EN 9115:2018

SLOVENSKI STANDARD
SIST EN 9115:2018
01-oktober-2018
1DGRPHãþD
SIST EN 9115:2013

6LVWHPLYRGHQMDNDNRYRVWL=DKWHYH]DRUJDQL]DFLMH]D]UDþQLSURPHWDVWURQDYWLNR

l'Aéronautique, l'Espace et la Défense - Logiciel livrable (Supplément à l'EN 9100)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

Systèmes de management de la Qualité - Exigences Qualitätsmanagementsysteme - Anforderungen an

pour les Organisations de l'Aéronautique, l'Espace et la Organisationen der Luftfahrt, Raumfahrt und

Défense - Logiciel livrable (Supplément à l'EN 9100) Verteidigung - Mitgelieferte Software (Ergänzung zu

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this

European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references

concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN

This European Standard exists in three official versions (English, French, German). A version in any other language made by

translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9115:2018 E

European foreword ....................................................................................................................................................... 3

Rationale ........................................................................................................................................................................... 4

Foreword .......................................................................................................................................................................... 4

Intended Application ................................................................................................................................................... 4

0 Introduction ...................................................................................................................................................... 5

1 Scope .................................................................................................................................................................... 6

2 Normative references .................................................................................................................................... 6

3 Terms and definitions ................................................................................................................................... 6

4 Context of the organization ...................................................................................................................... 11

5 Leadership ...................................................................................................................................................... 12

6 Planning ........................................................................................................................................................... 12

7 Support ............................................................................................................................................................ 12

8 Operation ........................................................................................................................................................ 14

9 Performance evaluation ............................................................................................................................ 25

10 Improvement ................................................................................................................................................. 26

Bibliography ................................................................................................................................................................. 27

This document (EN 9115:2018) has been prepared by the Aerospace and Defence Industries

After enquiries and votes carried out in accordance with the rules of this Association, this Standard has

received the approval of the National Associations and the Official Services of the member countries of

This European Standard shall be given the status of a national standard, either by publication of an

identical text or by endorsement, at the latest by January 2019, and conflicting national standards shall

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,

France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,

Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

This European standard supersedes the initial release of prEN 9115 published in April 2010. This

European standard has been revised to incorporate the new clause structure and content of

EN ISO 9001:2015. In addition, industry requirements, definitions, and notes have been revised in

This is the second revision of EN 9115 which is an international supplement to EN 9100 providing

clarification of the corresponding EN 9100 requirements, as necessary, for deliverable software. In

some cases, where clarification is needed, it was necessary due to the complexity of software to

decompose “shall” statements in EN 9100 into more granular requirements. Where no software

clarification is required of the EN 9100 requirements, the following phrase is presented: “The

NOTE This document must be used in conjunction with EN 9100:2016; references throughout the text to

This document standardizes, to the greatest extent possible, the software quality management system

requirements for the aviation, space, and defence industry. This was accomplished through the

harmonization of quality management system requirements from international aviation, space, and

defence software standards and other applicable documents and good practice. The establishment of

common requirements for use at all levels of the supply-chain by organizations around the world

should result in improved quality, schedule, and cost performance by the reduction or elimination of

Organizations whose products are deliverable software or contain deliverable software should use the

supplemental EN 9115 standard when planning and evaluating the software design, development,

release, procurement, and management activities of the organization. The EN 9115 standard provides

guidance to the requirements of EN 9100 when it is desired to add “deliverable software” to the

organization’s EN 9100-registration certificate, and a greater depth of specificity and granularity to the

requirements for assuring that the objectives of EN 9100 will be met for deliverable software.

NOTE This document is independent of the life cycle models (e.g., waterfall, spiral, agile, evolutionary,

incremental) or methodology (e.g., objected oriented design, unified modelling language).

This European standard supplements the EN 9100 standard requirements for deliverable software and

contains quality management system requirements for organizations that design, develop, and/or

produce deliverable software and services for the aviation, space, and defence industry. This includes,

as required, support software that is used in the development and maintenance of deliverable software

and services. The deliverable software may be stand-alone, embedded, mobile application, or loadable

This deliverable software may also be part of services (e.g., cloud environment, web hosted solutions or

Where the use of Hardware Description Language (HDL) or high order language is utilized as the design

source of electronic hardware [e.g., Application Specific Integrated Circuit (ASIC), Programmable Logic

Device (PLD)]; the organization and customer, and/or supplier shall agree on the extent of applicability

NOTE For airborne electronic hardware guidance, see RTCA/DO-254 or EUROCAE ED-80. For operations

Where Commercial-Off-The-Shelf (COTS) or non-developmental software is integrated into a

deliverable product, the organization and customer shall agree on the extent of applicability of this

For the purposes of this document, the terms “product” and “software product” are considered

For the purposes of this document, the term “services” may be considered a product.

EN 9100:2016, Quality Management Systems — Requirements for Aviation, Space and Defence

NOTE Documents referenced in this European standard, other than the normative references

(i.e., EN ISO 9000, EN ISO 9001, EN 9100), are listed in the supporting bibliographies (see Annex A and Annex B).

For undated references, the latest edition of the referenced document (including any amendments) applies. The

referenced documents are “informative” references; the requirements of these referenced documents do not add

For the purposes of this document, the terms and definitions given in EN 9100 and EN ISO 9000 apply.

The following terms and definitions are included to support the understanding of this document.

approved, recorded configuration of one or more configuration items that thereafter serves as the basis

for further development, and is changed only through change control documented information

commercially available applications sold by vendors through public catalogue listings. COTS software is

not intended to be customized or enhanced. Contract-negotiated software developed for a specific

one or more hardware/software entities treated as a unit for configuration management purposes or

definition in EN 9100, 3.2, applies with the following clarification for software

Critical items in software are those characteristics, requirements, or attributes that have been

determined to be most important to achieve product realization (e.g., safety, maintainability, testability,

usability, performance). For example, in the case of an aircraft’s flight control system software, the

response time could be elevated to a critical item to ensure overall performance characteristics are met;

or if a project has customer specific testability requirements, cyclomatic complexity may become a

type of function that takes a data stream of any length as an input and produces a value of a certain

space (commonly a 32-bit integer) as an output. A CRC can be used to detect alteration of data during

type of asymmetric cryptography used to express compliance with the security properties of a

set of activities needed to protect information and information systems by ensuring availability,

integrity, authentication, confidentiality, and non-repudiation including protection, detection, and

This includes activities conducted to reduce vulnerability of operational networks, Information

Technology (IT), and computing equipment. Activities may include development of innovative and cost-

effective ways to mitigate those vulnerabilities. IA may include actions to provide assured access, and

transparent identification and authentication across the network or within systems of systems.

Figure 1 — Relationship of information assurance, information security and cybersecurity

— Committee on National Security Systems National Information Assurance Glossary, CNSSI

— ISO 27001:2013, Information technology — Security techniques — Information security management

— ISO 27002:2013, Information technology — Security techniques — Code of practice for information

— ISO 27034-1:2011, Information technology — Security techniques — Application security — Part 1:

party having a right, share, or claim in a system or in its possession of characteristics that meet that

Note 1 to entry: Interested parties include, but are not limited to customers, suppliers, regulatory bodies, and

Key characteristics in software are those measurable attributes where variability can be measured by

the project and can, if left unchecked, adversely impact the project or product in areas (e.g., memory

utilization, response time, functionality, reliability, usability, efficiency, maintainability, portability).

act of witnessing or inspecting selected instances of test, inspections, or other activities, or documented

information of those activities, to assure that the activity is under control and that the reported results

are representative of the expected results. Such activities could be performed and used as evidence for

formal test verification to support conformity, certification, and customer acceptance

Monitoring is usually associated with activities done over an extended period of time where 100 %

witnessing is considered impractical or unnecessary. Monitoring permits authentication that the

deliverable software that is not developed under the contract, but is provided by the organization,

customer, or a third party [e.g., reused software, customer furnished software, COTS software,

collection of processes, activities, tasks, and outcomes within the software life cycle [see IEEE 24765]

particular version of a configuration item that is made available for a specific purpose (e.g., test release)

probability of failure-free operation of a computer program in a specified environment for a specified

Note 1 to entry: Software reliability requirements should consider the level and manner of fault and failure

detection, isolation, fault tolerance, and recovery expected to be fulfilled by the software.

extent to which software can continue to operate correctly despite invalid inputs [see RTCA/DO-178 or

Note 1 to entry: Robustness, in the software context, means that the organization has utilized techniques

cryptographic functions that compute a fixed-length digital representation, known as a message digest,

computer programs, associated documentation, and data pertaining to the operation of a computer

Note 1 to entry: The executable programs and data that are embedded in hardware devices are considered to

Note 2 to entry: Firmware is the combination of a hardware memory device loaded with computer instructions

and/or digital data that reside as read-only software on a device that a computing system can read. The software

period of time that begins with the decision to produce or modify software, and ends when the software

product support is no longer required. The software life cycle typically contains a concept phase,

requirements phase, design phase, implementation phase, test phase, installation and checkout phase,

and operation and maintenance phase; could at times include the retirement phase. These phases may

set of computer programs and associated documentation/data intended for, or required by, a customer;

Note 1 to entry: A software product may be designated for delivery, an integral part of another software or

Examples of special requirements that may introduce high risk for software include: the introduction of

a new compiler, new advanced modelling technique, qualification of tools, specific test equipment

capabilities, introduction of a new type of interface, or specific customer technical requirements. These

software or a program that aids in the development, compilation, maintenance, or use of other software

determination that the requirements for a product are correct and complete; confirms the organization

evaluation of an implementation of requirements to determine that they have been met; confirms the

When determining the scope of the quality management system, the organization shall include the

elements of IA (e.g., culture of security, including personal identifiable information security; technical

security; software development life-cycle security elements; supply chain security; internal security

audits; notification; response; recovery), appropriate to the size, criticality, complexity, or consequence

NOTE For further information, see the IAQG Supply Chain Management Handbook (SCMH).

The documented information shall address quality management system requirements for software

The organization shall consider deliverable software products, processes, and services when

The organization shall determine, provide, and maintain an infrastructure, as appropriate, to support

a) software development tools and utilities, including host computer and support software;

b) software verification tools and utilities, including test equipment and test software;

c) equipment, tools, software and utilities for archiving and storage (e.g., network, web or cloud based

storage), backup, disaster recovery, protection, replication, software loading, transmittal, and

d) integrity verification tools and utilities (e.g., virus protection/checking, digital signatures, secure

e) security for software environments against threats (e.g., cyber/information security breaches,

malicious code, enumeration, electronic fingerprints, worms, viruses, backdoors, spyware, trojan

NOTE Further elaboration on potential security elements may be found in the IAQG SCMH. In addition

references to publications dealing with software cyber vulnerabilities and weaknesses [e.g., Mitre Top 25

Common Weakness Enumeration, SANS Institute 20 Critical Controls; Institute of Electrical and Electronic

Engineers (IEEE) Top 10 Software Security Design Flaws] can be found in the IAQG SCMH.

The organization shall ensure that the operational environment appropriately protects the software

The organization shall determine the development and verification resources needed for monitoring

The software test environment and support tools shall be evaluated for their intended use, verified as

Software practitioners (e.g., Engineering, Quality, Testers) shall be qualified by education, experience,

and training appropriate for the criticality, complexity, customer and regulatory requirements, and

other relevant attributes (e.g., IA) of the associated software product and activities.

The organization shall ensure software developers and other relevant personnel are aware of software

Electronic documented information associated with deliverable software (i.e., executable) may include