NASA-STD-8719.13
SOFTWARE SAFETY STANDARD
Organization: | NASA |
Publication Date: | 7 October 2016 |
Status: | active |
Page Count: | 60 |
scope:
Purpose
The purpose of this Standard is to define the requirements to implement a systematic approach to software safety as an integral part of system safety and the overall safety program of a program, project, or facility. This Standard specifies the software activities, data, and documentation necessary for the acquisition and development of software in a safety critical system. These activities may be performed by a collaboration of various personnel in the program, project, or facility, and Safety and Mission Assurance (SMA) organizations. Safety critical systems that include software are evaluated for software's contribution to the safety of the system during the concept phase, and repeated at each major milestone as the design matures.
This Standard describes the activities required to ensure and promote safety processes that are utilized for software that is created, acquired, or maintained by or for NASA. The NASA-GB-8719.13, NASA Software Safety Guidebook, provides additional information on acceptable approaches for implementing software safety. While the requirements of this Standard must be met, the implementation and approach to meeting these requirements will vary to reflect the system to which they are applied.
Software's effect on system safety can be through the commands executed, the data produced, or the effects on resources (e.g., computer memory; file space; bandwidth). Safety could potentially be compromised if software executes a command unexpectedly, executes the wrong command, generates the wrong data, uses unplanned resources, or uses resources incorrectly. Software safety requirements must encompass all these aspects, covering both action (must-work) and inaction (must not work).
There are two kinds of software safety requirements: process and technical. Both need to be addressed and properly documented within a program, project, or facility. This Standard contains process-oriented requirements (what needs to be done to ensure software safety). Technical requirements are those that specify what the system includes or implements (e.g., twofault tolerance). Use of this Standard does not preclude the necessity to follow applicable technical standards. Some typical technical software safety requirements are provided as examples in Appendix D of this document. NPR 7150.2, NASA Software Engineering Requirements (section 2.2.12, requirement SWE-0134 in Revision A) contains some minimum technical safety requirements.
Software safety requirements do more than prohibit unsafe system behavior. Software is used to command critical, must-work functions. Software can be used proactively to monitor the system, analyze critical data, look for trends, and signal when events occur that may be precursors to a hazardous state. Software can also be used in the control or mitigation of a hazard, event, or condition. Therefore, program, project, and facility software safety requirements include those requirements that will embody these behaviors, both proactive and reactive, and include the system and software states where they are valid.
The requirements specified in this Standard obligate the program, project, and facility, and safety and mission assurance organizations to:
a. Identify when software plays a part in system safety and generate appropriate requirements to ensure safe operation of the system.
b. Ensure that software is considered within the context of system safety, and that appropriate measures are taken to create safe software.
c. Ensure that software safety is addressed in project acquisition, planning, management, and control activities.
d. Ensure that software safety is considered throughout the system life-cycle, including mission concept, generation of requirements, design, coding, test, maintenance and operation of the software.
e. Ensure that the acquisition of software, whether off-the-shelf or contracted, includes evaluation, assessment, and planning for addressing and mitigating risks due to the software's contribution to safety and any limitations of the software.
f. Ensure that software verification and validation activities include software safety verifications and validations.
g. Ensure that the proper certification requirements are in place and accomplished prior to the actual operational use of the software.
h. Ensure that changes and reconfigurations of the software, during development, testing, and operational use of the software, are analyzed for their impacts to system safety.