1、Lessons Learned Entry: 1022Lesson Info:a71 Lesson Number: 1022a71 Lesson Date: 1997-02-01a71 Submitting Organization: HQa71 Submitted by: David M. LengyelSubject: Computer Software/Software Safety Policy Requirements/Potential Inadequacies Description of Driving Event: Potential Inadequacy of NASA A
2、gencywide Software Safety Policy RequirementsLesson(s) Learned: NASA has put considerable effort into the reorganization of its software activities and has made significant progress. It does not yet, however, have a comprehensive, clear set of roles and responsibilities for various groups within the
3、 Agency with respect to software development, safety, V&V, and software process development.Recommendation(s): NASA should ensure that there is a clear, universally well-understood, widely promulgated, and enforced NASA Policy Directive on the roles and responsibilities of its various organizations
4、vis-vis software development and safety. Moreover, that Policy Directive should specify organizational roles and responsibilities solely on the basis of technical and administrative capability.Evidence of Recurrence Control Effectiveness: NASA agrees with the recommendation. The July 1996 (draft) pr
5、ogram plan for the Fairmont (IV&V) Facility is the contract between Code Q and the Facility and will be updated for future funding and delegation of the software assurance program. NASA concurs that the draft plan now contains ambiguities but will be clarified in the next update.The IV&V Facilitys r
6、eporting structure will be finalized in the upcoming proposed Ames Research Center reorganization. It is anticipated that the IV&V Facility will be moved from under the Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-direction of Code I at Ames and i
7、nstalled as the equivalent of a Directorate in the new ARC organization.The IV&V Facility Business Plan currently defines the roles and responsibilities of the IV&V Facility. NASA Headquarters will establish and document at the policy level the roles in the Agency for all software, including embedde
8、d and flight system software. The policies document will explain how the roles and responsibilities of the Agencywide software efforts mentioned in the finding (e.g., CIO, COE-IT, IV&V Facility) fit together in a synergistic manner within the Agency.The new NPD 2820 will define Agency policy for pro
9、gram/project utilization of the IV&V Facility. The Chief Information Officer, the Chief Engineers Office, the Office of Safety and Mission Assurance, and the Software Working Group will be responsible for increasing Agency awareness of all the software-related resources, policies, and existing stand
10、ards. The newly implemented Code Q process verification activity will validate Agency project managers awareness of software assurance policy and procedures for compliance in software development efforts.Documents Related to Lesson: N/AMission Directorate(s): a71 Exploration Systemsa71 Aeronautics R
11、esearchAdditional Key Phrase(s): a71 Aerospace Safety Advisory Panela71 Computersa71 Policy & Planninga71 Research & Developmenta71 Safety & Mission Assurancea71 Softwarea71 Test & VerificationAdditional Info: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Approval Info: a71 Approval Date: 2001-11-20a71 Approval Name: Bill Loewya71 Approval Organization: QSa71 Approval Phone Number: 202-358-0528Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
