bannera

Book A.
Introduction

Book B.
7150 Requirements Guidance

Book C.
Topics

Tools,
References, & Terms

SPAN
(NASA Only)

SWE-126 - Waiver and Deviation Considerations

1. Requirements

6.3.3 The Engineering Technical Authority(s) for this NPR shall consider the following information when assessing waivers and deviations from requirements in this NPR:
a.    The NASA software inventory data on the project.
b.    The classification of systems and subsystems containing software, as defined in Appendix E.
c.    Applicable Center-level software directives that meet the intent of this NPR.
d.    Applicable contractor and subcontractor software policies and procedures that meet the intent of this NPR.
e.    Potential impacts to NASA missions.
f.     Potential impacts to health, medical concerns, or safety.

1.1 Notes

NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.

1.2 Applicability Across Classes

This requirement applies to all classes and safety criticalities.

Class

  A_SC 

A_NSC

  B_SC 

B_NSC

  C_SC 

C_NSC

  D_SC 

D_NSC

  E_SC 

E_NSC

     F      

     G      

     H      

Applicable?

   

   

   

   

   

   

   

   

   

   

   

   

   

Key:    A_SC = Class A Software, Safety-Critical | A_NSC = Class A Software, Not Safety-Critical | ... | - Applicable | - Not Applicable
X - Applicable with details, read above for more | P(C) - P(Center), follow center requirements or procedures

2. Rationale

NPR 7150.2 contains the basic set of requirements for software developed by or for the agency.  Any request for a "deviation" (documented authorization releasing a program or project from meeting a requirement before the requirement is put under configuration control at the level the requirement will be implemented) or a "waiver" (documented authorization intentionally releasing a program or project from meeting a requirement after the requirement is put under configuration control at the level the requirement will be implemented) from a particular requirement is made to the appropriate level and type of  Technical Authority (TA) as listed in Appendix D in NPR 7150.2.  When assessing the requests, the designated TA considers a number of relevant factors in deliberation.  It is not uncommon for a waiver/deviation to require approval from TAs from two different organizations, e.g., Engineering TA (ETA) as well as Safety & Mission Assurance TA. The factors listed in parts a - f of this requirement support a responsible evaluation of the waiver/deviation request.

3. Guidance

General directions for preparing "deviation" and "waiver" requests can be found in NPR 7120.5 and on the NASA Engineering Network (NEN) Requirements and Technical Authorities web page 262. Direction specific to software is provided in Chapter 6 of NPR 7150.2.

If the project or software lead engineer submits a deviation or waiver request against any of the NPR requirements, the following items are among those considered by the ETA when assessing the deviation or waiver request.

  • The Headquarters' OCE's NASA Software Inventory 330: Access to this inventory, which is controlled, needs to be coordinated through Center software representatives and/or the Office of the Chief Engineer. This document lists all software currently under development for the NPR 7150.2, Appendix E, classes A through E. The OCE is responsible for generating and maintaining this listing. The software inventory typically has information on the software in development, whether it is safety critical, what is the expected size in KSLOCs (thousand source lines of code), whether it is using NASA Independent Verification and Validation (IV&V) Facility services, the software classification, dates of major milestone reviews, the percentage of software that will be newly developed, and how much software quality assurance effort is dedicated to the project. These are just a few of the items that are useful as background when considering approval/disapproval of a waiver.  The software inventory for classes F through H is generated and maintained by the Headquarters Chief Information Officer (CIO); access to this inventory is controlled and may need to be coordinated through Center or Headquarters  CIO (Chief Information Officer)  representatives. In some instances, Centers maintain a more detailed local software inventory with additional information. In these cases, it is recommended to get a copy of the local record for the project as well.
  • Classification of systems and subsystems:  Appendix E of NPR 7150.2 gives definitions and examples of systems that typically have the listed software classification.  Relief from requirements for higher level software classes (A and B) or with safety critical aspects are evaluated with increased rigor. Additional classifications, such as human-rated systems and payload classifications, also imply the degree to which a waiver/deviation would be acceptable. The TA also checks to ensure correct classification of the system, subsystem, and software, as requirements can vary significantly across classifications.  Consideration is given to the software classification associated with these systems or subsystems to assure the level of risk accepted by granting the waiver or deviation is consistent with the overall importance of the system under development.
  • Applicable Center directives: A review of these directives in the context of the waiver/deviation request would reveal any that may support or be in conflict with the request. In many instances, Centers augment NASA-wide procedural requirements with local direction and specific practices. The project's use of a local engineering practice may partially mitigate the risk inherent in a waived NASA-wide requirement.
  • Applicable OTS (see SWE-027) or contractor-developed software: Approval of a deviation or waiver for OTS (off the shelf) software, while at times necessary, carries the risk of the OTS software impacting the proper functioning of the system.  Contractor-developed software is primarily subject to the contract clauses and requirements levied on the contractor by the procurement activity.  Deviation and waiver evaluations must weigh the impacts to the contract against the benefits from the approved request.
  • NASA missions: Consideration is given to how waiving this requirement could impact this mission as well as subsequent missions. It is not uncommon for software to be reused on future missions or to evolve to a more critical role on the current mission.  A relevant factor is that waivers and deviations are not granted on a permanent basis, because software developed under waivers and/or deviations can negatively impact its reuse.
  • Potential impact to health, medical concerns, or safety:  These factors directly affect the risk consideration in evaluating a waiver/deviation request. When these factors are relevant, it is very likely that involvement of the Safety TA and/or the Health and Medical TA will be necessary. It is not uncommon for a waiver/deviation request to come up through one TA chain but not another. When this occurs, it is the ETA's responsibility to coordinate with counterparts.

The ETA who is assessing the deviation or waiver request also considers the interactions between the impacts determined above and those found by others considering the following areas:

  • Impacts to health and safety, e.g., medical TA.
  • Results of FMEAs (Failure Mode Effects Analysis)
  • Findings in Hazard Reports.
  • Other risk evaluations, e.g., SMA (Safety and Mission Assurance) TA (Technical Authority))
  • Overall considerations for mission success.

The ETA's (Engineering Technical Authority) considerations include the interests of systems stakeholders, support organization functions, and other interested parties.

Information and results for deviation and waiver request activities are recorded and tracked in the project's configuration management system. Information on configuration management systems is available throughout the NASA literature. This documentation typically includes request procedures (see SWE-113), configuration control techniques, general instructions for evaluating impacts, and guidelines for completing the necessary forms. Project development activities typically draw upon these resources to develop project-specific documentation. The request packages are typically processed through management chains, through project control boards, and to higher administrative and management levels, e.g., the Headquarters' OCE, when appropriate.

Additional guidance on deviations and waivers related to contracts may be found in the following related topic in this Handbook: 7.04 - Flowdown of NPR Requirements on Contracts and to Other Centers in Multi-Center Projects.

4. Small Projects

This requirement applies to all projects regardless of size.

When small projects need to reduce the set of applicable software requirements due to constraints, the designated Center Software Technical Authority is to be consulted. Waivers and Deviations against NASA requirements are broadly covered in NPR 7120.5 082, section3.3, and specifically covered for software in Chapter 6 of NPR 7150.2 (with associated guidance in this Handbook). NASA Chief Engineer’s specific direction on waivers and Technical Authority is located on the NASA Engineering Network (NEN). 262 NODIS maintains a web page 406   for the posting of approved waivers for general reference.

5. Resources

5.1 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN).

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

6. Lessons Learned

Columbia Accident Investigation Board, Report Vol 1, Aug 2003, Recommendation R7.5-1: "Establish an independent Technical Engineering Authority that is responsible for technical requirements and all waivers to them, and will build a disciplined, systematic approach to identifying, analyzing, and controlling hazards throughout the life of the Shuttle System." 144