Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Tony Coletta – Qual. I.T. ConsultingHead of Italian delegation to ISO/IEC JTC1 SC7email:[email protected]
Automotive SPIN Italy – 2° workshop on Automotive SoftwareMilan (Italy) – 11 Oct. 2007
Software StandardsState of the Art
Software Standards – State of the Art Slide 2DNV ITGS 2007©
AgendaOverview of SC7 and its standards
Brief history of ISO/IEC 15504 and Automotive SPICE
Current developments in systems and software engineering standards
Software Standards – State of the Art Slide 3DNV ITGS 2007©
ISO/IEC JTC1 SC7 – System and Software Engineering (structure)
Software Standards – State of the Art Slide 4DNV ITGS 2007©
Process Implementation
and Assessment
12207
15271
90003
15504Process
Assessment
Software Engineering
15288
19760
Systems Engineering
65929294
1591018019
Documentation
15939Measurement
SC7’s legacy
353514759
1608515026
Risk & Integrity
19770Asset
Management
14764Software
maintenance
16326Project
Management
SoftwareQuality
91261459814756
Product Characteristics
Product packaging
9127
Product Evaluation
25051
SoftwareFunctional sizemeasurement
1414319761209262096824570
15289
Tools, Methods14102144711594018018Tools and
environment
5806 – 5807 – 6593 8631 – 8790 – 11411
SC7 Legacy Standards
10746, 1323514750, 1475214753, 1476914771, 1541415935, 19500
Specifications
Documentation
Vocabulary
24765
Software Body of
Knowledge(SWEBOK)
19759
Foundation
14568154741547515476
CDIF
1543715909195018807Modeling
Overview of the SC 7 collection
of standards
20000IT Service
Management
24748
Life Cycle Management
42010TBD
Architecture & Requirements
Engineering
24783
26702
SoftwareQuality
SQuaRe250xxSeries
Quality System
9001
Gov.Study Group
Governance
Life Cycle
Assessment and Certification
Software Standards – State of the Art Slide 5DNV ITGS 2007©
Software Life Cycle Processes from ISO/IEC 12207
Acquisition
Supply
DevelopmentOperation
Maintenance
Management Infrastructure
Documentation
Configuration Management
Problem Resolution
PRIMARY PROCESSESPRIMARY PROCESSES SUPPORTING PROCESSESSUPPORTING PROCESSES
ORGANISATIONAL PROCESSESORGANISATIONAL PROCESSES
Quality AssuranceVerificationValidation
Joint ReviewAudit
Improvement Training
Qua
lity
Man
agem
.
Acquisition
Supply
DevelopmentOperation
Maintenance
Management Infrastructure
Documentation
Configuration Management
Problem Resolution
PRIMARY PROCESSESPRIMARY PROCESSES SUPPORTING PROCESSESSUPPORTING PROCESSES
ORGANISATIONAL PROCESSESORGANISATIONAL PROCESSES
Quality AssuranceVerificationValidation
Joint ReviewAudit
Improvement Training
Qua
lity
Man
agem
.
1995
Conformity standard
Specifies mandatory requirements to be met on order to declare conformity
Software Standards – State of the Art Slide 6DNV ITGS 2007©
Example of 12207 conformity requirementsActivity within
Development process
Software Standards – State of the Art Slide 7DNV ITGS 2007©
ISO/IEC TR 15504 – Process Assessment
Focus on process objectives (what to achieve not how) and process management (measured as process capability)
Capability Level 1 achievement means (somehow) achieving purpose and outcomes
From level 2 to level 5 – increasing level of process management effectiveness
Embedded process reference model (TR part 2) with definition of “Purpose” and “Outcomes”
Strongly related to ISO/IEC 12007 processes but with some differences
Recognition of management features common to all process (capability levels and attributes)
ISO/IEC 12207 is a mixture of levels for the different processes
Exemplar Process Assessment Model (TR part 5) provided indicators to determine level of capability during assessment
1998
Software Standards – State of the Art Slide 8DNV ITGS 2007©
ISO/IEC TR 15504 Capability Levels for processes
Optimising
Predictable
Established
Managed
Performed
Incomplete
Process Capability Levels
P1 P2
0
1
2
3
4
5
Pn
Processes assessed
1998
Software Standards – State of the Art Slide 9DNV ITGS 2007©
Issues
Standard users confused about different models for software lifecycle processes
Lack of harmonization between 12207 and 15504
After 3 year trial of 15504 TR decision to revise and publish as IS
Agreement between WG7 (12207) and WG 10 (15504) on harmonizationapproach:
- Amendments (AMD1 and AMD2) to 12207 to include a Process Reference Model (PRM) with “purpose” and “outcomes” suitable for use with 15504
- 15504-2 removes embedded PRM and defines requirements for “external” PRMs and PAMs
- 15504-5 provides an exemplar Process Assessment Model (PAM) based on 12207 PRM (AMD1)
Debate on who should define/approve PRMs/PAMs:- Only ISO/IEC (eg. 12207 AMD) vs open market approach (eg. Automotive SPICE)- OK for open market but need to demonstrate and document consensus by a user
community
2001
Software Standards – State of the Art Slide 10DNV ITGS 2007©
Process Reference Model – 12207 AMD1
PRIMARY PROCESSESPRIMARY PROCESSES SUPPORTING SUPPORTING PROCESSESPROCESSES
ORGANISATIONAL PROCESSESORGANISATIONAL PROCESSES
AcquisitionAcquisition PreparationSupplier selectionSupplier monitoringCustomer acceptance
Supply
OperationOperational UseCustomer support
DevelopmentRequirements elicitationSystem Requirements AnalysisSystem Architecture DesignSoftware Requirements AnalysisSoftware DesignSoftware Construction (Code and Unit Test) Software IntegrationSoftware TestingSystem IntegrationSystem TestingSoftware InstallationMaintenance
Documentation
Quality AssuranceVerification
ValidationJoint Review
Audit
Configuration Manag.
Product Evaluation
Usability
Problem Resolution
ManagementOrganizational AlignmentOrganization ManagementProject ManagementQuality ManagementRisk ManagementMeasurement
Human ResourceHuman Resource ManagementTrainingKnowledge Management
Reuse
ImprovementProcess establishmentProcess assessmentProcess improvement
Asset Management
Infrastructure
Domain Engineering
2002
Software Standards – State of the Art Slide 11DNV ITGS 2007©
e.g.15504-5
PAM
ISO/IEC 15504 International Standard
e.g.12207AMD1
ProcessAssessment
Model
Process Reference
Model
Requirements for PAM
Requirements for PRM
ISO/IEC 15504-2
Measurement Framework
2003
Linked PRM and PAM for Software Life Cycle Processes
Software Standards – State of the Art Slide 12DNV ITGS 2007©
EngineeringRequirements elicitationSystem requirements analysisSystem architectural designSoftware requirements analysisSoftware designSoftware constructionSoftware integrationSoftware testingSoftware installationSystem integrationSystem testingSystem and software maintenance
EngineeringRequirements elicitationSystem requirements analysisSystem architectural designSoftware requirements analysisSoftware designSoftware constructionSoftware integrationSoftware testingSoftware installationSystem integrationSystem testingSystem and software maintenance
AcquisitionAcquisition preparationSupplier selectionContract agreementSupplier monitoringProduct acceptance
AcquisitionAcquisition preparationSupplier selectionContract agreementSupplier monitoringProduct acceptance
ManagementOrganisational alignmentOrganisational managementProject managementQuality managementRisk managementMeasurement
ManagementOrganisational alignmentOrganisational managementProject managementQuality managementRisk managementMeasurement
Configuration ControlDocumentation managementConfiguration managementProblem resolution managementChange request management
Configuration ControlDocumentation managementConfiguration managementProblem resolution managementChange request management
Process ImprovementProcess establishmentProcess assessmentProcess improvement
Process ImprovementProcess establishmentProcess assessmentProcess improvement
SupplySupplier tenderingContract agreementProduct releaseProduct acceptance support
SupplySupplier tenderingContract agreementProduct releaseProduct acceptance support
Product QualityProduct evaluation
Product QualityProduct evaluation
Quality AssuranceQuality assuranceVerificationValidationJoint reviewAudit
Quality AssuranceQuality assuranceVerificationValidationJoint reviewAudit
Resource and Infrastructure
Human resource managementTrainingKnowledge managementInfrastructure
Resource and Infrastructure
Human resource managementTrainingKnowledge managementInfrastructure
ReuseAsset managementReuse program managementDomain engineering
ReuseAsset managementReuse program managementDomain engineering
PRIMARYPRIMARY
SUPPORTINGSUPPORTING
ORGANISATIONALORGANISATIONAL
ISO/IEC JTC 1/SC 7/WG 7 N0804
Process Reference Model – 12207 AMD2
2004
Software Standards – State of the Art Slide 13DNV ITGS 2007©
2005-200615504-5 (PAM)/Automotive SPICE/HIS scopes
Software Standards – State of the Art Slide 14DNV ITGS 2007©
EngineeringRequirements elicitationSystem requirements analysisSystem architectural designSoftware requirements analysisSoftware designSoftware constructionSoftware integration testSoftware testingSystem integration testSystem testing
EngineeringRequirements elicitationSystem requirements analysisSystem architectural designSoftware requirements analysisSoftware designSoftware constructionSoftware integration testSoftware testingSystem integration testSystem testing
AcquisitionContract agreement Supplier monitoringTechnical RequirementsLegal and Administrative Req.sProject RequirementsRequest for proposalsSupplier Qualification
AcquisitionContract agreement Supplier monitoringTechnical RequirementsLegal and Administrative Req.sProject RequirementsRequest for proposalsSupplier Qualification
ManagementProject managementRisk management Measurement
ManagementProject managementRisk management Measurement
Process ImprovementProcess improvement
Process ImprovementProcess improvement
SupplySupplier tenderingProduct release
SupplySupplier tenderingProduct release
SupportQuality assuranceVerificationJoint reviewDocumentation ManagementConfiguration ManagementProblem Resolution managementChange Request management
SupportQuality assuranceVerificationJoint reviewDocumentation ManagementConfiguration ManagementProblem Resolution managementChange Request management
ReuseReuse program management
ReuseReuse program management
PRIMARYPRIMARY SUPPORTINGSUPPORTING
ORGANISATIONALORGANISATIONAL
Automotive SPICE - Process Reference Model
2005
Software Standards – State of the Art Slide 15DNV ITGS 2007©
2006
Software Standards – State of the Art Slide 16DNV ITGS 2007©
ISO/IEC 15288
2002
System Life Cycle Processes
Disposal Process(Clause 6.4.11)
Maintenance Process(Clause 6.4.10)
Operation Process(Clause 6.4.9)
Validation Process(Clause 6.4.8)
Transition Process(Clause 6.4.7)
Verification Process(Clause 6.4.6)
Integration Process(Clause 6.4.5)
Implementation Process (Clause 6.4.4)
Architectural Design Process
(Clause 6.4.3)
Requirements Analysis Process
(Clause 6.4.2)
Stakeholder Requirements Definition Process (Clause 6.4.1)
Technical Processes
Measurement Process(Clause 6.3.7)
Information Management Process
(Clause 6.3.6)
Configuration Management Process
(Clause 6.3.5)
Risk Management Process (Clause 6.3.4)
Decision Management Process
(Clause 6.3.3)
Project Assessment and Control Process
(Clause 6.3.2)
Project Planning Process(Clause 6.3.1)
Project Processes
Quality Management Process
(Clause 6.2.5)
Human Resource Management Process
(Clause 6.2.4)
Project Portfolio Management Process
(Clause 6.2.3)
Infrastructure Management Process
(Clause 6.2.2)
Life Cycle Model Management Process
(Clause 6.2.1)
Project-Enabling Processes
Supply Process(Clause 6.1.2)
Acquisition Process(Clause 6.1.1)
Agreement Processes
System Life Cycle Processes
Disposal Process(Clause 6.4.11)
Maintenance Process(Clause 6.4.10)
Operation Process(Clause 6.4.9)
Validation Process(Clause 6.4.8)
Transition Process(Clause 6.4.7)
Verification Process(Clause 6.4.6)
Integration Process(Clause 6.4.5)
Implementation Process (Clause 6.4.4)
Architectural Design Process
(Clause 6.4.3)
Requirements Analysis Process
(Clause 6.4.2)
Stakeholder Requirements Definition Process (Clause 6.4.1)
Technical Processes
Measurement Process(Clause 6.3.7)
Information Management Process
(Clause 6.3.6)
Configuration Management Process
(Clause 6.3.5)
Risk Management Process (Clause 6.3.4)
Decision Management Process
(Clause 6.3.3)
Project Assessment and Control Process
(Clause 6.3.2)
Project Planning Process(Clause 6.3.1)
Project Processes
Quality Management Process
(Clause 6.2.5)
Human Resource Management Process
(Clause 6.2.4)
Project Portfolio Management Process
(Clause 6.2.3)
Infrastructure Management Process
(Clause 6.2.2)
Life Cycle Model Management Process
(Clause 6.2.1)
Project-Enabling Processes
Supply Process(Clause 6.1.2)
Acquisition Process(Clause 6.1.1)
Agreement Processes
Disposal Process(Clause 6.4.11)
Maintenance Process(Clause 6.4.10)
Operation Process(Clause 6.4.9)
Validation Process(Clause 6.4.8)
Transition Process(Clause 6.4.7)
Verification Process(Clause 6.4.6)
Integration Process(Clause 6.4.5)
Implementation Process (Clause 6.4.4)
Architectural Design Process
(Clause 6.4.3)
Requirements Analysis Process
(Clause 6.4.2)
Stakeholder Requirements Definition Process (Clause 6.4.1)
Technical Processes
Measurement Process(Clause 6.3.7)
Information Management Process
(Clause 6.3.6)
Configuration Management Process
(Clause 6.3.5)
Risk Management Process (Clause 6.3.4)
Decision Management Process
(Clause 6.3.3)
Project Assessment and Control Process
(Clause 6.3.2)
Project Planning Process(Clause 6.3.1)
Project Processes
Quality Management Process
(Clause 6.2.5)
Human Resource Management Process
(Clause 6.2.4)
Project Portfolio Management Process
(Clause 6.2.3)
Infrastructure Management Process
(Clause 6.2.2)
Life Cycle Model Management Process
(Clause 6.2.1)
Project-Enabling Processes
Supply Process(Clause 6.1.2)
Acquisition Process(Clause 6.1.1)
Agreement Processes
Software Standards – State of the Art Slide 17DNV ITGS 2007©
Structure of ISO/IEC 15288
Process- The purpose of the process is stated in a
paragraph that describes at a high level the overall goal for performing the process
Outcomes- An outcome is an observable result of the
successful achievement of the purpose of the process.
Activities- The Activities attribute is used to provide a
structural decomposition of a process
PRMProcess
Reference Model
Conformity Requirements
2002
Software Standards – State of the Art Slide 18DNV ITGS 2007©
Example process from ISO/IEC 15288
Software Standards – State of the Art Slide 19DNV ITGS 2007©
e.g.15504-6
PAM
ISO/IEC 15504 applied on 15288
e.g.15288PRM
ProcessAssessment
Model
Process Reference
Model
Requirements for PAM
Requirements for PRM
ISO/IEC 15504-2
Measurement Framework
Linked PRM and PAM for System Life Cycle Processes
Software Standards – State of the Art Slide 20DNV ITGS 2007©
ISO/IEC 15288 – Relationship with ISO/IEC 12207
Hardware Implementation
Software ImplementationRefer to ISO/IEC 12207
Human TaskImplementation
Acquisition
Supply
Enterprise Environment Management
Investment Management
System Life Cycle Processes Management
Resource Management
Quality Management
Implementation
StakeholderRequirements
Definition
Requirements Analysis
Architectural Design Integration
Verification
Transition
Validation Operation
Disposal
Maintenance
Project Planning Project Assessment Project Control
Configuration ManagementRisk ManagementDecision Making Information Management
Usability
Software Standards – State of the Art Slide 21DNV ITGS 2007©
Harmonization 12207 - 15288
Software Standards – State of the Art Slide 22DNV ITGS 2007©
SSTC 2006, Jim Moore - 19© 2006 The MITRE Corporation. All rights reserved
Process Model of 15288 and 12207Organization
Agreement Processes
Project-Enabling Processes
Project
Project Processes
Technical [System]
Processes
SW Implementation
Processes
SW Support Processes
SW Reuse Processes
Implementation
OrganizationOrganization
Acquirer/Supplier Acquirer/Supplier
• The Agreement Processes form the relationships between acquirer and supplier organizations.
• The Project-Enabling Processes form the relationship between the organization and its projects.
• The Project Processesmanage the project.
• The Technical Processes deal with the system.
• The Software Processes are used to implement a software element of the system.
• Software Implementation
• Software Support
• Software Reuse
Software Standards – State of the Art Slide 23DNV ITGS 2007©
Process Assessment Models in CMMI
Staged Model
ML 1
ML2ML3
ML4
ML5
. . .for an established set of process areas across anorganization
ContinuousModel
. . .for a single process or Process area
PA PA
Proc
ess
Are
a C
apab
ility
0
1 2
3
4
5
PA
Software Standards – State of the Art Slide 24DNV ITGS 2007©
The CMMI Maturity Levels (staged)
Process unpredictable, poorly controlled and reactive
Performed1
Process characterized for projects and is often reactive
Managed2
Process characterized for the organization and is proactive
DefinedDefined3
Process measuredand controlled
QuantitativelyManaged4
Focus on processimprovement
OptimizingOptimizing5
Source: SEI
Software Standards – State of the Art Slide 25DNV ITGS 2007©
New developments in ISO/IEC 15504
ISO/IEC 15504-7 – Assessment of Organizational Maturity- Linked with process capability PRM/PAM – Organizational maturity derived
from capability profiles - Same approach as Part 2 – no embedded OMM (Organizational Maturity
Model) – requirements for external models
ISO/IEC 15504-8 – An exemplar PAM for IT Service Management- Aligned with ISO/IEC 20000-1 (IT Service Management)- Process Reference model as part of the ISO/IEC 20000 series (part 4)- Same harmonization approach as 12207 and 15288
Software Standards – State of the Art Slide 26DNV ITGS 2007©
Functional Safety ISO 26262 Future Automotive Standard
■ 2004: National initiatives by FAKRA (G) and BNA (Fr)
■ ISO 26262 Plan: ○ 2005-06 : PWI (Preliminary Work Item – ISO TC22 SC3 WG16)○ 2005-11 : Kick-off○ end 2007 : CD (ISO TC22 Committee Draft) ???○ 2008 : DIS (ISO Draft International Standard)
■ ISO TC22 SC3 WG16:○ Chairman: Christoph Jung - BMW○ Nations: Germany, United Kingdom, Austria, Japan,
Sweden, Italy, USA, France○ Companies: BMW, DaimlerChrysler, Volkswagen, Contiteves,
Bosch, Land Rover, MIRA, Magna Steyr, Nissan,Honda, JARI, Volvo, Fiat, TRW, (GM, Ford), Delphi,Renault, PSA, Valeo, Siemens VDO
Software Standards – State of the Art Slide 27DNV ITGS 2007©
Functional Safety ISO 26262 Future Automotive Standard
3. Concept phase
2. Management of functional safety2.4 Management during complete safety lifecycle 2.5 Safety management during development
7. Production and operation
6.4 Initiating SW development
6.5 SW safety requirementsspecification
6.6 SW architecture and design
6.7 SW implementation
6.8 SW unit test
6.9 SW integration and test
6.10 SW safety acceptance test
5.4 HW requirements analysis
5.5 HW architecture design 5.6 Quantitative requirements
for random HW failures5.7 Measures for avoidance
and control of systematic HW failures
5.9 Qualification of parts and components
Cor
e pr
oces
ses
2.6 Safety management activities after SOP
3.5 Initiation of safety lifecycle(modification and derivates)
1. Glossary
9. Annexes
8. Supporting processes8.4 Interfaces within distributed developments8.5 Overall management of safety requirements
8.7 Change management8.8 Safety analysis8.9 Analysis of CCF, CMF, cascading failures
8.10 Verification activities
8.12 Overall quality management8.11 Documentation
8.14 Qualification of software libraries8.15 Proven in use argumentation
3.4 Item definition
3.6 Hazard analysis andrisk assessment
3.7 Functional safety concept
7.5 Operation, service and decommissioning
7.4 Production
8.6 Configuration management8.13 Qualification of software tools
4. Product development system
4.4 Initiation of productdevelopment system
4.6 System design 4.7 Integration 4.8 Safety validation
4.9 Functional safety assessment
4.10 Product release
6. Product development S/W5. Product development H/w
5.10 Overall requirements for HW-SW interface
5.8 Safety HW integration and verification
4.5 Specification of technicalsafety concept
Software Standards – State of the Art Slide 28DNV ITGS 2007©
Once again !!!!!
No harmonization ????
Many overlap with SC7 standards… and not only
Similar concepts to 12207 and 15288- Focus on safety but why not refer to SC7 for life cycle
management processes ?- See similar experience in medical device industry (i.e
14971 risk management in software development)- ISO/IEC 16085 - SC7 risk management standard could it
be useful ?
It’s still a WD (Working Draft) – let’s do something before it’s too late
Software Standards – State of the Art Slide 29DNV ITGS 2007©
Thank you ?
Questions ?