6.3.3 The Engineering Technical Authority(s) for this NPR shall consider the following information when assessing waivers and deviations from requirements in this NPR:
a. The NASA software inventory data on the project.
b. The classification of systems and subsystems containing software, as defined in Appendix E.
c. Applicable Center-level software directives that meet the intent of this NPR.
d. Applicable contractor and subcontractor software policies and procedures that meet the intent of this NPR.
e. Potential impacts to NASA missions.
f. Potential impacts to health, medical concerns, or safety.
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
1.2 Applicability Across Classes
This requirement applies to all classes and safety criticalities.
NPR 7150.2 contains the basic set of requirements for software developed by or for the agency. Any request for a or a from a particular requirement is made to the appropriate level and type of Technical Authority (TA) as listed in Appendix D in NPR 7150.2. When assessing the requests, the designated TA considers a number of relevant factors in deliberation. It is not uncommon for a waiver/deviation to require approval from TAs from two different organizations, e.g., Engineering TA (ETA) as well as Safety & Mission Assurance TA. The factors listed in parts a - f of this requirement support a responsible evaluation of the waiver/deviation request.
General directions for preparing and requests can be found in NPR 7120.5 and on the NASA Engineering Network (NEN) Requirements and Technical Authorities web page . Direction specific to software is provided in Chapter 6 of NPR 7150.2.
If the project or software lead engineer submits a deviation or waiver request against any of the NPR requirements, the following items are among those considered by the ETA when assessing the deviation or waiver request.
- The Headquarters' OCE's NASA Software Inventory : Access to this inventory, which is controlled, needs to be coordinated through Center software representatives and/or the . This document lists all software currently under development for the NPR 7150.2, Appendix E, classes A through E. The OCE is responsible for generating and maintaining this listing. The software inventory typically has information on the software in development, whether it is safety critical, what is the expected size in s, whether it is using NASA Independent Verification and Validation (IV&V) Facility services, the software classification, dates of major milestone reviews, the percentage of software that will be newly developed, and how much software quality assurance effort is dedicated to the project. These are just a few of the items that are useful as background when considering approval/disapproval of a waiver. The software inventory for classes F through H is generated and maintained by the Headquarters Chief Information Officer (CIO); access to this inventory is controlled and may need to be coordinated through Center or Headquarters representatives. In some instances, Centers maintain a more detailed local software inventory with additional information. In these cases, it is recommended to get a copy of the local record for the project as well.
- Classification of systems and subsystems: Appendix E of NPR 7150.2 gives definitions and examples of systems that typically have the listed software classification. Relief from requirements for higher level software classes (A and B) or with safety critical aspects are evaluated with increased rigor. Additional classifications, such as human-rated systems and payload classifications, also imply the degree to which a waiver/deviation would be acceptable. The TA also checks to ensure correct classification of the system, subsystem, and software, as requirements can vary significantly across classifications. Consideration is given to the software classification associated with these systems or subsystems to assure the level of risk accepted by granting the waiver or deviation is consistent with the overall importance of the system under development.
- Applicable Center directives: A review of these directives in the context of the waiver/deviation request would reveal any that may support or be in conflict with the request. In many instances, Centers augment NASA-wide procedural requirements with local direction and specific practices. The project's use of a local engineering practice may partially mitigate the risk inherent in a waived NASA-wide requirement.
- Applicable (see SWE-027) or contractor-developed software: Approval of a deviation or waiver for OTS software, while at times necessary, carries the risk of the OTS software impacting the proper functioning of the system. Contractor-developed software is primarily subject to the contract clauses and requirements levied on the contractor by the procurement activity. Deviation and waiver evaluations must weigh the impacts to the contract against the benefits from the approved request.
- NASA missions: Consideration is given to how waiving this requirement could impact this mission as well as subsequent missions. It is not uncommon for software to be reused on future missions or to evolve to a more critical role on the current mission. A relevant factor is that waivers and deviations are not granted on a permanent basis, because software developed under waivers and/or deviations can negatively impact its reuse.
- Potential impact to health, medical concerns, or safety: These factors directly affect the risk consideration in evaluating a waiver/deviation request. When these factors are relevant, it is very likely that involvement of the Safety TA and/or the Health and Medical TA will be necessary. It is not uncommon for a waiver/deviation request to come up through one TA chain but not another. When this occurs, it is the ETA's responsibility to coordinate with counterparts.
The ETA who is assessing the deviation or waiver request also considers the interactions between the impacts determined above and those found by others considering the following areas:
- Impacts to health and safety, e.g., medical TA.
- Results of s
- Findings in Hazard Reports.
- Other risk evaluations, e.g., )
- Overall considerations for mission success.
The 's considerations include the interests of systems stakeholders, support organization functions, and other interested parties.
Information and results for deviation and waiver request activities are recorded and tracked in the project's configuration management system. Information on configuration management systems is available throughout the NASA literature. This documentation typically includes request procedures (see SWE-113), configuration control techniques, general instructions for evaluating impacts, and guidelines for completing the necessary forms. Project development activities typically draw upon these resources to develop project-specific documentation. The request packages are typically processed through management chains, through project control boards, and to higher administrative and management levels, e.g., the Headquarters' OCE, when appropriate.
Additional guidance on deviations and waivers related to contracts may be found in the following related topic in this Handbook: Topic 7.4 - Flow Down of NPR Requirements to Contracts and to Other Centers in Multi-Center Projects.
6. Lessons Learned
Columbia Accident Investigation Board, Report Vol 1, Aug 2003, Recommendation R7.5-1: "Establish an independent Technical Engineering Authority that is responsible for technical requirements and all waivers to them, and will build a disciplined, systematic approach to identifying, analyzing, and controlling hazards throughout the life of the Shuttle System."