Beruflich Dokumente
Kultur Dokumente
TO
INTERNATIONAL STANDARD
ISO/IEC 12207
SOFTWARE LIFE CYCLE PROCESSES
RAGHU SINGH
FAA, WASHINGTON, DC
April 26, 1999
ISO/IEC 12207
PURPOSE
ii
ISO/IEC 12207
SCOPE
LIFE CYCLE: CRADLE ... GRAVE
CORPORATE
PROCESSES
APPLICATION:
PROJECT
PRODUCTS
... PROJECT
SERVICES
*
*
PROCEDURES,
PROCESS METHODOLOGIES, TECHNIQUES,
DETAILS: DEFINITIONS & METHODS & TOOLS &
DESCRIPTIONS METRICS ENVIRONMENTS
2. BASIC CONCEPTS
3. THE PROCESSES
4. APPLICATION
5. RELATED AREAS
6. SUMMARY
7. FOR YOUR INFORMATION
1-0
BACKGROUND - I
ISO
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION
• ESTABLISHED: 1947
• OBJECT: Promote the development of standardization ... in the world
... to facilitating international exchange of goods and services
• MEMBERS: 87 countries (1994)
• TECHNICAL COMMITTEES (TCs): Carry out technical work
• TCs THAT MAY IMPACT SOFTWARE ENGINEERING:
- TC 10: Technical Drawings
- TC 20: Space and aircraft vehicles
- TC 46: Information and documentation
- TC 145: Graphical symbols
- TC 154: Documents and data elements in administration, commerce and industry
- TC 159: Ergonomics
- TC 176: Quality management and quality assurance
- TC 184: Industrial automation systems
1-1
BACKGROUND - II
IEC
INTERNATIONAL ELECTROTECHNICAL COMMISSION
• ESTABLISHED: 1906
• OBJECT: Standardization in electrical and electronic
engineering fields
• TECHNICAL COMMITTEES (TCs):
- Carry out technical work
• TCs THAT MAY IMPACT SOFTWARE ENGINEERING:
- TC 45: Nuclear instrumentation
- TC 56: Dependability and maintainability
- TC 65: Industrial process measurement/control
1-2
BACKGROUND - III
JOINT TECHNICAL COMMITTEE 1
INFORMATION TECHNOLOGY
ISO IEC
JTC1
ESTABLISHED: 1987
OBJECT: TO CARRY ON STANDARDIZATION WORK IN INFORMATION TECHNOLOGY
SC1 - Vocabulary
SC2 - Character sets & information coding
SC6 - Telecommunications & information exchange between systems
SC7 - Software engineering
SC11 - Flexible magnetic media for digital data interchange
SC14 - Representation of data elements
SC15 - Labeling and file structure
SC17 - Identification cards & related devices
SC18 - Document processing and related communication
SC21 - Information retrieval, transfer & management for OSI
SC22 - Programming languages, their environments & systems software interfaces
SC23 - Optical disk cartridges for information interchange
SC24 - Computer graphics and image processing
SC25 - Interconnection of information technology equipment
SC26 - Microprocessor systems
SC27 - IT security techniques
SC28 - Office equipment
SC29 - Coded representation of picture, audio and multimedia/hypermedia information
1-3
BACKGROUND - IV
SC7
SOFTWARE ENGINEERING
CHAIRMAN: FRANCOIS COALLIER (CANADA)
SECRETARY: JEAN-NORMAND DROUIN (CANADA)
WG 2 WG 9
SYSTEM SOFTWARE DOCUMENTATION SOFTWARE INTEGRITY
CONVENER: KEN JOHNSON (UK) CONVENER: DAVID KIANG (CANADA)
WG 4 WG 10
TOOLS AND ENVIRONMENT PROCESS ASSESSMENT
CONVENER: THOMAS VOLLMAN (USA) CONVENER: ALEC DORLING (UK)
WG 6 WG 11
EVALUATION & METRICS Sw ENGINEERING DATA DEFINITION
CONVENER: MOTOEI AZUMA (JAPAN) CONVENER: PETER EIRICH (USA)
WG 7 WG 12
LIFE CYCLE MANAGEMENT FUNCTION SIZE MEASUREMENT
CONVENER: CONVENER: PAMELA MORRIS (AUSTRALIA)
WG 8 WG 13
SUPPORT OF LIFE CYCLE PROCESSES Sw PROCESS MEASUREMENT
CONVENER: STAN MAGEE (USA) CONVENER: JOHN McGARRY (USA)
1-4
BACKGROUND - V
ISO/IEC 12207
• SPONSOR:
Joint Technical Committee 1 (JTC1) (Information Technology) of
International Organization for Standardization (ISO) and
International Electrotechnical Commission (IEC)
- Developer: Subcommittee 7 (SC7) (Software Engineering)
• HISTORY:
- Proposed in June 1988
- 4 Working Drafts; 2 Committee Drafts; 1 DIS
- Over 6 years and 17000 person-hours expended
- Published 1 August 1995
• PARTICIPANTS:
- Countries: Australia, Canada, Denmark, Finland, France, Germany,
Ireland, Italy, Japan, Korea, Netherlands, Spain, Sweden, UK, USA
- Convener: James Roberts (USA)
- Editor: Raghu Singh (USA)
1-5
TOPICS
1. BACKGROUND
2. BASIC CONCEPTS
- Principles and assumptions under 12207 development
- Concepts for understanding the standard
3. THE PROCESSES
4. APPLICATION
5. RELATED AREAS
6. SUMMARY
7. FOR YOUR INFORMATION
2-0
BASIC CONCEPTS - I
LIFE CYCLE & ITS ARCHITECTURE
• TITLE OF 12207: Software Life Cycle Processes
- Meaning: The processes in the life cycle of software
ACTIVITY 1
PROCESS TASKS
1
LIFE CYCLE
FROM
CONCEPTUALIZATION
...
THROUGH PROCESS PROCESS
RETIREMENT n
...
ACTIVITY N
TASKS
RULES:
MODULARITY; RULE:
RESPONSIBILITY PDCA cycle
2-1
BASIC CONCEPTS - II
RULES FOR PARTITIONING THE LIFE CYCLE
• MODULARITY
- Cohesion (Functional): Tasks in a process are functionally related.
- Coupling (Internal): Linkages among the processes be minimal
- Association:
- If a function is used by more than one process,
then the function becomes a process in itself
- If Process X is invoked by Process A and Process A only,
then Process X belongs to Process A
- Exception: Only for potential future application.
• RESPONSIBILITY
- Each process is under a responsibility
- A function whose parts are under different responsibilities
shall not be a process
- Contrast it with a process for a monolithic subject
- Example: Quality management
• Note: The life cycle itself was not partitioned in time,
as the life cycle of software follows its parent system’s life cycle.
2-2
BASIC CONCEPTS - III
THE PROCESS TREE
ACQUISITION
SUPPLY
DEVELOPMENT
OPERATION
MAINTENANCE
PRIMARY
LIFE CYCLE
SUPPORTING
DOCUMENTATION
CONFIGURATION MANAGEMENT
QUALITY ASSURANCE
VERIFICATION
VALIDATION
JOINT REVIEW
AUDIT
PROBLEM RESOLUTION
ORGANIZATIONAL
MANAGEMENT
INFRASTRUCTURE
IMPROVEMENT
TRAINING
TAILORING 2-3
BASIC CONCEPTS - IV
RULES FOR PARTITIONING A PROCESS
• A PROCESS IS PARTITIONED INTO PDCA ACTIVITIES
- BASED THE PDCA-CYCLE PRINCIPLES
INITIATION
PLAN
Tasks,
Assignments,
Schedule, ...
ACT DO
Problem resolution, PROCESS Execution of
Corrective actions plans and tasks
CHECK
Evaluation,
Assurance
CLOSURE
2-4
BASIC CONCEPTS - V
ACTIVITY & TASKS
• AN ACTIVITY IS DIVIDED INTO TASKS, WHICH ARE
GROUPED INTO SIMILAR ACTIONS
• TASK:
- A what-to-do action; not a how-to-do action
- Verbs used:
VERB
WILL (self-declaration) +
SHALL (requirement)
SHOULD (recommendation)
MAY (permission)
CAN (possibility, when needed)
MUST (unavoidable action), not used
None of the above; present tense #
• MULTI ROLES:
- A party may have more than one role
- Example: A supplier with a sub-contractor is both supplier and acquirer.
MYSELF ORGANIZATION ORGANIZATION
• LEVELS OF APPLICATION A B
• LANGUAGE
- General: Introductory; to complete the situation/context; ...
- Agreement: To facilitate self-imposed and contractual use
- Active voice when party is clearly known
- Passive voice when party is not clearly known,
or when it is better syntactically
• PROJECT
- A project may be solo
- A project may exist in pre-agreement, agreement, or
post-agreement phase, or a combination of the above
- A project may span full or a part of life cycle
• DESIGNED FOR ADAPTATION AND TAILORING
- Adaptation by an organization
- Tailoring by a project
- To fit the needs, size, complexity, cost, schedule, performance
2-8
BASIC CONCEPTS - IX
COMPLIANCE & CERTIFICATION
• COMPLIANCE
• CERTIFICATION
- Not addressed in 12207
- Note that certifying an organization to the full Standard may not be realistic.
2-9
BASIC CONCEPTS - X
WHAT 12207 IS NOT
• NOT PRESCRIPTIVE; NO HOW-TOs
- Responsive to evolving technologies
- No interference in technical decision-making
• NOT A STANDARD FOR METHODS, TECHNIQUES & MODELS:
- Does not prescribe management and engineering methods
- Does not prescribe computer languages
- Does not prescribe software engineering environments
- Does not prescribe life-cycle or development models
- Waterfall; incremental; evolutionary; Spiral, reengineering, ...
• NOT A STANDARD FOR PRODUCTS
- Requires specific output groups be documented
- But prescribes no formats, explicit contents, or media
- An organization's product standards usable with 12207
• NOT A STANDARD FOR METRICS
- Many tasks need metrics and indicators
- But prescribes no specific metrics/indicators
- References ISO/IEC 9126 for guidance
2-10
BASIC CONCEPTS - XI
• A MANAGEMENT COMPLEMENT
- 12207 complements institutionalized management
- 12207 is not a substitute for systematic, disciplined management
- It provides a powerful and complete but flexible set of
building blocks of software life cycle for projects and
organizations to use as appropriate and effective
4. APPLICATION
5. RELATED AREAS
6. SUMMARY
7. FOR YOUR INFORMATION
3-0
THE PROCESS TREE
ACQUISITION
SUPPLY
DEVELOPMENT
OPERATION
MAINTENANCE
PRIMARY
LIFE CYCLE
SUPPORTING
DOCUMENTATION
CONFIGURATION MANAGEMENT
QUALITY ASSURANCE
VERIFICATION
VALIDATION
JOINT REVIEW
AUDIT
PROBLEM RESOLUTION
ORGANIZATIONAL
MANAGEMENT
INFRASTRUCTURE
IMPROVEMENT
TRAINING
TAILORING
3-1
STATIC VIEW OF A PROCESS
THE LAYOUT
3-2
DYNAMIC VIEW OF PROCESSES
THE WORKINGS
CORPORATE - INSTITUTIONALIZED
MANAGEMENT PROCESSES
TAILORING - MANAGED
OF ORGANIZATIONAL
PROCESS PROCESSES
PROCESSES PROCESSES
- FOR ADAPTATION - TAILORED/TOOLED
[NOT OF PROCESSES FOR
CORPORATION] PROJECTS
PROJECT
MANAGEMENT PRIMARY SUPPORTING TAILORING MANAGED
WITH PROCESSES PROCESSES PROCESS PROJECT
PROCESSES
3-3
STRATEGY FOR EXPLAINING THE PROCESSES
IN THE TUTORIAL
• 12207 BEGINS THE DESCRIPTION OF EACH PRIMARY AND
SUPPORTING PROCESS AT THE CORPORATE LEVEL
BY INVOKING:
- MANAGEMENT PROCESS
- INFRASTRUCTURE PROCESS
- IMPROVEMENT PROCESS
- TRAINING PROCESS
- TAILORING PROCESS
AL U A T E S
1 EV 2
OPERATION
DEVELOPMENT
3-7
ACQUISITION PROCESS
• FOR THE ACQUIRER OF SOFTWARE PRODUCTS AND SERVICES.
• COVERS PRE-CONTRACT AND CONTRACT PERIODS.
P - SYSTEM REQS.
R INITIATION DEVELOPMENT - ACQ. PLAN
E - ACCEPTANCE
CRITERIA
-
C ACQ. REQS. INCL.
O RFP [TENDER] - SELECTED TASKS
N PREPARATION - REFERENCES TO
T CONTRACT
R
A CONTRACT - CONTRACT WITH
PREPARATION TAILORING INTERNAL SUPPLIER
C
& UPDATE CONTROL - CONTRACT WITH
T
OTHERS
C
O JOINT MONITORING &
SUPPLIER AUDIT VERIF. VALID.
MONITORING EVALUATION
N REVIEW RESULTS
T
R
A ACCEPTED
ACCEPTANCE PRODUCTS &
C & COMPLETION
SERVICES
T
3-8
ACQUISITION PROCESS
ACTIVITIES & TASKS
1. INITIATION 4. SUPPLIER MONITORING
• DESCRIBE THE NEEDS • MONITOR IN ACCORDANCE
• DEFINE SYSTEM REQUIREMENTS WITH JOINT REVIEW & AUDIT
• DEFINE SOFTWARE REQS. (MAYBE)
• PREPARE ACQUISITION PLAN • SUPPLEMENT WITH V & V
• DEFINE ACCEPTANCE STRATEGY
CONTRACT CONTRACT
LC MODEL &
PLANNING PROJ. MGMT.
SELECT ONE OR MORE PLAN
C
O
N
T EXECUTION MONITOR, MONITORING
R CONTROL DEV. OPN. MNT. ACQ.
A & CONTROL RESULTS
C
T
REVIEW/
REVIEW & JT. REV. AUDIT V&V QA EVALUATION
EVALUATION
RESULTS
DELIVERY & DELIVERED
COMPLETIO PRODUCTS/
N SERVICES
3-10
SUPPLY PROCESS
ACTIVITIES & TASKS
1. INITIATION 4. PLANNING 6. REVIEW &
EVALUATION
• REVIEW RFP • REVIEW ACQ REQS
• DECIDE TO BID; • SELECT LIFE CYCLE
ACCEPT CONTRACT MODEL, AS NEEDED • COORDINATE
• ESTABLISH REQS. FOR WITH ACQUIRER
PLANS • JOINT REVIEW
• DEVELOP & DOCUMENT • AUDIT
PROJECT MANAGEMENT • V&V
2. PREPARATION • ACCESS TO
PLANS [PMP; 15 ITEMS]
OF RESPONSE ACQUIRER
• QA PER
• PREPARE QA PROCESS
PROPOSAL 5. EXECUTION
& CONTROL
3. CONTRACT 7. DELIVERY &
• EXECUTE PMPs
• DEVELOP, OPERATE, COMPLETION
• NEGOTIATE & ENTER OR MAINTAIN
INTO CONTRACT • MONITOR/CONTROL
PROGRESS/QUALITY • DELIVER PRODUCT
WITH ACQUIRER OR SERVICE
• REQUEST MODS. • MANAGE SUBS • PROVIDE
• INTERFACE WITH IVVT
ASSISTANCE
• INTERFACE WITH
>> CONTRACT UNDERWAY OTHER PARTIES
3-11
DEVELOPMENT PROCESS
• FOR THE DEVELOPER (MODIFIER) OF SOFTWARE PRODUCTS
• MAY PERFORM OR SUPPORT SOME SYSTEM ENGINEERING
• ACTIVITIES NOT NECESSARILY IN TIME ORDER
ACTIVITIES INTERNAL USE INVOKED PROCESS OUTPUTS
SYSTEM
SYS. REQ. ANALYSIS EVALUATIONS REQUIREMENTS
SYS. ARCHITECTURE
SYS. ARCH. DESIGN EVALUATIONS - HW, SW, MO
SOFTWARE
SW ARCH. DESIGN EVALUATIONS JT. REVIEWS ARCHITECTURE
SOFTWARE
SW DET. DESIGN EVALUATIONS JT. REVIEWS DETAILED DESIGN
SOFTWARE
SW CODE/TEST EVALUATIONS CODE/DATABASE
INTEGRATED
SW INTEGRATION EVALUATIONS JT. REVIEWS SOFTWARE (SCIs)
QUALIFIED SCIs
SW QUALIF. TEST EVALUATIONS AUDITS
(DESIGN & CODE)
INTEGRATED
SYS. INTEGRATION EVALUATIONS SYSTEM
INSTALLATION PLAN
SW INSTALLATION EVALUATIONS INSTALLED SW
DELIVERABLE
SW ACCPT. SUPPORT SOFTWARE
3-12
DEVELOPMENT PROCESS
ACTIVITIES & TASKS
1. PROCESS IMPLEMENTATION 3. SYSTEM
ARCHITECTURAL DESIGN
• DEFINE/SELECT DEVELOPMENT MODEL(s) • PRODUCE AN ARCHITECTURE
- The foundation of a project OF THE SYSTEM
- Detailed with iterations/recursions of the • IDENTIFY HW, SW AND
activities & tasks of Development and MANUAL OPERATIONS ITEMS
invoked Supporting processes
5. SOFTWARE
• EMPLOY REGULARLY DOC, CM, ARCHITECTURAL DESIGN
AND PROB. RES. PROCESSES
• SELECT/TAILOR INTERNAL • PRODUCE AN ARCHITECTURE
METHODS/TOOLS/... OF THE SOFTWARE ITEM
• IDENTIFY COMPONENTS
• DEVELOP, DOCUMENT,
EXECUTE PLANS OF THE SOFTWARE ITEM
• MAY USE NON-DELIVERABLES 7. SOFTWARE CODING & TESTING
- Avoid dependency of future
operations & maintenance on these • CODE UNITS & DATABASES
• IF NEEDED, CODE SHOULD BE
COMPILABLE AND TESTABLE
2,3,10,11. SYSTEM ACTIVITIES
8. SOFTWARE INTEGRATION
• PERFORM OR SUPPORT 10. SYSTEM INTEGRATION
4-9, 12,13. SOFTWARE ACTIVITIES • INTEGRATE IN AGGREGATES
• PARTITION AND INTEGRATION
• PERFORM PATHS MAY BE DIFFERENT
3-13
ORGANIZATION OF A SYSTEM
AN EXAMPLE
SYSTEM
CI-1 CI-2 CI-n
SUB-SYS SUB-SYS SUB-SYS
SU SU
SU SU
SU SU SU
LEGEND:
SC - SOFTWARE COMPONENT; SU -SOFTWARE UNIT
- OPERATION PLAN
PROCESS PROBLEM
MAINTENANCE - OPERATION
IMPLEMENTATION RESOLUTION
PROCEDURES
INTERNAL RELEASED
OPERATIONAL
TESTING & OPERATIONAL
TESTING ENSURANCE SOFTWARE
SYSTEM [FUNCTIONS
OPERATION PERFORMED]
3-17
OPERATION PROCESS
ACTIVITIES & TASKS
1. PROCESS 2. OPERATIONAL
IMPLEMENTATION TESTING
• PERFORM OPERATIONAL
• DEVELOP OPERATIONAL PLAN
TESTING FOR EACH RELEASE
• SET OPERATIONAL STANDARDS • RELEASE AFTER CRITERIA MET
• DOCUMENT AND • ENSURE CODE/DATABASE
EXECUTE PLAN PERFORM AS PLANNED
• ESTABLISH PROCEDURES
FOR/WITH PROBLEM
RESOLUTIONS 3. SYSTEM OPERATION
• ESTABLISH PROCEDURES
FOR OPERATIONAL TESTING • OPERATE IN ENVIRONMENT
• ESTABLISH PROCEDURES
FOR INTERFACING WITH 4. USER SUPPORT
MAINTENANCE PROCESS
• ESTABLISH PROCEDURES FOR • PROVIDE ASSISTANCE
RELEASING PRODUCTS FOR TO USERS
OPERATIONAL USE • FORWARD USER REQUESTS
TO MAINTENANCE AS NEEDED
• FOR TEMPORARY FIXES,
PROVIDE OPTION TO USE IT
3-18
MAINTENANCE PROCESS
• FOR THE MAINTAINER OF SOFTWARE PRODUCTS QUALITY
FIXING
HD
PROB/MOD. PROB./MOD.
ANALYSIS ANAL/SOLN.
MOD. MODIFIED
DEVELOPMENT
IMPLEMENT. SOFTWARE
- MIGRATION
INTERNAL PLANS/REPORTS
MIGRATION
REVIEWS - MIGRATED SYS.
SOFTWARE - RETIREMENT
RETIREMENT PLANS
- ARCHIVES
3-19
MAINTENANCE PROCESS
ACTIVITIES & TASKS
1. PROCESS 3. MODIFICATION
5. MIGRATION
IMPLEMENTATION IMPLEMENTATION
3-20
SUPPORTING PROCESSES
• TO SUPPORT ANOTHER PROCESS BY PERFORMING A SPECIFIC FUNCTION
QUALITY
ASSURANCE
ACQUISITION
VERIFICATION
SUPPLY
DOCUMENTATION
VALIDATION
DEVELOPMENT
JOINT
REVIEW CONFIGURATION
OPERATION MANAGEMENT
AUDIT
MAINTENANCE
PROBLEM
RESOLUTION
ARROWS: EMPLOY/INVOKE
3-21
DOCUMENTATION PROCESS
• FOR ESTABLISHING DOCUMENTATION STANDARDS:
MEDIA, FORMAT, OUTLINE, CONTENT, FILING, DISTRIBUTION, ...
- EXAMPLES: YOUR ORGANIZATION'S USER'S MANUALS;
US DOD DIDs; IEEE SRS, ...
• THIS PROCESS DOES NOT PRESCRIBE ANY OF ABOVE;
THE INVOKING PROCESS DOES
ACTIVITIES INTERNAL USE INVOKED PROCESS OUTPUTS
PROCESS DOCUMENTATION
IMPLEMENTATION
PLAN
PRODUCED
PRODUCTION
DOCUMENTS
CONFIGURATION MODIFIED
MAINTENANCE
MANAGEMENT DOCUMENTS
3-22
CONFIGURATION MANAGEMENT PROCESS
• FOR CM OF PRODUCTS AND TASKS
• INTERNAL OR EXTERNAL TO THE INVOKING PROCESS
• THIS PROCESS IDENTIFIES BASELINED PRODUCTS;
THE INVOKING PROCESS ESTABLISHES BASELINES
PROCESS CONFIGURATION
MANAGEMENT
IMPLEMENTATION
PLAN
- IDENTIFICATION
CONFIGURATION SCHEMA
IDENTIFICATION - BASELINING
DOCUMENT
INTERNAL CONFIGURATION
CONFIGURATION ACCESS CONTROL CONTROL
CONTROL & AUDIT RESULTS
CONFIGURATIO
CONFIGURATION N
STATUS STATUS
ACCOUNTING REPORTS
RELEASE DELIVERABLE
MANAGEMENT
& DELIVERY PRODUCTS
3-23
QUALITY ASSURANCE PROCESS
• FOR ASSURING CONFORMANCE OF PRODUCTS/SERVICES
WITH REQUIREMENTS AND ADHERENCE TO PLANS
• EXTERNAL, WITH ORGANIZATIONAL FREEDOM
• USES THE TERM "ASSURE" INSTEAD OF "EVALUATE"
PRODUCT PRODUCTS
INCLUDE RESULTS OF V&V, JT. REVIEW,
ASSURANCE AUDIT, AND INTERNAL EVALUATIONS ASSURED
PROCESS PROCESSES
ASSURANCE ASSURED
ASSURANCE AS SPECIFIED
OF QUALITY ISO 9001 IN THE
SYSTEMS CONTRACT
3-24
QUALITY ASSURANCE PROCESS
ACTIVITIES AND TASKS
1. PROCESS IMPLEMENTATION 3. PROCESS ASSURANCE
• ESTABLISH QA PROCESS ASSURE THAT:
FOR THE PROJECT • EMPLOYED PROCESSES ARE
• DEVELOP/DOCUMENT/ COMPLIANT & ADHERENT
EXECUTE QA PLAN • INTERNAL ENGINEERING
• COORDINATE WITH PRACTICES ARE COMPLIANT
VERIFICATION, • PRIME REQUIREMENTS
VALIDATION, JOINT ARE PASSED DOWN TO
REVIEW, AUDIT PROCESSES SUBCONTRACTORS
• OTHER PARTIES ARE
2. PRODUCT ASSURANCE PROVIDED SUPPORT
VERIFICATION
- CONTRACT VERIFIED
- PROCESS
- REQUIREMENTS PRODUCTS
- DESIGN AND
- CODE
- INTEGRATION SERVICES
- DOCUMENTATION
EACH WITH
OWN CRITERIA
3-26
VERIFICATION PROCESS
ACTIVITIES AND TASKS
1. PROCESS IMPLEMENTATION 5. DESIGN VERIFICATION
• DETERMINE IF AND HOW MUCH NEEDED • CORRECT/CONSISTENT\TRACEABLE
- USE CRITICALITY FACTORS • PROPER SEQUENCE/ALLOCATION OF
• DETERMINE DEGREE OF EVENTS, I/O, INTERFACES, LOGIC,
INDEPENDENCE TIMING, SIZING, RECOVERY, ...
2. CONTRACT VERIFICATION • DESIGN IMPLEMENTS CRITICALITY
REQS. CORRECTLY
• SUPPLIER IS CAPABLE
[SHOW BY RIGOROUS METHODS]
• USER NEEDS ARE COVERED
• HANDLING REQS CHANGES ADEQUATE
• PARTIES' INTERFACES STIPULATED
6. CODE VERIFICATION
• CORRECT/TESTABLE\TRACEABLE
3. PROCESS VERIFICATION • SIMILAR TO ABOVE
• PLANNING ADEQUATE/TIMELY 7. INTEGRATION VERIFICATION
• PROCESSES ADEQUATE/IMPLEMENTED
BEING EXECUTED/COMPLIANT • COMPONENTS/UNITS INTEGRATED
• STANDARDS/PROCEDURES/ COMPLETELY/CORRECTLY
ENVIRONMENTS ADEQUATE • ITEMS INTEGRATED INTO SYSTEM
• PERSONNEL STAFFED AND TRAINED COMPLETELY AND CORRECTLY
• PERFORMED PER PLANS
4. REQS. VERIFICATION
• CONSISTENT/FEASIBLE/TESTABLE
8. DOC. VERIFICATION
• ALLOCATIONS APPROPRIATE • ADEQUATE/COMPLETE/CONSISTENT
• CRITICALITY REQS. CORRECT BY • TIMELY
RIGOROUS METHODS • FOLLOWS CM
3-27
VALIDATION PROCESS
• FOR VALIDATION OF AS-BUILT PRODUCTS
AGAINST SPECIFIED CRITERIA
• INTERNAL OR INDEPENDENT
• USES THE TERM "VALIDATE" INSTEAD OF "EVALUATE" .
• CONFIDENCE IN VALIDATION: THROUGH TESTING
VALIDATION VALIDATED
PRODUCTS
4/5 TASKS TESTING AND
1 TASK: INTENDED USE
SERVICES
3-28
JOINT REVIEW PROCESS
• FOR JOINT REVIEWS BETWEEN REVIEWER AND REVIEWEE
- TYPICALLY BY SUPPLIER WITH ACQUIRER
- BOTH TECHNICAL AND MANAGEMENT
PROCESS
PROBLEM AGENDA, SCOPE,
IMPLEMENTATION RESOLUTION FORUM, ETC.
TECHNICAL REVIEW
REVIEWS RESULTS
3-29
AUDIT PROCESS
• FOR AUDITS BETWEEN AUDITOR AND AUDITEE
- TYPICALLY BY ACQUIRER WITH SUPPLIER
PROCESS
PROBLEM AGENDA, SCOPE,
IMPLEMENTATION RESOLUTION FORUM, ETC.
AUDIT
AUDIT RESULTS
3-30
PROBLEM RESOLUTION PROCESS
• FOR ANALYZING AND RESOLVING PROBLEMS, TAKING
CORRECTIVE ACTIONS, AND DETECTING TRENDS
- THE “A” OF THE PDCA CYCLE.
• A CLOSED LOOP PROCESS:
- PROBLEMS REPORTED/ENTERED
- ACTION TAKEN
- CAUSES IDENTIFIED/ELIMINATED
- RESOLUTION/DISPOSITION ACHIEVED/RECORDED
- TREND DETECTED
• NOTE: NOT EVERY PROBLEM NEEDS CORRECTIVE ACTION
PROCESS
IMPLEMENTATION
PROBLEM RESOLVED
RESOLUTION PROBLEMS
3-31
ORGANIZATIONAL PROCESSES
• FOR AN ORGANIZATION TO MANAGE AND IMPROVE ITS PROCESSES
AT CORPORATE LEVEL
• THE ORGANIZATION IS RESPONSIBLE FOR ESTABLISHING AND
INSTITUTIONALIZING THE LIFE CYCLE PROCESSES
MANAGEMENT
PROCESS
1
INFRASTRUCTURE
2 PROCESS
PRIMARY PROCESS 3 IMPROVEMENT
(SOME SUPPORTING PROCESS) PROCESS
4
TRAINING
PROCESS
INITIATION
& [PROCESS
SCOPE DEFINITION REQUIREMENTS]
PLANNING MANAGEMENT
PLAN
EXECUTION
& [REPORTS]
CONTROL
REVIEW
& [REPORTS]
EVALUATION
[PRODUCTS]
CLOSURE
[SERVICES]
3-33
INFRASTRUCTURE PROCESS
• FOR ESTABLISHING AND MAINTAINING
INFRASTRUCTURE OF A LIFE CYCLE PROCESS
• INFRASTRUCTURE: PROCEDURES, STANDARDS,
TOOLS, EQUIPMENT, SPACE
PROCESS
INFRASTRUCTURE
IMPLEMENTATION
ESTABLISHMENT CONFIGURATION
OF THE OF THE
INFRASTRUCTURE INFRASTRUCTURE
MAINTENANCE
OF THE [RECORDS]
INFRASTRUCTURE
3-34
TRAINING PROCESS
• FOR PROVIDING AND MAINTAINING TRAINED PERSONNEL
PROCESS
TRAINING PLAN
IMPLEMENTATION
3-35
IMPROVEMENT PROCESS
• FOR ESTABLISHING, ASSESSING, MEASURING,
CONTROLLING, AND IMPROVING A LIFE CYCLE PROCESS
PROCESS [ESTABLISHED
ESTABLISHMENT PROCESS(ES)]
ASSESSMENT
PROCESS
PROCEDURES
ASSESSMENT
AND PLANS
[EVALUATION,
PROCESS HISTORICAL,
IMPROVEMENT QUALITY COST
RECORDS]
3-36
TAILORING PROCESS
A SPECIAL PROCESS
• FOR BASIC TAILORING OF THE STANDARD FOR PROJECTS
- ADDITIONS IN AGREEMENT
- ONLY 5 “SHALLS”
• TAILORING OF THIS PROCESS NOT ALLOWED
IDENTIFYING PROJECT'S
PROJECT
ENVIRONMENT CHARACTERISTICS
SELECTING SELECTED
PROCESSES, PROCESSES,
ACTIVITIES, ACTIVITIES,
& TASKS & TASKS
DOCUMENTING TAILORING
TAILORING DECISIONS
DECISIONS & RATIONALE
& RATIONALE
3-37
EVALUATION-BASED PROCESSES
THE “C” OF THE PDCA CYCLE
IM PR OVEME
SELF NT
ANC E EVAL
FORM UA
TI
O N ON
C AR Y
MENT EV
ALU
E
S
PL
IN T R EVIE W
A
P L E V A
U N A L UA JO
TI
ER
S
O
NS
T
TI
IN
ON INTER-PARTY
S
PROCESS 2
PROCESS 1 EVALUATIONS
VE N A UD IT
RI
FI C A T IO
ATI ON & VALID
QU CE
ALITY
ASS URAN
IMPR
OVEMENT
• ACQUISITION REQS
SUPPLY • PLANNING REQS; CONTRACTUAL REQS; PRIME-CONTRACT REQS
3-39
CRITICAL FUNCTIONS
PROCESS CRITICAL-FUNCTION RELATED TASKS
12207 MAY INVOKE OR MAY BE EXPANDED FOR SAFETY, SECURITY, CRITICAL STANDARDS 3-40
TESTING
• TESTING SHARED AMONG THE PARTIES
PROCESS TESTING RELATED TASKS
• DEFINE ACCEPTANCE STRATEGY & CRITERIA.
• PREPARE TESTS AND TEST ENVIRONMENT FOR ACCEPTANCE.
ACQUISITION
• IDENTIFY TEST STANDARDS & PROCEDURES FOR CRITICAL REQS.
• CONDUCT VALIDATION & ACCEPTANCE TESTING.
3-43
METRICS & INDICATORS - II
• 12207 NEEDS THESE, BUT DOES NOT DEFINE OR PRESCRIBE THEM
PROCESS METRIC/INDICATOR NEEDED
DEVELOPMENT • CHANGE STATUS: By Activity/Task, Source, Trend, ...
• PROBLEM STATUS: BY Activity/Task, Source, Trend, ...
• JOINT ACTION ITEMS STATUS
• TRACEABILITY:
- System Requirements to Acquisition Needs
- System Architectural Design to System Requirements
- Software Requirements to System Requirements & Design
- Soft ware Architectural Design to Software Requirements
- Software Detailed Design to Software Requirements
- Software Unit to Software Requirements & Design
- Software Design & Unit to System Requirements
• TEST COVERAGE OF
- Modified parts
- Unmodified parts
• MIGRATION PORTABILITY
M F
PROJECT
OPERATION
F F F E: 3 F
U E E
AUDIT P QA
DEVELOPMENT
E: 3 E: 3
E: 1, 2, 3
(T)E (I)V&V E V&V
E: 3 E: 3
1 E 2 3 4
DOCUMENTATION CM PROBLEM TAILORING
RESOLUTION
O1: START HERE. O1, O2 - THE SAME POINTS. ACQ - ACQUISITION. SUB - SUBCONTRACTOR.
E - EXECUTE. F - FEEDBACK. M - MANAGE. P - PARTICIPATE. T - TASK. U - USE. PDCA
E:N - EXECUTE THE PROCESS N. U:N - USE THE PROCESS N. 3-46
TOPICS
1. BACKGROUND
2. BASIC CONCEPTS
3. THE PROCESSES
4. APPLICATION
- Business practices under debate
- How to use 12207 in an organization and on a project
- Pertinent advice and notes
Note: No rules; only salient guidelines -- this presenter’s
Note: In charts, start at if shown
5. RELATED AREAS
6. SUMMARY
7. FOR YOUR INFORMATION
4-0
BUSINESS PRACTICES UNDER DEBATE
MARKET SUPPLIER (VENDOR) ACQUIRER
ESTABLISH
AN ENVIRONMENT WITH DEVELOP
METHODS, TECHNIQUES PERFORMANCE
PUBLIC AND TOOLS FOR 12207 SPECIFICATIONS
AND OTHER STANDARDS FOR THE
AND FOR THE PRODUCT PRODUCT/SERVICE
AND SERVICE LINE
ONE OR BOTH
DETERMINE
1 Y
WHICH 12207 PROCESSES
IDENTIFY YOUR TO EMPLOY CLARIFY TASKS
PRIMARY ROLE(s): THAT
DETERMINE REFERENCE
PROVIDING WHICH OTHER PROCESSES THE CONTRACT
PRODUCTS & TO EMPLOY
SERVICES
NEGOTIATE/SIGN
MANAGING SELECT ACTIVITIES & TASKS CONTRACT WITH
PROCESSES FROM THOSE PROCESSES THE PARTIES
TUNE, TAILOR
THE INSTITUTIONALIZED PERFORM THE
ENVIRONMENT ACTIVITIES & TASKS
2 RESPONSIBLE FOR
ORGANIZATIONAL MODE DEVELOP MODELS
MANAGE THE PROCESSES BASED ON THE
- INSTITUTIONALIZED PROCESSES, ACTIVITIES, COMPLETE/
ENVIRONMENT AND TASKS DELIVER THE
PRODUCT OR
IMPROVE THE PROCESSES SERVICE
• THE SHADED BOXES WILL BE EXPLAINED IN THE ORDER THEY ARE NUMBERED.
4-3
APPLICATION STEPS AND FACTORS
[The shaded boxes 1, 2, 3 in Getting Started]
1. PRIMARY ROLES: Determine and identify
2. IN ORGANIZATIONAL MODE:
2.1 Process Management: Establish the processes (and resources)
2.2 Process Improvement: Improve the processes
3. IN PROJECT MODE:
3.1 Application Concepts: Familiarize and understand
3.2 Policies: Determine and identify applicables
3.3 Project Characteristics: Determine and identify
3.4 System Context: Select, determine, construct
3.5 Life cycle Models: Determine and identify
3.6 Specialty Areas Identify and supplement
3.7 Types of Software: Determine and identify outputs
3.8 Documentation: Determine and identify
3.9 Evaluation Categories: Determine and identify
• THE STEPS AND FACTORS ARE EXPLAINED NEXT AS OUTLINED ABOVE.
4-4
1. PRIMARY ROLES
DETERMINE AND IDENTIFY
ROLE?
ACQUISITION employ S
ACQUIRER ACQUISITION PROCESS U
ROLE
P
contract P
O
SUPPLY employ
R
SUPPLIER SUPPLY PROCESS
ROLE T
employ employ employ I
N
OPERATING • OPERATOR employ G
OPERATION PROCESS
ROLE • USER
use
P
R
ENGINEERING • DEVELOPER MAINTENANCE use DEVELOPMENT employ O
ROLE • MAINTAINER PROCESS PROCESS C
E
S
EMPLOYER • Documentation • Validation
SUPPORTING S
OF
• Configuration management • Joint review E
ROLE SUPPORTING
PROCESSES • Quality assurance • Audit S
• Verification • Problem resolution
EXECUTE
IMPROVEMENT PROCESS
SEE THE NEXT CHART
4-6
2.2 PROCESS IMPROVEMENT
IMPROVE THE PROCESSES
PROCESS
ESTABLISHMENT
[Environment, control ...]
IMPROVEMENT
DATA
PROCESS
- Process
improvement DEFINITIONS
- Project's
direction
- Technology
advancement
COMMENTS
ISO/IEC 12207 TASKS PROJECT 1
- Organizational
improvement PROCESSES PROJECT n
PROCESS EXPERIENCE
IMPROVEMENT PROCESS DATA BASE
[Procedures ...] BASELINES - Historical
- Technical
- Evaluation
- Quality cost data
ASSESSMENT
DATA PROCESS
- Effectiveness
ASSESSMENT
- Suitability [Procedures ...]
- Capability
- Cost of quality
4-7
3.1 APPLICATION CONCEPTS
FAMILIARIZE AND UNDERSTAND
• DUAL USE OF 12207:
- To develop, operate, and maintain application products
- To use to analyze, model, or study a system
- Whether or not the system would contain software.
• LIFE CYCLE MODEL:
- To organize and manage the steps/phases of a life cycle in the desired order(s)
- Incorporates developmental, operational, maintenance, ... models
• PROTOTYPING IN 12207:
- Not listed as an activity of the Development or Maintenance
- Treated as a method/technique for:
- Performing studies, requirements analysis, design, etc.
- Developing prototypes and mock-ups
• BUILD:
- An instance of a product that meets a specified subset
of the total requirements.
- A build may be a prototype
- A period of time during which the build is developed.
• Iteration: Iteration across activities.
Recursion: "Iteration" across tasks in an activity.
Note: Not every activity (task) needs to be executed in every iteration (recursion).
4-8
3.2 POLICIES
DETERMINE AND IDENTIFY APPLICABLES
• CHECK POLICIES & STANDARDS AFFECTING TAILORING:
- Contract type(s): Fixed price; cost plus fee; etc.
- Operations and support strategies
- Documentation/data/interface standards
- Safety, security, risk management
- Programming language(s)
- Reserve requirements
- Measurement/metrics
- Reuse
- Proprietary, usage, warranty, escrow rights
- Use of IV&V agents
- ...
• CHECK LAWS ON PUBLIC SAFETY, SECURITY, ENVIRONMENT, ...
- Consider, interpret, and incorpoarte clauses related to the above items
• ADD CLAUSES IN AGREEMENT, IF NOT FOUND IN 12207
4-9
3.3 PROJECT CHARACTERISTICS
DETERMINE AND IDENTIFY
• SIZE: of software product, of software service, number of personnel
• CRITICALITY:
- Impact of a defect/malfunction on business/mission
- Liability due to failure
- Immaturity or unprecedentedness of technology employed
- Growth/changes in technology
- Unprecedentedness of products under consideration
- Unavailability of needed resources/schedule
• LIFE: Duration and extent of use and maintenance
• AS SIZE OR CRITICALITY INCREASES, SO DOES:
- Extent of 12207's engineering tasks
- Caution: Don't delete an engineering task unless sure
- Extent of technical insight: [I]V&V
- Extent of management visibility: Joint Review, Audit, QA
• AS OBJECTIVITY BECOMES MORE IMPORTANT, SO DOES:
- Degree of independence of V&V Processes
- Degree of organizational freedom for QA Process
- Degree of independence in peer evaluations
• AS LIFE OR EXPECTED CHANGE INCREASES, SO DOES:
- Extent of documentation
- Caution: Consult with operators, users, and maintainers
• NOTE: Even for lesser size or criticality, independent or peer evaluations are beneficial
4-10
3.4 SYSTEM CONTEXT
DETERMINE AND IDENTIFY
• A system is moved
from cradle to grave STEP/
PHASE 1
STEP/
PHASE 2
... STEP/
PHASE N
through steps/phases
• Software is one of SYSTEM
many components HARDWARE
COMPUTER
SOFTWARE
MATERIAL
DEMONSTRATE FEASIBILITY OF
DEMONSTRATION IMPLEMENTING SOLUTIONS
4-12
3.4.2 VIEWS OF LIFE CYCLE
SYSTEM’s LIFE CYCLE
ND CE Dem Dev Prod D/S Opn M,S&R
PARTY
ACQUISITION
SUPPLY
DEVELOPMENT
OPERATION
MAINTENANCE
SUPPORTING
PRIMARY PROCESSES
S
M,
O N
ITI
IS
PRIMARY
Q U
SUPPORTING
PROCESSES PROCESSES &R
AC .
LY . .
PP ORGANIZATIONAL
SUPPORTING
PRIMARY PROCESSES
U
PROCESSES PROCESSES
S
Dev
PRIMARY PROCESSES
SUPPORTING PROCESSES PROCESSES
ORGANIZATIONAL
ND
ORGANIZATIONAL PROCESSES
SUPPORTING PROCESSES
ORGANIZATIONAL PROCESSES
SYB 1
SYB 2
SWB 5
SYB 3
SWB 6
SWB 7
OPERATIONS
CONCEPT • Use [Acquisition,
DEVELOPMENT
DEFINITION Supply &] Operation
• Use Acquisition & Process to provide
• Use operation services.
Supply Processes to
[Acquisition, Supply &]
trigger Development
Development Process MAINTENANCE;
Process.
to define draft system SUPPORT;
requirements, develop • Use Development RETIREMENT
prototypes, and analyze Process [fully] to
• Use [Acquisition,
user feedback to get build, test, and Supply &] Maintenance
proposed solutions. integrate the product for maintenance, support,
and retirement.
4-16
3.5 LIFE CYCLE MODELS
SELECT, DETERMINE, CONSTRUCT
• LIFE CYCLE MODELING IS A TOOL TO ORGANIZE/MANAGE
THE STEPS/PHASES IN THE DESIRED ORDER
• A STEP/PHASE MAY HAVE ITS OWN MODELING
- Examples: Development, Operation, Maintenance, ...
STEP/PHASE 2
MODEL
LOWER
MODEL
SOFTWARE
INTEGRATION
SOFTWARE
CODING &
TESTING
SOFTWARE
INSTALLATION
SOFTWARE
DETAILED
DESIGN SYSTEM
QUALIF.
TESTING
SOFTWARE
ARCH.
DESIGN SYSTEM
INTEGRATION
SOFTWARE
REQ. SOFTWARE
ANALYSIS ACCEPTANCE
SI 1 SUPPORT
SYSTEM SOFTWARE
ARCH. SI n ITEM n
DESIGN •••
SYSTEM
REQ.
ANALYSIS
HIs
HARDWARE
ITEMS
4-20
3.5.4 DEVELOPMENT MODEL: INCREMENTAL
BUILD 1
D C/T I/AS
BUILD 2
R D C/T I/AS
BUILD n
D C/T I/AS
FEEDBACK
R: REQUIREMENTS C/T: CODING & TESTING
D: DESIGN I/AS: INSTALLATION & ACCEPTANCE SUPPORT
4-21
3.5.5 DEVELOPMENT MODEL: EVOLUTIONARY
BUILD 1
R1 D C/T I/AS
BUILD 2
R2 D C/T I/AS
BUILD n
Rn D C/T I/AS
REFINEMENTS
R: REQUIREMENTS C/T: CODING & TESTING
D: DESIGN I/AS: INSTALLATION & ACCEPTANCE SUPPORT
4-22
3.5.6 DEVELOPMENT MODEL: SPIRAL
CODING/
4 INTEGRATION/
TESTING A TESTING/
QUALIFICATION
A
3 1
A
ARCHITECTURE/ A REQUIREMENTS
DESIGN DEFINITION/ANALYSIS
2
• A: FEASIBILITY STUDY, PROTOTYPING, RISK ANALYSIS
• THIS MODEL ADOPTED FROM BOEHM's
• THE SECTORS MAY BE ALLOCATED TO THE 13 ACTIVITIES AS APPROPRIATE
• THIS MODEL IS REDUCIBLE TO THE BASIC MODELS
• MAY BE USED AS A HYBRID INCREMENTAL-EVOLUTIONARY MODEL
4-23
3.5.7 DEVELOPMENT MODEL: RE-ENGINEERING
REVERSE ENGINEERING FORWARD ENGINEERING
SI 1 SOFTWARE
REQ. SOFTWARE
ANALYSIS INSTALLATION
SOFTWARE
REQ. SYSTEM
DESIGN SOFTWARE SYSTEM
ANALYSIS QUALIF. QUALIF.
SYSTEM TESTING TESTING
REQ. SOFTWARE SOFTWARE
ANALYSIS DESIGN IMPLEMENT. SYSTEM
INTEGRN.
SOFTWARE SOFTWARE
DESIGN ACCEPTANCE
SUPPORT
SI 2 SOFTWARE
Determine Analyze Design REQ.
reqs. for existing reeng'd ANALYSIS
reeng'd products; system
system derive SOFTWARE
design; QUALIF.
derive TESTING
reqs.
SOFTWARE
IMPLEMENT.
SOFTWARE
DESIGN
SI 3 SOFTWARE
REQ.
ANALYSIS
4-24
3.6 SPECIALTY AREAS
IDENTIFY & SUPPLEMENT
• SPECIALTY-AREA STANDARDS SHOULD BE USED WITH 12207
- Examples of specialty standards: safety, security, ergonomics, documentation, ...
- Correlate terminology and concepts
- Examples: coding v. implementation; architecture v. top-level design; ...
- Determine supplementary tasks from the specialty standards for each 12207 process
- Example: formal methods for design and verification, ...
- Add the supplementary tasks to the 12207 tasks in respective clauses
• EXAMPLE: SAFETY IN THE DEVELOPMENT PROCESS OF 12207
SUPPLEMENTARY TASKS
TASK IN 12207
FROM A SAFETY SPECIALTY STANDARD
Develop system architecture, ... • Isolate safety specifications in separate configuration items.
• Use structured design.
Develop software architecture, ... •• Isolate safety specifications in separate components/modules.
Use information hiding.
• Derive design mathematically.
• Derive code by mathematically.
Develop code, ...
• Use N-version coding resulting in voting modules.
Test units and aggregates, ... • Exercise structural coverage [of branches and paths].
Document software requirements • Document ... in Software Requirements Specification (SRS).
4-25
3.7 TYPES OF SOFTWARE
DETERMINE AND IDENTIFY
• DIFFERENT TYPES OF SOFTWARE NEED DIFFERENT TREATMENT
• A PROJECT MAY HAVE MORE THAN ONE TYPE OF SOFTWARE
INTEGRAL
SUPPORT: Connected within/to a system
To support users
- Word processors, graphics, test generator, ... STAND-ALONE
Self-contained (viz., payroll)
SYSTEM: OFF-THE-SHELF
To support computer operations Exists but not developed under the current project
- OS, Compiler, ...
NON-DELIVERABLE
Employed in the development/maintenance
• HELPFUL POINTS:
- Consider the OTSS as a new software for the current application.
- OTSS may or may not save costs.
- OTSS may enhance or compromise design and performance.
- Decide which activity the OTSS needs to enter.
- Ensure the following, as applicable:
- The OTSS satisfies its requirements & specifications
- The documentation is available
- Rights, warranty, licensing, and escrow are addressed
- Future support for the OTSS is available.
4-27
3.7.2 TYPES OF SOFTWARE
NOTES ON REUSABILITY & PORTABILITY
• REUSABILITY: Extent of use in another application
• PORTABILITY: Extent of use in another computer system
• REUSABILITY & PORTABILITY:
- Quality characteristics
- Specified and designed
- May have inherent conflict with other quality characteristics
- Universal programming language ideal
• A PROGRAM FROM ONE COMPUTER SYSTEM RARELY
RUNS FIRST TIME ON ANOTHER COMPUTER SYSTEM.
- Few compilers adhere to standards exactly (have extra, improved features)
- Word length varies from machine to machine
- The largest integer varies. Different rounding off of numbers
- Smallest positive floating point number depends on the machine
- Drastic effect on "iterations until x < e"
- 1's complement machine may give different results from 2's complement machine
- Instruction length depends on OS
- The program may not fit in the machine's memory; ...
• HELPFUL POINTS:
- For the suppliers: Approve and control all NDIs.
- For the acquirers:
- Decide whether the future operation or maintenance
of the application software will depend on the NDI
- Decide whether to "acquire" the NDI
- Address rights, warranty, license, and escrow.
4-28
3.7.4 TYPES OF SOFTWARE
ENTRY POINTS, etc.
• ENTRY POINT (SUGGESTED) REFERS TO DEVELOPMENT PROCESS ACTIVITY
- A PRIOR ENTRY POINT POSSIBLE
• TYPES TYPICALLY DETERMINED DURING REQUIREMENTS ANALYSIS AND DESIGN
• Documentation may be
ADAPTING/MODIFYING unavailable/inadequate.
OFF-THE-SHELF SW DESIGN • Evaluate documentation
and data rights needs.
• Remember:
- Without specifications, there is no further work.
- Specification mistakes are of commission and omission types.
- A mistake in requirements/specifications that costs $1 to fix now
would cost about $75 to fix during testing and more afterwards.
4-35
ADVICE ON SPECIFICATION PRACTICES - II
• Make sure quality characteristics and lower characteristics are
as completely specified as possible:
- Pay special attention to safety, security, and privacy.
- Some quality characteristics may conflict with each other.
- Prioritize the quality characteristics.
- Caution: Software engineering may not be mature enough
to design in several quality characteristics.
FET Y S H I E L CU
RITY SH IE
SA D L
SE
D
RELIABILITY
ASSURANCE THAT THE SYSTEM WILL PERFORM AS INTENDED.
4-40
ADVICE ON TESTING - II
ADEQUACY OF TESTING
• Modularize
- Follow the rules and schema of modularization.
- Ensure correct order and passing of parameters.
• For each module and aggregate, compare “line-by-line” outputs
with manual calculations for certain input values:
- Normal -- educated, representative points
- Non-normal: Boundaries; Discontinuities; Singularities; +/- delta
- Smallest and largest numbers allowed by the computer.
• Note: The above must be accommodated by design and in code.
• Execute with global initializations: Zero; Infinity.
• Cover McCabe’s basic paths.
• Compare runs with special/deduced/known cases.
• Remember: A modification may introduce new errors.
• When a module is modified, ensure other modules are not affected.
• Employ a suitable reliability growth model to determine releasability.
• Include information on the computer, OS, language, and compiler.
4-41
TOPICS
1. BACKGROUND
2. BASIC CONCEPTS
3. THE PROCESSES
4. APPLICATION
5. RELATED AREAS
6. SUMMARY
7. FOR YOUR INFORMATION
5-0
REFERENCED STANDARDS
REFERENCED REASON FOR
REFERENCED AS
STANDARD REFERENCING
AFNOR: Dictionary Normative Definitions
of Computer Science
5-1
SUPPLEMENTARY STANDARDS
STANDARD STATUS
Technical Reports (TR):
- ISO/IEC 15271, 12207 Guidebook - Under publication
- ISO/IEC 14759, Mockup & Prototype Guide - TR Ballot Passes
Standard:
Under FDIS BALLOT
ISO/IEC 14764, Software Maintenance
Standard:
Published
ISO/IEC 15846, Software CM
Guide:
CD
ISO/IEC 16326 Software Project Management
Guide: Canceled in
Software QA favor of ISO 9000-3
Guide:
On hold
Software V&V
Guide:
On hold
Reviews & Audits
5-2
RELATIONSHIP TO SYSTEM AREAS
SYSTEMS
ENGINEERING
CONVENTIONAL
ENGINEERING
OTHERS
INFORMATION
TECHNOLOGY SOFTWARE
ENGINEERING
REQUIREMENT
REQUIREMENT QUALITY SYSTEM
REQUIREMENTS TO ASSESS AND IMPROVE
TO MANAGE PROCESSES
PROCESSES
5-4
COMPARISON WITH ISO 9001
ISO 9001 ISO 8402 ISO/IEC 12207
... ...
6-0
SUMMARY
• 12207 IS THE TOP-LEVEL ARCHITECTURE
OF SOFTWARE LIFE CYCLE
- Architecture built with processes
- Processes have tasks and outcomes.
6-1
EPILOGUE
• 12207 IS NOT A SUBSTITUTE FOR
DISCIPLINED MANAGEMENT AND ENGINEERING
6-2
TOPICS
1. BACKGROUND
2. BASIC CONCEPTS
3. THE PROCESSES
4. APPLICATION
5. RELATED AREAS
6. SUMMARY
7. FOR YOUR INFORMATION
7-0
COST AND BENEFIT OF USING 12207
• ASSUMPTION: Basic software engineering environment instituted
• COST/TIME OF IMPLEMENTING 12207 IN ORGANIZATION
- Unknown, but one-time cost
- Factors:
- Size/extent of software engineering environment
- Size/diversity of the organization
• COST OF 12207 TO A PROJECT
- Unknown, but savings through maintenance significant
- Project-to-project cost should be lower
- Factors:
- Size/complexity of the project
- Size of the personnel
- Schedule and quality
- Maturity levels of the acquirer and supplier
• BENEFITS:
- The discipline
- Reduced risk to cost, schedule and performance
7-1
ADAPTATION OF 12207 IN COUNTRIES
• Most participating countries have issued their National versions
• The USA developed its version in 3 parts -- under ANSI’s sponsorship:
ISO/IEC 12207
USA
IEEE/EIA 12207.0
(STANDARD)
- ISO/IEC 12207, AS IS
- A FEW CHANGES
- ADDITIONAL ANNEXES:
- BASIC CONCEPTS
- COMPLIANCE IEEE/EIA 12207.1
- ERRATA (GUIDE)
- LIFE CYCLE DATA
IEEE/EIA 12207.2
(GUIDE)
- IMPLEMENTATION
GUIDELINES
7-2
COPIES OF 12207
• ISO:
1, rue de Varembe
CH-1211 Geneve 20
Switzerland (Suisse)
• IEC:
3, rue de Varembe
CH-1211 Geneve 20
Switzerland (Suisse)
• ANSI:
American National Standards Institute
Customer Services
11 West 42nd St,
New York, NY 10036
USA
[Tel: +1 212 642 4900; Fax: +1 212 302 1286]
7-3
ISO/IEC 15288
System Life Cycle Processes
• BACKGROUND:
- Jun 94: SC7 study group on software-system relationship
- Feb 95: Study group report to SC7 (Doc # SC7 N1331)
- Mar 95: US ANSI New Work Item proposal to SC7
- Jun 95: SC7 acceptance of the proposal
- Apr 96: JTC1 approval of the project
- May 96: Work started
- Dec 00: Completion
• STUDY REPORT:
- The software-system relationship is poor; needs immediate attention
- Software is always part of system
- Hardware & software are inherently different
- Hardware & software are marching almost separately
- Hardware terms are often unrealistic in software
- 12207 has limited effectiveness without a system context
- Recommended a standard on life cycle processes for
modern systems containing hardware, software, and humans
• A CHALLENGE:
Analog, digital, and manual functions together!
7-4
THANK YOU
for
LISTENING
PLEASE PROVIDE COMMENTS/SUGGESTIONS TO:
RAGHU SINGH
FEDERAL AVIATION ADMINISTRATION
AIR-200, ROOM-815
800 INDEPENDENCE AVE, S.W.
WASHINGTON, DC 20591
U.S.A.
Phone: +1 202 267-3976; Fax: +1 202 267-5580
E-Mail: RAGHUBANSH.SINGH@FAA.DOT.GOV
7-5
BACKUPS
B-0
COMING TO TERMS - I
• ARCHITECTURE:
- The art and science of planning and building structures
- A unifying or coherent form or structure
• DESIGN:
- The arrangement of elements or details in a product or work
- An underlying schema that governs functioning, developing, or unfolding
• FRAMEWORK:
- A skeletal structure to hold or support something constructed or stretched over it
- Work done in a frame.
• REQUIREMENT:
- Something obligatory, demanded as a condition
- Something needed
• VALIDATE:
- Confirm the validity of ...
- Declare legally valid
• VERIFY:
- Check the correctness of ... by comparison
- Prove to be true.
B-2
INDEPENDENCE &
ORGANIZATIONAL FREEDOM
I: INDEPENDENCE:
- FROM THOSE PERFORMING THE TASK OR DEVELOPING THE PRODUCT
O: ORGANIZATIONAL FREEDOM:
- FROM THOSE WHO HAVE MANAGEMENT RESPONSIBILITY FOR THE TASK/PRODUCT
ORG. A O ORG.
ORG B2
DEV 1 O DEV
DEV2 O MAINT
QA O OPERN
OPN O ...
MNT O ...
I I I I
B-3
“FAULTY” TERMS
Error: Difference between computed and observed
Fault: Incorrect step/process/data definition ...
Failure: Incorrect result
Mistake: Action that produces an incorrect result
RESULT PERFORMANCE
ACTION PROCESS E = ACTUAL - EXPECTED
BY or PRODUCT T : TOLERANCE BAND
HUMANS EMPLOYED
or SYSTEMS CORRECT
CORRECT DESIRED
E < T
CORRECT
FAULT
ERROR DEGRADED
MISTAKE
E >T FAILED
“4.1.2 A standard does not in itself impose any obligation upon anyone
to follow it. However, such an obligation may be imposed, for example,
by legislation or by a contract. In order to be able to claim compliance
with a standard, the user needs to be able to identify the requirements
he is obliged to satisfy. He needs also to be able to distinguish these
requirements from other provisions where he has a certain freedom of
choice.
Clear rules for the use of verbal forms (including modal auxiliaries) are
therefore essential.
Annex C gives, in the first column of each table, the verbal form that shall be
used to express each kind of provision. The equivalent expressions given in
the second column shall be used only in exceptional cases when the form
given in the first column cannot be used for linguistic reasons.”
• 12207 defines and uses “will,” which is not yet defined by ISO/IEC Directives.
• “Will” in 12207 means self-declaration and requirement.
B-6
12207 & MIL-STD-498
12207 498
ACQUISITION
SUPPLY
DEVELOPMENT
OPERATION
MAINTENANCE
QUALITY ASSURANCE
DOCUMENTATION CONFIGURATION MANAGEMENT
VERIFICATION JOINT REVIEW
VALIDATION AUDIT
PROBLEM RESOLUTION
MANAGEMENT
DIDs
INFRASTRUCTURE
TRAINING CLAUSES:
IMPROVEMENT SAFETY
TAILORING SECURITY
PRIVACY
REUSE
METRICS
ACCESS
B-7
12207 & MIL-STD-498 DIDs
• 498 is a development & documentation standard from acquisition perspective.
• 498 is a family of standards, under DOD Directives and MIL-STD-499B (Systems).
• 12207 addresses the life cycle and stakeholders.
B-9
12207: TAILORING TIPS
• DEVELOP YOUR OWN TAILORING GUIDANCE:
• EXCEPTIONS:
- Natural phenomena
- Laws or regulations mandated by governments
- Health, environment, safety, security, ...
B-11
CONFORMITY & CERTIFICATION
SOFTWARE PRODUCT & PROCESS
ADAPTATION CONFORMANCE
STANDARDIZATION CERTIFICATION
TAILORING COMPLIANCE
I
QUALITY CONTROL
QUALITY N
* AGRMT EVAL
-
ASSURANCE ACQUISITION P ACQUISITION * REQ. EVAL.
* DES. EVAL.
R * CODE. EVAL.
O * INTG. EVAL.
C * PROD. EVAL.
VERIFICATION E
SUPPLY SUPPLY - FUNC EVAL
S - PROJ EVAL
S - VALIDATION
* DOC. EVAL.
SYS REQ / SYS REQ * INVOKED
VALIDATION SYS DES SYS DES PROCESS EVAL
SW REQ I SW REQ
SW ARC DES N SW ARC DES
SW DET DES T SW DET DES
JOINT DEVELOPMENT E DEVELOPMENT EXTERNAL
R
REVIEWS SW CODING
N
SW CODING Q. A.
SW INTEGN SW INTEGN
SW Q. TEST A SW Q. TEST
SYS INTEGN L SYS INTEGN
SYS Q. T. SYS Q. T.
AUDITS I/A E I/A SURVEILLANCE
V
A
OPERATION L OPERATION ? VERIFICATION
U
A
T 9001/9000-3
I
MAINTENANCE O MAINTENANCE
PROCESS N PROCESS
IMPROVEMENT S IMPROVEMENT
B-13
HUMOR IN CODE
Once God decided to find out what the Earthlings were up to.
S/he descends upon the Earth. Finds a little girl crying over
a broken doll, fixes it, and consoles her. Moves on. So s/he
helps other people.
Just before departing, God sees a haggard man brooding over
a piece of paper. S/he asked who he was and what was
the problem. The man said he was a programmer,
but asked whether s/he had any programming experience.
S/he humbly admitted to have programmed things from
Big Bangs to Black Holes. Impressed, the man showed
his paper.
God reviewed the paper and, after a pause, said,
"Son, I think this one is yours."
Anonymous
B-14
POWED!
Q. How to have a standard powed?
A. Utter one of the following:
• Prescriptive
"It's prescriptive."
• OOD (and Ada)
"I can't use OOD (and Ada) with it."
• Waterfall
"It's a Waterfall model."
• Expensive
"It's expensive to use."
• Documentation
"It's documentation dependent."
B-15