This requirement is not intended to force joint audits, but when audits occur, the project needs to be made aware of and participate at some level in those audits, whether they are internal audits, contractor audits, external audits by an independent organization, or any other type of internal or external audit. Project participation can benefit the audit by providing domain knowledge, planning assistance, and technical expertise to the audit team.
This requirement was written to require projects to participate in audits that include any or all of the software portion of a project. The project's participation can take many forms, including, but not limited to, simply keeping abreast of the audit's progress as well as participating as an observer in the actual audit.
If these audits involve a software supplier, requirements to allow acquirer project personnel to participate, as described above, need to be incorporated into the contract because the contract is the binding document for contractor performance and deliverables. "The supplier shall conduct or support ... informal meetings, acceptance review, acceptance testing, joint reviews, and audits with the acquirer as specified in the contract and project plans." Therefore, this NPR 7150.2 requirement needs to be considered during the earliest phases of a project when the Request for Proposals (RFP), the Statement of Work (SOW), and the contract are being developed.
It is the responsibility of the project to make available appropriately prepared and qualified project personnel to participate or support audits as needed to fulfill the project's chosen level of involvement, including software assurance personnel described in the project's software assurance plan (see NASA-STD-8739.8, Software Assurance Standard, for software assurance involvement in audits).
Consult Center Process Asset Libraries (PALs) for Center-specific guidance related to joint audits, particularly Project Monitoring and Control (PMC) documentation.
See the Topic 7.3 - Acquisition Guidance in this Handbook for additional guidance. Additionally, guidance related to joint audits may be found in the following related requirements in this handbook: