5.1.1.1 The Software Development or Management Plan shall contain: (SWE-102) a. Project organizational structure showing authority and responsibility of each organizational unit, including external organizations (e.g., Safety and Mission Assurance, Independent Verification and Validation (IV&V), Technical Authority, NASA Engineering and Safety Center, NASA Safety Center). Verification includes: a. Identification of selected software verification methods and criteria across the life cycle (e.g., software peer review/inspections procedures, re-review/inspection criteria, testing procedures). Validation includes: a. Identification of selected software validation methods and criteria across the life cycle (e.g., prototyping, user groups, simulation, analysis, acceptance testing, perational demonstrations). Classes C through E and Safety Critical are labeled with "P (Center) + SO." This means that this requirement applies to the safety-critical aspects of the software and that an approved Center-defined process that meets a non-empty subset of the full requirement can be used to achieve this requirement. Class C and Not Safety Critical, Class D and Not Safety Critical, and Class G are labeled with "P (Center)." This means that an approved Center-defined process that meets a non-empty subset of the full requirement can be used to achieve this requirement. Class F is labeled "X (not OTS)." This means that this requirement does not apply to off-the-shelf software for this class. Class A_SC A_NSC B_SC B_NSC C_SC C_NSC D_SC D_NSC E_SC E_NSC F G H Applicable? X P(C) X P(C) X X P(C) Key: A_SC = Class A Software, Safety-Critical | A_NSC = Class A Software, Not Safety-Critical | ... | - Applicable | - Not Applicable Software development requires thought and planning before implementation. It is important to document, review, and approve the activities, tools, responsibilities, and other tasks needed to develop software before beginning the work. Planning helps the team consider and put in place those elements needed to efficiently produce the software in the allotted time frame and within the allotted budget. The plan also provides a basis for monitoring the project's adherence to these processes. Planning allows others within the project and external to the project to evaluate, integrate, and critique the proposed approach, and the resulting plan helps new members of the software team get up to speed when joining the project. Planning also allows a current project to consider lessons learned from previous projects to avoid previously experienced difficulties. NPR 7150.2, section 5.1.1, states: "The Software Development or Management Plan provides insight into, and a tool for monitoring, the processes to be followed for software development, the methods to be used, the approach to be followed for each activity, and project schedules, organization, and resources. This plan details the system software, project documentation, project schedules, resources requirements and constraints, and general and detailed software development activities." Begin writing the plan as soon as any information about the project definition and scope becomes available. Complete the plan by the end of the requirements analysis phase, except for information available only at later phases, e.g., the build plan is typically inserted during the design phase. If items in the Software Development or Management Plan (SDP or SMP) are missing for any reason, the manager indicates who will supply the information and when it will be supplied. 031 It is important to keep the plan up to date throughout the project life cycle. Refer to 7.08 - Maturity of Life Cycle Products at Milestone Reviews for expected plan maturity and updates at various life-cycle milestones. The following roles may be involved in creating the SDP/SMP: If other plans, such as the Software Configuration Management Plan are incorporated into the SDP/SMP, additional roles may be involved in authoring the SDP/SMP. The content of the SDP/SMP listed in NPR 7150.2 is the required minimum content; additional content may be included as appropriate for the project. This content may be entirely captured in the SDP/SMP, or it may be captured in the SDP/SMP and some number of other plans. When other plans capture any of the required SDP/SMP content, reference those plans in the SDP/SMP. When developing an SDP/SMP, consider the following guidance for each of the minimum required elements of the plan: Project organizational structure Safety criticality and classification of each of the systems and subsystems containing software Tailoring compliance matrix The matrix is reviewed and approved by the appropriate Engineering Technical Authority or Center-designated authority for review of tailoring. Engineering environment (for development, operation, or maintenance, as applicable) Work breakdown structure (WBS) of the life-cycle processes and activities If appropriate or desired, a complete schedule and a staffing plan may be provided in their own sections of the SDP/SMP or in separate documents with references included in the SDP/SMP. Management of the quality characteristics of the software products or services Management of safety, security, privacy, and other critical requirements of the software products or services See the Security Policy section below for additional, related information. Subcontractor management Involvement between the subcontractor and acquirer includes but is not limited to any or all of the following: See 7.03 - Acquisition Guidance and SWE-039 through SWE-048 for additional information on subcontractor management tasks and interactions between the subcontractor (provider) and acquirer, particularly those that need to be included in contracts and which need to be managed once the contract has been awarded. Verification and validation Verification and validation planning results in the tasks to be performed; the resources needed; as well as the specification of techniques, methods and procedures, as well as automated tools to be used to carry out these tasks. 057 Acquirer involvement User involvement Risk management Security policy Approval required Process for scheduling, tracking, and reporting Training of personnel Refer to the Center Training Plan for opportunities that may meet some of the project's training needs (see SWE-101 or SWE-107). Software life-cycle model Configuration management Software documentation tree Software peer review/inspection process of software work products Process for early identification of testing requirements that drive software design decisions Describe any test requirements that drive or require early builds/deliveries to conduct tests on other system components. For example, an early software build is often required to enable early testing of some hardware capabilities. Software metrics Content of software documentation to be developed on the project *Management, development, and testing approach for COTS, GOTS, MOTS, reused, open-source software component(s) that are included within a NASA system or subsystem* Guidance for SWE-027 in this Handbook also describes special considerations relative to these types of software and their inclusion in NASA projects. Include plans for dealing with these challenges and considerations in the SDP/SMP, or include references to the project documents that address them. Other possible content Plan updates Topic 7.08 - Maturity of Life Cycle Products at Milestone Reviews provides guidance for the maturity of plans, including the SDP/SMP, at various life-cycle reviews. Consult Center Process Asset Libraries (PALs) for Center-specific guidance and resources related to software plans, including templates and examples for the SDP/SMP. Additional guidance related to software plans may be found in the following related requirement in this Handbook: Software Plans SDPs/SMPs are required for every project, because they provide the overall view of the development and management effort. However, plans are written to a level of detail appropriate for and commensurate with the size, complexity, risk, and required safety of the software. Small projects may wish to work with the Engineering Technical Authority to tailor an existing SDP/SMP specifically for small projects. Tailoring a proven plan from a similar project can reduce the overall plan development effort. Another option for small projects is to use one generic SDP/SMP to cover several small projects if they are managed in a similar fashion. When writing the SDP/SMP, small projects may choose to incorporate other plans, such as the software assurance plan or the configuration management plan, in the SDP/SMP. This means that project roles responsible for those plans may be part of the group authoring of the SDP/SMP. Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider. The NASA Lesson Learned database contains the following lessons learned related to elements of SDPs/SMPs:
See edit history of this section
Post feedback on this section
1. Requirements
b. The safety criticality and classification of each of the systems and subsystems containing software.
c. Tailoring compliance matrix for approval by the designated Engineering Technical Authority, if the project has any waivers or deviations to this NPR (NASA Procedural Requirement).
d. Engineering environment (for development, operation, or maintenance, as applicable), including test environment, library, equipment, facilities, standards, procedures, and tools.
e. Work breakdown structure of the life cycle processes and activities, including the software products, software services, non-deliverable items to be performed, budgets, staffing, acquisition approach, physical resources, software size, and schedules associated with the tasks.
f. Management of the quality characteristics of the software products or services.
g. Management of safety, security, privacy, and other critical requirements of the software products or services.
h. Subcontractor management, including subcontractor selection and involvement between the subcontractor and the acquirer, if any.
i. Verification and validation.
j. Acquirer involvement.
k. User involvement.
l. Risk management.
m. Security policy.
n. Approval required by such means as regulations, required certifications, proprietary, usage, ownership, warranty, and licensing rights.
o. Process for scheduling, tracking, and reporting.
p. Training of personnel, including project unique software training needs.
q. Software life-cycle model, including description of software integration and hardware/software integration processes, software delivery, and maintenance.
r. Configuration management.
s. Software documentation tree.
t. Software peer review/inspection process of software work products.
u. Process for early identification of testing requirements that drive software design decisions (e.g., special system level timing requirements/checkpoint restart).
v. Software metrics.
w. Content of software documentation to be developed on the project.
x. Management, development, and testing approach for handling any commercial-off-the-shelf (COTS), government-off-the-shelf (GOTS), modified-off-the-shelf (MOTS), reused, or open source software component(s) that are included within a NASA system or subsystem.1.1 Notes
b. Identification of selected work products to be verified.
c. Description of software verification environments that are to be established for the project (e.g., software testing environment, system testing environment, regression testing environment).
d. Identification of where actual software verification records and analysis of the results will be documented (e.g., test records, software peer review/inspection records) and where software verification corrective action will be documented.
b. Identification of selected work products to be validated.
c. Description of software validation environments that are to be established for the project (e.g., simulators for operational environment).
d. Identification of where actual software validation records and analysis of the results will be documented (e.g., user group records, prototyping records, and acceptance testing records) and where software validation corrective action will be documented.1.2 Applicability Across Classes
X - Applicable with details, read above for more | P(C) - P(Center), follow center requirements or procedures2. Rationale
3. Guidance
Describe in text, graphics, or both the authority and responsibility of each unit of the organization having a role in the development of the software. Include both internal and external organizations relevant to the software development effort:
Capture the results of software classification (SWE-020) and safety-criticality (SWE-133) determination of the project systems and subsystems containing software. This information may change as the project proceeds through its life cycle, and the team is responsible for keeping this part of the SDP/SMP current with those changes.
The tailoring compliance matrix shows how the project will comply with NPR 7150.2 (see SWE-125). If the project has any waivers or deviations to NPR 7150.2, include a table showing the NPR 7150.2 requirements the project plans to meet, those waived by the project, and those from which the project plans to deviate. For waivers and deviations, follow the appropriate approval processes, and record in the table those waivers and deviations approved for the project. Until those approvals are received, the table represents the planned compliance for the project.
Describe "the methods, tools, and techniques to be used to specify, design, build, test, integrate, document, deliver, modify, and maintain the software products". 057
Include information such as:
The WBS describes the work activities and the relationships (order, dependencies, etc.) among those activities. Decompose the WBS to a level that allows "accurate estimation of resource requirements and schedule duration for each work activity." 057
Include in the WBS the software products and non-deliverable items to be created; the software services to be performed; budgets, staffing, acquisition approach, physical resources, software size, and schedules associated with the tasks.
Describe how the quality characteristics, e.g., availability, reliability, usability, maintainability, portability, performance, correctness, of the software products and services will be managed for the software development life cycle. Include the processes for measuring, tracking, reporting, and determining if the software meets the required levels of these characteristics, as specified in the software requirements. If addressed in a separate document, reference that plan in the SDP/SMP.
Describe how the safety, security, privacy, and other critical requirements of the software products and services will be managed for the software development life cycle, including information security, controlled data access, and other information management aspects of the software functionality. If addressed in a separate software assurance plan, reference that plan in the SDP/SMP. Possible items to include are:
Describe subcontractor selection and involvement between the subcontractor and the acquirer, if any. If subcontractor selection, including the process, personnel, and criteria used, is described in a procurement plan, reference that document here.
Describe the planned activities for verification (see SWE-028) and validation (see SWE-029) or provide an introduction/overview and reference the appropriate documentation, e.g., verification and validation plan, test plan, where those process and activity descriptions are captured.
Describe how the acquirer will be involved in any software development performed by an organization external to the acquirer, e.g., another NASA organization, subcontractor, including activities such as but not limited to:
Include in this section any access to facilities needed by the acquirer for their involvement in the software life cycle. 224
Describe how the user will be involved in the software life cycle, including activities such as requirements development, prototype demonstrations, and software evaluations. 224 Items to consider capturing include scheduling, level of participation, expected inputs, expected results, and/or which specific user groups will be involved in each activity. Additionally, capture any expected or planned items to be supplied by the user, such as operational scenarios, a piece of software, a test facility, or a piece of hardware into which the software will be integrated.
Describe how risk management will be performed on this software project, or reference a separate risk management plan (see SWE-086). The risk management plan addresses initial risks and mitigation approaches for them, 453 as well as the plan for identifying and mitigating new risks as the software development progresses. Risk management also includes the risk strategy, such as the criteria or process by which risks get raised to the mission level or determining which risks need mitigation plans.
Describe "the rules for need-to-know and access-to-information at each project organization level." 224 Include the processes for ensuring the control and protection of the software being developed, associated support tools, and data. 145 Include the plans for physical security of facilities. As applicable, include compliance with NPD 2810.1 402 and with NPR 2810.1
403.
Describe approvals required by the project for acceptance, operation, and maintenance activities, including regulatory approvals, required certifications, proprietary, usage, ownership, warranty, and licensing rights.
Describe how task scheduling, progress tracking, and reporting will be performed for this project. Include information such as:
Describe the plans for training software personnel, including project-unique software training needs such as mission-specific training or training for knowledge, skills, and tools used only on this project. The training plan may be included in the SDP/SMP or in a separate plan. When developing the training plan, be sure to address:
Provide a description of the planned life-cycle model chosen for the project (see SWE-019), making sure to address:
Describe how configuration management will be performed for the software, or reference a separate Software Configuration Management Plan (see SWE-079 and SWE-103 for minimum content). The Software Configuration Management Plan includes information such as:
Describe the documents to be created as part of the project, the relationships among those documents, and the role or organization responsible for each document. The documentation tree may be graphical, e.g., a chart or tree diagram, textual, or both to convey the relationships and document descriptions in the best manner possible to those who will need to understand it.
Describe or provide an overview of the peer review and/or inspection process to be used for products created as part of the software development life cycle, e.g., plans, requirements, design, code. Specify which types of products will be reviewed, and if all code will not be reviewed, specify how code to be inspected is determined. Reference the appropriate project peer review/inspection processes and procedures (see SWE-087, SWE-088, SWE-089, and SWE-137). If the peer review/inspection process is documented in a separate document(s), provide an overview followed by a reference to the appropriate document(s).
Describe how testing requirements that drive design decisions, e.g., special system-level timing requirements/checkpoint restart, will be identified and captured in the earliest phases of the life cycle, before costly design decisions are made that will need to be altered or replaced to accommodate testing requirements.
Describe or provide an overview of the planned software measures to be collected, analyzed, and the metrics to be used for tracking and reporting progress, improving processes, identifying issues, and other purposes. Include collection and analysis procedures for the project. Define the project objectives for collecting the measures. Include references for any project processes and procedures that further describe or provide details for software metrics collection and processing (see SWE-091). Include, for each identified measure and metric:
Provide content lists for the documents to be created as part of the project or a list of templates or standards governing and describing that content. NPR 7150.2, Chapter 5, provides content lists for several software documents; guidance to accompany those content lists may be found in the Book B, Chapter 5 section of this Handbook. The content lists need not be incorporated in the SDP/SMP; they may be included by reference.
Describe or reference processes specific to development, management, and testing of COTS, GOTS, MOTS, reused, or open-source software for this project. By their nature, these types of software present challenges because access may be limited to requirements, design, and testing documentation. Additionally, software stability, access and inclusion of updates and upgrades, and access to persons with critical knowledge of the software can present challenges not found in new software development.
Other information that might be included, or referenced if captured elsewhere, in a SDP/SMP includes but is not limited to:
Review at regular intervals, revise, and update the SDP/SMP to keep its content current "following significant changes in customer-specified requirements, budget, schedule, or other constraints. ... Criteria that often trigger re-planning include:4. Small Projects
5. Resources
5.1 Tools
6. Lessons Learned
SWE-102 - SW Development-Management Plan
Web Resources
View this section on the websiteUnknown macro: {page-info}