SOFTWARE QUALITY ASSURANCE PLAN TEMPLATE

(BASED ON ANSI/IEEE STD 730.1-1989)

1.0 1.1 1.2 1.3 1.4 2.0 3.0

..................................................................................................... ................................................................ INTRODUCTION ..................................................................................................... 1 PURPOSE ............................................................................................................... 1 SCOPE ................................................................................................................... 1 SOFTWARE ITEMS.................................................................................................... 1 SOFTWARE LIFE CYCLE ............................................................................................ 2 DOCUMENTS ................................................................ ..................................................... REFERENCE DOCUMENTS ..................................................................................... 2 ....................................................................................................... ................................................................ MANAGEMENT ....................................................................................................... 5

3.1 ORGANIZATION ....................................................................................................... 5 3.1.1 Organizational Structure ................................................................................. 5 3.1.2 Organizational Description .............................................................................. 5 3.1.3 Organizational Independence.......................................................................... 6 3.2 TASKS ................................................................................................................... 6 3.2.1 Software Life Cycle ......................................................................................... 6 3.2.2 SQA Activities.................................................................................................. 8 3.2.3 Milestones...................................................................................................... 10 3.3 RESPONSIBILITIES ................................................................................................. 12 3.3.1 Software Activities ........................................................................................ 12 3.3.2 Software Work Products................................................................................ 12 3.3.3 Walkthroughs Software Work Products ........................................................ 13 3.3.4 Inspections of Software Work Products........................................................ 13 4.0 ................................................................ ............................................................... DOCUMENTATION ............................................................................................... 14

4.1 PURPOSE ............................................................................................................. 14 4.2 MINIMUM DOCUMENTATION REQUIREMENTS ............................................................. 14 4.2.1 Software Requirements Document (SRD) ..................................................... 14 4.2.2 Software Architecture Description (SAD) ..................................................... 16 4.2.3 Software Verification and Validation Plan (SVVP)........................................ 16 4.2.4 Software Verification and Validation Report (SVVR).................................... 18 4.2.5 User Documentation Description (UDD)........................................................ 19 4.2.6 Software Configuration Management Plan (SCMP)....................................... 21 4.3 OTHER ................................................................................................................ 22 4.3.1 Software Project Plan (SPP) .......................................................................... 22 4.3.2 System Requirements Specification (SRS) ................................................... 24 4.3.3 System Architecture and Requirements Allocation Description (SARAD) ... 25 4.3.4 Database Design Description (DDD) .............................................................. 25 4.3.5 Software Interface Design Description (SIDD).............................................. 26 4.3.6 Test or Validation Plan (TVPL) ...................................................................... 26 4.3.7 Software Design Description (SDD)............................................................... 27 4.3.8 Test or Validation Procedures (TVPR) .......................................................... 27 4.3.9 Test or Validation Results Report (TVRR)..................................................... 28 4.3.10 Software Integration Plan (SOIP) ............................................................... 29 4.3.11 Software Integration Audit Report (SIAR).................................................. 29

- ii -

4.3.12 Software Installation Plan (SIP) ................................................................. 30 5.0 PRACTICES, STANDARDS, PRACTICES, CONVENTIONS, AND METRICS ................................ 31 AND

5.1 PURPOSE ............................................................................................................. 31 5.2 CONTENT ............................................................................................................. 31 5.2.1 Documentation Standards ............................................................................. 32 5.2.2 Logic Structure Standards ............................................................................ 32 5.2.3 Coding and Commentary Standards .............................................................. 35 5.2.4 Testing Standards and Practices .................................................................. 37 5.2.5 Software Process and Product Metrics......................................................... 39 6.0 REVIEWS AND AUDITS ........................................................................................ 40 AUDITS ........................................................................................ ................................

6.1 PURPOSE ............................................................................................................. 40 6.1.1 Technical and Managerial Reviews and Audits ............................................ 40 6.1.2 Accomplishing Reviews and Audits .............................................................. 41 6.1.3 Implementing and Verifying Reviews and Audits ......................................... 42 6.2 MINIMUM REQUIREMENTS ...................................................................................... 42 6.2.1 Software Requirements Review (SRR) .......................................................... 43 6.2.2 Software Preliminary Design Review (SPDR)................................................ 43 6.2.3 Software Critical Design Review (SCDR) ...................................................... 43 6.2.4 Software Verification and Validation Plan Review (SVVPR) ........................ 44 6.2.5 Functional Configuration Audit (FCA) ........................................................... 44 6.2.6 Physical Configuration Audit (PCA) ............................................................... 45 6.2.7 In-Process Audit ............................................................................................ 45 6.2.8 Managerial Review ........................................................................................ 46 6.2.9 Software Configuration Management Plan Review (SCMPR) ....................... 47 6.2.10 Post Mortem Review................................................................................... 47 6.3 OTHER ................................................................................................................ 48 6.3.1 System/Subsystem Requirements Review (SSRR)........................................ 48 6.3.2 System/Subsystem Design Review (SSDR) ................................................... 48 6.3.3 Software Test Readiness Review (SOTRR)................................................... 49 6.3.4 Software Test Results Review (SOTRER) ..................................................... 49 6.3.5 System Test Readiness Review (SYTRR)...................................................... 50 6.3.6 System Test Results Review (SYTRER) ........................................................ 50 6.3.7 Software Usability Review (SUR) .................................................................. 50 6.3.8 Software Maintenance Review (SMR) ........................................................... 51 7.0 8.0 9.0 TEST..................................................................................................................... TEST..................................................................................................................... 51 ................................................................................................ REPORTING ACTION............................................ ION................................ PROBLEM REPORTING AND CORRECTIVE ACTION............................................ 52 TECHNIQUES, METHODOLOGIES................................ ................................................... TOOLS, TECHNIQUES, AND METHODOLOGIES................................................... 52

................................................................................................... 10.0 CODE CONTROL................................................................................................... 54 CONTROL ................................................................................................ ................................................................................................. ................................................................ 11.0 MEDIA CONTROL ................................................................................................. 54

- iii -

...........................................................CONTROL ............................................. ............................................................................................................ .............................. MAINTENANCE....0 RECORDS COLLECTION......... 12...... AND RETENTION .... .......................................................... 56 ............................................................. 15...........................................................................................iv - ..... 56 14......................................0 RISK MANAGEMENT .............................0 SUPPLIER CONTROL ...................... 14..................................................0 TRAINING .......................... AND 13................................... 55 COLLECTION.............................................. 56 .0 TRAINING.........................................................

1. and records collection.2 Scope The scope of the SQAP includes definition of the SQA organization. 1. data management CSCI.3 Software Items The software items covered by the SQAP include the operating system CSCI. and postprocessing of real-time telemetry data from specialized data measurement equipment. the scope of the SQAP includes identification of the code control. maintenance. and methodologies for SQA. and retention policies and procedures from software configuration management. identification of standards. techniques. • Operating System CSCI: The operating system CSCI provides the integrating framework for the other three CSCIs.0 INTRODUCTION This section shall delineate the specific purpose and scope of the particular SQAP. Specifically. and metrics for software developers and how SQA verifies them. conventions. Finally. 1. identification of minimum documentation requirements for software developers and how SQA verifies them. and responsibilities. The command and control system enables the high-speed collection. the SQAP defines a set of activities designed to evaluate the software processes by which software work products are developed and/or maintained. storage. and identification of tools. data acquisition CSCI. tasks. The scope of the SQAP also includes identification of software tests not included in the SVVP. and data processing CSCI of the command and control system. data management CSCI. It shall state the portion of the software life cycle covered by the SQAP for each software item specified. practices. caution and warning. identification of practices and procedures for problem reporting and corrective action.1. supplier control. status messaging and logging. -1- . The operating system CSCI provides key integrating functions such as the human-computer user interface. and data processing CSCI. and identification of reviews and audits. It shall list the name(s) of the software items covered by the SQAP and the intended use of the software. In addition. the scope of the SQAP includes identification of SQA training requirements and the risk management methods and procedures to be used by the software project manager.1 Purpose The purpose of the SQAP is to define a planned and systematic pattern of all actions necessary to provide adequate confidence that a software work product conforms to established technical requirements. media control. the data acquisition CSCI.

standards. built-in-test. practices. and methodologies. software installation. initialization. built-in-test. data-size configuration. system initialization. tools. • Data Management CSCI: The data management CSCI provides key functions such as a realtime interface to the data acquisition CSCI. and system debugging. supplier control. system startup and shutdown. software architectural design. and retention. 2. The software life cycle phases to which the SQAP applies include system requirements analysis. datarate configuration. problem reporting and corrective action. special test scenario execution. shutdown. software coding and testing.4 Software Life Cycle The software life cycle to which the SQAP applies for all CSCIs is defined by IEEE 12207. maintenance. and an automated command interface to the data management CSCI and operating system CSCI. training. • Data Acquisition CSCI: The data acquisition CSCI provides key functions such as a real-time interface to the specialized data measurement equipment. and retrieval. system architectural design. software detailed design. and automated interfaces to the data processing CSCI and operating system CSCI. The software life cycle is the period of time that begins when a software product is conceived and ends when the software is no longer available for use. high-speed data reduction and analysis. archiving. reviews and audits. and software acceptance support. automatic data-size detection. high-speed data storage. media control. conventions. automatic data-rate detection. techniques. code control. shutdown. The SQAP in its entirety applies to the command and control system and its four CSCIs. and metrics. system qualification testing. and automated interfaces to the data management CSCI and operating system CSCI. built-in-test. • Data Processing CSCI: The data processing CSCI provides key functions such as real-time and non-real-time data processing. documentation. software requirements analysis. records collection. The management. initialization. automatic data-size detection. the software life cycle is a collection of interrelated activities or software processes for managing and developing software-based products and services. -2- . More specifically.automatic command and control system execution. shutdown. test. software qualification testing. data-rate detection. and risk management requirements of the SQAP apply to the command and control system software. system integration. manual control. 1.0 REFERENCE DOCUMENTS This section shall provide a complete list of documents referenced elsewhere in the text of the SQAP. software integration. initialization. high-speed data collection.

program structure. the IEEE Standard for Software Quality Assurance Plans. UML is a graphically and visually oriented diagramming standard for representing analytical models of software requirements and software designs.1-1989 (IEEE Standard for Software Quality Assurance Plans): The purpose of this standard is to provide uniform. • ANSI/IEEE STD 828-1990 (IEEE Standard for Software Configuration Management Plans): The purpose of this standard is to establish the minimum required contents of SCM plans and activities which include the identification and establishment of baselines. • DI-IPSC-81433-941205 (MIL-STD-498 Software User Manual Data Item Description): The purpose of this DID is to tell a hands-on software user how to install and use a CSCI. readability. the tracking and reporting of such changes. • OMG Version 1. It may also cover a particular aspect of software operation.10-October 1995 (Ada 95 Quality and Style: Guidelines for Professional Programmers): The purpose of this document is to provide software source code style and coding guidelines for the Ada 95 computer programming language. • SPC-94093-CMC Version 01. or a software system or subsystem. and the IEEE Standard for Software Life Cycle Processes. • ANSI/IEEE STD 1058. the review. the IEEE Standard for Reviews and Audits. • ANSI/IEEE STD 1028-1988 (IEEE Standard for Software Reviews and Audits): The purpose of this standard is to provide definitions and uniform requirements for review and audit processes.00. approval. including requirements for source code presentation. which serve as controlling documents for managing software projects. minimum acceptable requirements for software activities. software records. and the control of interface documenation and project supplier SCM. and software joint reviews.1-1987 (IEEE Standard for Software Project Management Plans): The purpose of this standard is to prescribe the format and content of software project management plans. minimum acceptable requirements for preparation and content of Software Quality Assurance Plans (SQAPs). • IEEE/EIA 12207. • ANSI/IEEE STD 730. programming -3- . a group of related CSCIs. software products. define minimum V&V tasks. • ANSI/IEEE STD 1012-1986 (IEEE Standard for Software Verification and Validation Plans): This purpose of this standard is to provide uniform and minimum requirements for the format and content of SVVPs.0-1996 (IEEE Standard for Software Life Cycle Processes): The purpose of this standard is to provide uniform.The reference documents which the SQAP is principally based upon consist of three documents. and suggest optional V&V tasks. the audits and reviews of the evolving software product. and control of changes. such as instructions for a particular position or task.3-June 1999 (OMG Unified Modeling Language Specification): The purpose of this standard is to serve as a precise and self-consistent definition of UML semantics and notation. software technical reviews.

• Gabryelski. Miller.. function declarations. T. • Sun Microsystems.W. compound statements. 1998 (W3C Style Guide for Online Hypertext): The purpose of this document is to provide software source code style and coding guidelines for the HTML computer programming language. concurrency. Elliot.. variables. lint.. statements.A. Equipments. W3C. T. 1997 (Wildfire C++ Programming Style: With Rationale): The purpose of this document is to provide software source code style and coding guidelines for the C++ computer programming language. ANSI C. L.. • BL.... portability. E. K.H. file organization. L. control and user interface standards. including requirements for markup tags.0b-October 2000 (PSM Practical Software and Systems Measurement: A Foundation for Objective Project Management): The purpose of this document is to introduce software process and product measurement guidelines for managing system and software projects.practices. Mitze. keyword reference. 2000 (Visual Basic Style Guide): The purpose of this document is to provide software source code style and coding guidelines for the Visual Basic computer programming language. Schan. Keppel. declarations. Inc. miscellaneous. simple statements. • Cannon. Revision 6. and programming practices. Kirchhoff. including requirements for declaration standards. header file content.W. naming conventions. including requirements for files. preprocessor. and -4- . including requirements for file organization. Files include file naming conventions. Inc. identifier naming conventions. • Patrick. and database standards. portability. Wittington. reusability object-oriented features.. inline images.. and interaction with C. comments. linking. tables. statements. J. M. functions. Spencer. comments. 20-APR-99 (Sun Code Conventions for the Java Programming Language): The purpose of this document is to provide software source code style and coding guidelines for the Java computer programming language. Prentice Hall.. and improving performance.W.. including requirements for file names. special considerations. declarations. to include broad classes of software measures.O. Milner. indentation.. 25-June-1990 (Indian Hill C Style and Coding Standards): The purpose of this document is to provide software source code style and coding guidelines for the C computer programming language.M. and Computer Software): The purpose of this standard is to prescribe the requirements for the conduct of technical reviews and audits on systems.0. N. types. whitespace.P. debugging. H. macros. Wildfire Communications. equipments. character formatting. file organization. D. conditional compilation. and fill-out forms. white space. operators. and Brader. using white space. R. • MIL-STD-1521B-4 June 1985 (Military Standard for Technical Reviews and Audits for Systems. and practical examples. • DoD and US Army Version 4. make. guidelines for application. and project-dependent standards. J. naming conventions. and source file content. constants. R.

software test cases.1. 3. and. • Software Engineering: Software engineering is the collection of individuals (both managers and technical staff) who have responsibility for software development and maintenance activities (i. Organizational dependence or independence of the elements responsible for SQA from those responsible for software development and use shall be clearly described or depicted. SCM which is responsible for controlling software baselines. This shall include a description of each major element of the organization together with the delegated responsibilities..computer software. code. by the application of software test plans. 3. and test) for a project. and the software engineering process group. and responsibilities.e. 3. and has been designed to take advantage of current technological advancement and management procedures in conducting reviews and audits. the software configuration management group. design. • Software Testing: Software testing is a process of dynamically operating.1 Organizational Structure The organizational structure to which the SQAP applies consists of software engineering. and SCM processes. software testing. requirements analysis. are not included in the software engineering group. such as the software quality assurance group. and evaluating CSCIs to ensure that they meets their software requirements. SCM. and test reports.0 MANAGEMENT This section shall describe organization. Groups performing software-related work. executing. -5- . 3. software testing which is responsible for evaluating the software. SQA itself. more specifically. and SQA which is responsible for evaluating the software engineering. software test designs.1. software testing.1 Organization This paragraph shall depict the organizational structure that influences and controls the quality of the software. software test procedures.2 Organizational Description The organizational description to which the SQAP applies consists of software engineering which is responsible for software development. exercising. tasks.

-6- . or the software engineering functional manager. software coding and testing. Furthermore. and verify compliance with specified requirements. and reporting channels between software engineering. software qualification testing. system architectural design. software requirements analysis. for computer software configuration items (CSCI) of a system or segment of a system. (2) A set of activities designed to evaluate the process by which software work products are developed and/or maintained. SQA is not functionally subordinate to software engineering. 3. 3. and software acceptance support. • SQA: SQA is defined as a (1) A planned and systematic pattern of all actions necessary to provide adequate confidence that a software work product conforms to established technical requirements. system qualification testing. responsibility. status. schedule. Primarily. objectivity.• SCM: SCM is a discipline applying technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item. the software project lead. system integration. functional organization.1 Software Life Cycle The software life cycle phases to which the SQAP applies include system requirements analysis. The sequence of the tasks shall be indicated.1.2. and authority from software engineering in order to maintain independence. quality. for later use by system architectural design. SCM. and thus maintains independent power. SQA does not report to the system project or program manager in order to further propagate the integrity of SQA independence and protect SQA software process evaluation activities and results from the cost. 3. (b) the tasks to be performed with special emphasis on software quality assurance activities.3 Organizational Independence The organizational independence of SQA consists of a mutually exclusive chain of authority. software detailed design. software architectural design. software engineering reports to a software project lead and the software engineering functional manager. and delivery pressures of software projects. software integration. and especially SQA. software installation. and (c) the relationships between these tasks and the planned major check-points. software testing. and integrity of SQA activities. • System Requirements Analysis Phase: System requirements analysis is the process of developing system-level requirements.2 Tasks This paragraph shall describe (a) that portion of the software life cycle covered by the SQAP. control changes to those characteristics. record and report change processing and implementation status.

for a system or segment of a system. for a CSCI of a system or segment of a system. • Software Architectural Design Phase: Software architectural design is the process of transforming software requirements into a top-level software design consisting of computer software components (CSC). -7- .Software Activity System System Software Software Requirements Architectural Requirements Architectural Analysis Design Analysis Design Software Detailed Design Software Coding and Testing Software Integration Software Qualification Testing System Integration System Qualification Testing Software Installation Software Acceptance Support Software Product • SRS • SARAD SRD • UDD • DDD (p) SAD • SIDD (p) • TVPL • UDD (u) • • DDD (d) SDD • SIDD (d) • TVPL (u) • UDD (u) • • DDD (u) TVPL (u) • TVPR • UDD (u) • TVRR • • SOIP TVPR (u) • UDD (u) • TVRR • • UDD (u) SIAR • TVRR • • • • TVPR (u) TVRR • TVRR • SIP • TVRR Technical Review • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection • Walkthru • Inspection Software Record • SYRER • SYAER • SORER • SOAER • DDER EOCR SCTRER • SCR • • • SIER • • DER SCR • SQTER SCR SER • SQTARR • • • SIRR • SCR Joint Review System/ Subsystem Requirements Review System/ Subsystem Design Review Software Requirements Review Software Preliminary Design Review Software Critical Design Review Software Test Readiness Review Software Test Results Review System Test Readiness Review System Test Results Review Software Usability Review Software Maintenance Review PLAN (3) SIP SOIP TVPL Software Installation Plan Software Integration Plan Test or Validation Plan SPECIFICATION (1) SRS System Requirements Specification DESCRIPTION (7) DDD SAD SARAD SDD SIDD SRD UDD Database Design Description Software Architecture Description System Architecture and Requirements Allocation Description Software Design Description Software Interface Design Description Software Requirements Description User Documentation Description PROCEDURE (1) TVPR Test or Validation Procedures SIAR TVRR REPORT (2) Software Integration Audit Report Test or Validation Results Report RECORD (14) DDER DER EOCR SCR SCTRER SER SIER SIRR SOAER SORER SQTARR SQTER SYAER SYRER Detailed Design Evaluation Record Documentation Evaluation Record Executable Object Code Record Source Code Record Software Code and Test Results Evaluation Record System Evaluation Record Software Integration Evaluation Record Software Installation Results Record Software Architecture Evaluation Record Software Requirements Evaluation Record System Qualification Test Audit Results Record System Qualification Test Evaluation Record System Architecture Evaluation Record System Requirements Evaluation Record (p)—preliminary. (u)—updated • System Architectural Design Phase: System architectural design is the process of transforming the system-level requirements into an architectural design. for later use by software architectural design. (d)—detailed. • Software Requirements Analysis Phase: Software requirements analysis is the process of developing software requirements. for a CSCI of a system or segment of a system. for later use by software requirements analysis. including its operational and support environments. for later use by software detailed design.

software architectural design. software products. for later use by software coding and unit testing. There are SQA activities for each of the twelve software life cycle phases. system architectural design. for later use by software acceptance support. and software records of the software life cycle phases for conformance to software process and software product standards. including system requirements analysis. for later use by system qualification testing. for later use by software qualification testing. • System Qualification Testing Phase: System qualification testing is the process of dynamically evaluating integrated CSCIs and HWCIs of a system or segment of a system. plans. procedures. for later use by system integration. for CSCIs of a system or segment of a system. test cases. for later use by software integration. technical reviews. • System Integration Phase: System integration is the process of combining and evaluating CSCIs and HWCIs of a system or segment of a system. 3. • Software Installation Phase: Software installation is the process of transporting and installing software associated with a system or a segment of a system from the development environment to the target environment. • Software Integration Phase: Software integration is the process of combining and evaluating the CSUs that have been implemented and unit tested. for later use by software installation. software -8- . and work instructions. • Software Coding and Testing Phase: Software coding and testing is the process of transforming the software detailed design—CSUs—into computer software. • Software Acceptance Support Phase: Software acceptance support is the process of assisting customers and end-users dynamically evaluate a system or segment of a system.2 SQA Activities The SQA activities principally consist of auditing the software activities. using installation policies. for a CSCI of a system or segment of a system.• Software Detailed Design Phase: Software detailed design is the process of decomposing the software architectural design into an increasingly detailed hierarchy of computer software units (CSU).2. software requirements analysis. for a CSCI of a system or segment of a system. and test procedures. using test cases and test procedures based on system-level requirements. that have undergone individual software and hardware qualification testing. for a CSCI of a system or segment of a system. in order to determine to whether or not to accept the system from the developer. • Software Qualification Testing Phase: Software qualification testing is the process of dynamically evaluating computer software using test cases and test procedures based on CSCI-level software requirements. software detailed design. using acceptance test plans.

walkthrough standard. walkthrough standard. and TVRR. and inspection standard. SID (p). SID (p). walkthroughs of the SOIP. and inspections of the SARAD for conformance to the system architectural design activity standard. TVPR. UDD (u). and inspections of the DDD (p). TVPL. and inspection standard. DDD (u). TVPL. walkthroughs of the DDD (d). UDD (u). SRD. and UDD (u). SRS. SID (p). SARAD. TVPL (u). TVPR. TVPR. and TVRR. TVPL (u). SDD. TVPR (u). SRS document standard. and TVRR. UDD (u). and UDD (u). • Software Architectural Design Phase: The SQA activities for the software architectural design phase include auditing the software architectural design activities. and UDD (u) document standards. DDD (p). and inspections of the DDD (u). • System Architectural Design Phase: The SQA activities for the system architectural design phase include auditing the system architectural design activities. walkthroughs of the DDD (u). DDD (d). and TVRR. walkthrough standard. SIDD (d). and inspection standard. walkthrough standard.coding and testing. walkthroughs of the DDD (p). • System Requirements Analysis Phase: The SQA activities for the system requirements analysis phase include auditing the system requirements analysis activities. and UDD (u). • Software Detailed Design Phase: The SQA activities for the software detailed design phase include auditing the software detailed design activities. • Software Requirements Analysis Phase: The SQA activities for the software requirements analysis phase include auditing the software requirements analysis activities. and inspection standard. UDD (u). SDD. -9- . and inspections of the SRS for conformance to the system requirements analysis activity standard. TVPL. walkthrough standard. and UDD (u) document standards. TVPL (u). walkthrough standard. SIDD (d). SIDD (d). TVPL (u). system qualification testing. • Software Coding and Testing Phase: The SQA activities for the software coding and testing phase include auditing the software coding and testing activities. DDD (u). TVPR. and TVRR document standards. system integration. TVPL (u). TVPL (u). and inspection standard. • Software Integration Phase: The SQA activities for the software integration phase include auditing the software integration activities. software installation. TVPL (u). TVPL. software qualification testing. DDD (p). software integration. TVPR (u). SRD and UDD document standards. and inspection standard. DDD (d). UDD. SAD. SID (p). and inspections of the SRD and UDD for conformance to the software requirements analysis activity standard. walkthroughs of the SARAD. SARAD document standard. and software acceptance support. walkthroughs of the SRD and UDD. TVPL (u). and inspections of the DDD (d). and TVRR for conformance to the software coding and testing activity standard. SAD. SDD. SOIP. and UDD (u) for conformance to the software architectural design activity standard. and UDD (u). SAD. and UDD (u) for conformance to the software detailed design activity standard. SIDD (d). walkthroughs of the SRS. and inspections of the SOIP. SDD. UDD (u). SAD. UDD (u).

and inspection standard. SIAR. software critical design review. TVPR (u). and inspections of the TVRR for conformance to the system integration activity standard. TVRR. system test readiness review. TVRR document standard. SIAR. SQA audits of system requirements analysis activities. which immediately follows the system requirements analysis phase. software usability review.2. TVRR. UDD (u). • Software Installation Phase: The SQA activities for the software installation phase include auditing the software installation activities. and TVRR document standards. the SRS. and inspection standard.TVPR (u). and SRS inspections shall occur before SSRR commences. and inspection standard. walkthroughs of the UDD (u). and inspection standard. SRS walkthroughs. SIP. • System Qualification Testing Phase: The SQA activities for the system qualification testing phase include auditing the system qualification testing activities. UDD (u). SIAR. walkthrough standard. 3. and inspection standard. TVPR (u) and TVRR. walkthrough standard. SOIP. walkthroughs of the TVRR. • System/Subsystem Requirements Review (SSRR): External review techniques include a system/subsystem requirements review (SSRR). SIAR. TVRR document standard. and TVRR. walkthroughs of the TVPR (u) and TVRR. software preliminary design review. • Software Acceptance Support Phase: The SQA activities for the software acceptance support phase include auditing the software acceptance support activities.10 - . and inspections of the TVRR for conformance to the system integration activity standard. UDD (u). and TVRR for conformance to the software integration activity standard.3 Milestones The milestones which follow the SQA activities include the system/subsystem requirements review. walkthrough standard. and the software maintenance review. and inspections of the TVPR (u) and TVRR for conformance to the system integration activity standard. software test readiness review. . system test results review. and inspections of the SIP for conformance to the system integration activity standard. • Software Qualification Testing Phase: The SQA activities for the software qualification testing phase include auditing the software qualification testing activities. walkthroughs of the SIP. and inspection standard. and TVRR. and TVRR document standards. walkthrough standard. walkthrough standard. system/subsystem design review. UDD (u). TVPR (u) and TVRR document standards. • System Integration Phase: The SQA activities for the system integration phase include auditing the system integration activities. walkthrough standard. SIP document standard. software test results review. walkthroughs of the TVRR. software requirements review. and TVRR for conformance to the software qualification testing activity standard. and inspections of the UDD (u).

TVPR. and UDD (u). DDD (d). TVRR. SIAR.• System/Subsystem Design Review (SSDR): External review techniques include a system/subsystem design review (SSDR). SID (p). and TVPR (u) inspections shall occur before SOTRR commences. and UDD (u) walkthroughs. and UDD (u) inspections shall occur before SCDR commences. UDD (u). and UDD (u) inspections shall occur before SPDR commences. and UDD (u). • Software Test Readiness Review (SOTRR): External review techniques include a software test readiness review (SOTRR). SQA audits of system integration activities. SQA audits of system architectural design activities. SAD. TVPL. and DDD (u). SAD. and TVPR (u). SID (p). SIDD (d). SRD and UDD walkthroughs. SIAR. DDD (p). the SRD and UDD. which immediately follows the software detailed design phase. and TVPR (u) walkthroughs. TVPR. SQA audits of software architectural design activities. • Software Requirements Review (SRR): External review techniques include a software requirements review (SRR). . which immediately follows the software integration phase. and TVRR inspections shall occur before SOTRER. and DDD (d). SOIP. SIAR. SQA audits of software requirements analysis activities. TVRR. UDD (u). SID (p). the DDD (p). SOIP. TVPL. TVPL (u). the DDD (d). SARAD walkthroughs. SDD. • Software Critical Design Review (SCDR): External review techniques include a software critical design review (SCDR). • Software Test Results Review (SOTRER): External review techniques include a software test results review (SOTRER). and DDD (p). the UDD (u). DDD (u). and UDD (u) walkthroughs. SQA audits of software qualification testing activities. TVPR. the DDD (u). and TVPR (u) and TVRR inspections shall occur before SYTRR. SDD. the SARAD. which immediately follows the software qualification testing phase. which immediately follows the system integration phase. TVPR (u) and TVRR walkthroughs. TVPL (u). and UDD (u). UDD (u). TVRR.11 - . • Software Preliminary Design Review (SPDR): External review techniques include a software preliminary design review (SPDR). SQA audits of software detailed design activities. SDD. SQA audits of software coding and testing activities and software integration activities. TVPL. • System Test Readiness Review (SYTRR): External review techniques include a SYTRR. which is necessary to successfully conclude the system architectural design phase. SOIP. and SARAD inspections shall occur before SSDR commences. TVPL (u). the TVPR (u) and TVRR. SAD. TVPL (u). UDD (u). and TVRR. SIDD (d). TVPL (u). and SRD and UDD inspections shall occur before SRR commences. TVPL (u). which immediately follows the software requirements analysis phase. SIDD (d). and TVRR walkthroughs. which immediately follows the software architectural design phase.

and SIP inspections shall occur before SUR. SQA shall audit the . and TVRR inspections shall occur before SYTRR. • Software Maintenance Review (SMR): External review techniques include a software usability review (SUR). SQA shall audit the software products. • Software Usability Review (SUR): External review techniques include a software usability review (SUR). software requirements analysis. software qualification testing. software detailed design. the TVRR. and inspections of the software work products for conformance to software activity standards. system integration.3 Responsibilities This paragraph shall identify the specific organizational elements responsible for each task. system architectural design. The responsibilities of SQA shall include auditing the software processes and software products of the software life cycle for conformance to software process and software product standards. SQA audits of the system qualification testing activities. SQA audits of the software acceptance support activities. software coding and testing.2 Software Work Products The responsibilities of SQA shall include auditing the software work products for each of the twelve software life cycle phases for conformance to software work product standards. which include each of the 31 software work products resulting from each of the twelve software activities for conformance to software work product standards. which immediately follows the software installation phase. software integration. SQA shall audit the system requirements analysis. which immediately follows the software installation phase. and TVRR inspections shall occur before SMR. the SIP.3. 3.• System Test Results Review (SYTRER): External review techniques include a system test results review (SYTRER). TVRR walkthroughs. TVRR walkthroughs. SQA shall audit the software processes.1 Software Activities The responsibilities of SQA shall include auditing the software activities for each of the twelve software life cycle phases for conformance to software activity standards.12 - . software architectural design. which immediately follows the system qualification testing phase. SIP walkthroughs.3. 3. system qualification testing. software installation. SQA shall audit the SRS resulting from the system requirements analysis activity. walkthrough standards. and software acceptance support activities. walkthroughs of the software work products. and inspection standards. which include the software activities themselves. SQA audits of the software installation activities. 3. the TVRR.

SQA shall audit the TVRR of the software acceptance support activity. 3. SQA shall audit walkthroughs of the UDD (u). SAD.13 - . and UDD (u) resulting from the software detailed design activity. SQA shall audit walkthroughs of the SOIP. SQA shall audit inspections of the DDD (u). SQA shall audit walkthroughs of the SARAD resulting from the system architectural design activity. UDD (u). SIDD (d).3 Walkthroughs Software Work Products The responsibilities of SQA shall include auditing walkthroughs of software work products for each of the twelve software life cycle phases for conformance to walkthrough standards. SQA shall audit inspections of the DDD (p).SARAD resulting from the system architectural design activity. SQA shall audit the SIP of the software installation activity. and TVRR resulting from the software integration activity. SQA shall audit the DDD (p). SIDD (d). and UDD (u) resulting from the software architectural design activity. and TVRR resulting from the software integration activity. TVPL (u). and UDD (u) resulting from the software architectural design activity. SQA shall audit inspections of the SRS resulting from the system requirements analysis activity. TVPR.3. SIDD (p). SDD. SQA shall audit the UDD (u). SQA shall audit inspections of the SARAD resulting from the system architectural design activity. SAD. 3. SIAR. And. SIDD (p). SQA shall audit the SOIP. UDD (u). TVPR. UDD (u). and UDD (u) resulting from the software architectural design activity. SQA shall audit walkthroughs of the DDD (u).4 Inspections of Software Work Products The responsibilities of SQA shall include auditing inspections of software work products for each of the twelve software life cycle phases for conformance to inspection standards. TVPR (u). SQA shall audit walkthroughs of the TVRR of the system qualification testing activity. SQA shall audit walkthroughs of the SRD and UDD resulting from the software requirements analysis activity. SQA shall audit the TVRR of the software acceptance support activity. SQA shall audit the DDD (d). TVPL (u). TVPL (u). SQA shall audit inspections of the DDD (d). SQA shall audit the SRD and UDD resulting from the software requirements analysis activity.3. SAD. SIDD (d). and TVRR resulting . TVPL (u). TVPL (u). TVPR. and TVRR resulting from the software coding and testing activity. SQA shall audit inspections of the SRD and UDD resulting from the software requirements analysis activity. SDD. SQA shall audit walkthroughs of the DDD (d). SQA shall audit walkthroughs of the SRS resulting from the system requirements analysis activity. SQA shall audit the TVPR (u) and TVRR of the system integration activity. and UDD (u) resulting from the software detailed design activity. and UDD (u) resulting from the software detailed design activity. TVPL. TVPR (u). UDD (u). TVPL. SIDD (p). SQA shall audit the DDD (u). TVPL (u). SDD. UDD (u). And. SQA shall audit walkthroughs of the SIP of the software installation activity. and TVRR resulting from the software coding and testing activity. SQA shall audit the TVRR of the system qualification testing activity. TVPL. and TVRR resulting from the software qualification testing activity. SIAR. SQA shall audit walkthroughs of the TVPR (u) and TVRR of the system integration activity. SQA shall audit walkthroughs of the DDD (p). and TVRR resulting from the software qualification testing activity.

And. or test. The software requirements description is used as the basis for design and qualification testing of a software item. performances. UDD (u).1 DOCUMENTATION Purpose This section shall perform the following functions: (1) Identify the documentation governing the development. for example.1 Software Requirements Document (SRD) The SRD shall clearly and precisely describe each of the essential requirements (functions.from the software coding and testing activity. and maintenance of the software. 4.14 - .2. and attributes) of the software and the external interfaces. This shall include the criteria and the identification of the review or audit by which the adequacy of each document shall be confirmed. SQA shall audit inspections of the SOIP. inspection. SQA shall conduct an audit of the SRD to verify the following properties: . the following documentation is required as a minimum: 4. Each requirement shall be defined such that its achievement is capable of being objectively verified and validated by a prescribed method. analysis. 4. TVPR (u). SQA shall audit the TVRR of the software acceptance support activity.2 Minimum Documentation Requirements To ensure that the implementation of the software satisfies requirements. (2) State how the documents are to be checked for adequacy. SQA shall audit inspections of the TVPR (u) and TVRR of the system integration activity. verification and validation. SQA shall audit inspections of the UDD (u). SQA shall audit inspections of the TVRR of the system qualification testing activity. and TVRR resulting from the software integration activity. SIAR. SQA shall audit inspections of the SIP of the software installation activity.0 4. with reference to Section 6 of the SQAP. use. The purpose of the software requirements description is to specify the requirements for a software item and the methods to be used to ensure that each requirement has been met. demonstration. and TVRR resulting from the software qualification testing activity. design constraints.

• Environmental conditions. • Functionality of the software item. • Installation and acceptance requirements of the delivered software product at the maintenance site(s). including installation-dependent data for adaptation needs. • Design and implementation constraints. • Software quality characteristics. • Human-factors engineering (ergonomics) requirements. • Safety specifications.15 - . • Installation and acceptance requirements of the delivered software product at the operation site(s). • Qualification requirements.• Generic description information. • Performance requirements. • Physical characteristics. environmental influences. . • System identification and overview. • Manual operations. • Areas that need concentrated human attention and are sensitive to human errors and training. including those related to methods of operation and maintenance. including those related to compromise of sensitive information. • User documentation requirements. and personnel injury. • User maintenance requirements. • User operation and execution requirements. • Requirements for interfaces external to software item. • Security and privacy specifications. • Data definition and database requirements. • Human-equipment interactions. • Constraints on personnel.

16 - . • Software component concept of execution. • Rationale for software architecture and component definition decisions. analysis.3 Software Verification and Validation Plan (SVVP) The SVVP shall identify and describe the methods (for example. SQA shall conduct an audit of the SAD to verify the following properties: • Generic description information.• Computer resource requirements. The purpose of the software architecture description is to describe the software item-wide design decisions and the software item architectural design. • Packaging requirements.2. • Rationale. • System overview and identification. The SAD shall describe the components and subcomponents of the software design.2. 4. • Precedence and criticality of requirements. The SAD shall be prepared first as the Preliminary SAD (also referred to as the Top-Level SAD) and shall be subsequently expanded to produce the Detailed SDD. . 4. including data bases and internal interfaces. • Resource limitations and the strategy for managing each resource and its limitation. • Requirements traceability. inspection. • Identification of software requirements allocated to each software component. • Software item architectural design.2 Software Architecture Description (SAD) The SAD shall depict how the software will be structured to satisfy the requirements in the SRD. including database and user interface design. • Software architecture general description. • Software component definition.

• Requirements phase V&V. for both critical and non-critical software. • Organization. and methodologies. • Design phase V&V. • Concept phase V&V. • Test phase V&V. or test) to be used: (1) To verify that (a) the requirements in the SRS have been approved by an appropriate authority.demonstration. specific minimum V&V tasks and their required inputs and outputs that shall be included in SVVPs. SQA shall conduct an audit of the SVVP to verify the following properties: • Purpose.17 - . when executed. • Responsibilities. • Life-cycle verification and validation. • Tools. (2) To validate that the code. The purpose of the software verification and validation plan is to provide. and suggest optional V&V tasks to be used to tailor SVVPs as appropriate for the particular V&V effort. for critical software. . • Verification and validation overview. techniques. • Referenced documents. and (c) the design expressed in the SDD is implemented in the code. uniform and minimum requirements for the format and content of SVVPs. define. • Management of V&V. complies with the requirements expressed in the SRS. • Master schedule. • Definitions. (b) the requirements in the SRS are implemented in the design expressed in the SDD. • Resources summary. • Implementation phase V&V.

and conventions. • Task iteration policy. • Interim results and status. • Deviation policy. • Description of V&V tasks performed. software coding and testing. software detailed design. and software acceptance support. . SQA shall conduct an audit of the SVVR to verify the following properties: • Task reporting. • Summary of task results.18 - .4 Software Verification and Validation Report (SVVR) The SVVR shall describe the results of the execution of the SVVP. software installation. software qualification testing.2. system architectural design. • Optional reports. software requirements analysis. • Verification and validation administrative procedures. 4. • Anomaly reporting and resolution. • Required reports. • Standards. software integration. system requirements analysis.• Installation and checkout phase V&V. • Summary of anomalies and resolution. software architectural design. • V&V phase summary report. system integration. practices. The purpose of the software verification and validation report is to summarize the results of V&V tasks performed in each of the software life cycle phases. • Operation and maintenance phase V&V. • Software verification and validation reporting. system qualification testing. • Control procedures.

options. • Software testing results. • Software quality assurance results. • Impact. guide. manual. • Anomaly report. • Summary.• Assessment of software quality. • Special studies report. • Assessment of overall software quality.. etc. • Description and location. • Software configuration management results. • V&V final report.5 User Documentation Description (UDD) User documentation (e. • Other reports. input sequences.2. • Summary of all life-cycle V&V tasks. • Approach. • Recommendations. • Purpose and objectives. and other activities or items necessary for successful execution of the software. • Recommendations. • Recomendations. • Cause. • Summary of anomalies and resolutions. • Criticality.19 - . program limitations.) shall specify and describe the required data and control inputs. 4. All error messages shall be identified and .g. • Summary of task results.

20 - . • Referenced documents. • System overview. • Security and privacy. • Software organization and overview of operation. (Embedded software that has no direct user interaction has no need for user documentation and is therefore exempted from this requirement. • Identification. SQA shall conduct an audit of the UDD to verify the following properties: • Scope. • Initiating a session. A method of describing user-identified errors or problems to the developer or the owner of the software shall be described. • Software environment. • Document overview. • Software application. • Access to the software. .) The purpose of the user documentation description is to record the planning and engineering information created during the development process that is of use to the users of the software product or service. • First-time user of the software. • Software inventory. • Equipment familiarization. • Contingencies and alternate states and modes of operation.corrective actions described. • Installation and setup. • Assistance and problem reporting. • Software summary. • Access control.

policies. and databases to support all software life cycle phases. and recording and reporting change implementation status. • Identifying configuration items.6 Software Configuration Management Plan (SCMP) The SCMP shall document methods to be used for identifying software items. support the software development and maintenance methodology that fits the software requirements. • Related processing. software interfaces. • Quick-reference guide. • Appendices. • Configuration identification. and emergencies. malfunctions. • Notes. • Processing reference guide. • SCM management. • Processing procedures.• Stopping and suspending work. • Messages. SQA shall conduct an audit of the SCMP to verify the following properties: • Introduction. • (Aspect of software use). • Conventions. 4. • Capabilities. • Data backup. releases.2. The purpose of the software configuration management plan is to provide a structure for identifying and controlling software documentation. tests. controlling and implementing changes. • Recovery from errors. . organization and management philosophy. software source code. and audits. change control. and support production of management and product information concerning the status of software baselines. standards.21 - .

• SCM plan maintenance. 4. • Configuration control. • Configuration audits and reviews.22 - . • Requesting changes. • Approving or disapproving changes.3.• Naming configuration items.3 Other Other documentation may include the following: (1) Software Development Plan (2) Standards and Procedures Manual (3) Software Project Management Plan (4) Software Maintenance Manual. SQA shall conduct an audit of the SPP to verify the following properties: . A software project plan defines the technical and managerial project functions. • Subcontractor/vendor control. • SCM schedules. activities. as defined in the project agreement. • Acquiring configuration items.1 Software Project Plan (SPP) The purpose of the software project plan is to serve as a controlling document for managing a software project. • Configuration status accounting. and tasks necessary to satisfy the requirements of a software project. • SCM resources. • Interface control. 4. • Evaluating changes. • Implementing changes.

warranty and licensing rights. including the software products. • Management of the quality characteristics of the software products or services (separate plans for quality may be developed). proprietary. security. the management of the areas of the project that involve technical. facilities. ownership.23 - . staffing. • Quality assurance. budgets. cost. approval. and reporting. including test environment. . • Engineering environment (for development.. prototype demonstrations and evaluations).e. operation or maintenance. • Project organizational structure showing authority and responsibility of each organizational unit. acceptance.e. including subcontractor selection and involvement between the subcontractor and the acquirer. • Software life cycle model. and schedules associated with the tasks. equipment.• Generic plan information for managing the project. including the approach for interfacing with the verification and validation agent. physical resources. implementation. • Configuration management (separate plans for configuration management may be developed). joint reviews. • Approval required by such means as regulations. • Management of safety. reporting. and schedule risks). • Subcontractor management. • Risk management (i. and tools. library. if specified. • Means for scheduling. modification and change. access to facilities).e.. usage. required certifications. • User involvement (i. requirements setting exercises. if any.. privacy. informal meetings. and other critical requirements of the software products or services (separate plans for safety and security may be developed).. • Security policy (i. procedures. audits. standards. software services and non-deliverable items to be performed. software size. • Work breakdown structure of the life cycle processes and activities. tracking. • Acquirer involvement (i. as applicable). • Verification and validation.e. the rules for need-to-know and access-to-information at each project organizational level). including external organizations. • Training of personnel.

SQA shall conduct an audit of the SRS to verify the following properties: • Generic specification information. • Operations and maintenance requirements. • System external interface requirements.3. • Computer resource requirements. • Physical requirements. • Design constraints and qualification requirements. organizational. • Computer communications requirements. including utilization requirements. • Computer hardware resource requirements. and logistics requirements.24 - . The system requirements specification is used as the basis for design and qualification testing of a system or subsystem. • Installation-dependent data requirements. • Personnel. security. • Safety. training. • System identification and overview. • Computer software requirements. • System quality characteristics. and user requirements. . • Internal data requirements. • Human-factors engineering (ergonomics) requirements. • Computer hardware requirements. • Requirements for the functions and performance of the system. • Required states and modes.4. and privacy protection requirements. • Business.2 System Requirements Specification (SRS) The purpose of the system requirements specification is to specify the requirements for a system or subsystem and the methods to be used to ensure that each requirement has been met. • System environmental requirements.

• Software item identification. SQA shall conduct an audit of the SARAD to verify the following properties: • Generic description information.4 Database Design Description (DDD) The purpose of the database design description is to describe the design of a database. a collection of related data stored in one or more computerized files in a manner that can be accessed by users or computer programs via a database management system.3 System Architecture and Requirements Allocation Description (SARAD) The purpose of the system architecture and requirements allocation description is to describe the architectural design of a system or subsystem.• Packaging requirements. The database design description may also describe the software units used to access or manipulate the data. that is. • Hardware item identification. • Precedence and criticality of requirements.3. 4. • System overview and identification. • Rationale.25 - . . physical). • Manual operations identification.. • Design of the database. conceptual. SQA shall conduct an audit of the DDD to verify the following properties: • Generic description information. • Database overview and identification. • Rationale for allocation of hardware items. logical. 4. • Concept of execution. and manual operations. software items. • Reference to design description of software used for database access or manipulation. The database design description is used as the basis for implementing the database and related software units.g. internal.3. including descriptions of applicable design levels (e.

• External-software item interface definition (e.• Rationale for database design.6 Test or Validation Plan (TVPL) The purpose of the test or validation plan is to describe plans for qualification testing of software items and software systems. SQA shall conduct an audit of the TVPL to verify the following properties: • Generic plan information. The test or validation plan describes the software test environment to be used for the testing. • Test classes. and analysis.. • Software unit identification.3. diagrams). • Software component identification. reduction. hardware item.. 4.3.5 Software Interface Design Description (SIDD) The purpose of the software interface design description is to describe the interface characteristics of one or more system. and provide schedules for test activities. .g..26 - .g. subsystem. source language. • Software component-software component interface definition (e. source language. • Test progression. The software interface design description may describe any number of interfaces. 4. • External interface identification. diagrams). • Test levels. source language. or other system component. • General test conditions.g. • Software item-software item interface definition (e. identify the tests to be performed. diagrams). manual operation. software item. • Data recording. SQA shall conduct an audit of the SIDD to verify the following properties: • Generic description information.

• Software unit-level requirements traceability. 4. SQA shall conduct an audit of the SDD to verify the following properties: • Generic description information. • Requirements traceability. . site. • Concept of execution.8 Test or Validation Procedures (TVPR) The purpose of the test or validation procedures is to describe the test preparations. • Reuse element identification. including algorithms and data structures.3.27 - . • Description of how the software item satisfies the software requirements.• Test coverage (breadth and depth) or other methods for assuring sufficiency of testing. • Rationale for software item design. • Software item input/output description. including items and their identifiers. • Requirements traceability. test cases. The software design description and the software architecture provide the detailed design needed to implement the software. and participating organizations. • Software component-level requirements traceability. personnel.3. The software design description may be supplemented by software item interface design and database design. 4. • Planned tests. including data flow and control flow. • Qualification testing environment.7 Software Design Description (SDD) The purpose of the software design description is to describe the design of a software item. • Test schedules. The test or validation procedures enable the acquirer to assess the adequacy of the qualification testing to be performed. and test procedures to be used to perform qualification testing of a software item or a software system or subsystem. • Static relationships of software units.

4. • System identification and overview. • Requirements traceability. • Test identifier. requirements. • Overview of test results. . The test or validation results report enables the acquirer to assess the testing and its results.9 Test or Validation Results Report (TVRR) The purpose of the test or validation results report is to provide a record of the qualification testing performed on a software item. • Test descriptions. • Generic procedure information. • Test objectives. and rationale. • Rationale for decisions. or other software-related item. • Criteria for evaluating results. • Requirements addressed. • Identification of test configuration. • Test preparations (hardware. • Expected test results.SQA shall conduct an audit of the TVPR to verify the following properties: • Test or Validation Procedures. • Overall assessment of the software tested. • Instructions for conducting procedure. a software system or subsystem. • Test input. SQA shall conduct an audit of the TVRR to verify the following properties: • Generic report information.3. • Prerequisite conditions. software.28 - . • Identification of test author. other) for each test.

• Test identifier. • Test data. • Problems encountered. SQA shall conduct an audit of the SIAR to verify the following properties: • Date of issue and status. • Issuing organization.3. • Scope.11 Software Integration Audit Report (SIAR) The purpose of the software integration audit report is to describe the results of an independent audit of software qualification testing activities and work products. • Deviations from test cases/procedures. • Test responsibilities.29 - . 4.3.10 Software Integration Plan (SOIP) The purpose of the software integration plan is to define the activities necessary to integrate the software units and software components into the software item. 4. • Test log. • Test schedule. • Test procedures.• Impact of test environment. • Test summary. SQA shall conduct an audit of the SOIP to verify the following properties: • Generic plan information. . • Test requirements. • Rationale for decisions. • Detailed test results.

• Support materials. SQA shall conduct an audit of the SIP to verify the following properties: • Scope. • Contact point.30 - . • Context. • Message. • Summary.• References. • Glossary. • Change history. and prepare the system or component for operational use.12 Software Installation Plan (SIP) The purpose of the software installation plan is to describe the information necessary to install a system or component. • Relationship to other plans. set initial parameters. • Contributors. • Referenced documents. • Conclusions and recommendations. • Document overview. • Body. • Bibliography. • Installation overview. • System overview. 4. . • Description. • Identification.3. • Introduction.

• Software inventory. • Installation procedures.31 - .0 5. • Data update procedures. (2) State how compliance with these items is to be monitored and assured. • Installation team.1 STANDARDS. CONVENTIONS. practices. PRACTICES. • Data update procedures. • Site-specific information for software center operations staff. • Facilities. • Schedule.2 Content The subjects covered shall include the basic technical. conventions and metrics to be applied. • Personnel. • Tasks. 5. • Installation procedures.• Training. • Site-specific information for software users. design. • Security and privacy protection. 5. • (Site name). • (Site name). • Schedule. AND METRICS Purpose This section shall: (1) Identify the standards. and programming activities .

32 - . Perhaps a better name would be “static structural diagram” but “class diagram” is shorter and well established. IEEE Standard for Software Configuration Management Plans. and even instances. Only the following documentation standards from the IEEE Standard for Software Life Cycle Processes shall be enforced by the SQAP. activity diagram. and testing. DDD. A class diagram is a graphic view of the static structural model. object diagram. the following information shall be provided: (1) Documentation standards (2) Logic structure standards (3) Coding standards (4) Commentary standards (5) Testing standards and practices (6) Selected software quality assurance product and process metrics such as: (a) Branch metric (b) Decision point metric (c) Domain metric (d) Error message metric (e) Requirements demonstration metric 5.2. variable and module naming. IEEE Standard for Software Verification and Validation Plans. and their relationships. MIL-STD-498 Software User Manual Data Item Description. relationships. packages. the SRS. such as classes.2 Logic Structure Standards The logic structure standard that shall be enforced by the SQAP is the OMG Unified Modeling Language. connected as a graph to each other and to their contents. sequence diagram. programming.involved. SIAR. and SIP. class diagram. collaboration diagram. such as documentation. SARAD. 5. SAD.1 Documentation Standards The documentation standards that shall be enforced by the SQAP are the IEEE Standard for Software Life Cycle Processes. • Class Diagram: A class diagram is a graph of classifier elements connected by their various static relationships. UDD. The following nine UML logic structure diagrams shall be enforced by the SQAP. SIDD. inspection. TVRR. TVPL. use case diagram. SDD. SRD. and deployment diagram. such as objects and links. As a minimum. and the IEEE Standard for Software Project Management Plans. SOIP. component diagram.2. A class diagram is a collection of (static) declarative model elements. statechart diagram. TVPR. Note that a “class” diagram may also contain interfaces. interfaces. Class diagrams may be organized into packages . The individual class diagrams do not represent divisions in the underlying model.

• Object Diagram: An object diagram is a graph of instances. • Use Case Diagram: A use case diagram shows the relationship among actors and use cases within a system. a use case may also have compartments displaying attributes and operations. to characterize a particular usage achievable in various ways.) Usually only time sequences are important. including objects and data values. as well as their required relationships given in a particular context. The top name compartment holds a list of attributes. As a classifier. A class represents a concept within the system being modeled. A use case diagram is a graph of actors. • Sequence Diagram: A sequence diagram presents an interaction. (The dimensions may be reversed. which is a set of messages between classifier roles within a collaboration to effect a desired operation or result. if desired. The name of a class has scope within the package in which it is declared and the name must be unique (among class names) within its package. generalizations between the actors. (See subsequent sections for details of the contents of a sequence diagram. A class is drawn as a solid-outline rectangle with three compartments separated by horizontal lines. a subsystem. The use of object diagrams is fairly limited. The diagram may also present an interaction. Mainly to show examples of data structures. but in real-time applications the time axis could be an actual metric.) • Collaboration Diagram: A collaboration diagram presents a collaboration. A sequence diagram has two dimensions: 1) the vertical dimension represents time and 2) the horizontal dimension represents different objects.33 - . extends. A use case is a kind of classifier representing a coherent unit of functionality provide by a system.” The phrase is useful. the bottom list compartment holds a list of operations. which defines a set of messages . it shows a snapshot of the detailed state of a system at a point in time. an the relationships between these elements. Class diagrams can contain objects. and includes among the use cases. The use cases may optionally be enclosed by a rectangle that represents the boundary of the containing system or classifier. Classes have data structure and behavior and relationships to other elements. Use case diagrams show actors and use cases together with their relationships. however. which contains a set or roles to played by objects. The use cases represent functionality of a system or a classifier. Objects can be grouped into “swimlanes” on a diagram. a set of use cases. An optional stereotype keyword may be placed above the name and a list of properties included below the name. There is no significance to the horizontal ordering of the objects. A static object diagram is an instance of a class diagram. The relationships are associations between the actors and the use cases. like a subsystems or a class. possibly some interfaces. as manifested to external interactors with the system or the classifier. or a class as manifested by sequences of messages exchanged among the system and one or more outside interactors (called actors) together with actions performed by the system. and generalizations.either with their underlying models or as separate packages that build upon the underlying model packages. so a class diagram with objects and no classes is an “object diagram. Tools need not support a separate format for object diagrams. Normally time proceeds down the page. A use case is show as an ellipse containing the name of the use case.

it may either show instances. • Statechart Diagram: A statechart diagram can be used to describe the behavior of a model element such as an objet or an interaction. and executable components. it may also include the communication stated by an interaction. or show classifier roles. actors. links. or classifier roles and association roles. A collaboration diagram can be given in two different forms: at instance level or at specification level. A collaboration is used for describing the realization of an operation or a classifier. subsystems. A collaboration diagram shows a graph of either objects linked to each other. Typically. The graphical rendering of this top state is optional. A statechart diagram is a graph that represents a state machine. and messages. or to the implementation of an operation. some exist at link time. The purpose of this diagram is to focus on flows driven by internal processing (as opposed to external events). Specifically. like a use case.. and stimuli. • Activity Diagram: An activity graph is a variation of a sate machine in which the states represent the performance of actions or subactivities and the transitions are triggered by the completion of the actions or subactivities. A collaboration which describes a classifier. • Component Diagram: A component diagram shows the dependencies among software components. operations. An activity diagram is a special case of a state diagram in which all (or at least most) of the states are action or subactivity states and in which all (or at least most) of the transitions are triggered by completion of the actions or subactivities in the source states. as well as ordinary associations attached to the classifier owning the operation. Use ordinary state diagrams in situations where asynchronous events occur. including source code components. it describes possible sequences of states and actions through which the element can proceed during its lifetime as a result of reacting to discrete events (e. but statecharts may also describe the behavior of other model entities such as use cases. A software module may be represented as a component stereotype. Use activity diagrams in situations where all or most of the events represent fhe completion of internally-generated actions (that is. States and various other types of vertices (pseudostates) in the state machine graph are rendered by appropriate state and pseudostate symbols. Note that every state machine has a top state which contains all the other elements of the entire state machine. it is used for describing the behavior of classes. references classifiers and associations in general. association roles. operations invocations).specifying the interaction between the objects playing the roles within a collaboration to achieve the desired result. It represents a state machine of a procedure itself. signals.g. while transitions are generally rendered by directed arcs that interconnect them. while a collaboration describing an operation includes the arguments and local variables of the operation. such as a use case. The entire activity diagram is attached (through the model) to a class. or methods. or to a package.34 - . binary code components. procedural flow of control). For a business. States may also contain sub-diagrams by physical containment or tiling. “software” components are taken in the broad sense to include business procedures and documents. some exist at run . Some components exist at compile time. Statechart diagrams represent the behavior of entities capable of dynamic behavior by specifying its response to the receipt of event instances.

time, and some exist at more than one time. A compile-only component is one that is only meaningful at compile time. The run-time component in this case would be an executable program. A component diagram has only a type form, not an instance form. To show component instances, use a deployment diagram (possibly a degenerate one without nodes). A component diagram is a graph of components connected by dependency relationships. Components may also be connected to components by physical containment representing composition relationships. A diagram containing component types and node types may be used to show static dependencies, such as compiler dependencies between programs, which are show as dashed arrows (dependencies) from a client component to a supplier component that it depends on in some way. The kinds of dependencies are implementation-specific and may be shown as stereotypes of the dependencies. As a classifier, a component may have operations and may realize interfaces. The diagram may show these interfaces and calling dependencies among components, using dashed arrows from components to interfaces on other components. • Deployment Diagram: Deployment diagrams show the configuration of run-time processing elements and the software components, processes, and objects that live on them. Software component instances represent run-time manifestations of code units. Components that do not exist as run-time entities (because they have been compiled away) do not appear on these diagrams, they should be show on component diagrams. For business modeling, the run-time processing elements include workers and organizational units, and the software components include procedures and documents used by the workers and organizational units. A deployment diagram is a graph of nodes connected by communication associations. Nodes may contain component instances. This indicates that the component lives or runs on the node. Components may contain objects, this indicates that the object resides on the component. Components are connected to other components by dashed-arrow dependencies (possible through interfaces). This indicates that one component uses the services of another component. A stereotype may be used to indicate the precise dependency, if needed. The deployment type diagram may also be used to show which components may reside on which nodes, by using dashed arrows with the stereotype support from the component symbol to the node symbol or by graphically nesting the component symbol within the node symbol. 5.2.3 Coding and Commentary Standards

The coding standards that shall be enforced by the SQAP include the SPC Ada 95 Quality and Style, Indian Hill C Style and Coding Standards, Wildfire C++ Programming Style, Visual Basic Style Guide, W3C Style Guide for Online Hypertext, and the Sun Code Conventions for the Java Programming Language. • SPC Ada 95 Quality and Style: The SPC Ada 95 Quality and Style includes requirements for source code presentation, readability, program structure, programming practices, concurrency, portability, reusability object-oriented features, and improving performance. Source code presentation includes code formatting. Readability includes spelling, naming conventions,

- 35 -

comments, and using types. Program structure includes high-level structure, visibility, and exceptions. Programming practices include optional parts of the syntax, parameter lists, types, data structures, expressions, statements, visibility, using exceptions, and erroneous execution and bounded errors. Concurrency includes concurrency options, communication, and termination. Portability includes fundamentals, numeric types and expressions, storage control, tasking, exceptions, representation clauses and implementation-dependent features, and input/output. Reusability includes understanding and clarity, robustness, adaptability, and independence. Object-oriented features include object-oriented design, tagged type hierarchies, tagged type operations, managing visibility, and multiple inheritance. Improving performance includes performance issues, performance measurement, program structure, data structures, algorithms, types, and pragmas. • Indian Hill C Style and Coding Standards: The Indian Hill C Style and Coding Standards include requirements for file organization, comments, declarations, function declarations, whitespace, simple statements, compound statements, operators, naming conventions, constants, macros, conditional compilation, debugging, portability, ANSI C, special considerations, lint, make, and project-dependent standards. • Wildfire C++ Programming Style: The Wildfire C++ Programming Style includes requirements for files, preprocessor, identifier naming conventions, using white space, types, variables, functions, statements, miscellaneous, and interaction with C. Files include file naming conventions, file organization, header file content, and source file content. Preprocessor includes macros and conditional compilation. Identifier naming conventions include general rules, identifier style, namespace clashes, and reserved namespaces. Using white space includes indentation, long lines, comments, block comments, single-line comments, and trailing comments. Types include constants, use of const, struct and union declarations, enum declarations, classes, class declarations, class constructors and destructors, automatically-provided member functions, function overloading, operator overloading, protected items, friends, friend classes, friend methods, and templates. Variables include placement of declarations, extern declaration, indentation of variables, number of variables per line, definitions hiding other definitions, and initialized variables. Functions include function declarations and function definitions. Statements include compound statements, if/else statements, for statements, do statements, while statements, infinite loops, empty loops, switch statements, goto statements, return statements, and try/catch statements. Miscellaneous includes general comments and rules, limits on numeric precision, comparing against zero, boolean, character, integral, floating point, pointer, use and misuse of inline, references versus pointers, and portability. Interaction with C includes ANSI-C/C++ include files, including C++ header files in C programs, including C header files in C++, and C code calling C++ libraries. • Visual Basic Style Guide: The Visual Basic Style Guide includes requirements for declaration standards, keyword reference, control and user interface standards, and database standards. Declaration standards include nomenclature standards, nomenclature for variables, nomenclature for constants, nomenclature for user-defined types, nomenclature for

- 36 -

enumerated data types, nomenclature for line labels, nomenclature for procedures, nomenclature for declares, nomenclature for user interface elements, nomenclature exceptions, instantiation standards, instantiation of variables, instantiation of constants, instantiation of user-defined types, instantiation of enumerated data types, instantiation of line lables, instantiation of procedures, instantiation of declares, declaration modifiers, global options, compiler directives, Visual Basic limitation on declaration, and data typing of literals. Keyword reference includes compiler directives, conversion functions, date and time features, declaration features, error handling and debugging features, file system features, financial features, flow control features, math features, miscellaneous features, operators, and string features. Control and user interface standards includes general considerations, communication, control interaction, documentation, and specific control information. Database standards include database design, nomenclature, normalization, database documentation, database usage, spreadsheet presentation, bound filed presentation, and form object presentation. • W3C Style Guide for Online Hypertext: The W3C Style Guide for Online Hypertext includes requirements for markup tags, character formatting, linking, inline images, tables, and fill-out forms. Markup tags include html, head, title, body, headings, paragraphs, lists, preformatted text, extended quotations, addresses, forced line breaks/postal addresses, and horizontal rules. Character formatting includes logical versus physical styles and escape sequences. Linking includes relative pathnames versus absolute pathnames, URLs, links to specific sections, and mailto. Inline images include image size attributes, aligning images, alternate text for images, background graphics, background color, and external images, sounds, and animations. Tables include table tags, general table format, and tables for nontabular information. • Sun Code Conventions for the Java Programming Language: The Sun Code Conventions for the Java Programming Language includes requirements for file names, file organization, indentation, comments, declarations, statements, white space, naming conventions, and programming practices. File names include file suffixes and common file names. File organization includes Java source files, beginning comments, package and import statements, and class and interface declarations. Indentation includes line length and wrapping lines. Comments include implementation comment formats, block comments, single-line comments, trailing comments, end-of-line comments, and documentation comments. Declarations include number per line, initialization, placement, and class and interface declarations. Statements include simple statements, compound statements, return statements, if, if-else, if else-if else statements, for statements, while statements, do-while statements, switch statements, and trycatch statements. White space includes blank lines and blank spaces. Programming practices include providing access to instance and class variables, referring to class variables and methods, constants, variable assignments, miscellaneous practices, parentheses, returning values, expressions before ‘?’ in the conditional operator, and special comments. 5.2.4 Testing Standards and Practices

- 37 -

• Software Qualification Testing Phase: Software qualification testing is the process of dynamically evaluating computer software using test cases and test procedures based on CSCI-level software requirements. The test or . and software acceptance support. and the TVRR. for a CSCI of a system or segment of a system. the TVPL. for later use by system qualification testing. system qualification testing. for later use by software installation. in order to determine to whether or not to accept the system from the developer. • System Qualification Testing Phase: System qualification testing is the process of dynamically evaluating integrated CSCIs and HWCIs of a system or segment of a system. for later use by software qualification testing. • Software Acceptance Support Phase: Software acceptance support is the process of assisting customers and end-users dynamically evaluate a system or segment of a system.38 - . • Software Integration Phase: Software integration is the process of combining and evaluating the CSUs that have been implemented and unit tested. for later use by software integration. and test procedures to be used to perform qualification testing of a software item or a software system or subsystem. software coding and testing. for a CSCI of a system or segment of a system. • Test or Validation Procedures (TVPR): The purpose of the test or validation procedures is to describe the test preparations. for CSCIs of a system or segment of a system.The testing standards and practices that shall be enforced by the SQAP are from the IEEE Standard for Software Life Cycle Processes. The test or validation plan describes the software test environment to be used for the testing. The following documentation standards from the IEEE Standard for Software Life Cycle Processes shall be enforced by the SQAP. • Software Coding and Testing Phase: Software coding and testing is the process of transforming the software detailed design—CSUs—into computer software. test cases. The following software activity standards from the IEEE Standard for Software Life Cycle Processes shall be enforced by the SQAP. that have undergone individual software and hardware qualification testing. system integration. • System Integration Phase: System integration is the process of combining and evaluating CSCIs and HWCIs of a system or segment of a system. and test procedures. for later use by system integration. test cases. using test cases and test procedures based on system-level requirements. using acceptance test plans. TVPR. software integration. • Test or Validation Plan (TVPL): The purpose of the test or validation plan is to describe plans for qualification testing of software items and software systems. software qualification testing. and provide schedules for test activities. identify the tests to be performed.

The test or validation results report enables the acquirer to assess the testing and its results. which is especially critical late in product development. Only six software process and product metrics have been selected from the PSM Practical Software and Systems Measurement Guide. code. or other software-related item. Productivity is also useful early in the project for estimate and baseline comparisons before actual productivity data is available. The measure provides information about the amount of money spent on a project or a product. 5. and process performance. easily understood measure. modified. • Software Cost (process): The cost measure counts budgeted and expended costs. and shall include software size (process). It can be categorized by activity as well as by product. This is a straightforward. and possible additional work.39 - . compared to budgets. The productivity measure compares the amount of product completed to the amount of effort expended.5 Software Process and Product Metrics The software process and product metrics that shall be enforced by the SQAP are defined by the PSM Practical Software and Systems Measurement guide. • Software Size (process): Physical size and stability measures quantify the physical size of a system or product. Size is a critical factor for estimating development schedules and costs. The effort measure counts the number of labor hours or number of personnel applied to all tasks. or deleted. required effort.2. This measure usually correlates directly with cost. This measure is a basic input to project planning and can evaluate whether performance levels are sufficient to meet cost and schedule estimates. and system test. and software quality (product). The lines of code measure counts the total amount of source code and the amount that has been added. software effort (process). measured in person-months. Lines of code is a well-understood software measure that helps in estimating project cost. unit test. a software system or subsystem. software cycle time (process). • Test or Validation Results Report (TVRR): The purpose of the test or validation results report is to provide a record of the qualification testing performed on a software item. • Software Cycle Time (process): Cycle time or duration is defined as the elapsed time in hours or months during which development effort proceeds without interruption. schedule. • Software Effort (process): Effort refers to develop effort—the effort required to design. but can also address other common issue areas including schedule and progress. software productivity (process). • Software Productivity (process): Productivity is the number of lines of source code produced per programmer-month (person-month) of effort. and productivity. Cycle time . These measures also provide information on the amount and frequency of change to products.validation procedures enable the acquirer to assess the adequacy of the qualification testing to be performed. software cost (process). Changes in the number of lines of code indicate development risk due to product size volatility.

or whether rework is being deferred. The number of defects indicates the amount of rework. (3) State what further actions are required and how they are to be implemented and verified. (2) State how the reviews and audits are to be accomplished. and Computer Software. software configuration management plan review. Eighteen technical and managerial reviews and audits shall be enforced by the SQAP as defined by the IEEE Standard for Software Quality Assurance Plans. The accumulation of all processes determines the total schedule to complete a project. functional configuration audit. The next eight reviews are from the IEEE Standard for Software Life Cycle Processes and Military Standard for Technical Reviews and . and priority of defects reported. status. Tracking the length of time that defects have remained open can be use to determine whether progress is being made in fixing defects.0 6. software preliminary design review.1 REVIEWS AND AUDITS Purpose This section shall: (1) Define the technical and managerial reviews and audits to be conducted. software verification and validation plan review. software critical design review. physical configuration audit. A defect density measure—an expression of the number of defects in a quantity of product—can be derived from this measure. • Software Quality (product): Quality or defect density is the number of software defects committ4ed per thousand lines of software source code.40 - . The defects measure quantifies the number. or documentation. Military Standard for Technical Reviews and Audits for Systems. Equipments. and the IEEE Standard for Software Reviews and Audits. 6. They include the software requirements review.1 Technical and Managerial Reviews and Audits The first ten technical and managerial reviews and audits are from the IEEE Standard for Software Quality Assurance Plans and the IEEE Standard for Software Reviews and Audits. a key objective in process improvement is to reduce overall cycle time. Usually. 6.1.measures the length of time that it takes a process to complete all associate activities. IEEE 12207. Arrival rates can indicate product maturity (a decrease should occur as testing is completed). in-process audits. The purpose of this section is to identify and define the technical and managerial reviews and audits that shall be enforced by the SQAP. software. Closure rates are an indication of progress. and has a direct impact on quality. Defect density can identify components with the highest concentration of defects. managerial reviews. and can be used to predict test completion. and post mortem review. It provides useful information on the ability of a supplier to find and fix defects in hardware.

Software quality assurance is directly responsible for executing the policies and procedures of only one of the three types of in-process audits. namely software engineers. 6. software quality assurance. and software maintenance review. software project personnel. Software project personnel. . software project personnel. walkthroughs and inspections. • Functional Configuration Audit (FCA): Software configuration management personnel are responsible for executing the policies and procedures of the FCA. and Computer Software.1. Software project personnel. the audit process itself. • Software Preliminary Design Review (SPDR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SPDR.41 - . are responsible for executing the policies and procedures of walkthroughs and inspections.2 Accomplishing Reviews and Audits The reviews and audits will be accomplished by the application of individual policies and procedures for each of the reviews and audits by software project managers. • Software Verification and Validation Plan Review (SVVPR): Software project managers. system/subsystem design review. namely software engineers.Audits for Systems. Equipments. Software configuration management is responsible for executing the policies and procedures associated with functional configuration audits and physical configuration audits. Software project managers are responsible for executing the policies and procedures associated with joint reviews. system test readiness review. software usability review. They include the system/subsystem requirements review. software verification and validation personnel. • Managerial Review: Software project managers and software project personnel are responsible for executing the policies and procedures of managerial reviews. • In-Process Audit: Software quality assurance personnel are responsible for executing the policies and the procedures of the audit process. and software configuration management are responsible for executing the policies and procedures of the SVVPR. are responsible for executing the policies and procedures for two of the three types of in-process audits. software configuration management personnel. software test readiness review. • Software Requirements Review (SRR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SRR. software test results review. • Physical Configuration Audit (PCA): Software configuration management personnel are responsible for executing the policies and procedures of the PCA. system test results review. and software quality assurance personnel. • Software Critical Design Review (SCDR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SCDR.

as well as audit process effectiveness. software verification and validation personnel. • Post Mortem Review: Software project managers.2 Minimum Requirements As a minimum.• Software Configuration Management Plan Review (SCMPR): Software project managers. shall be independently evaluated (other than by software quality assurance personnel). • Software Test Results Review (SOTRER): Software project managers and software project personnel are responsible for executing the policies and procedures of the SOTRER. software project personnel. • System/Subsystem Design Review (SSDR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SSDR. • System Test Results Review (SYTRER): Software project managers and software project personnel are responsible for executing the policies and procedures of the SYTRER. • Software Maintenance Review (SMR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SMR. software quality assurance. • System/Subsystem Requirements Review (SSRR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SCDR. and software configuration management are responsible for executing the policies and procedures of post mortem reviews. • Software Usability Review (SUR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SUR. 6. software project personnel. 6.1. • System Test Readiness Review (SYTRR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SYTRR. SQA shall audit each of the eighteen types of reviews and audits using the audit process itself (with the exception of the audit process).42 - . and software configuration management are responsible for executing the policies and procedures of the SCMPR. • Software Test Readiness Review (SOTRR): Software project managers and software project personnel are responsible for executing the policies and procedures of the SOTRR. Verification of the audit process.3 Implementing and Verifying Reviews and Audits Implementation and verification of the eighteen major types of reviews and audits shall be accomplished by audits performed by software quality assurance personnel. software quality assurance. the following reviews and audits shall be conducted: .

43 - .6. this review determines their compatibility with performance and engineering specialty requirements of the HWCI development specification. computer software.1 Software Requirements Review (SRR) The SRR is held to ensure the adequacy of the requirements stated in the SRS.2. consistency. facilities. this review focuses on the evaluation of the progress. or prime item level requirements. The SRR is a review of the finalized CSCI requirements and operational concept. External review techniques include a software preliminary design review (SPDR). This review is conducted for each configuration item or aggregate of configuration items to evaluate the progress.3 Software Critical Design Review (SCDR) The SCDR (also known as detailed design review) is held to determine the acceptability of the detailed software designs as depicted in the detailed software design description in satisfying the requirements of the SRD. SRD. For configuration items. and technical adequacy of the selected top-level design and test approach.2 Software Preliminary Design Review (SPDR) The SPDR (also known as top-level design review) is held to evaluate the technical adequacy of the preliminary design (also known as top-level design) of the software as depicted in the preliminary software design description. This review is conducted for each configuration . External review techniques include a software critical design review (SCDR). A successful SRR is predicated upon the contracting agency's determination that the COD.2. which immediately follows software architectural design. cost. technical adequacy. 6. which immediately follows software requirements analysis. For CSCIs. and risk resolution (on a technical. Finally this review establishes the existence and compatibility of the physical and functional interfaces among the configuration items and other items of equipment. compatibility between software requirements and preliminary design. External review techniques include a software requirements review (SRR). The SRR is conducted when CSCI requirements have been sufficiently defined to evaluate the contractor's responsiveness to and interpretation of the system. and personnel. and on the preliminary version of the operation and support documents.2. 6. which immediately follows software detailed design. and UDD form a satisfactory basis for proceeding into software architectural design. and schedule basis) of the selected design approach. subsystem. and evaluates the degree of definition and assesses the technical risk associated with the selected manufacturing methods/processes.

Resolving software V&V non-conformances consists of identifying. and schedule basis). 6. and assesses the results of the producibility analyses conducted on system hardware. computer software and personnel. Determining the effectiveness of software V&V consists of analyzing completion of SVVP tasks. cost. and software quality and reliability levels of the software work products themselves. this review focuses on the determination of the acceptability of the detailed design. The purpose of this review is to determine that the detailed design of the configuration item under review satisfies the performance and engineering specialty requirements of the HWCI development specifications.44 - .2. This review also establishes the detailed design compatibility among the configuration items and other items of equipment. and on the adequacy of the operation and support documents. and resolve software V&V non-conformances. The objective of the Functional Configuration Audit (FCA) shall be to verify that the configuration item's actual performance complies with its hardware Development or Software Requirements and Interface Requirements Specifications. facilities. and audits. Measuring compliance with the SVVP consists of conducting audits of software V&V activities to determine their compliance with policies and procedures. measure compliance with the SVVP. the SVVP meets the needs of the software project. walkthroughs.2.5 Functional Configuration Audit (FCA) This audit is held prior to the software delivery to verify that all requirements specified in the SRS have been met. and test characteristics of the design solution. For CSCIs. assesses configuration item risk areas (on a technical. and tracking the issues. monitoring. and ensuring their rapid resolution and closure. the purpose of this review is to review the preliminary hardware product specifications. inspections. The objective of the Software Verification and Validation Plan Review (SVVR) shall be to verify the SVVP conforms to software V&V standards. Verifying the SVVR meets the needs of the software project consists of conducting managerial reviews.4 Software Verification and Validation Plan Review (SVVPR) The SVVPR is held to evaluate the adequacy and completeness of the verification and validation methods defined in the SVVP. 6. walkthroughs. compliance levels of software V&V activities. and inspections of the SVVP to ensure that it meets the requirements as stated in software project plans and software requirements documents. Finally. Verifying the SVVP conforms to software V&V standards consists of conducting audits of the SVVP to ensure that it meets the requirements of the SVVP standard. actions. and non-conformances arising from managerial reviews. performance.item when detail design is essentially complete. determine the effectiveness of software V&V. Test data shall be reviewed to verify that the hardware or computer software performs as required by its functional/ allocated .

walkthroughs. the Computer System Diagnostic Manual (CSDM). technical data and tests utilized in production of HWCIs and a detailed audit of design documentation.configuration identification. For software.2. Computer System Operator's Manual (CSOM). all subsequent changes are processed by engineering change action.45 - .7 In-Process Audit In-process audits of a sample of the design are held to verify consistency of the design. The review shall include an audit of the released engineering documentation and quality control records to make sure the as-build or as-coded configuration is reflected by this documentation. Walkthroughs are informal design review meetings held principally by software project managers to elicit comments and feedback on their design solutions. For configuration items developed at Government expense. the Software Product Specification and Software Version Description shall be a part of the PCA review. After successful completion of the audit. specifications. Inspections are expertly facilitated evaluations of software products by domain experts. and inspections. software audits. and manuals for CSCIs.6 Physical Configuration Audit (PCA) This audit is held to verify that the software and its documentation are internally consistent and are ready for delivery. 6. For software. Software User's Manual (SUM).2. in or order to verify conformance to software process and product standards. The PCA also determines that the acceptance testing requirements prescribed by the documentation is adequate for acceptance of production units of a configuration item by quality assurance activities. 6. Software audits are independent evaluations of software activities and software work products by software quality assurance. namely software . an FCA shall be a prerequisite to acceptance of the configuration item. a technical understanding shall be reached on the validity and the degree of completeness of the Software Test Reports. The PCA includes a detailed audit of engineering drawings. and as appropriate. The Physical Configuration Audit (PCA) shall be the formal examination of the as-built version of a configuration item against its design documentation in order to establish the product baseline. listings. including: (1) Code versus design documentation (2) Interface specifications (hardware and software) (3) Design implementations versus functional requirements (4) Functional requirements versus test descriptions There are three types of in-process audits.

and/or safety hazards. and procedures. or technical lead that’s directly responsible for creating or designing a product. guidelines. while very complementary. Audits are performed in accordance with documented plans and procedures. a technical architecture. a detailed design. in order to identify defects. such as contracts. or technical leads. inspections are for technical experts to identify defects that must be corrected (but. specifications. non-conformances to requirements and specifications. requirements. In short. The report includes a list of the items in noncompliance or other issues for subsequent review and action. without the presence of managers. plans. walkthroughs are intended for managers to solicit design alternatives (without any mandatory action on behalf of the manager or product author). audit personnel evaluate software elements and the processes for producing them against objective audit criteria. non-conformances to numerical tolerances.2. to evaluate their conformance to requirements and identify software defects for mandatory correction. functional flow. and without any consideration of design alternatives.46 - . or procedures.8 Managerial Review . or solicit design alternatives). solicit a critique of the approach. • Inspection: An inspection is a highly structured and facilitated meeting in which independent technical experts analyze and examine each of the individual product characteristics one-byone. without any defense from the author or creator of the product. Software project manager walkthroughs are open forums for evaluating software designs.engineers. specifications. guidelines. and to any external organizations identified in the audit plan. and technical specialists (in order to defend the design concept. The audit plan establishes a procedure to conduct the audit and for follow-up action on the audit findings. and/or rationale and justification for selecting technologies. recommendations are reported in addition to the audit results. or any subjective improvements to the product’s design by the examiners (in order identify defects for later mandatory correction and enable early validation of the product using internal technical experts before it is delivered). The results of the audit are documented and are submitted to the management of the audited organization. • Software Audit: The objective of software auditing is to provide an objective compliance confirmation of products and processes to certify adherence to standards. or a specific solution to satisfy the product’s requirements or specifications. supervisors. with other managers. design critiques. In performing the audit. supervisor. operational and functional failures. not suggest design alternatives or subjective improvements to the product). to the entity initiating the audit. When stipulated by the audit plan. verbalizes the intended operational flow. 6. In short. and software engineering inspections are expert forums for directly improving software quality. engineers. nonconformances to standards. • Walkthrough: A walkthrough is an informal design review meeting in which the manager. and standards. SQA audits verify conformance to software process and product standards. The three types of in-process audits are each unique.

Verifying the SCMP meets the needs of the software project consists of conducting managerial reviews.2. and tracking the issues. or both. walkthroughs. Each problem areas identified by the review team is recorded. the SCMP meets the needs of the software project. walkthroughs. 6. determine the effectiveness of SCM. inspections. A management review is a formal evaluation of a project level plan or project status relative to that plan by a designated review team. Measuring compliance with the SCMP consists of conducting audits of SCM activities to determine their compliance with policies and procedures. based on an evaluation of product develop status. and ensuring their rapid resolution and closure. 6. and resolve SCM non-conformances.47 - . and non-conformances arising from managerial reviews. monitoring.2. (3) Maintaining global control of the project through adequate allocation of resources.10 Post Mortem Review The review is held at the conclusion of the project to assess the development activities . then an additional meeting shall be scheduled to complete the management review process. (2) Changing project direction nor to identify the need for alternative planning. The management review process can be applied to new development or to maintenance activities. Verifying the SCMP conforms to SCM standards consists of conducting audits of the SCMP to ensure that it meets the requirements of the SCMP standard. Determining the effectiveness of SCM consists of analyzing completion of SCMP tasks. These reviews shall be held by an organizational element independent of the unit being reviewed. actions. The objective of the Software Configuration Management Plan Review (SCMPR) shall be to verify the SCMP conforms to SCM standards.Managerial reviews are held periodically to assess the execution of all of the actions and the items identified in the SQAP. measure compliance with the SCMP. standards. and inspections of the SCMP to ensure that it meets the requirements as stated in software project plans and software requirements documents.9 Software Configuration Management Plan Review (SCMPR) The SCMPR is held to evaluate the adequacy and completeness of the configuration management methods defined in the SCMP. or by a qualified third party. compliance levels of SCM activities. and audits. During the review meeting the entire review team examines plans or progress against applicable plans. This review may require additional changes in the SQAP itself. and SCM integrity levels of the software work products themselves. Resolving SCM non-conformances consists of identifying. The objective of the management review is to provide recommendations for the following: (1) Making activities progress according to plan. When critical data and information cannot be supplied. and guidelines.

g. software project management and coordination.3. intergroup coordination.implemented on that project and to provide recommendations for appropriate actions. in a highly structured.2 System/Subsystem Design Review (SSDR) ... cost. cooperation. the technical and interpersonal strengths and weaknesses of individuals. and facilities management). and the allocation of personnel and facility resources (e. schedule accuracy. repeatable.48 - . and measurable fashion (in order to ensure that future projects proactively improve their performance).g. deliverables. if required. The objective of the SSRR is to ascertain the adequacy of the contractor’s efforts in defining system requirements.. activities. size. and critical computer resources). human resources. information systems. and groups. and most importantly the ability of the organization effectively organize and execute similar projects in the future (if at all). how well software project objectives were met. This review is held to evaluate the adequacy (e.3 Other Other reviews and audits may include the user documentation review (UDR). 6. the initial accuracy of quantitative estimates (e. communication.g. teams. completeness..g. correctness. the appropriate identification and mitigation of software risks. This review will not be conducted by S&IS if a system specification is not required or. appropriateness of work products. clarity. objectively. corporate infrastructure support (e. purchasing. and product quality. 6. and consistently evaluate the effectiveness of the software project upon its completion. SSRRs are inprocess reviews normally conducted during the system conceptual or validation phase. appropriateness of processes.1 System/Subsystem Requirements Review (SSRR) External review techniques include a system/subsystem requirements review (SSRR). and teamwork.3. effort. Evaluating the effectiveness of the software project also includes evaluating the effectiveness of any necessary replanning and corrective actions. It is conducted when a significant portion of the system functional requirements has been established. which immediately follows system requirements analysis. computers and software engineering tools). Such reviews may be conducted at any time but normally will be conducted after accomplishment of functional analysis and preliminary requirements allocation. and process quality. Evaluating the effectiveness of the software project includes evaluating the effectiveness of the software project plan. The objective of the project postmortem review is to formally. and usability) of user documentation. SSRRs are to determine initial direction and progress of the systems engineering management effort and the convergence upon an optimum and complete configuration. is provided by the government. 6.

the SOTRER shall be conducted (post physical configuration audit) during system testing whenever the necessary tests have been successfully completed to enable certification of configuration items.3. Basic manufacturing considerations are reviewed and planning for production engineering in subsequent phases is addressed. the SOTRER shall be combined with the functional configuration audit at the end of configuration item/subsystem testing.49 - . and for adequacy in accomplishing test requirements. 6. This review is conducted to evaluate the optimization.External review techniques include a system/subsystem design review (SSDR). which produced the allocated technical requirements and of the engineering planning for the next phase of effort. SOTRERs are held to resolve open issues regarding the results of software qualification testing. The objective of the SOTRER shall be to verify that the actual performance of the configuration items of the system as determined through test comply with the hardware development specification. This review is conducted for each CSCI to determine whether the software test procedures are complete and to assure that the contractor is prepared for formal CSCI testing. This review is conducted when the system definition effort has proceeded to the point where system characteristics are defined and the configuration items are identified. the contracting agency also reviews the results of informal software testing and any updates to the operation and support documents. If sufficient test results are not available at the functional configuration audit to insure the configuration items will perform in their system environment. which immediately follows software integration. and completeness of the SOTRER shall be maintained with the functional configuration audit and duplication of effort avoided. At SOTRR. risk aspects of the particular hardware and software. For noncombined functional configuration audit/SOTRERs. correlation. Also included is a summary review of the system engineering process. When feasible. and contractor progress in successfully verifying the requirements of the configuration items. software requirements and interface requirements specifications. and risks associated with the allocated technical requirements. and to identify the test report(s)/data which document results of qualification tests of the configuration items.3 Software Test Readiness Review (SOTRR) External review techniques include a software test readiness review (SOTRR). which is necessary to successfully conclude the system architectural design. The point of government certification will be determined by the contracting agency and will depend upon the nature of the program.3. 6. traceability. which immediately follows software qualification testing. A successful SOTRR is predicated on the contracting agency's determination that the software test procedures and informal test results form a satisfactory basis for proceeding into software qualification testing.4 Software Test Results Review (SOTRER) External review techniques include a software test results review (SOTRER). . prior to the physical configuration audit. correlation. completeness. Software test procedures are evaluated for compliance with software test plans and descriptions.

3. system requirements and interface requirements specifications.7 Software Usability Review (SUR) External review techniques include a software usability review (SUR). A successful SYTRR is predicated on the contracting agency's determination that the system test procedures and informal test results form a satisfactory basis for proceeding into system qualification testing. 6. status of training.” if applicable. The objective of the SYTRER shall be to verify that the actual performance of the configuration items of the system as determined through test comply with the hardware development specification. System test procedures are evaluated for compliance with system test plans and descriptions. If sufficient test results are not available at the functional configuration audit to insure the configuration items will perform in their system environment. traceability. This review is conducted for each system to determine whether the system test procedures are complete and to assure that the contractor is prepared for formal system testing. 6. and contractor progress in successfully verifying the requirements of the configuration items. SURs optionally involve conducting usability inspections. which immediately follows software installation. and for adequacy in accomplishing test requirements. prior to the physical configuration audit.6 System Test Results Review (SYTRER) External review techniques include a system test results review (SYTRER). and to identify the test report(s)/data which document results of qualification tests of the configuration items. the user and operator manuals. including “training software products. the contracting agency also reviews the results of informal system testing and any updates to the operation and support documents.3. and completeness of the SYTRER shall be maintained with the functional configuration audit and duplication of effort avoided. the SYTRER shall be combined with the functional configuration audit at the end of configuration item/subsystem testing. and then using these problems to make recommendations for fixing the problems and improving the usability of . correlation. the software version descriptions. When feasible. The point of government certification will be determined by the contracting agency and will depend upon the nature of the program. which immediately follows system qualification testing. risk aspects of the particular hardware and software. At SYTRR. SURs are held to resolve open issues regarding the readiness of the software for installation at user sites. and the status of installation preparations and activities. For noncombined functional configuration audit/SYTRERs. SYTRERs are held to resolve open issues regarding the results of system qualification testing. the SYTRER shall be conducted (post physical configuration audit) during system testing whenever the necessary tests have been successfully completed to enable certification of configuration items.5 System Test Readiness Review (SYTRR) External review techniques include a system test readiness review (SYTRR). which are aimed at finding usability problems in an existing user interface design. which immediately follows system integration.6.50 - .3.

developers. adaptability. new lines of business that need to be supported. and connectivity. the software maintenance manuals. if applicable. and repeatable user operations). Finally. discussing usability issues associated with dialogue elements involved in the scenario steps). expected upgrades for performance. usefulness of the system. standards inspections (increasing the degree to which a given user interface is similar to the user interfaces of competing products in the marketplace). the experience level of the maintenance staff. the software version descriptions. the rate of turnover and possible reasons for leaving.51 - . 7.the design. 6. and human factors people step through a scenario. and develop the software maintenance plan. formal usability inspections (a software inspection process used to identify defects in user interfaces). including transition of the software engineering environment. pluralistic walkthroughs (meetings where users. which immediately follows software acceptance support. and new technologies that need to be incorporated. any existing performance statistics.3. and their actual jobs. SMRs are also used to determine the necessary software maintenance process. including expected external or regulatory changes to the system. cognitive walkthroughs (checking to see if the user interface enables intuitive. both industry-wide and for the particular application. consistency inspections (evaluating user interface consistency across a family of products by designers from multiple projects). including age since being placed in production. and tools used to support the maintenance process and how they are used. their job descriptions. consistent. SMRs are used to determine the software maintenance requirements. and the status of transition preparations and activities. number and type of changes during life. SMRs are used to determine necessary software maintenance effort. correct.8 Software Maintenance Review (SMR) External review techniques include a software maintenance review (SMR). Usability inspections consist of heuristic evaluation (having usability specialists judge whether each dialogue element conforms to established usability principles). SMRs are held to resolve open issues regarding the readiness of the software for transition to the maintenance organization. guideline reviews (checking the user interface for conformance with a comprehensive list of usability guidelines).0 TEST This section shall identify all the tests not included in the SVVP for the software covered by the SQAP and shall state the methods to be used. types and number of requests received for changes. current written maintenance methods at the systems and program level. and feature inspections (used to verify that individual user interface functions conform to system requirements). the software product specifications. actual methods used by programming staff. wish-lists of new functions and features. quality and timeliness of documentation. number of maintainers. quantify the software maintenance effort. . expected internal changes to support new requirements.

as well as the test or validation procedures. This procedure shall begin with project system managers ensuring that software quality assurance is present on all software projects and end with independent experts reviewing the methods and frequency that software quality assurance will use to provide feedback to software engineering. software quality assurance participates in creation of software development plans. 8. is not the principal test plan. identify the tests to be performed. The SVVP. and documentation support.0 TOOLS. (2) State the specific organizational responsibilities concerned with their implementation. that shall be enforced by the SQAP. which are not covered by the SVVP. • Software Quality Assurance Policy and Procedure: This procedure establishes the guidelines by which software quality assurance prepares software quality assurance plans for software projects. and provide schedules for test activities. • Test or Validation Plan (TVPL): The purpose of the test or validation plan is to describe plans for qualification testing of software items and software systems.52 - . identification and definition of software testing methods shall be defined in the test or validation plan. software configuration management.Software test methods that shall be enforced by the SQAP. and procedures by software projects. and resolving problems identified in both software items and the software development and maintenance process. shall be identified and defined by the software quality assurance policy and procedure. per se. AND METHODOLOGIES . tracking. software quality assurance reviews and audits activities and work products of software projects. The test or validation procedures enable the acquirer to assess the adequacy of the qualification testing to be performed. and test procedures to be used to perform qualification testing of a software item or a software system or subsystem. and resolving problems identified in both software items and the software development and maintenance process. 9. test cases. tracking. and software quality assurance handles deviations and non-compliances to software standards. TECHNIQUES. The practices and procedures to be followed for reporting. plans. • Test or Validation Procedures (TVPR): The purpose of the test or validation procedures is to describe the test preparations. The test or validation plan describes the software test environment to be used for the testing. So.0 PROBLEM REPORTING AND CORRECTIVE ACTION This section shall: (1) Describe the practices and procedures to be followed for reporting. shall be identified and defined by the test or validation plan and the test or validation procedures.

The results of the audit are documented and are submitted to the management of the audited organization. inspections. • Inspection: An inspection is a highly structured and facilitated meeting in which independent technical experts analyze and examine each of the individual product characteristics one-byone. a technical architecture. or a specific solution to satisfy the product’s requirements or specifications. In short. In short. such as contracts. techniques. The audit plan establishes a procedure to conduct the audit and for follow-up action on the audit findings. without the presence of managers. and describe their use.53 - . guidelines. supervisors. nonconformances to standards. non-conformances to requirements and specifications. with other managers. verbalizes the intended operational flow. in order to identify defects. and/or safety hazards. specifications. Audits are performed in accordance with documented plans and procedures. plans. and to any external organizations identified in the audit plan. supervisor. or technical leads. and software quality modeling. design critiques. or technical lead that’s directly responsible for creating or designing a product. In performing the audit. inspections are for technical experts to identify defects that must be corrected (but. operational and functional failures. and methodologies that support SQA. specifications. state their purposes. that shall be enforced by the SQAP. and methodologies that support SQA. The special software tools. shall include audits. . and standards. defect typing and classification. and/or rationale and justification for selecting technologies. functional flow. audit personnel evaluate software elements and the processes for producing them against objective audit criteria. not suggest design alternatives or subjective improvements to the product). without any defense from the author or creator of the product. and technical specialists (in order to defend the design concept. techniques. walkthroughs. • Walkthrough: A walkthrough is an informal design review meeting in which the manager. The report includes a list of the items in noncompliance or other issues for subsequent review and action. • Software Audit: The objective of software auditing is to provide an objective compliance confirmation of products and processes to certify adherence to standards. guidelines. and without any consideration of design alternatives. walkthroughs are intended for managers to solicit design alternatives (without any mandatory action on behalf of the manager or product author). non-conformances to numerical tolerances. requirements. or any subjective improvements to the product’s design by the examiners (in order identify defects for later mandatory correction and enable early validation of the product using internal technical experts before it is delivered). or procedures. When stipulated by the audit plan. engineers. and procedures. to the entity initiating the audit.This section shall identify the special software tools. or solicit design alternatives). a detailed design. recommendations are reported in addition to the audit results. solicit a critique of the approach.

organization and management philosophy. 10. or whether rework is being deferred. support the software development and maintenance methodology that fits the software requirements. Tracking the length of time that defects have remained open can be use to determine whether progress is being made in fixing defects. and support production of management and product information concerning the status of software baselines. that shall be enforced by the SQAP. • Software Configuration Management Plan (SCMP): The purpose of the software configuration management plan is to provide a structure for identifying and controlling software documentation. The methods and facilities used to maintain. and audits. an appropriate reference shall be made thereto. status. and can be used to predict test completion. Closure rates are an indication of progress. Arrival rates can indicate product maturity (a decrease should occur as testing is completed). A defect density measure—an expression of the number of defects in a quantity of product—can be derived from this measure. store. The number of defects indicates the amount of rework. store. Defect density can identify components with the highest concentration of defects. change control. tests. If so. and priority of defects reported. secure and document controlled versions of the identified software during all phases of the software life cycle.0 CODE CONTROL This section shall define the methods and facilities used to maintain. and it provides comprehensive lists of software anomaly classifications and related data items that are helpful to identify and track anomalies.• Software Defect Typing and Classification: Software defect typing and classification provides a uniform approach to the classification of anomalies found in software and its documentation. shall be identified and defined by the software configuration management plan. It provides useful information on the ability of a supplier to find and fix defects in hardware. standards. The defects measure quantifies the number.54 - . • Software Quality Modeling: Software quality or defect density is the number of software defects committ4ed per thousand lines of software source code. software interfaces. This may be implemented in conjunction with a computer program library. software source code. More detailed classifications are provided for those projects that require more rigor. The minimum set of classifications deemed necessary for a complete data-set are indicated as mandatory. secure and document controlled versions of the identified software during all phases of the software life cycle. and databases to support all software life cycle phases. This may be provided as part of the SCMP.0 MEDIA CONTROL . It describes the processing of anomalies discovered during any software life cycle phase. 11. or documentation. releases. and has a direct impact on quality. policies. software.

For software that is to be developed. subcontract software managers create software subcontract agreements.0 SUPPLIER CONTROL This section shall state the provisions for assuring that software provided by suppliers meets established requirements. this section shall state the methods that will be used to assure that the software supplier receives adequate and complete requirements. and audits. an appropriate reference shall be made thereto. If so. this section shall state the methods to be used to assure the suitability of the product for use with the software items covered by the SQAP. that shall be enforced by the SQAP. subcontract software managers select software subcontractors. standards. shall be identified and defined by the software configuration management plan.This section shall state the methods and facilities to be used to (a) identify the media for each computer product and the documentation required to store the media. The provisions for assuring that software provided by suppliers meets established requirements. • Software Subcontract Management Policy and Procedure: This procedure establishes the guidelines by which subcontract software managers define software work to be subcontracted. and databases to support all software life cycle phases. The methods and facilities to be used to identify the media for each computer product and the documentation required to store the media. • Software Configuration Management Plan (SCMP): The purpose of the software configuration management plan is to provide a structure for identifying and controlling software documentation. change control. software source code. and support production of management and product information concerning the status of software baselines.55 - . and protect computer program physical media from unauthorized access or inadvertent damage or degradation during all phases of the software life cycle. In addition. policies. including the copy and restore process. the supplier shall be required to prepare and implement a SQAP in accordance with this standard. 12. This procedures shall begin with project system managers ensuring that documented standards and procedures are used for selecting software subcontractors and . organization and management philosophy. For previouslydeveloped software. software interfaces. This section shall also state the methods to be employed to assure that the developers comply with the requirements of this standard. tests. that shall be enforced by the SQAP. subcontract software managers track software subcontractors. shall be identified and defined by the software subcontract management policy and procedure. releases. support the software development and maintenance methodology that fits the software requirements. including the copy and restore process. and subcontract software managers make changes to software subcontract agreements. and (b) protect computer program physical media from unauthorized access or inadvertent damage or degradation during all phases of the software life cycle. This may be provided as a part of the SCMP.

and training groups maintain records of training for the organization and software projects. training groups develop and revise the organization training plan. shall state the methods and facilities to be used to assemble. organization and management philosophy. shall be identified and defined by the software configuration management plan. safeguard. The methods and facilities to be used to assemble. • Training Management Policy and Procedure: This procedure establishes the guidelines by which project software managers develop and maintain a training plan for each software project. and maintain the SQA documentation to be retained. software source code. AND RETENTION This section shall identify the SQA documentation to be retained. training groups perform training for the organization and software projects. assess. policies. training groups develop and maintain training courses.56 - . support the software development and maintenance methodology that fits the software requirements.0 TRAINING This section shall identify the training activities necessary to meet the needs of the SQAP. and databases to support all software life cycle phases. and support production of management and product information concerning the status of software baselines. safeguard. tests. 15. that shall be enforced by the SQAP. software interfaces. change control. 13. MAINTENANCE. standards.managing software subcontracts and end with software quality assurance reviewing and/or auditing acceptance processes for products of software subcontractors. shall be identified and defined by the training program policy and procedure. monitor. . that shall be enforced by the SQAP. This procedure shall begin with senior management ensuring that skills and knowledge for software management and technical roles are identified and end with independent experts verifying that training groups follow the organization training plan. releases. The training activities necessary to meet the needs of the SQAP.0 RECORDS COLLECTION. and maintain this documentation and shall designate the retention period. • Software Configuration Management Plan (SCMP): The purpose of the software configuration management plan is to provide a structure for identifying and controlling software documentation. 14.0 RISK MANAGEMENT This section shall specify the methods and procedures employed to identify. and audits.

activities. . • Software Project Plan (SPP): The purpose of the software project plan is to serve as a controlling document for managing a software project. and tasks necessary to satisfy the requirements of a software project. monitor.57 - . and control areas of risk arising during the portion of the software life cycle. assess. A software project plan defines the technical and managerial project functions. shall be identified and defined by the software project plan.and control areas of risk arising during the portion of the software life cycle covered by the SQAP. The methods and procedures employed to identify. that shall be enforced by the SQAP. as defined in the project agreement.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.