- 1. The Requirement
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
- 7. Software Assurance
3.1.6 The project manager shall establish and maintain the software processes, software documentation plans, list of developed electronic products, deliverables, and list of tasks for the software development that are required for the project’s software developers, as well as the action required (e.g., approval, review) of the Government upon receipt of each of the deliverables.
A list of typical software engineering products or electronic data products used on a software project is contained in Chapter 6 of this directive. The software activities should include plans for software product verification and validation activities, software assurance, methods, environments, and criteria for the project.
Click here to view the history of this requirement: SWE-036 History
1.3 Applicability Across Classes
Key: - Applicable | - Not Applicable
A & B = Always Safety Critical; C & D = Sometimes Safety Critical; E - F = Never Safety Critical.
Projects evaluate the environment (e.g., organization, funding, size, personnel) in which they plan to develop software. From this evaluation, they choose an appropriate set of processes, tasks, and activities to develop software that meets their needs. The Center Process Asset Library (PAL) may contain processes tailored to different development environments. The planning down to the activity and task levels will assure that only the appropriate processes are selected from the ones available to the project. Further evaluation of these processes will determine the level of software resources that the project team needs to include in the planning documentation and funding requests.
The formulation phase in the life cycle includes the selection and execution of planning activities that are necessary for the successful initiation of a project. During this phase of the project, the project team defines customer needs, system-level requirements, make-versus-buy strategies, overall project and software management plans, a work breakdown structure (WBS), software safety assessments, and primary project deliverables and work products, including, but not limited to, software documents and electronic products.
The project develops planning documents to account for the above and for use in managing the software development efforts. The core set of software plans includes a Software Development or Management Plan (see SDP-SMP), Configuration Management Plan (see SCMP), Test Plan (see Software Test Plan), Maintenance Plan (see Maint), and Assurance Plan (see SAP). The planning may be recorded in a single document or in standalone documents, depending on project size and requirements.
Projects may find it helpful to review the following sources of listed processes when planning their project implementation:
- Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook, and Center PALs that can be used to locate and select processes and activities that are applicable to software development activities.
- The processes and best practices described in the Capability Maturity Model Integration for Development (CMMI Institution)The CMMI-Dev describes the applicability of its processes areas for developing software work products.
- NPR 7123.1 041, which establishes a core set of common Agency-level technical processes and requirements needed to define, develop, realize, and integrate the quality of the system's products created and acquired for NASA. The set of common processes in the NPR may be supplemented or tailored to achieve specific project requirements.
- AS9100C 372, which provides a process-based quality management system for aerospace applications. "The application of a system of processes within an organization...can be referred to as the 'process approach'. An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction." 372
The processes that are selected and/or tailored to be applicable to the project will be accomplished by the project and software suppliers through the execution of the activities and tasks that compose the process. Specifically, NPR 7123.1, NASA Systems Engineering Processes and Requirements, describes the activity as a set of tasks that describe the technical effort needed to accomplish a process and to help generate the expected outcomes. Software processes are generally reviewed during the software development life cycle, and revised and modified as needed. The appropriate planning and scheduling of these tasks and activities enable the successful execution of the planned processes. The successful placement of the applicable and tailored processes, activities, and tasks on the project development schedule will complete the determination process.
NASA-specific planning information is available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
The Agency Software Manager can be used as a resource for requirement confirmation.
Additional guidance related to Software Process Determination may be found in the following related requirements in this Handbook:
4. Small Projects
Small projects may want to use a standard set of processes that have been tailored for their development environment, and type of project. These processes may have been developed by people in the same organization that may have done similar developments.
- CMMI Development Team (2010). "CMMI for Development, Version 1.3: Improving processes for developing better products and services,"CMMI Development Team (2010). CMU/SEI-2010-TR-033, Software Engineering Institute.
6. Lessons Learned
6.1 NASA Lessons Learned
A documented lesson from the NASA Lessons Learned database notes the following:
- Flight Software Engineering Lessons. Lessons Learned 2218 572: "The engineering of flight software is a major consideration in establishing JPL project total cost and schedule because every mission requires a significant amount of new software to implement new spacecraft functionality. Constraints to the development and testing of software concurrent to engineering the rest of the flight system have led to flight software errors, including the loss of some missions. The findings of several JPL studies and flight mishap investigations suggest a number of recommendations for mitigating software engineering risk."
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
7. Software Assurance
7.1 Tasking for Software Assurance
- Confirm the following are approved, implemented, and updated per requirements:
a. Software processes, including software assurance, software safety, and IV&V processes.
b. Software documentation plans,
c. List of developed electronic products, deliverables, and
d. List of tasks required or needed for the project’s software development.
- Confirm that any required government actions upon receipt of deliverables (e.g., approvals, reviews) are established and maintained.
7.2 Software Assurance Products
- The defined software assurance, software safety, and IV&V processes for the activities on the project per the requirements in the Software Assurance and Software Safety Standard (NASA-STD-8739.8.)
- Any risks, issues discovered are brought to the attention of management
Definition of objective evidence
- Evidence that all confirmations in Task1a, 1b, 1c, 1d and Task 2, including existence, approvals, reviews, maintenance, and usage of listed items have occurred.
Objective evidence is an unbiased, documented fact showing that an activity was confirmed or performed by the software assurance/safety person(s). The evidence for confirmation of the activity can take any number of different forms, depending on the activity in the task. Examples are:
- Observations, findings, issues, risks found by the SA/safety person and may be expressed in an audit or checklist record, email, memo or entry into a tracking system (e.g. Risk Log).
- Meeting minutes with attendance lists or SA meeting notes or assessments of the activities and recorded in the project repository.
- Status report, email or memo containing statements that confirmation has been performed with date (a checklist of confirmations could be used to record when each confirmation has been done!).
- Signatures on SA reviewed or witnessed products or activities, or
- Status report, email or memo containing Short summary of information gained by performing the activity. Some examples of using a “short summary” as objective evidence of a confirmation are:
- To confirm that: “IV&V Program Execution exists”, the summary might be: IV&V Plan is in draft state. It is expected to be complete by (some date).
- To confirm that: “Traceability between software requirements and hazards with SW contributions exists”, the summary might be x% of the hazards with software contributions are traced to the requirements.
Note: For full context of the metrics, refer to the Topic 8.18 to see other requirements that contribute to this metric.
- # of software components (e.g. programs, modules, routines, functions, etc.) planned vs. # actually released in each build
Guidance for the SA tasks
Confirm following are approved, implemented, and updated (when necessary) per requirements:
- Software processes - Confirm that the software development organizations have documented processes for phases of the software development process. Use the software practices contained in the CMMI model to determine if the development organization's processes meet or exceed the CMMI model practices. Use the CMMI V2.0 model practices, see https://cmmiinstitute.com for the model practices.
- Software documentation plans - review document content against the documentation guidelines contained in 7.18 - Documentation Guidance or in the Contract Data Requirements Documents (see the contract statement of work).
- List of developed electronic products, deliverables - Confirm that all of the required products are available. What Needs To Be Accessible? Each project may have a different list of required products that can typically be found in the project requirements and deliverables.
The Agency Software Manager can be used as a resource for requirement confirmation.
A sample list is below:
•Software, executable and source code
•Models and simulations
•Programmable Logic Device logic and software
•Trade study data, including software tools, used to help formulate an analysis of alternative results if any scenarios need to be re-run later
•Prototype software, including prototype architectures/designs
•Data definitions and data sets
•Software ground products
•Software build products
•Software documentation, including data presented during any early design reviews
•Software cost data and parameters
•Software development environment
•Software Test Scripts and the results of software testing
•Results of software static analysis activities
•Bi-directional traceability for the software products
•Software analyses and compliance data
- List of tasks for the software development required for the project’s software developers - look at the software development schedule milestones (see 7.8 - Maturity of Life-Cycle Products at Milestone Reviews), software products required, and software processes used.
- Confirm that any required Government actions (approvals, reviews) are established and maintained upon receipt of deliverables - look at the software development schedule milestones (see 7.8 - Maturity of Life Cycle Products at Milestone Reviews, software products delivery requirements, and software processes used.
- Develop software assurance processes, plans, products, risks, and tasks lists as defined in the software assurance plans for the project - Develop or use/tailor pre-existing standard software assurance and software safety processes needed to perform the tasks and generate the products described in the SA plan for the project. Establish a SA process for tracking and reporting products, risks, and task lists.