Each program and project will perform the life-cycle reviews as required by their governing project management NPR, applicable Center practices, and the applicable requirements. Life-cycle reviews are event based and occur when the entrance criteria for the applicable review are satisfied. They should occur based on the maturity of the relevant technical baseline as opposed to calendar milestones (e.g., the quarterly progress review, the yearly summary). The software and project management technical team needs to develop and document plans for life-cycle and technical reviews for use in the software project planning process. The life-cycle and technical review schedule should be document or recorded in a planning document or record.
Regular reviews are those held on a scheduled basis throughout the software development life cycle. These may be weekly, monthly, or quarterly; or as needed, depending on the size and scope of the software development activity. They include the software reviews conducted to status the project, and the major software technical reviews that occur at various phases of the project (see 7.8 - Maturity of Life-Cycle Products at Milestone Reviews). 7.8 - Maturity of Life-Cycle Products at Milestone Reviews provides a chart that summarizes the current guidance approved by the NASA Office of the Chief Engineer (OCE) for software engineering life cycle products and their maturity level at the various software project life cycle reviews. This chart serves as guidance only and NASA Center procedures should take precedence for projects at those Centers. The chart was constructed using the software engineering products from NPR 7150.2, the project life cycle reviews from NPR 7123.1, previous work from the NASA Software Working Group to map products to life cycle reviews, and additional information gathered from these NPRs, NPR 7120.5, and individual NASA Center procedures.
Regular software reviews cover details of work in software planning, requirements development, architecture, detailed design, coding and integration, testing plans, testing results, and overall readiness for flight. The individual project or development activity determines specific content of each review, with consideration of the current position of the activities within the software development life cycle. The software review content is based on the specific project needs. However, the major technical reviews that include software often must show evidence of satisfaction of entrance and exit (success) criteria. See 7.9 - Entrance and Exit Criteria for a listing of potential criteria to use in reviews. Review and status planning should take into consideration the results of the software classification level process (see SWE-020) and safety criticality determination process (see SWE-133) when making the choice of review frequency.
The evaluation of metrics developed from a software measures process (see SWE-091, SWE-092, SWE-093, and SWE-094) and the assessment of milestone status provide quantitative determinations of the work progress. Risk identification and mitigation, safety, problem identification and resolution are parts of the regular reviews. Risk identification (see SWE-086) and mitigation efforts are tracked in a controlled manner, whether in a database tool or in a software package written for risk management.
Issues that are identified during a regular review that can't be closed at the review are documented and tracked until they are officially dispositioned and/or closed. The issue can be tracked in a suitable tool, such as a risk management system, a configuration management system, or a problem reporting and corrective action (PRACA) system. The configuration management and control system selected for the project is written up in the Configuration Management Plan. The plan is used to record the methods and tools used for tracking the issues to closure (see SWE-079 and SCMP).
The progress between life-cycle phases is marked by key decision points (KDPs). At each KDP, software engineering and project management examines the maturity of the technical aspects of the project. For example, management examines whether the resources (staffing and funding) are sufficient for the planned technical effort, whether the technical maturity has evolved, what the technical and nontechnical internal issues and risks are, and whether the stakeholder expectations have changed.
The interpretation of the term ‘stakeholder’ for this requirement can be taken to include representatives from the following organizations:
- Quality assurance.
- Systems engineering.
- Independent testing.
- Independent Verification and Validation.
- Project and/or Engineering management.
- Other organizations performing project activities.
However, other external stakeholders at the program or project level (e.g., principle investigators, the science community, technology community, public, education community, and/or a Mission Directorate sponsor) are not included on a regular basis at the internal reviews for the satisfaction of this requirement. In contrast to the relevant or internal stakeholders, external project stakeholders generally participate in just the major milestone reviews. Stakeholders typically are those materially affected by the outcome of a decision or a deliverable. In the context of software work product development, a stakeholder may be inside of or outside of the organization doing the work. The key reason for holding regular reviews with project stakeholders is to keep them and their organizations informed since they are both participants in the software work product development and advocates for the activity.
A best practice related to the involvement of stakeholders is to determine and invite the relevant stakeholders, i.e., those who should be involved in the review because they are engaged in the development and/or who have a vested interest in the work products being produced.
Additional guidance related to holding a review of software activities, status, and results may be found in the following related requirements in this Handbook: