8.0 SOFTWARE QUALITY ASSURANCE PROCESS
This section discusses the objectives and activities of the software quality assurance (SQA)
process. The SQA process is applied as defined by the software planning process (section
4) and the Software Quality Assurance Plan (subsection 11.5). Outputs of the SQA
process activities are recorded in Software Quality Assurance Records (subsection 11.19)
or other software life cycle data.
The SQA process assesses the software life cycle processes and their outputs to obtain
assurance that the objectives are satisfied, that deficiencies are detected, evaluated, tracked
and resolved, and that the software product and software life cycle data conform to
certification requirements.
8.1 Software Quality Assurance Process Objectives
The SQA process objectives provide confidence that the software life cycle processes
produce software that conforms to its requirements by assuring that these processes are
performed in compliance with the approved software plans and standards.
The objectives of the SQA process are to obtain assurance that:
a. Software development processes and integral processes comply with approved
software plans and standards.
b. The transition criteria for the software life cycle processes are satisfied.
c. A conformity review of the software product is conducted.
The applicability of the objectives by software level is specified in Table A-9 of Annex A.
8.2 Software Quality Assurance Process Activities
To satisfy the SQA process objectives:
a. The SQA process should take an active role in the activities of the software life
cycle processes, and have those performing the SQA process enabled with the
authority, responsibility and independence to ensure that the SQA process
objectives are satisfied.
b. The SQA process should provide assurance that software plans and standards are
developed and reviewed for consistency.
c. The SQA process should provide assurance that the software life cycle processes
comply with the approved software plans and standards.
d. The SQA process should include audits of the software development and integral
processes during the software life cycle to obtain assurance that:
(1) Software plans are available as specified in subsection 4.2.
(2) Deviations from the software plans and standards are detected, recorded,
evaluated, tracked and resolved.
Note: It is generally accepted that early detection of process
deviations assists efficient achievement of software life cycle
process objectives.
(3) Approved deviations are recorded.
(4) The software development environment has been provided as specified in
the software plans.
(5) The problem reporting, tracking and corrective action process complies with
the Software Configuration Management Plan.
(6) Inputs provided to the software life cycle processes by the on-going system
safety assessment process have been addressed.
Note: Monitoring of the activities of software life cycle processes may be performed
to provide assurance that the activities are under control.
e. The SQA process should provide assurance that the transition criteria for the
software life cycle processes have been satisfied in compliance with the approved
software plans.
f. The SQA process should provide assurance that software life cycle data is
controlled in accordance with the control categories as defined in subsection 7.3
and the tables of Annex A.
g. Prior to the delivery of software products submitted as part of a certification
application, a software conformity review should be conducted.
h. The SQA process should produce records of the SQA process activities
(subsection 11.19), including audit results and evidence of completion of the
software conformity review for each software product submitted as part of
certification application.
8.3 Software Conformity Review
The objective of the software conformity review is to obtain assurances, for a software
product submitted as part of a certification application, that the software life cycle
processes are complete, software life cycle data is complete, and the Executable Object
Code is controlled and can be regenerated.
This review should determine that:
a. Planned software life cycle process activities for certification credit, including the
generation of software life cycle data, have been completed and records of their
completion are retained.
b. Software life cycle data developed from specific system requirements, safety-related
requirements, or software requirements are traceable to those requirements.
c. Software life cycle data complies with software plans and standards, and is
controlled in accordance with the SCM Plan.
d. Problem reports comply with the SCM Plan, have been evaluated and have their
status recorded.
e. Software requirement deviations are recorded and approved.
f. The Executable Object Code can be regenerated from the archived Source Code.
g The approved software can be loaded successfully through the use of released
instructions.
h. Problem reports deferred from a previous software conformity review are reevaluated
to determine their status.
i. If certification credit is sought for the use of previously developed software, the
current software product baseline is traceable to the previous baseline and the
approved changes to that baseline.
Note: For post-certification software modifications, a subset of the software
conformity review activities, as justified by the significance of the change,
may be performed.