| General Safety/Software Safety |
|
|
1. | Has the Project determined that there are safety-critical components in the system using the criteria in NASA-STD-8739.8? |
|
|
2. | Is there a process in place that defines the necessary activities and products for the Software Safety personnel? |
|
|
| Hazard Analysis |
|
|
3. | Have the Software Safety personnel performed a software Hazard Analysis (HA)? |
|
|
4. | If not, have the Software Safety personnel participated in the System Preliminary Hazard Analysis to help identify where software needs to be included? |
|
|
5. | Have the software contributions to the system hazards been identified? |
|
|
6. | Has there been identification of software and hardware controls to mitigate software contributions to system hazards? |
|
|
7. | Have adequate verification methods been identified for each hazard mitigation to ensure an acceptable level of safety? |
|
|
8. | Has the list of generic software-based hazards, hazard contributions and hazard controls been reviewed to determine whether any of these might be applicable for this project? See the NASA Software Engineering and Assurance Handbook, NASA-HDBK-2203 and Appendix A in NASA-STD-8739.8 for a list of generic software-based hazards. |
|
|
9. | Have any potential software-related risks been identified in the Project Concept or Operational Concept? If so, have mitigations been planned for them? |
|
|
10. | Do your Software Safety personnel and the subcontractor organization share the safety information, if applicable? |
|
|
11. | Did the hazard analysis include any COTS, OTS, OSS, reused or heritage/legacy code? |
|
|
12. | Did the hazard analysis include any cybersecurity considerations? |
|
|
13. | Do the hazard reports include all software hazard causes, software contributions to systems hazards, any software mitigations for the hazards, and adequate verification methods for each hazard to ensure an acceptable level of safety? |
|
|
| Planning Phase |
|
|
14. | Does the project have software safety resources addressed in project acquisition, planning, management, and control activities? |
|
|
15. | Have the Software Safety personnel confirmed that security has been considered and addressed in all safety-related areas? |
|
|
16. | Does any acquisition of software (either contracted or Commercial- off-the-Shelf (COTS)) include evaluation and assessment of risks due to the software’s contribution to safety and any limitations of the software? |
|
|
17. | Does the acquisition have a plan to address and mitigate any risks identified? |
|
|
18. | Have the Engineering and Safety and Mission Assurance (S&MA) Technical Authorities agreed on the software components that are safety-critical? |
|
|
19. | Is there a Safety Plan in place for the Project? (It can be part of the Software Assurance Plan, Safety and Mission Assurance (SMA) plan, or Software Management/Development Plan) |
|
|
20. | Has the project defined the required software safety requirements to be used by the project? |
|
|
21. | Has the project completed a requirements mapping matrix for all of the software assurance and software safety requirements per NASA-STD-8739.8? |
|
|
| Requirements Phase |
|
|
22. | Is there a plan to place the software safety products under configuration management? |
|
|
23. | Have the systems/development groups identified the safety related system level, hardware and software requirements? |
|
|
24. | Did the Software Safety personnel attend the Systems Requirements Review? The Software Requirements Review? |
|
|
25. | Have the Software Safety personnel reviewed the Systems and Software Requirements Documents? Have they confirmed that the software-related safety requirements in the Systems Requirements Document have been passed down to the Software Requirements? |
|
|
26. | Have the Software Safety personnel confirmed that the software safety requirements are traced bi-directionally to the system hazards and system requirements? |
|
|
27. | Have the Software Safety personnel confirmed at least one requirement exists for each software hazard control? |
|
|
28. | Have the Software Safety personnel confirmed that the mitigations for any requirements that may affect software/system safety are included in the requirements? |
|
|
29. | Has a requirements safety analysis been performed? |
|
|
30. | Have the Software Safety personnel reviewed the interface documentation for completeness, and consistency? Are any findings documented? |
|
|
31. | Are any findings that may affect software/system safety documented? |
|
|
32. | Is the method for documenting discrepancies in the requirements specified? |
|
|
33. | Do the software requirements include all of the applicable software safety requirements (i.e., SWE-134) and any applicable computer-based control system requirements (SSP 50038)? |
|
|
34. | Do the software requirements address all of the known hazards associated with the software? |
|
|
| Design Phase |
|
|
35. | Have the Software Safety personnel attended the design peer review(s) for the safety-critical components? |
|
|
36. | Have the Software Safety personnel attended the milestone reviews for the safety-critical software? (Mission Design Review, System Design Review, Preliminary Design Review, Critical Design Review, etc.) |
|
|
37. | Have the Software Safety personnel analyzed the design to verify the requirements in SWE-134 are implemented in the design? |
|
|
38. | Have the Software Safety personnel confirmed that peer reviews are being held for safety-critical components? |
|
|
39. | Have the Software Safety personnel confirmed that maintainability and reliability are being considered in the design? |
|
|
40. | Have any identified issues been addressed? |
|
|
41. | Have the Software Safety personnel performed the safety analysis for design, including analyzing the design for interface code, interrupt code, data code, logic analysis, and partitioning/isolation of safety-critical code? |
|
|
42. | Have the Software Safety personnel confirmed that all the safety related requirements and functions have been implemented in the design? |
|
|
43. | Have the Software Safety personnel evaluated the balance between fault tolerance and failure tolerance? |
|
|
44. | Does software design analysis include Fault Tree Analysis (FTA), and Failure Modes and Effects Analysis (FMEA) to assess adequacy of hazard mitigations (controls)? |
|
|
| Implementation |
|
|
45. | Do the software Safety personnel participate in software code peer reviews for safety-critical components? |
|
|
46. | Have the Software Safety personnel confirmed that static analysis is being done on the safety-critical components? |
|
|
47. | Have the Software Safety personnel evaluated all change requests for their impact on safety? |
|
|
48. | Have the Software Safety personnel confirmed that the developers are using coding standards that support safety-critical coding practices? |
|
|
49. | Have the Software Safety personnel confirmed the static code analyzer(s) that is being used supports safety-critical coding practices? |
|
|
50. | Has the static code analyzer that is being used been configured properly? |
|
|
51. | Have the Software Safety personnel confirmed that all safety-related design elements are correctly and completely implemented into code? |
|
|
52. | Have the Software Safety personnel reviewed the static code analysis findings and confirmed that all safety-related findings have been addressed? |
|
|
53. | Have the Software Safety personnel reviewed the static code analysis findings and confirmed that all security-related findings have been addressed? |
|
|
54. | Have the Software Safety personnel confirmed that all safety-critical code has been unit tested? |
|
|
55. | Have the Software Safety personnel confirmed that all approved safety-related changes have been implemented and unit tested? |
|
|
56. | Have the Software Safety personnel confirmed that all discrepancies in the code were reviewed, fixed, and closed? |
|
|
57. | Have the Software Safety personnel assessed that the source code satisfies the conditions in the NPR 7150.2, SWE-134 requirement for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone? |
|
|
58. | Have the Software Safety personnel confirmed that all identified safety-critical software components have a cyclomatic complexity value of 15 or lower? |
|
|
59. | If the cyclomatic complexity is not 15 or lower, is there a justification for why the complexity needs to be higher than 15? |
|
|
60. | Have the Software Safety personnel reviewed the implementations of hazard mitigations, controls, constraints, etc.? |
|
|
61. | Have the Software Safety personnel analyzed the interfaces of safety-critical systems for potential safety or security risks? |
|
|
62. | Do the Software Safety personnel participate in test case peer reviews and test procedure peer reviews for safety-critical components? |
|
|
63. | Do the Software Safety personnel participate in Test Readiness Reviews for safety-critical software? |
|
|
| Testing Phases |
|
|
64. | Have the Software Safety personnel confirmed that the test procedures are bi-directionally mapped to all the safety-related requirements? |
|
|
65. | Have the Software Safety personnel confirmed that the test environment is as close as possible to the operational environment? |
|
|
66. | Have the Software Safety personnel confirmed that software verification and validation activities include software safety verifications and validations? |
|
|
67. | Are the safety features used to mitigate hazards being verified by test? |
|
|
68. | Have the Software Safety personnel confirmed 100% test coverage? If not, have the Software Engineering personnel provided a risk assessment and an explanation of why 100% coverage cannot be achieved? |
|
|
69. | Are the Software Safety personnel witnessing tests for safety-critical components? If not, is Software Assurance witnessing the testing? |
|
|
70. | Have the Software Safety personnel confirmed that the test set includes both nominal and off-nominal operational scenarios, boundary testing, stress testing, resistance to failure testing and disaster testing? See also Topic 8.01 - Off Nominal Testing. |
|
|
71. | Have the Software Safety personnel confirmed that regression testing is adequate and includes retesting of all related safety-critical software code components? |
|
|
72. | Have the Software Safety personnel confirmed regression test procedures are updated to incorporate tests that validate the correction of critical anomalies? |
|
|
73. | Have the Software Safety personnel confirmed that all approved/implemented changes to the requirements, design or code for safety-critical software components have been accounted for in the updates to the test procedures for those components? |
|
|
74. | Have the Software Safety personnel confirmed that the values of the safety-critical loaded data, uplinked data, rules, scripts, and configurations that affect hazardous system behavior have been tested or verified? |
|
|
| Acceptance and Delivery |
|
|
75. | Did the Software Safety personnel participate in the System/Software Acceptance Review? |
|
|
76. | Have the Software Safety personnel confirmed that all safety issues identified throughout the lifecycle have been addressed and are closed? |
|
|
77. | Have the Software Safety personnel confirmed that the project has identified all the safety-related requirements, approved changes to be implemented, and defects to be resolved for each delivery? |
|
|
78. | Have the Software Safety personnel confirmed that the project has met all software safety-related requirements identified for the delivery? |
|
|
79. | Have all approved safety-related changes been implemented and successfully tested? |
|
|
80. | Have the Software Safety personnel confirmed that all the correct safety-related products are being delivered? |
|
|
| Operational Readiness |
|
|
81. | Have the Software Safety personnel witnessed any pre-operations testing? |
|
|
82. | Have the Software Safety personnel confirmed that the proper certification requirements are in place and accomplished prior to the actual operational use of the software? |
|
|
83. | Have the Software Safety personnel attended the Operational Readiness Review? |
|
|
| Operations / Maintenance |
|
|
84. | Has Software Safety confirmed the operating manual/procedures include a list of potential safety issues and work-around’s for those anomalies? |
|
|
85. | Has Software Safety confirmed that changes and reconfigurations of the software, during operational use and maintenance of the software, are analyzed for their impacts on system safety??? |
|
|
86. | Does Software Safety monitor the handling of operational inputs, such as command data, and data loads to validate the accuracy of the data before uploading? |
|
|
87. | Does Software Safety analyze actual operational scenarios and activities to identify any new or previously unrecognized hazards and develop mitigations for them? |
|
|
88. | Do the Software Safety personnel document newly discovered or previously unrecognized hazards and their mitigations and verifications in a Hazard Report? |
|
|
89. | Do the Software Safety personnel submit problem reports to the maintenance team when errors or operational issues during operations are discovered, and work to develop safe workarounds for the problems until fixes can be included in a maintenance release? |
|
|
90. | Do the Software Safety personnel confirm regression testing of work-around fixes or maintenance releases include retesting of all related safety-critical software code components? |
|
|