GPQ-MAN-07

Product Assurance Audit Checklist

GPQ-MAN-07

MSM-GP/27 APR 2001

Item No. I. 1. 1.1

Audit Element

PC

NC

N/A

Remarks

1.2

1.3 1.4

1.5

1.6

1.7 1.8

2. 2.1

2.2

2.3

2.4

2.5

General Product Assurance Organisation and Staff Does the contractor have a formally established PA organisation with the elements of Safety, Reliability, Maintainability, S/W PA, Quality Parts, Materials and Processes, Configuration Management? Are the Product Assurance functions independent of Manufacturing, Engineering and other organisation? Are there formulated objectives of the organisation? Is management emphasis on prevention rather than detection of quality problems? Are the responsibilities of supervisors and managers, etc. formally defined? Does the person responsible for Product Assurance on a project have access to higher management for the focussing on and resolution of problems? Are the PA functions staffed to the proper complement? Does the Product Assurance organisation have sufficient facilities, equipment and tools for appropriate evaluation of materials and hardware quality? Procedures Does the contractor have a Product Assurance Manual or a set of procedures covering Product Assurance? Do procedures identify who does what, when, how and where? Are PA functions and responsibilities performed by other groups identified? Do procedures identify information flow, forms and instructions for completing the forms? Do procedures contain management approval signatures, dates of issue and revisions and change
Page 2 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

2.6

2.7

2.8 2.9

3. 3.1 3.2

3.3

4. 4.1

4.2

4.3

4.4

4.5

4.6

designators? Is the distribution controlled and obsolete procedures removed from use? Are procedures available at the appropriate workstations? Are procedures kept updated? Do detailed procedures exist for the performance of inspections and tests? QA audits Are systematic internal and external audits performed? Are audits performed? a) According to an established plan? b) Using checklists? Are internal audits conducted on an impartial basis by qualified personnel? Receiving Inspection Is the contractor's receiving inspection flow and activities documented? Are facilities clean, proper lighting exist, and storage and handling practices followed? Are all incoming supplies inspected and tested prior to use against the requirements of procurement documents? (appropriate drawings, specifications and technical instructions) Are receiving inspections performed in accordance with established procedures and instructions? Is the following verified? a) Identification / configuration? b) Suppliers documentation? When supplies are accepted on the basis of certification or test report: a) Are test reports checked 100% against procurement
Page 3 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

4.7

4.8

4.9

4.10

5.

5.1

5.2

5.3

5.4

5.5

documents requirements? b) Are reports and certification retained? When supplies are accepted on the basis of certification or test report, are checks performed to confirm conformance? Do receiving inspection records indicate date of receipt, inspections, tests, documents utilised, number accepted/rejected? Is traceability maintained between materials and certificates, reports and receiving inspection documents? Are there separated storage areas for materials waiting receiving inspection and materials already inspected and accepted? Packaging and Handling Packaging Are parts, assemblies and materials verified for cleanliness before packaging and properly packaged? Are parts having critical or highly finished surfaces protected against damage? Are leads of electrical parts protected from contamination which will effect solderability? Are packaging operations covered by written procedures / instructions, which include at least the following: a) Selection of packaging materials? b) Inner protection? c) Mechanical protection? d) Cleanliness and contamination control? Are packaging operations inspected and are items controlled before shipping for proper packaging, marking and accompanying documentation?
Page 4 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

5.6 5.7

5.8

6. 6.1

6.2

6.3

6.4

6.5 6.6 6.7

Handling Do handling procedures and instructions exist? Are items leaving a controlled area or being transported between work/test areas carried in appropriate containers or fixtures to provide adequate protection from damage or contamination? Do the operators have the proper tools to support the assembly while performing work/test on it? Cleanliness and Contamination Control Are there procedures available systematically covering cleanliness and contamination control aspects? Are there specific instructions for: a) Entering and leaving clean rooms (personnel and equipment)? b) Cleaning of clean rooms, including: 1. Cleaning materials? 2. Cleaning methods? c) Cleaning of equipment to be entered in the clean rooms? d) Clean rooms maintenance? e) Control of clean room parameters? f) Actions in case of alarm including: 1. Stop work? 2. Shield critical items? Are items tested and inspected for cleanliness such as (visual examinations, wipe tests, check for alkaline and acids) and are the appropriate methods used? Are access control instructions posted, visitors sign in log properly dated and enforced as appropriate? Are smock retention areas provided? Are clean smocks available? Are floor mats placed at all entrances?
Page 5 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 6.8

Audit Element

PC

NC

N/A

Remarks

6.9

6.10

6.11 6.12

6.13

6.14

6.15

6.16

6.17

6.18

6.19

6.20

6.21

Are floor coatings peeling or generating dust particles avoided? Is the shedding of sponge, mop of cloth material evident? Are smocks buttoned and worn by all personnel including visitors? Is there food, beverages or smoking? Are personal belongings out of sight and stored properly? Is the use of wooden containers with untreated interior and exterior surfaces or cardboard boxes minimised? Are periodic particle counts performed to verify if within required limits? Are gloves, caps, booties and masks appropriate to the area and worn by all personnel? Is the integrity of the environment and contamination control maintained in relation to the surrounding areas or to material and mobile equipment entering the area? Are other requirements such as: laminar airflow, vacuum shoe cleaners, air bath entrances, special waste disposals, etc. enforced? Are clean room environment conditions, temperature, humidity, pressure controlled and recorded? Is temperature maintained nominally at 20C+/-2C or meet a specific product specification? Are positive pressure differentials maintained between clean room and surrounding area at 6mm Hg and between clean room and entrance lock at 2mm Hg with pressure monitors? Is humidity maintained, preferably at 30-50% or as specified in a product specification and monitored with a hygrometer periodically calibrated?
Page 6 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 7.

Audit Element

PC

NC

N/A

Remarks

7.1

7.2

7.3

7.4

7.5

7.6

7.7

7.8

7.9

7.10

7.11

7.12 7.13

Manufacturing and Testing Manufacturing and Testing Are manufacturing operations and inspections planned and described in manufacturing documents? (Shop travellers, work orders)? Do shop travellers include: a) Revision status / date, release date? b) Item identification and configuration? c) Materials / parts to be used? Are shop travellers identified / traceable to the contract no. / purchase order? Are support documents to be used referenced? (e.g. drawings, work instructions)? Are rework / repair plans used to document rework / repair manufacturing / inspections operations? Are they adequate? Are they archived? Manufacturing Control Is shop traveller kept with product during manufacturing / inspection operations? Are inspection, fabrication and assembly operations traceable to the individual performing the operation? Are all articles inspected to applicable / controlled documents and are the documents available at the inspectors workstation? Are unauthorised, marked-up, illegible or defaced drawings or work instructions being used? Is the sequence of operations being followed as defined in the planning? Are accepted and rejected items properly identified and tagged? Are part lists complete for assembly work? Are adequate inspection records generated and
Page 7 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

7.14

7.15

7.16

7.17

7.18

maintained and do they indicate the status of articles and inspections performed? Are assembly operations performed in sequence with inspection operations? Are torquing operations satisfactory? Calibrated tools? Test Documents Does the contractor have standardised procedures and methods for the preparation, format, content, review and control of test procedures? Are text procedures formally released and controlled with change and revision pages? Do procedures include as applicable the following: a) Nomenclature and identification of the test article? b) Characteristics and design criteria to be inspected or tested, including values and tolerances for acceptance and rejection? c) Detailed steps and operations to be taken in sequence including verifications to be made before proceeding? d) Cross-reference of characteristics with measuring and/or NDT equipment to be used, specifying range and type? e) Details or instructions for operation of special data recording equipment of other automated test equipment? f) Layout and interconnection of test equipment and articles? g) Identification of hazardous situations or operations? h) Precaution to comply with established safety requirements, to ensure safety of personnel and to prevent damage or degradation of articles and measuring equipment?
Page 8 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

7.19

7.20

7.21

7.22

7.23

7.24

7.25

7.26

8. 8.1

i) Environments and other conditions to be maintained? j) Constraints? k) Instructions for reporting non-conformance, anomalous occurrences or results? Are test procedures formally approved by PA? Test Control Are provisions made to protect personnel and items from physical damage and environmental hazards? Is the test item inspected to determine evidence of damage or loose parts? Are discrepancies or anomalies resolved prior to testing? Are the following activities performed by PA as applicable: a) Witness each test and verify test performances? b) Observation? Perform surveillance or monitor periodically the test being performed as directed by explicit instructions? c) Data review? Review the procedure and recorded data at the conclusion of the test cycle verifying requirements and data entries are compatible? Do all documents bear necessary approval signatures inspection stamps? Is rework, repair or modification occurring to the testing properly documented? Are test discrepancies, failures and non-conformances reported, analysed and corrective action implemented? Measurements and Test Equipment Does the contractor have up-to-date written procedures defining his calibration system encompassing measuring and test equipment, standards, calibration
Page 9 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

8.2

8.3

8.4

8.5

8.6

8.7

8.8

8.9

and maintenance prescribed intervals and metrology laboratory environmental controls Does the calibration system include all equipment used to verify the quality of the processes and products being manufactured? Do calibration procedures exist for each equipment type and include: a) Equipment characteristics and identification? b) Location? c) Frequency of periodic checks? d) Acceptance criteria? Is all measurement and test equipment subjected to a visual, dimensional and operational inspection upon receipt and at periodic intervals thereafter? Are calibration labels used and do they include at least the following: a) Identifier? b) Due date for re-calibration? c) Control stamp? Is the necessity for and/or frequency of periodic inspections based on objective evidence of the stability and continued accuracy of the equipment? Is there any interval exceeding 1 year of validity? Is all measurement and test equipment checked against a standard of greater accuracy? Are temperature, humidity, vibration and cleanliness controlled to the extent necessary to assure calibration and continued product measurements of the required accuracy? Is it ensured that errors of measuring and test equipment do not exceed 10% of the highest tolerance of any items to be checked with that equipment?
Page 10 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 8.10

Audit Element

PC

NC

N/A

Remarks

8.11

8.12

8.13

9. 9.1

9.2

9.3

9.4

9.5

9.6

9.7

9.8 9.9

Are standards against which test and measurement equipment are periodically checked traceable to National or International Standards? Are standards supported by certificates, report, variables data sheets attesting to the date, accuracy and conditions under which the results were obtained? Is the calibration organisation staffed with sufficient qualified technical personnel? Are tri-dimensional measuring machines and laboratory testing machines periodically calibrated by a qualified organisation? Non-Conformance Control Is a procedure available which describes the nonconformance system? Are non-conformances initially reported on local records (discrepancy notes)? Who takes decision for further processing? Is PA involved? Do NCR records reflect causes and responsibilities for the discrepancies and show corrective and preventive actions taken? Is the internal organisation responsible for causing the discrepancy informed? And does it concur to identify preventive actions? Are logs and records maintained of all NCR issued and MRB meetings? Are there adequate provisions for segregation, removal and identification of non-conforming materials? Is the access to holding areas controlled? Are NCRs identified on relevant shop travellers and quality records? Are NCRs properly filled out and complete? Are NCRs closed by PA after verification of successful
Page 11 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

9.10

9.11

9.12

9.13

9.14

10 10.1

10.2 10.3

10.4

10.5

10.6

10.7

remedial actions implementation? Are preventive actions implementation tracked? (Correction of technical documents, modification of tools and work instruction?) Are non-conformances classified according to applicable project rules? Are the following dispositions applied? a) Use-as-is? b) Rework? c) Repair? d) Scrap? e) Return to supplier? Are major non-conformances notified to ESA within 1 working day after the review by the local MRB? Is a RFW issued if the non-conformance disposition affects the product configuration? Process Control Are standard / established processes classified in accordance to Project rules? Is each process covered by a specification? Do process specifications include QA provisions, methods for inspection and test, number of samples, accept / reject criteria? Does the company maintain documented evidence of processes validation status? Are changes to process implemented through established Configuration Control procedures? Are the personnel who perform critical processes or evaluate process performance numerically adequate, trained and certified? Are materials, equipment, computer systems and software and procedures involved in the performance of
Page 12 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

10.8

10.9

10.10 10.11

10.12

10.13

11 11.1

11.2

11.3

11.4

critical processes validated? Are non-destructive-inspections (NDI) treated in the same way of critical processes? Are representative NDI standards available for equipment calibration and to monitor equipment performance? Are NDI inspection records maintained? Are process equipment periodically checked (as applicable) for: a) Temperature uniformity? b) Integrity / precision of thermo-couple lines? c) Integrity of vacuum related features (lines, etc.)? d) End-to-end instruments calibration? e) Effectiveness of contamination control means? For each process performed are records maintained of main process parameters and of related laboratory samples tests results? Are there provisions in case of interruption of main power supply during operation? Procurement Control Does the contractor maintain a list of approved subcontractors and suppliers supported with qualitative and quantitative data? Has formal assessment including periodic follow-up been accomplished on subcontractors and suppliers? Does the contractor continually evaluate subcontractor / suppliers history / results and implement corrective actions when appropriate? Are project peculiar requirements identified in order that quality personnel reviewing purchase documents have adequate project and technical data to perform the review?
Page 13 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 11.5

Audit Element

PC

NC

N/A

Remarks

11.6

11.7

11.8

11.9

11.10

12 12.1

12.2

Does the contractor maintain and implement a system of effectively passing on contract / project quality requirements to the subcontractors and suppliers? Do procurement documents contain Product Assurance provisions for the following as appropriate: a) Applicable ESA contractor PA specifications? b) Chemical and/or physical test results (raw mat.)? c) Accompanying specimen for incoming tests? d) Age control of limited life products? e) Characteristics to be inspected or tested? f) Requirements for inspection and test records? g) Processing of non-conforming materials? h) Requirements for source inspection and MIPs? i) Right of access and planned surveillance activities? j) Cleanliness and contamination control? k) Acceptance data package and delivery? l) Preservation, packaging and shipping? m) Critical process requirements? Are purchase documents reviewed and approved by PA? Does the contractor have a policy or rules for source inspection? Are adequately trained personnel available for source inspection? Does the contractor maintain records of source activities, status deficiencies and action items? Training and Certification Are personnel performing critical processes and nondestructive testing trained and certified according to a documented training programme? Are national or international training programmes and standards applied?
Page 14 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 12.3

Audit Element

PC

NC

N/A

Remarks

12.4

12.5

12.6

13 13.1

13.2

14 14.1

14.2

14.3

14.4

14.5

Are NDT personnel trained and certified according to MIL-STD-410 or equivalent? Is re-certification performed periodically according to an established programme or following extensive interruption of work or unsatisfactory performance? Are quantitative tests used to verify the proficiency of the trained personnel? Are records documenting personnel training maintained? Stamp Control Does a documented system exist for the usage of stamps? (inspection, fabrication, test, etc.) Do records exist allowing traceability to the responsible individuals and defining the authority / limitations in use? Design Control Are there standards and procedures available for preparation and maintenance of engineering drawings and specifications? Are there procedures for tracking and documentation of requirements verification? Do QA personnel participate in internal design reviews to ensure that: a) Technical documents comply with procedures and standards? b) Required inspections and tests are appropriate and feasible? Is QA participation to internal design reviews documented? In support of formal design reviews with the customer does the PA function ensure that: a) Documents are complete and consistent?
Page 15 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

b) Analyses clearly identify the related baseline? c) Safety, reliability and maintainability are factored into the design? d) The design is producible, inspectable, testable?

II. 1. 1.1

1.2

1.3

1.4

1.5

1.6

Reliability Reliability Does a system exist for ensuring that designers are aware of part derating criteria with which they are expected to comply? Does a procedure exist describing the FMECA approach of the contractor? Does the FMECA approach focus on: a. Identification and control of single point failure? b. Critical interfaces? c. Methods by which redundancy is implemented? d. Product design (e.g. layout of PCBs, trace width, pad sizes and other failure causes related to mechanical configuration?) Is a functional FMECA performed at system (payload) level? Does the FMECA include the identification of methods by which the existence of failure modes can be determined during operations? Does the FMECA adequately reference basic design documentation such as specifications, design reports, drawings, circuit diagrams, part lists and operating procedures?

III. 1. 1.1

Maintainability Maintainability Is the contractor aware of basic maintainability

Page 16 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

1.2

1.3

1.4

principles and techniques? Is the contractor familiar with maintenance concepts, planning and supporting elements? Do procedures exist to perform maintainability studies and maintainability predictions? Is maintainability a design parameter monitored for compliance throughout the design process?

IV. 1. 1.1

1.2

1.3

1.4

1.5

1.6

1.7

Safety Safety Are NASA and ESA safety related documents (specifications, standards, handbooks) available? Has an adequate program of training, safety motivation and awareness been instituted? Is the contractor able to support his subcontractors for safety related issues? Are there adequate safety plans produced covering: a. Scope of safety effort? b. Emphasis on safety analyses and reviews? c. Hazard control procedures? d. Involvement of PA and safety personnel throughout design and development? e. Safety design criteria? f. Safety verification program? Does a detailed procedure exist to establish and maintain a safety verification program? And does it allow for coordination of all interested contractor's functions so to provide prompt feedback to ESA? Are safety related inspections and tests performed by or under direct surveillance of the PA and Safety function? Does the PA and Safety function have review authority
Page 17 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

1.8

1.9

over all test plans with adequate lead time to identify and control associated hazards? Is the generation of safety documents for a project well defined and scheduled? Do the safety analyses make maximum use of FMECA results?

V. 1. 1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

2. 2.1

2.2

Software PA Organisational Structure For each project involving software development, is there a designated software manager? Does the project software manager report directly to the project manager? Is there a software PA function for each project that involves software development? Is there a software configuration control function for projects that involve software development? Which responsibilities are assigned to the software PA function in the various phases of the software life cycle? How is the independence of the software PA function assured? Is the test organisation independent from the development? (unit, integration, system) Who decides in case of conflict between different organisational units? Is Product Assurance approval mandatory prior to software release? Resources, personnel and training Does each software developer have private computersupported workstation/terminal? Are project managers familiar with software project
Page 18 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

2.3

3. 3.1

3.2

3.3

3.4

3.5

3.6

3.7 3.8 4. 4.1

4.2

4.3

4.4

management disciplines? Is there a required software engineering training program for software developers? Software engineering experience What is the median number of years of applicable experience of software project managers? What is the median number of years of applicable experience of software integration and test managers? What is the median number of years of software development experience of the software staff? What percentage of the software staff has at least one year of development experience with the design and implementation languages to be used? Of those with experience, what is the median number of years of experience with those languages? What is the median size, in source lines of code, of software development projects completed in the last five years? What is the size of the smallest project? What is the size of the largest project? Documented standards and procedures Does the software organisation use a standardised and documented software development process on each project? Does the standard software development process documentation describe the use of tools and techniques? Is a formal procedure used to assure periodic management review of the status of each software development project? Is there a mechanism for assuring that software subcontractors, if any, follow a disciplined software
Page 19 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

4.5

4.6

4.7

4.8

4.9 4.10 4.11 4.12 4.13 4.14

4.15

4.16

4.17

5. 5.1

5.2

5.3

5.4

development process? Are standards used to specify the content of software documents (files/folders)? Are inspections conducted during the software development process? Are coding standards applied to the software development process? Are standards applied to the preparation of unit/integration/system test cases? Are code maintainability standards applied? Are internal design review standards applied? Are code inspection standards applied? Are software classification rules applied? Is a formal procedure applied to estimate software size? Is a formal procedure applied to produce software development schedules? Are formal procedures applied to estimating software development cost? Is a mechanism used for ensuring that the software design teams are familiar with the software requirements? Are man-machine interface standards applied to each appropriate software development project? Process metrics Are software staffing profiles maintained (actual staffing versus planned staffing)? Are profiles of software size maintained for each software configuration item, over time? Are statistics on software code and test errors gathered? Are design/coding errors projected and compared to actual?
Page 20 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 5.5

Audit Element

PC

NC

N/A

Remarks

5.6

5.7

5.8

5.9

5.10

5.11

5.12

5.13

5.14

5.15

6. 6.1

6.2

6.3

6.4

Are profiles maintained of actual versus planned designed software units, over time? Are profiles maintained of actual versus planned tested software units, over time? Are profiles maintained of actual versus planned integrated software units, over time? Are processor memory utilisation estimates versus actual size tracked? (sizing figures) Are target processor throughput utilisation estimates versus actual used, tracked? (timing figures) Are design and code review coverage measured and recorded? Is test coverage measured and recorded for each phase of functional testing? Are the action items resulting from software reviews tracked to closure? Are software problem reports resulting from testing tracked to closure? Are the action items resulting from design/code inspections tracked to closure? Is test progress tracked for each deliverable software unit/component? Data management and analysis Has a managed and controlled process database been established to process metrics data across all projects? Are the review data gathered during software reviews analysed? Is the error data from code inspections and tests analysed to determine the likely distribution and characteristics of the remaining errors in the product? Are analyses of errors conducted to determine their process related causes?
Page 21 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 6.5 6.6

Audit Element

PC

NC

N/A

Remarks

6.7

7. 7.1

7.2

7.3

7.4

7.5

7.6

7.7

7.8

7.9

7.10 7.11

7.12

7.13

Is a mechanism used for error cause analysis? Are the error causes reviewed to determine the process changes required to prevent them? Is a mechanism used for initiating error prevention action? Process control Does management have a mechanism for the regular review of the status of software development projects? Is a mechanism used for periodically assessing the software engineering process and implementing improvements? Is a mechanism used for identifying and resolving system engineering issues that could affect software? Is a mechanism used for regular technical interchanges with the customer? Is a mechanism used for ensuring compliance with the software engineering standards? Is a mechanism used for ensuring traceability between the software requirements and top-level design? Is a mechanism used for controlling changes to the software requirements? Is configuration management implemented? (Baselines, Identification, Libraries, Release and version control) Is a mechanism used for ensuring traceability between the software top-level and detailed designs? Are internal software design reviews conducted? Is a mechanism used for controlling changes to the software design? Is a mechanism used for ensuring traceability between the software detailed design and code units / components? Is a mechanism used for ensuring traceability between
Page 22 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

7.14 7.15

7.16

7.17

7.18

7.19

7.20 7.21

7.22

7.23 7.24 7.25

8. 8.1

8.2

8.3 8.4

the software detailed design and code units/components? Are software code reviews conducted? Is a mechanism used for controlling changes to the code? (Who can make changes and under which circumstances?) Is a mechanism used for configuration management of the software tools used in the development process? Is a mechanism used for verifying that the samples examined by Software Product Assurance are truly representative of the work performed? Is there a mechanism for assuring that regression testing is routinely performed? Is there a mechanism for assuring the adequacy of regression testing? Are formal test case reviews conducted? Do the company's procedures describe tasks and responsibilities for different test types? Is module (integration, system) level testing covered by these procedures? Are test coverage measurements defined? Is there an approach for formal qualification testing? Are nonconformances properly documented, including dispositions and retesting? Tools and Technology Is automated configuration control and track change activity throughout the software development process? Are computer tools used to assist in tracing software requirements to software design? Are design methodologies used in program design? Are computer tools used to assist in tracing the software design to the code?
Page 23 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 8.5 8.6

Audit Element

PC

NC

N/A

Remarks

8.7

8.8

8.9

8.10

8.11

8.12

8.13 8.14

8.15

8.16 9. 9.1 9.2

9.3

9.4

Which languages are used in software developments? What is the percentage of software developments implemented in high-order language? What is the percentage of software developments implemented in assembler language? Are automated test input data generators used for testing? Are computer tools used to measure test coverage? (tool for dynamic analyses) Are computer tools used to track every required function and assure that it is tested/verified? Are automated tools used to analyse the size and change activity in software components? Are automated tools used to analyse software complexity? (tools for static analyses) Are interactive source-level debuggers used? Are computer tools used for tracking and reporting the status of the software in the software development library? Are prototyping methods used in designing the critical elements of the man-machine interface? Which other SDE tools are currently used? Procurement of COTS Is there a procedure for COTS procurement? Is the supplier's capability or ensuring COTS maintenance taken into account when procuring software? Are licensing arrangements taken into consideration when procuring software What is the documentation policy for procured COTS to be used together with company's developed software?
Page 24 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. VI. 1. 1.1

Audit Element

PC

NC

N/A

Remarks

1.2

1.3

2. 2.1

2.2

3. 3.1

4. 4.1

4.2 4.3

5. 5.1

Configuration Management Organisation Is a configuration Manager the single-point contact for all matters relating to CM? Is there a clear statement of responsibilities and authority for the CM function? Is the organisational placement of CM at appropriate level? Subcontractor's CM Do procedures provide for the application of CM requirements to subcontractors? Does the change control system provide for input of subcontractor-initiated changes, processing and change authorisation? Function of CM office Does the CMO perform the following functions: a. Preparation and maintenance of CM procedures and plans? b. Release authority for engineering documents? c. Operation of the CCB? d. Support to design reviews? e. Processing and release of changes and waivers? Configuration identification Is the concept of Configuration Item used and implemented? (CI-specification-drawing list-design reviews-qualification) Are criteria for selection of CIs provided? Do procedures establish a standard identification system for drawings, specifications, hardware and S/W? Configuration data management Do procedures or manual provide instructions for
Page 25 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

5.2

5.3

5.4

5.5

5.6

5.7

5.8

5.9

5.10

5.11

5.12

6. 6.1

6.2

format and content of drawings and specifications? Do procedures or manuals establish methods for amendments and revisions to specifications and drawings? Is the CMO function responsible for identification numbers assignment? Are end-item serial numbers provided by CMO for configuration and change traceability? Are there prescribed procedures for release of configuration documentation that provide, as a minimum, establishment of records and impound of originals? Is there a defined approval procedure for configuration documentation prior to release? Is release of configuration documentation by the applicable release system required prior to manufacture or procurement? Do procedures provide for release of software documentation? Is the S/W Library used as the release function and is there an established procedure for its operation? Does the impound system provide adequate security to prevent unauthorised changes and provide disaster protection? Do procedures provide for a S/W repository for permanent retention of delivered software? Is CM applied to CAD/CAM software and software tools? Configuration Control Are there procedures for application of baseline identification and control? Are baselines established at system, subsystem and
Page 26 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No.

Audit Element

PC

NC

N/A

Remarks

7. 7.1

7.2

7.3

7.4

7.5 8. 8.1

8.2

8.3

8.4

8.5

8.6

8.7

8.8

8.9 9.

equipment level? Configuration Control Board Does the system provide for a CCB with membership that will ensure a comprehensive impact analysis? Is a Software CCB provided with appropriate membership to evaluate and disposition S/W changes? Are clearly defined interfaces between the system CCB and S/W CCB hardware/software changes? Is the CCB in charge of reviewing and controlling the design baselines? Are CCB Directives issued? Change Evaluation Does the system provide for impact analysis prior to approval/disapproval? Does change impact analysis include all aspects of engineering, manufacturing, logistics costs, schedule? Are changes and implementation documents marked with the class? Are changes and waivers submitted to the approval authority established by the contract, before implementation? Are changes and waivers released by the same release system used for initial drawing and specification release? Is the interchangeability status marked on the changes? Is there a procedure for the re-identification of noninterchangeable items? Does the system provide for the preparation and presentation of waiver? Are waivers processed through the customer's CCB? Configuration Status Accounting
Page 27 of 28

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Item No. 9.1

Audit Element

PC

NC

N/A

Remarks

9.2

9.3

9.4

Does the CM system provide for the documentation of the 'as-designed' standard by means of a CIDL (Configuration Item Data List)? Do procedures prescribe the function responsible for CIDL inputs? Does the CIDL contain as a minimum the list of released: a. Drawings? b. Specification? c. Test procedures? d. EEE parts list? e. Material list? f. Processes list? Does the system provide for the preparation of 'as-built' lists and establish the responsibility for preparation and data input?

C = Compliant PC = Partial Compliant

NC = Not Compliant N/A = Not Applicable

Page 28 of 28