regularly audited by software assurance? Have all findings been resolved?
Has the essential training and skills required for requirements development and management been defined and included in the SDP?
Does this checklist adequately evaluate the phase? If not, how can it be improved?
4. Design Phase
Is the software development plan (SDP) being followed for design activities?
Is the allocation of requirements to design elements well understood and documented?
Are applicable design-related templates (e.g. DRDs) being used to produce clear/consistent design?
Will there be or has there been a major loss of critical personnel?
Is communication between systems and software engineering groups working well in both directions?
Is there sufficient communication between those creating and maintaining requirements and those designing to them?
Has a requirements baseline been established?
Are the requirements being managed?
Has bi-directional traceability been established between requirements and design?
Do personnel have a good understanding of how to use/integrate COTS into final product? If COTS meet only a subset of requirements, has the integration task and time been correctly estimated? Can it be estimated? Will custom software need to be written to either get different COTS to interact or to interact with the rest of the system as built or planned?
Is there a mitigation plan for addressing software safety and risk issues?
Are there Fault Detection, Isolation and Recovery (FDIR) techniques designed for critical software functions?
Has software reliability been addressed in the software design?
Has fault tolerance been addressed in software design?
Are simulators verified for accuracy, completeness, and consistency?
Are internal/external design interfaces defined in enough detail to establish & verify functionality?
Are inspections and/or peer reviews scheduled and taking place?
Is there a Software Configuration Management Plan in place and working?
Are software metrics kept and reported regularly?
Are deviations to the development plan being tracked? Are trends reported in a manner to allow timely and appropriate software and project management decisions?
Is the Design Team working with SA to ensure implementation of safety critical requirements?
Are design documents approved/baselined?
5. Implementation Phase
Are we following the software development plan (SDP) for the implementation activities?
Did the implementation follow the SDP and NPR?
Are the tools called out in the SDP the only ones being used for coding? If not, has the SDP been updated or a dev/waiver generated?
Was there any reuse code?
Was the reuse code modified?
Is there auto-generated code? Is unit testing planned for auto-generated code? Are there procedures for testing unit level auto-generated code?
Are metrics being collected to demonstrate reuse?
Is the code consistent with performance requirements?
Does the code match the detailed design? (The problem may be in either the code or the design.)
Were the coding standards followed?
Does the code completely and correctly implement the design?
Are there any uncalled or unneeded procedures or any unreachable code?
Are there any leftover stubs or test routines in the code?
Can any code be replaced by calls to external reusable components or library functions?
Are there any blocks of repeated code that could be condensed into a single procedure?
Is storage use efficient?
Are all comments consistent with the code?
Do all assigned variables have proper type consistency or casting?
Does the code avoid comparing floating-point numbers for equality?
Does the code systematically prevent rounding errors?
Does the code avoid additions and subtractions on numbers with greatly different magnitudes?
Are divisors tested for zero or noise?
Are all loops, branches, and logic constructs complete, correct, and properly nested?
Are loop termination conditions obvious and invariably achievable?
Are indexes or subscripts properly initialized, just prior to the loop?
Can any statements that are enclosed within loops be placed outside the loops?
Does the code in the loop avoid manipulating the index variable or using it upon exit from the loop?
Are indexes, pointers, and subscripts tested against array, record, or file bounds?
Are imported data and input arguments tested for validity and completeness?
Is every memory allocation deallocated?
Are timeouts or error traps used for external device accesses?
Are files checked for existence before attempting to access them?
Are all files and devices left in the correct state upon program termination?
Are Software Development Folders (SDFs) being used to capture design and implementation ideas as well as unit test procedures & results?
Is schedule being maintained and schedule impacts being accounted for?
Have other impacts been accounted for (technical, resources, etc.)?
Are deviations to the development plan being tracked/trended?
Are the trends reported in a manner to allow timely and appropriate software and project management decisions?
Have any coding requirements for safety critical code been established?
Does chosen development environment meet flight standards/needs?
Has system safety assessed software (subsystem safety analysis)?
Has software reviewed this safety assessment?
Has software had input to this safety assessment?
Do software personnel know how to address safety critical functions?
Is software working with systems to find the best solution to any hazards?
Has FDIR (Fault Detection, Isolation and Recovery) and/or fault tolerance been implemented as required?
Is there a process for managing requirements and design changes and is it understood and used?
Do requirements and design changes take into account parent documents?
Do the requirements and design changes take into account subsequent changes to child documents?
Are the design documents baselined?
Are the requirements baselined?
Has a code walk thru been held? (For new and reuse code?)
Are all actions taken in walk thru dispositioned and closed?
Were the appropriate software change requests (SCRs) written and dispositioned?
Is software assurance auditing development process and SDFs?
6. Test Phase
Is the Software Test Plan complete and approved at the appropriate level?
Are the Software Test Procedures (STPr) complete and approved at the appropriate level?
Are adequate resources available to complete informal and formal test activities?
Is the test environment identified and ready for informal and formal test activities?
Have the test criteria for informal and formal testing been identified and documented?
Has product integration and integration testing completed successfully?
Are work products identified for testing ready to enter the test phase? If so, have the work products been tagged within development configuration management tool (e.g., Subversion) prior to entering the informal test phase?
Has the release software been tagged within development configuration management tool (e.g., Subversion) prior to the Functional Configuration Audit (FCA)/Physical Configuration Audit (PCA)?
Has an FCA and PCA been performed on the release package prior to entering the formal test phase?
Has a software review board (SRB) baseline been established for target code and the test configuration identified and documented in preparation for formal test activities?
Has the test readiness review (TRR) been planned and scheduled prior to formal testing to include appropriate stakeholders?
Has an FCA and PCA been performed on the final release prior to scheduling the SRB?
Have FCA and PCA issues been resolved or workaround identified?
Has the SRB been scheduled to baseline the release package?
Is there a problem identification and resolution process in place? Is there a known recourse/procedure for testing procedure changes? Is it being followed?
Has software testing been performed as defined in the Software Development Plan (SDP), Software Test Plan, and STPr?
Have test results been analyzed and documented?
Have test defects during the informal test phase been identified, documented, and tracked to closure via Type II software change request (SCR)?
Have test defects during the formal test phase been identified, documented, and tracked to closure via Type I SCR?
Have the appropriate metrics been captured (as defined in the SDP) for the test activities?
Has bidirectional traceability been established throughout the lifecycle?
Have peer reviews been performed on test items that the project identified for peer review in accordance with the SDP?
Are the SCRs incorporated as required?
Has the software been verified against the approved requirements?
Has the software been validated using a target-?like platform or high-?fidelity simulation?
Are the software specifications internally consistent?
Have all system level safety and security requirements been properly implemented?
Are all interfaces (internal and external) identified in the interface design specification adequately tested?
Has testing of COTS at the software system level been adequately covered and documented?
Have test phase risks been identified, documented, communicated to management, and mitigated, as appropriate?
7. Release Phase
Has pre-ship review already taken place?
Is software assurance involved with release and acceptance activities?
Are all parts of the architecture verified and validated on the ground prior to flight?
Is the software version description (SVD) complete and approved?
Are all delivered software release versions listed in SVD?
Are all hardware versions appropriate for this release noted in SVD?
Are software change management (SCM) release descriptions and build, burn, and installation procedures in SVD?
Is the list of all incorporated (closed) and outstanding software change requests (SCRs) in SVD?
Is the list of any known discrepancies (software, hardware, documents, etc.) and associated work-arounds in SVD?
Is the list of changes since last formal release in SVD?
Is a list of all documentation that applies to this release in SVD?
Has a clean customer hand off been planned and executed to include: up to date documentation and user/operations manual, as applicable?
Has a good configuration management wrap-up been planned and executed to include: a method for future updates/changes; proper off-site storage of data, software, and documentation; what happens to SCM and data when project is over?
Are the release and acceptance activities being conducted in accordance with the software development plan (SDP)?
8. Operations and Maintenance
Are operations and maintenance (O&M) tasks and resources identified in the project schedule?
Does the schedule and resources for O&M satisfy the task plan?
Are the necessary Safety & Mission Assurance (SM&A) resources available (software quality, reliability, safety)?
Are risks identified and managed for the O&M phase?
Are the necessary O&M facilities available?
Are the necessary O&M tools available?
Are the necessary O&M SCRs identified for each O&M release?
Is the resolution of the software change requests (SCRs) agreeable with the customer?
Is software safety involved with the SCRs related to safety-?critical functionality?
If required, are O&M metrics being collected, analyzed and reported?
Has all the appropriate documentation been reviewed and updated (software development plan (SDP), software change management plan (SCMP), software test plan (STP), software requirements specification (SRS), software design description (SDD), software user manual (SUM), software test procedures (STPr)?
Has an O&M Plan been developed?
Has the appropriate documentation to support the operations and maintenance phase of the life cycle been provided to the customer upon delivery? Documentation that should be considered for delivery consist of the following items:
Status of accepted change requests to the baselined SRSs.
Status of major software capability changes since baselining of SDDs.
Status of major software tests (including development, verification, and performance testing).
Status of discrepancy reports written against the software.
Status of software requirements deviations and waivers.
Status of software user notes.
Status of quality measures historically and for this software.
Definition of open work, if any.
Software configuration records defining the verified and validated software, including requirements verification data (e.g., requirements verification matrix).
Final as-?built version of software documentation, including final software version descriptions (SVDs).
Status of any open software-?related risks.
Does this checklist adequately evaluate the phase? If not, how can it be improved?
9. Other Risks
Customer related risks
Is this a first time experience with this project manager or system engineer?
Does the customer have a solid idea of what is required?
Has the customer taken the time to write this down?
Will the customer agree to spend time in formal requirements gathering meetings to identify project scope?
Is the customer willing to established communication links with the development team?
Is the customer willing to participate in reviews?
Is the customer technically sophisticated in the product area?
Is the customer willing to let people do their job; that is, will the customer resist looking over the developer’s shoulder during technically detailed work?
Does the customer understand the software engineering process?
Development environment risks
Are tools for analysis and design available?
Do analysis and design tools deliver methods that are appropriate for the product to be built?
Are compilers or code generators available and appropriate for the product to be built?
Are testing tools available and appropriate for the product to be built?
Are software configuration management tools available?
Does the environment make use of a database or repository?
Are all the software tools integrated with one another?
Have members of the project teams received training in each of the tools?
Are local experts available to answer questions about the tools?
Is on-line help and documentation for the tools adequate?
Process issue risks
Does senior management support a written policy statement that emphasizes the importance of a standard process for software development?
Has the development organization developed a written description of the software process to be used on this project?
Are staff members signed-up to the software process as it is documented and willing to use it?
Is the software process used for other projects?
Has the development organization developed or acquired a series of software engineering training courses for managers and technical staff?
Are published software engineering standards provided for every software developer and software manager?
Have document outlines and examples been developed for all deliverables defined as part of the software process?
Are formal technical reviews of the requirements specification, design, and code conducted regularly?
Are formal technical reviews of test procedures and test cases conducted regularly?
Are the results of each formal technical review documented, including defects found and resources used?
Is there some mechanism for ensuring that work conducted on a project conforms to software engineering standards?
Is configuration management used to maintain consistency among system/software requirements, design, code, and test cases?
Is a mechanism used for controlling changes to customer requirements that impact the software?
Is there a documented statement of work, software requirements specification, and software development plan for each subcontract?
Is a procedure followed for tracking and reviewing the performance of subcontractors?
Staff size and experience
Are the best people available?
Do the people have the right combination of skills?
Are enough people available?
Are staff committed for entire duration of the project?
Will some staff be working only part time on this project?
Do staff have the right expectations about the job at hand?
Have staff received necessary training?
Is the technology to be built new to the development organization?
Do the customer requirements demand the creation of new algorithms, input or output technology?
Does the software interface with new or unproven hardware?
Does the software to be built interface with a database system whose function and performance have not been proven in this application area?
Does the software to be built interface with vendor supplied software products that are unproven?
Is a specialized user interface demanded by product requirements?
Do requirements for the product demand the creation of program components that are unlike any previously developed by the developing organization?
Do requirements demand the use of new analysis, design, or testing methods?
Do requirements demand the use of unconventional software development methods, such as formal methods, AI-based approaches, artificial, or neural networks?
Do requirements put excessive performance constraints on the product?
Is the customer uncertain that the functionality requested is "do-able"?