3. GuidanceThe Headquarters Office of Safety and Mission Assurance (OSMA) controls and maintains an audit process for use in periodic Center and project OCE compliance audits and surveys. The OSMA compliance audits achieve several objectives. They are: - Review Center and specified NASA Headquarters organizations’ processes and infrastructure for compliance with OSMA requirements, policy, procedures, processes, statutes, and regulations.
- Review specific program/project “files” for compliance with requirements, policy, procedures, processes, statutes, and regulations.
- Identify systemic problems or deficiencies.
- Recognize areas of excellence/best practices.
- Receive Center feedback regarding modifications in Agency policy and requirements.
Currently, the OSMA audits focus on the following core elements: - The common framework for a unified program and project life cycle.
- Program and project review structure.
- Technical authority implementation.
- Software risks.
- Dissenting opinions and deviation/waiver process.
- Software engineering, assurance, and safety management.
- Systems engineering.
- Lessons learned.
- Technical standards.
- Other.
In addition to NPR 7150.2, the Headquarters’ OSMA audits also include a review and appraisal of the products resulting from the use of the following documents, to the extent they involve software engineering: - NPD 7120.4E, NASA Engineering, and Program/Project Management Policy.
 - NASA-STD-8739.8
 , Software Assurance, and Software Safety Standard.
See also Topic 8.12 - Basics of Software Auditing. 3.1 Audit ResponsibilityThe NASA Organization Section 4.13 Office of Safety and Mission Assurance The Office of Safety and Mission Assurance provides policy direction, functional oversight, and assessment for all Agency safety, reliability, maintainability, and quality engineering and assurance activities and serves as a principal advisory resource for the Administrator and other senior officials on matters pertaining to safety and mission success. Section 5.15 NASA Safety Center Manages the audit, review, and assessment process for evaluating and ensuring conformance with Agency SMA requirements. NASA Policy for Safety and Mission Success Verify and validate the life cycle implementation of the SMA processes and any related safety and mission success requirements through ongoing surveillance of program, project, and contractor processes. Safety and Mission Assurance (SMA) Audits, Reviews, and Assessments The NSC AIO conducts audits, reviews, and assessments to verify each NASA Center's, Component Facility's, and the Jet Propulsion Laboratory’s (JPL’s) (a Federally-Funded Research and Development Center) implementation of, and compliance with, applicable Agency SMA requirements. 3.2 Audit Scope- Software Assurance and Software Safety Standard requirements, NASA-STD-8739.8?
- NASA Software Engineering Requirements, NPR 7150.2
See also SWE-004 - OCE Benchmarking, SWE-036 - Software Process Determination, SWE-126 - Tailoring Considerations, SWE-139 - Shall Statements. 3.3 Audit Focus Areas- New standard requirements, including safety-critical software requirements and determination
- Software assurance\safety requirements mapping matrix, review any tailored requirements
- NPR 7150.2 requirements mapping matrix, review any tailored requirements
- Software assurance and safety requirements analysis approach and activities
- Software assurance\safety approach, plan, and resource allocations
- Software assurance process audits
- Metric and status reporting by software assurance\safety or planned by software assurance\safety
- Software assurance\safety access to software products and data
- Flow down and implementation approach for the mission Cybersecurity requirements (focus on NPR 7150.2)
- Use of and planned use of Coding standards
- Use of and planned use of tools
- IV&V plan and communication, access to data, the interaction of the project with IV&V, IV&V interaction with the project
- Software quality assessment approaches
- Software risks, or known issues
- Software hazards
- Integrated testing approach and plans
- Software engineering and software assurance\safety requirements flow down into contracts
- Open-source software and reused software approach and plans
- Software engineering and software assurance document management system
3.4 Requested Documentation (Provide what is currently available)- The current draft of the Software assurance plan
- The current draft of the Software Management/Development Plan (provided)
- Software assurance requirements mapping to the program standard(s)
- Software engineering requirements, NPR 7150.2, mapping matrix
- The lowest level of software requirements available at this time
- IV&V Plan(s)
- List of IV&V findings to date
- Identified Software Hazards to date
- Latest software Engineering and Software Assurance status reports
- Latest software engineering and software assurance metrics/measurements are being provided and used
- Any statement of works involving the acquisition of critical software development
- Software test and verification plans
- List of planned reuse or open-source software to be used
- Coding standard(s)
- Any identified Software Risks to date
- List of the identified Software issues to date
See also Topic 7.18 - Documentation Guidance, 8.16 - SA Products. Findings resulting from the audits are generally classified as strengths, weaknesses, observations, opportunities, and non-compliances. However, the audit team has a clear and overriding obligation to identify all items of non-compliance and items that adversely affect safety or quality. These items will be included in the final report. Significant issues are brought to the immediate attention of the surveyed organization's management via the survey manager. 3.5 Additional GuidanceAdditional guidance related to this requirement may be found in the following materials in this Handbook: 3.6 Center Process Asset Libraries
See the following link(s) in SPAN for process assets from contributing Centers (NASA Only). |