Note 1 to entry: An assurance case contains the following and their relationships:
Audit
An independent examination of a software product, software process, or set of software processes performed by a third party to assess compliance with specifications, standards, contractual agreements, or other criteria (IEEE 1028).
Note: An audit should result in a clear indication of whether the audit criteria have been met.
Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
Note 1: Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for management review and other internal purposes (e.g., to confirm the effectiveness of the management system or to obtain information for the improvement of the management system). Internal audits can form the basis for an organization's self-declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.
Note 2: External audits include second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by independent auditing organizations, such as regulators or those providing certification.
Note 3: When two or more management systems of different disciplines (e.g., quality, environmental, occupational health, and safety) are audited together, this is termed a combined audit.
Note 4: When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
Black box (ISO 24765)
Branch (ISO 24765)
A point in a computer program at which one of two or more alternative sets of program statements is selected for execution.
Note: Every branch is identified by a tag. Often, a branch identifies the file versions that have been or will be released as a product release. May denote unbundling of arrow meaning, that is, the separation of object types from an object type set. Also refers to an arrow segment into which a root arrow segment has been divided.
A business model describes the rationale of how an organization creates, delivers, and captures value (economic, social, or other forms of value).
The essence of a business model is that it defines the manner by which the business enterprise delivers value to customers, entices customers to pay for value, and converts those payments to profit: it thus reflects management's hypothesis about what customers want, how they want it, and how an enterprise can organize to best meet those needs, get paid for doing so, and make a profit.
Note: In some development environments, commit windows for a maintenance branch might only open for short periods a few times a year.
Configuration identification (ISO 24765)
Configuration management (CM)
Note: This information includes a listing of the approved configuration identification, the status of proposed changes to the configuration, and the implementation status of approved changes.
Note: can occur when versions from different branches are merged or when two committers work concurrently on the same file.
Debug (ISO 24765)
Defect
Development testing
Efficiency
Error (ISO 24765)
Failure
Firmware
Note 1: The software cannot be readily modified under program control (ISO 24765).
Note 2: This term is sometimes used to refer only to the hardware device or only to the computer instructions or data, but these meanings are deprecated (IEEE 1012).
Note 3: The confusion surrounding this term has led some to suggest that it be avoided altogether (IEEE 1012).
Glass box (ISO 24765)
Pertaining to an approach that treats a system or component as in (1).
Synonym: white box.
Hazard (IEEE 1012)
The organization shall conduct internal audits at planned intervals to determine whether the quality management system:
An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency, and methods shall be defined. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
A documented procedure shall be established to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results.
Records of the audits and their results shall be maintained.
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes.
Follow-up activities shall include the verification of the actions taken and the reporting of verification results.
Life cycle
Note: The plural form “measures” is used to refer collectively to base measures, derived measures and indicators.
Note: The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
A software requirement that describes not what the software will do but how the software will do it. Synonym: design constraints, non-functional requirement. (cf. functional requirement.)
Example: software performance requirements, software external interface requirements, software design constraints, and software quality attributes. Non-functional requirements are sometimes difficult to test, so they are usually evaluated subjectively.
Policy (ISO 24765)
Note: A rule can be expressed as an obligation, an authorization, a permission, or a prohibition. Not every policy is a constraint. Some policies represent an empowerment.
Procedure
Note 1: Procedures can be documented or not (ISO 9000).
Any activity, or set of activities, that uses resources to transform inputs to outputs can be considered as a process.
For organizations to function effectively, they have to identify and manage numerous interrelated and interacting processes. Often, the output from one process will directly form the input into the next process. The systematic identification and management of the processes employed within an organization and particularly the interactions between such processes is referred to as the “process approach.”
The intent of this International Standard is to encourage the adoption of the process approach to manage an organization.
Note: A process description provides an operational definition of the major components of a process. The description specifies, in a complete, precise, and verifiable manner, the requirements, design, behavior, or other characteristics of a process. It also may include procedures for determining whether these provisions have been satisfied. Process descriptions can be found at the activity, project, or organizational level.
Product
Output of an organization that can be produced without any transaction taking place between the organization and the customer (ISO 9000).
Note: Hardware is tangible and its amount is a countable characteristic (e.g., tyres). Processed materials are tangible and their amount is a continuous characteristic (e.g., fuel and soft drinks). Hardware and processed materials are often referred to as goods. Software consists of information regardless of delivery medium (e.g., computer programme, mobile phone app, instruction manual, dictionary content, musical composition copyright, driver's license).
Prototype (ISO 15910)
Note 1: The term “quality” can be used with adjectives such as poor, good or excellent.
Note 2: “Inherent.” as opposed to “assigned,” means existing in the object.
Quality assurance (QA)
Note 1: Generally, the quality policy is consistent with the overall policy of the organization, can be aligned with the organization's vision and mission and provides a framework for the setting of quality objectives.
Note 2: Quality management principles presented in this International Standard can form a basis for the establishment of a quality policy.
Release
Review
Risk
Note 1: The term “risk” is generally used only when there is at least the possibility of negative consequences.
Note 2: In some situations, risk arises from the possibility of deviation from the expected outcome or event.
Risk mitigation
Note: The information concerning an individual risk may include the current description, causes, probability, consequences, estimation scales, confidence of the estimates, treatment, threshold, and an estimate of when the risk will reach its threshold.
Note: Different risk thresholds may be defined for each risk, risk category, or combination of risks based upon differing risk criteria.
Note 1: The term “risk treatment” is sometimes used for the measures themselves.
Note 2: Risk treatment measures can include avoiding, optimizing, transferring or retaining risk.
Note 1: A management system is a set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives.
Note 2: The SMS includes all service management policies, objectives, plans, processes, documentation, and resources required for the design, transition, delivery, and improvement of services and to fulfill the requirements in this part of ISO/IEC 20000.
Note 3: Adapted from the definition of “quality management system” in ISO 9000:2005.
Note: includes firmware, documentation, data, and execution control statements.
A software library providing permanent, archival storage for software and related documentation.
Examples include inadequate staffing levels, insufficient resources, and lack of training. Also included in this section are actions taken to mitigate identified project risks.
Note: the branch used for releasing the product's stable production version.
Note 1: Other terms commonly used for supplier are contractor, producer, seller, or vendor.
Note 2: The acquirer and the supplier sometimes are part of the same organization.
Synchronize (ISO 24765)
Note: provides developers and end-users with a unique reference to the code base they are working with.
Technical independence requires the V&V effort to use personnel who are not involved in the development of the system or its elements. The IV&V effort should formulate its own understanding of the problem and how the proposed system is solving the problem. Technical independence (“fresh viewpoint”) is an important method to detect subtle errors overlooked by those too close to the solution.
For system tools, technical independence means that the IV&V effort uses or develops its own set of test and analysis tools separate from the developer's tools. Sharing of tools is allowable for computer support environments (e.g., compilers, assemblers, and utilities) or for system simulations where an independent version would be too costly. For shared tools, IV&V conducts qualification tests on tools to assure that the common tools do not contain errors that may mask errors in the system being analyzed and tested. Off-the shelf tools that have extensive history of use do not require qualification testing. The most important aspect for the use of these tools is to verify the input data used.
Template
Test (IEEE 829)
The degree to which a relationship can be established between two or more products of the development process, especially products having a predecessor-successor or master-subordinate relationship to one another (ISO 24765).
Example: the degree to which the requirements and design of a given system element match; the degree to which each element in a bubble chart references the requirement that it satisfies.
A matrix that records the relationship between two or more products of the development process.
Example: a matrix that records the relationship between the requirements and the design of a given software component.
Note: One can often distinguish the trunk from other branches by the version numbers used for identifying its files, which are shorter than those of all other branches.
Unit test
Validation
Note: Differences between successive versions can then be readily applied to the locally modified import.
Verification
Version (ISO 24765)
Note: Modification to a version of a software product, resulting in a new version, requires configuration management action.
3.12.108.86