Validation includes establishing roles, responsibility, and authority to plan, perform, analyze, and report validation activities. This is often necessary when some or all of the software development is performed under contract. It is also important when the validation environment is a service performed by another organization (e.g., high-fidelity simulators or system integration labs).
The basic validation process is shown below with the steps addressed by this requirement highlighted:
Figure 3.1. Validation Process With Planning Steps Highlighted
Validation activities are not performed in an ad hoc manner, but are planned and captured in a validation plan document. The validation plan is typically part of a verification and validation (V&V) plan, a software V&V plan (SVVP), or is included in the Software Management / Development Plan (SMP/SDP).
The plan covers the validation activities that will occur at various times in the development life cycle including:
- During requirements development, validation is accomplished by bringing in the customer and outside people for a review of the requirements, e.g., focus groups, requirements reviews, etc.
- During design, validation occurs when the customers have a chance to view prototypes of the product or pieces of the product, e.g., focus groups, user groups, etc.
- During implementation, validation occurs when team members review the behavior of software components under both nominal and exception scenarios. For example, a peer review or inspection could trace the execution path through the code under representative scenarios.
- Prior to delivery, validation occurs when customers see the completed product function in a nearly operational environment, e.g., acceptance testing, operational demonstrations, etc.
- During product use, validation occurs when the product is used in the operational environment in the way the customer expects it to be used.
The project team reviews the plan and validation results at various life cycle reviews, particularly whenever changes occur throughout the duration of the project. Any identified issues are captured in problem reports/change requests/action items and resolved before the requirements are used as the basis for development activities.
Validation is often on the critical path to project completion. Validation activities, therefore, need to be planned and tracked in order to realistically assess progress toward completion. The validation plan will address more than just validation of software requirements. It includes a schedule, stakeholder involvement, and planned reviews, if they are required to complete the validation activities and gain agreement that the requirements are a correct and acceptable description of the system or software to be implemented. Other elements to include in the overall plan:
- Specific tasks and activities.
- Validation methods and criteria (SWE-102).
- Identification of work products to be validated (SWE-102).
- Identification of where validation records and corrective actions will be captured (SWE-102).
The Scope and Approach sections of the plan identify the project and define the purpose and goals of the plan including responsibilities, assumptions, and a summary of the efforts described in the plan.
Resources include personnel, environments (such as simulators, facilities, tools, etc.), and include any skills and/or training necessary for those resources to carry out the validation activities.
When developing the validation plan, consider the following for inclusion:
- Identifying the key functions and/or components that require validation (based on criticality, safety, security, etc.).
- Identifying the validation methods, techniques, tests to carry out the validation activities for components as well as the system as a whole (see SWE-055-Requirements Validation).
- COTS (Commercial Off the Shelf), GOTS (Government Off the Shelf), MOTS (Modified Off the Shelf) affects on the project and associated validation planning (SWE-027 - Use of Commercial, Government, and Legacy Software).
- Identifying criteria by which success will be measured for each validation activity.
- Establishing the target environment (which could be a high-fidelity simulation) for validating the software or system, including validation of tools used in those environments (see SWE-073 - Platform or High-Fidelity Simulations).
- Models, simulations, and/or analysis tools and associated validation planning (SWE-070 - Models, Simulations, Tools, SWE-135 - Static Analysis, SWE-136 - Validation of Software Development Tools).
- Identifying how the results will be documented and reported, when and to whom they will be reported (SWE-031- Validation Results).
- Issue resolution (capture and tracking to closure) for issues or findings identified during validation activities (could be as simple as using the project configuration management process) (see SWE-031 - Validation Results).
- Identifying validation activities, as applicable, to occur during the various life cycle phases.
- Re-validation plans to accommodate changes as the system is developed.
- Method for obtaining customer approval of the validation plan, if applicable.
If not part of the team developing the validation plan, Software Assurance needs to be part of the plan's review team to ensure the plan meets all assurance requirements.
Additional guidance related to validation planning may be found in the following related requirements in this Handbook: