8.0 软件质量保证流程 SOFTWARE QUALITY ASSURANCE PROCESS
本节讨论软件质量保证 (SQA) 过程的目标和活动。 SQA 流程按照软件规划流程(参见 4)和软件质量保证计划(参见 11.5)的定义进行应用。 SQA 过程活动的输出记录在软件质量保证记录(参见 11.19)或其他软件生命周期数据中。This section discusses the objectives and activities of the software quality assurance (SQA) process. The SQA process is applied as defined by the software planning process (see 4) and the Software Quality Assurance Plan (see 11.5). Outputs of the SQA process activities are recorded in Software Quality Assurance Records (see 11.19) or other software life cycle data.
SQA 过程评估软件生命周期过程及其输出,以确保目标得到满足,缺陷得到检测、评估、跟踪和解决,并且软件产品和软件生命周期数据符合认证要求。The SQA process assesses the software life cycle processes and their outputs to obtain assurance that objectives are satisfied, deficiencies are detected, evaluated, tracked, and resolved, and software product and software life cycle data conform to certification requirements.
8.1 软件质量保证过程目标Software Quality Assurance Process Objectives
SQA 过程目标通过确保软件生命周期过程按照批准的软件计划和标准执行,提供了软件生命周期过程产生符合其要求的软件的信心。The SQA process objectives provide confidence that the software life cycle processes produce software that conforms to its requirements by assuring that these processes are performed in compliance with the approved software plans and standards.
SQA 流程的目标是获得以下保证:The objectives of the SQA process are to obtain assurance that:
a. 软件计划和标准的制定和审查是否符合本文档并保持一致性。Software plans and standards are developed and reviewed for compliance with this document and for consistency.
b. 软件生命周期过程(包括供应商的生命周期过程)符合批准的软件计划和标准。Software life cycle processes, including those of suppliers, comply with approved software plans and standards.
c. 满足软件生命周期过程的转换标准。The transition criteria for the software life cycle processes are satisfied.
d. 对软件产品进行符合性审查。A conformity review of the software product is conducted.
附件 A 的表 A-9 总结了 SQA 过程的目标和输出。Table A-9 of Annex A is a summary of the objectives and outputs of the SQA process.
8.2 软件质量保证流程活动 Software Quality Assurance Process Activities
满足 SQA 流程目标的活动包括:Activities for satisfying the SQA process objectives include:
a. SQA 过程应该在软件生命周期过程的活动中发挥积极作用,并赋予执行 SQA 过程的人员权力、责任和独立性,以确保满足 SQA 过程目标。The SQA process should take an active role in the activities of the software life cycle processes, and have those performing the SQA process enabled with the authority, responsibility, and independence to ensure that the SQA process objectives are satisfied.
b. SQA 流程应确保软件计划和标准的制定和审查符合本文档并保持一致性。The SQA process should provide assurance that software plans and standards are developed and reviewed for compliance with this document and for consistency.
c. SQA 过程应保证软件生命周期过程符合批准的软件计划和标准。The SQA process should provide assurance that the software life cycle processes comply with the approved software plans and standards.
d. SQA 过程应包括在软件生命周期中对软件生命周期过程进行审核,以获得以下保证:The SQA process should include audits of the software life cycle processes during the software life cycle to obtain assurance that:
1. 软件计划可按照第 4.2 节的规定提供。Software plans are available as specified in section 4.2.
2. 检测、记录、评估、跟踪和解决与软件计划和标准的偏差。Deviations from the software plans and standards are detected, recorded, evaluated, tracked, and resolved.
注:人们普遍认为,早期检测过程偏差有助于有效实现软件生命周期过程目标。
Note: It is generally accepted that early detection of process deviations assists efficient achievement of software life cycle process objectives.
3. 记录批准的偏差。Approved deviations are recorded.
4. 已按照软件规划提供软件开发环境。The software development environment has been provided as specified in the software plans.
5. 问题报告、跟踪和纠正措施过程活动符合软件配置管理计划。The problem reporting, tracking, and corrective action process activities comply with the Software Configuration Management Plan.
6. 系统过程(包括系统安全评估过程)向软件生命周期过程提供的输入已得到解决。Inputs provided to the software life cycle processes by the system processes, including the system safety assessment process, have been addressed.
注:可以对软件生命周期过程的活动进行监视,以确保活动处于控制之下。
Note: Monitoring of the activities of software life cycle processes may be performed to provide assurance that the activities are under control.
e. SQA 过程应保证软件生命周期过程的转换标准已满足并符合批准的软件计划。The SQA process should provide assurance that the transition criteria for the software life cycle processes have been satisfied in compliance with the approved software plans.
f. SQA 过程应保证软件生命周期数据按照第 7.3 节和附件 A 表格中定义的控制类别进行控制。The SQA process should provide assurance that software life cycle data is controlled in accordance with the control categories as defined in section 7.3 and the tables of Annex A.
g. 在交付作为认证申请的一部分提交的软件产品之前,应进行软件符合性审查。Prior to the delivery of software products submitted as part of a certification application, a software conformity review should be conducted.
h. SQA 过程应生成 SQA 过程活动的记录(见 11.19),包括审核结果和作为认证申请一部分提交的每个软件产品的软件符合性审查完成的证据。The SQA process should produce records of the SQA process activities (see 11.19), including audit results and evidence of completion of the software conformity review for each software product submitted as part of certification application.
i. SQA 流程应确保供应商流程和输出符合批准的软件计划和标准。The SQA process should provide assurance that supplier processes and outputs comply with approved software plans and standards.
8.3 软件合规性审查 Software Conformity Review
软件一致性审查的目的是确保作为认证申请一部分提交的软件产品的软件生命周期过程完整、软件生命周期数据完整以及可执行目标代码和参数数据项文件 ,如果有的话,是受控制的并且可以再生。The purpose of the software conformity review is to obtain assurance, for a software product submitted as part of a certification application, that the software life cycle processes are complete, software life cycle data is complete, and the Executable Object Code and Parameter Data Item Files, if any, are controlled and can be regenerated.
该审查应确定:This review should determine that:
a. 计划的可信认证软件生命周期过程活动(包括软件生命周期数据的生成)已完成,并保留其完成记录。Planned software life cycle process activities for certification credit, including the generation of software life cycle data, have been completed and records of their completion are retained.
b. 从特定系统需求、安全相关需求或软件需求开发的软件生命周期数据可追溯到这些需求。Software life cycle data developed from specific system requirements, safety-related requirements, or software requirements are traceable to those requirements.
c. 有证据表明,软件生命周期数据是根据软件计划和标准生成的,并根据 SCM 计划进行控制。Evidence exists that software life cycle data have been produced in accordance with software plans and standards, and is controlled in accordance with the SCM Plan.
d. 有证据表明问题报告已经过评估并记录了其状态。Evidence exists that Problem Reports have been evaluated and have their status recorded.
e. 记录并批准软件需求偏差。Software requirement deviations are recorded and approved.
f. 可执行目标码和参数数据项文件(如果有)可以从存档的源代码重新生成。The Executable Object Code and Parameter Data Item Files, if any, can be regenerated from the archived Source Code.
g. 通过使用已发布的指令可以成功加载已批准的软件。The approved software can be loaded successfully through the use of released instructions.
h. 重新评估先前软件合规性审核中推迟的问题报告以确定其状态。Problem Reports deferred from a previous software conformity review are reevaluated to determine their status.
i. 如果为使用先前开发的软件寻求可信认证,则当前软件产品基线可追溯到先前的基线以及对该基线的批准更改。If certification credit is sought for the use of previously developed software, the current software product baseline is traceable to the previous baseline and the approved changes to that baseline.
注:对于认证后软件修改,可以根据变更的重要性来执行软件合规性审查活动的子集。
Note: For post-certification software modifications, a subset of the software conformity review activities, as justified by the significance of the change, may be performed.