Space systems — Software product assurance (SPA)

This document defines a set of software product assurance requirements in terms of processes and products to be used for the development, maintenance and operation of software for space systems. It provides a uniform basis for defining the software product assurance activities to be applied and maintained throughout the whole software life cycle, from project conception until the software retirement. This document mainly applies to the space software segment and critical software of ground software segment (e.g. the software which is directly interface to the space segment).

Systèmes spatiaux — Assurance produit logiciel (SPA)

General Information

Status
Published
Publication Date
31-Mar-2022
Current Stage
5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Start Date
13-Dec-2021
Completion Date
13-Dec-2021
Ref Project

Buy Standard

Standard
ISO 22893:2022 - Space systems — Software product assurance (SPA) Released:4/1/2022
English language
11 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/FDIS 22893 - Space systems -- Software product assurance (SPA)
English language
11 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 22893
First edition
2022-04
Space systems — Software product
assurance (SPA)
Systèmes spatiaux — Assurance produit logiciel (SPA)
Reference number
ISO 22893:2022(E)
© ISO 2022
---------------------- Page: 1 ----------------------
ISO 22893:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 22893:2022(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction .............................................................................................................................................................................................................................. vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ..................................................................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................................................................... 1

4 Software product assurance overview ........................................................................................................................................ 1

4.1 General ........................................................................................................................................................................................................... 1

4.2 Product assurance activities related to software engineering ................................................................... 2

4.3 Product assurance activities related to software safety and security ................................................ 2

4.4 Product assurance activities related to software reliability ........................................................................ 2

5 Software product assurance management .............................................................................................................................. 2

5.1 General ........................................................................................................................................................................................................... 2

5.2 Software product assurance planning and control ............................................................................................... 3

5.3 Risk management ................................................................................................................................................................................. 3

5.4 Supplier selection and monitoring ........................................................................................................................................ 3

5.5 Procurement process ........................................................................................................................................................................ 3

5.6 Tools and support environment .............................................................................................................................................. 4

5.7 Assessment and improvement process............................................................................................................................. 4

6 Software process assurance ....................................................................................................................................................................4

6.1 General ........................................................................................................................................................................................................... 4

6.2 Software product assurance related to software engineering processes ........................................ 4

6.2.1 General ........................................................................................................................................................................................ 4

6.2.2 System requirements analysis process .......................................................................................................... 4

6.2.3 Software requirement analysis process........................................................................................................ 5

6.2.4 Software architectural design process .......................................................................................................... 5

6.2.5 Software detailed design process ....................................................................................................................... 5

6.2.6 Software construction process ............................................................................................................................. 5

6.2.7 Software testing process ............................................................................................................................................ 5

6.2.8 Delivery and acceptance process ......................................................................................................................... 6

6.2.9 Operations process ........................................................................................................................................................... 6

6.2.10 Maintenance process ...................................................................................................................................................... 6

6.3 Software product assurance related to support process ................................................................................. 6

6.3.1 General ........................................................................................................................................................................................ 6

6.3.2 Documentation process ............................................................................................................................................... 7

6.3.3 Safety and security analysis process ............................................................................................................... 7

6.3.4 Critical items handling process ............................................................................................................................. 7

6.3.5 Configuration management process ................................................................................................................. 7

6.3.6 Metric process ...................................................................................................................................................................... 7

6.3.7 Verification process ......................................................................................................................................................... 8

6.3.8 Validation process ............................................................................................................................................................. 8

6.3.9 Review process .................................................................................................................................................................... 8

6.3.10 Audit process ......................................................................................................................................................................... 8

6.3.11 Problem resolution process ...................................................................................................................................... 8

6.4 Software product assurance related to organizational process ................................................................ 9

6.4.1 General ........................................................................................................................................................................................ 9

6.4.2 Software product assurance related to management process .................................................. 9

6.4.3 Infrastructure process .................................................................................................................................................. 9

6.4.4 Training process ................................................................................................................................................................. 9

6.4.5 Reuse process ........................................................................................................................................................................ 9

6.4.6 Automatic code generation evaluation process ................................................................................... 10

6.4.7 Model-based software engineering process ........................................................................................... 10

7 Software product quality assurance ...........................................................................................................................................10

iii
© ISO 2022 – All rights reserved
---------------------- Page: 3 ----------------------
ISO 22893:2022(E)

Bibliography .............................................................................................................................................................................................................................11

© ISO 2022 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 22893:2022(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles,

Subcommittee SC 14, Space systems and operations.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2022 – All rights reserved
---------------------- Page: 5 ----------------------
ISO 22893:2022(E)
Introduction

The objectives of software product assurance are to provide adequate confidence to the customer and

supplier that the software satisfies its requirements throughout the system lifetime.

This document describes a set of product assurance activities related to software engineering and

software safety to be used for the development, maintenance and operation of software for space

systems. These activities deal with management and engineering process, life cycle models, assessment

and improvement processes, in summary, the quality and safety characteristics of software space

products.

Space systems include manned and unmanned spacecraft, launchers, payloads, experiments and their

associated ground equipment and facilities. Software includes ground and on-board applications.

Space software can be divided into two macro areas for its development, maintenance and operations:

the space software segment and the ground software segment. The space software segment is the

software embedded in the vehicle which flies into space (on-board computer, payload platform, etc.);

and the ground software segment is the software of the equipment on ground during the launch or

during the control the spacecraft (telemetry stations, control bench for launch, satellite control, etc.).

This document does not distinguish between software product assurance and software safety,

dependability and quality assurance roles. Software product assurance is a management process that

integrates software safety, software dependability and software quality assurance. The purpose is

to organically integrate safety, dependability and quality assurance activities. As a result, the goal of

providing safe and reliable products that meet customer requirements is that these three areas work

closely in tandem.

The purpose of this document is to identify a set of management guidelines and requirements for dealing

with space systems engineering activities and is intended to define the minimum existing processes on

the subject seeking to reach an international agreement on the topic.
© ISO 2022 – All rights reserved
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 22893:2022(E)
Space systems — Software product assurance (SPA)
1 Scope

This document defines a set of software product assurance requirements in terms of processes and

products to be used for the development, maintenance and operation of software for space systems.

It provides a uniform basis for defining the software product assurance activities to be applied and

maintained throughout the whole software life cycle, from project conception until the software

retirement.

This document mainly applies to the space software segment and critical software of ground software

segment (e.g. the software which is directly interface to the space segment).
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 9000, Quality management systems — Fundamentals and vocabulary
ISO 10795, Space systems — Programme management and quality — Vocabulary
ISO 14300-2, Space systems — Programme management — Part 2: Product assurance
ISO 16404, Space systems — Programme management — Requirements management
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 9000, ISO 10795, ISO 14300-2

and ISO 16404 apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Software product assurance overview
4.1 General

Software product assurance (SPA) is an activity that ensures the success of a software project;

therefore this is the main objective of the software safety, dependability and quality. Success is based

on the assurance of the development, maintenance and operation of software requirements in terms of

meeting the interest of stakeholders, estimating costs, setting schedules and achieving results.

In this regard, SPA has a high level of administrative role; and software safety, dependability and

quality assurance (SQA) are activities included in SPA. The software product assurance activities are

conducted in line with the overall product assurance (PA) activities, meeting the requirements and the

expectations of the customer, management, software engineering and system engineering, tailoring

the software processes taking into account dependability safety and security aspects, software/system

development constraints and project/product quality objectives.
© ISO 2022 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 22893:2022(E)

Also, the software processes and its related products shall be managed to conform to standards, taking

into account relevant regulations; to be consistent, complete, correct, safe, secure and as reliable as

warranted for the system and operating environment; and to satisfy the needs of the stakeholders.

Software product assurance shall manage the software safety and security activities, identifying the

criticality of the software, and applying hazard analysis and other related activities to ensure that the

software is developed to perform properly, safely and securely in its operational environment, while

meeting all quality requirements.

In this document, “contractor” is defined as an entity, which is executing software assurance. In

addition, there is a supervising product assurance entity that can be performed by another organization

body (e.g. space agency).
4.2 Product assurance activities related to software engineering

Software product assurance consists in activities to support and monitor the software engineering

processes and methods. Software product assurance encompasses the entire software life cycle and

the development processes, which include processes such as requirements definition, software design,

reuse coding, automatic code generation, source code control, code reviews, software configuration

management, verification, testing, release management, product integration, and software delivery and

acceptance.

Also, software product assurance shall be provided by independent assurance people in which all

the work products, activities and processes comply to the project specific plans, such as the software

management plan.
4.3 Product assurance activities related to software safety and security

Software product assurance is involved in development through each software engineering stage and

aims to ensure that all necessary safety and security analyses have been performed.

This will ensure:

— that the mission software does not fail due to an unexpected error either within the system itself or

due to human operation;
— that data are always available for processing;
— that the software system is correctly performed.

Software product assurance assesses the software engineering activities and products to allow the

software to be executed without any potential hazards that can affect the system.

The software product assurance takes the lead in or ensures the safety and security analysis process

for the software systems and software components to determine and to deal with the criticality

classification of software products based on the impact of its potential losses.
4.4 Product assurance activities related to software reliability

For projects that have software reliability requirements, a quantitative requirement for software

reliability shall be stated as a forecast; and the operational or test results shall indicate the confidence

level associated with the forecast that the software product will meet the requirements.

5 Software product assurance management
5.1 General

The software product assurance shall identify the responsibilities of the supplier/developer (hereinafter

referred to as the contractor) responsible for software product assurance for the software project, as

© ISO 2022 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 22893:2022(E)

well as the expected outputs that should be presented in the software product assurance plan (SPAP).

The expected outputs should include the quality requirements, software engineering models to be

used in the development, reporting, reviews, audits, alerts and problems handling processes for quality

assurance.

The software engineering joint to the software product assurance shall present the main features of

the SPAP, the software baselines and reviews to be perform, audits, the handling of alerts and problems,

risk management, critical item control, supplier management, procurement, assessment, and process

improvement. Also, the software product assurance together with the software engineering shall

describe the roles, responsibilities, authority, and interfaces and interrelation of personnel who manage

the software product assurance. The software product assurance shall describe the configuration

control, how to handle critical items, the independent verification and validation approaches, software

metrics, software reuse, and any other activity that can be pertinent.
5.2 Software product assurance planning and control

The SPAP shall define the activities and tasks applied to ensure that software developed for a space

product satisfies the project’s established requirements and stakeholders' needs within project cost

and schedule constraints and with an acceptable level of risk.

The SPAP shall specify the product assurance management safety, dependability and quality activities

and tasks with their requirements, objectives and schedule to the related objectives in the software

engineering management, software development and software maintenance plans. The plan identifies

documents, standards, practices and regulations applied for the software and how these items are

monitored and controlled to ensure adequacy and compliance. The plan also identifies tools, techniques,

methodologies, procedures for problem reporting, corrective action, safety and security measure;

training, reporting and documentation.

The software product assurance shall monitor and control the effectiveness of the SPAP used during

the development of the software.
5.3 Risk management

The software engineering, together with the software product assurance, closely follows the risk

management. This shall ensure that the risks emanating from software are removed or mitigated and

have no impact on risks related to the functioning of the system. These activities are under supervision

of the project manager.

The software product assurance shall provide the results of the safety and security analyses including

the criticality classification of the software products to be developed and the information about the

failures that can be caused at higher level by the software products to be developed.

5.4 Supplier selection and monitoring

The contractor shall establish mandatory attributes or selection criteria that the organization will

evaluate in its arrangements with supplier selection, such as quality, safety, delivery, service, simplicity,

risk, agility.

The contractor shall establish a monitoring process which shall include the review and approval of the

suppliers’ product assurance documents, the continuous verification of processes and products, and

the monitoring of the final validation of the product.
5.5 Procurement process

The contractor defines a procurement life cycle requirement through phases, such as identification

and procurement planning, market research, solicitation and award, and management and closeout.

Each phase shall generate products such as the procurement plan, statement of work, request for

information (RFI), invitation to bid (ITB), request for proposals (RFP) or invitation to negotiate (ITN).

© ISO 2022 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 22893:2022(E)

The process of buying a software service (procurement) encompasses the entire life cycle from the

initial identification of a need to the retirement and disposal of the item.

The software product assurance shall provide quality requirement inputs to the procurement process,

defining a procurement life.
5.6 Tools and support environment

The software development environment shall be selected according to criteria defined together with the

software engineering, taking into considerations criteria like availability, compatibility, performance,

maintenance, the available support documentation, the acceptance and warranty conditions, the

conditions of installation, training and maintenance and intellectual property rights constraints.

5.7 Assessment and improvement process

The software product assurance shall monitor and control the effectiveness of the processes used

during the development of the software, including the services provided by third parties. The process

assessment and improvement performed at organization level can be used to provide evidence of

compliance for the project and with the organizational policies.

The process assessment model, the method, the scope, the results and the assessors shall comply with

the project requirements described in the SPAP or in an appropriated document. The results of the

assessment shall be used as feedback to improve as necessary the performed processes, to recommend

changes in the project, and to determine technology advancement needs.

The process improvement shall be conducted according to a documented process improvement.

Evidence of the improvement in performed processes or in project documentation shall be provided.

The software engineering shall ensure that the results of previous assessments are used in its project

activity.
6 Software process assurance
6.1 General

6.2 to 6.4 describe the main activities of the software product assurance related to the activities of

software engineering processes.
6.2 Software product assurance related to software engineering processes
6.2.1 General

The software product assurance related to software engineering processes shall describe the main

characteristics of the software development life cycle that shall be defined or referenced in the SPAP,

such as phases, input and output of each phase, status of completion of phase output, milestones,

dependencies, responsibilities and role of the stakeholders at each milestone review.

6.2.2 to 6.2.10 describe the main activities of software product assurance related to the activities of

software engineering.
6.2.2 System requirements analysis process

The system requirements baseline shall be defined during the system requirements analysis process

and subject to documentation control and configuration management as part of the development

documentation. For the definition of the system requirements baseline, all results from the safety and

security analyses in this level shall be used.
© ISO 2022 – All rights reserved
---------------------- Page: 10 ----------------------
ISO 22893:2022(E)

The contractor shall ensure that the system requirements are formal, correct and completely

described in terms of their functions, capabilities, safety, security, human-factors, interface, operations,

maintenance and quality requirements.
6.2.3 Software requirement analysis process

The software requirements shall be complete and unambiguously defined and subject to documentation

control and configuration management as part of the development documentation.

The software product assurance shall support the software requirement definition process, assuring

that the results from the safety and security analyses shall be used, including non-functional

requirements necessary to satisfy the requirements baseline, such as performance, safety, security,

quality, maintainability, configuration management and verification and validation.

The software product assurance shall conform to the traceability matrix of software requirements.

6.2.4 Software architectural design process

The software architecture design shall identify items of hardware, software, and manual operations.

It shall be ensured that all the system requirements are allocated among the items. Hardware

configuration items, software configuration items, and manual operations shall be subsequently

identified from these items. The results of the evaluations shall be documented.

The software product assurance shall evaluate the items considering the criteria such as traceability

and consistency to the system requirements, appropriateness of design standards and methods used,

feasibility of the software items fulfilling their
...

FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 22893
ISO/TC 20/SC 14
Space systems — Software product
Secretariat: ANSI
assurance (SPA)
Voting begins on:
2021-12-13
Voting terminates on:
2022-02-07
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/FDIS 22893:2021(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO 2021
---------------------- Page: 1 ----------------------
ISO/FDIS 22893:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/FDIS 22893:2021(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction .............................................................................................................................................................................................................................. vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ..................................................................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................................................................... 1

4 Software product assurance overview ........................................................................................................................................ 1

4.1 General ........................................................................................................................................................................................................... 1

4.2 Product assurance activities related to software engineering ................................................................... 2

4.3 Product assurance activities related to software safety and security ................................................ 2

4.4 Product assurance activities related to software reliability ........................................................................ 2

5 Software product assurance management .............................................................................................................................. 2

5.1 General ........................................................................................................................................................................................................... 2

5.2 Software product assurance planning and control ............................................................................................... 3

5.3 Risk management ................................................................................................................................................................................. 3

5.4 Supplier selection and monitoring ........................................................................................................................................ 3

5.5 Procurement process ........................................................................................................................................................................ 3

5.6 Tools and support environment .............................................................................................................................................. 4

5.7 Assessment and improvement process............................................................................................................................. 4

6 Software process assurance ....................................................................................................................................................................4

6.1 General ........................................................................................................................................................................................................... 4

6.2 Software product assurance related to software engineering processes ........................................ 4

6.2.1 General ........................................................................................................................................................................................ 4

6.2.2 System requirements analysis process .......................................................................................................... 4

6.2.3 Software requirement analysis process........................................................................................................ 5

6.2.4 Software architectural design process .......................................................................................................... 5

6.2.5 Software detailed design process ....................................................................................................................... 5

6.2.6 Software construction process ............................................................................................................................. 5

6.2.7 Software testing process ............................................................................................................................................ 5

6.2.8 Delivery and acceptance process ......................................................................................................................... 6

6.2.9 Operations process ........................................................................................................................................................... 6

6.2.10 Maintenance process ...................................................................................................................................................... 6

6.3 Software product assurance related to support process ................................................................................. 6

6.3.1 General ........................................................................................................................................................................................ 6

6.3.2 Documentation process ............................................................................................................................................... 7

6.3.3 Safety and security analysis process ............................................................................................................... 7

6.3.4 Critical items handling process ............................................................................................................................. 7

6.3.5 Configuration management process ................................................................................................................. 7

6.3.6 Metric process ...................................................................................................................................................................... 7

6.3.7 Verification process ......................................................................................................................................................... 8

6.3.8 Validation process ............................................................................................................................................................. 8

6.3.9 Review process .................................................................................................................................................................... 8

6.3.10 Audit process ......................................................................................................................................................................... 8

6.3.11 Problem resolution process ...................................................................................................................................... 8

6.4 Software product assurance related to organizational process ................................................................ 9

6.4.1 General ........................................................................................................................................................................................ 9

6.4.2 Software product assurance related to management process .................................................. 9

6.4.3 Infrastructure process ........................................................................................................................................... ....... 9

6.4.4 Training process ................................................................................................................................................................. 9

6.4.5 Reuse process ........................................................................................................................................................................ 9

6.4.6 Automatic code generation evaluation process ................................................................................... 10

6.4.7 Model-based software engineering process ........................................................................................... 10

7 Software product quality assurance ...........................................................................................................................................10

iii
© ISO 2021 – All rights reserved
---------------------- Page: 3 ----------------------
ISO/FDIS 22893:2021(E)

Bibliography .............................................................................................................................................................................................................................11

© ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/FDIS 22893:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles,

Subcommittee SC 14, Space systems and operations.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2021 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/FDIS 22893:2021(E)
Introduction

The objectives of software product assurance are to provide adequate confidence to the customer and

supplier that the software satisfies its requirements throughout the system lifetime.

This document describes a set of product assurance activities related to software engineering and

software safety to be used for the development, maintenance and operation of software for space

systems. These activities deal with management and engineering process, life cycle models, assessment

and improvement processes, in summary, the quality and safety characteristics of software space

products.

Space systems include manned and unmanned spacecraft, launchers, payloads, experiments and their

associated ground equipment and facilities. Software includes ground and on-board applications.

Space software can be divided into two macro areas for its development, maintenance and operations:

the space software segment and the ground software segment. The space software segment is the

software embedded in the vehicle which flies into space (on-board computer, payload platform, etc.);

and the ground software segment is the software of the equipment on ground during the launch or

during the control the spacecraft (telemetry stations, control bench for launch, satellite control, etc.).

This document does not distinguish between software product assurance and software safety,

dependability and quality assurance roles. Software product assurance is a management process that

integrates software safety, software dependability and software quality assurance. The purpose is

to organically integrate safety, dependability and quality assurance activities. As a result, the goal of

providing safe and reliable products that meet customer requirements is that these three areas work

closely in tandem.

The purpose of this document is to identify a set of management guidelines and requirements for dealing

with space systems engineering activities and is intended to define the minimum existing processes on

the subject seeking to reach an international agreement on the topic.
© ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 22893:2021(E)
Space systems — Software product assurance (SPA)
1 Scope

This document defines a set of software product assurance requirements in terms of processes and

products to be used for the development, maintenance and operation of software for space systems.

It provides a uniform basis for defining the software product assurance activities to be applied and

maintained throughout the whole software life cycle, from project conception until the software

retirement.

This document mainly applies to the space software segment and critical software of ground software

segment (e.g. the software which is directly interface to the space segment).
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 9000, Quality management systems — Fundamentals and vocabulary
ISO 10795, Space systems — Programme management and quality — Vocabulary
ISO 16404, Space systems — Programme management — Requirements management
ISO 14300-2, Space systems — Programme management — Part 2: Product assurance
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 9000, ISO 10795, ISO 16404

and ISO 14300-2 apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Software product assurance overview
4.1 General

Software product assurance (SPA) is an activity that ensures the success of a software project;

therefore this is the main objective of the software safety, dependability and quality. Success is based

on the assurance of the development, maintenance and operation of software requirements in terms of

meeting the interest of stakeholders, estimating costs, setting schedules and achieving results.

In this regard, SPA has a high level of administrative role; and software safety, dependability and

quality assurance (SQA) are activities included in SPA. The software product assurance activities are

conducted in line with the overall product assurance (PA) activities, meeting the requirements and the

expectations of the customer, management, software engineering and system engineering, tailoring

the software processes taking into account dependability safety and security aspects, software/system

development constraints and project/product quality objectives.
© ISO 2021 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/FDIS 22893:2021(E)

Also, the software processes and its related products shall be managed to conform to standards, taking

into account relevant regulations; to be consistent, complete, correct, safe, secure and as reliable as

warranted for the system and operating environment; and to satisfy the needs of the stakeholders.

Software product assurance shall manage the software safety and security activities, identifying the

criticality of the software, and applying hazard analysis and other related activities to ensure that the

software is developed to perform properly, safely and securely in its operational environment, while

meeting all quality requirements.

In this document, “contractor” is defined as an entity, which is executing software assurance. In

addition, there is a supervising product assurance entity that can be performed by another organization

body (e.g. space agency).
4.2 Product assurance activities related to software engineering

Software product assurance consists in activities to support and monitor the software engineering

processes and methods. Software product assurance encompasses the entire software life cycle and

the development processes, which include processes such as requirements definition, software design,

reuse coding, automatic code generation, source code control, code reviews, software configuration

management, verification, testing, release management, product integration, and software delivery and

acceptance.

Also, software product assurance shall be provided by independent assurance people in which all

the work products, activities and processes comply to the project specific plans, such as the software

management plan.
4.3 Product assurance activities related to software safety and security

Software product assurance is involved in development through each software engineering stage and

aims to ensure that all necessary safety and security analyses have been performed.

This will ensure:

— that the mission software does not fail due to an unexpected error either within the system itself or

due to human operation;
— that data are always available for processing;
— that the software system is correctly performed.

Software product assurance assesses the software engineering activities and products to allow the

software to be executed without any potential hazards that can affect the system.

The software product assurance takes the lead in or ensures the safety and security analysis process for

software-system and software components to determine and to deal with the criticality classification

of software products based on the impact of its potential losses.
4.4 Product assurance activities related to software reliability

For projects that have software reliability requirements, a quantitative requirement for software

reliability shall be stated as a forecast; and the operational or test results shall indicate the confidence

level associated with the forecast that the software product will meet the requirements.

5 Software product assurance management
5.1 General

The software product assurance shall identify the responsibilities of the supplier/developer (hereinafter

referred to as the contractor) responsible for software product assurance for the software project, as

© ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/FDIS 22893:2021(E)

well as the expected outputs that should be presented in the software product assurance plan (SPAP).

The expected outputs should include the quality requirements, software engineering models to be

used in the development, reporting, reviews, audits, alerts and problems handling processes for quality

assurance.

The software engineering joint to the software product assurance shall present the main features of

the SPAP, the software baselines and reviews to be perform, audits, the handling of alerts and problems,

risk management, critical item control, supplier management, procurement, assessment, and process

improvement. Also, the software product assurance together with the software engineering shall

describe the roles, responsibilities, authority, and interfaces and interrelation of personnel who manage

the software product assurance. The software product assurance shall describe the configuration

control, how to handle critical items, the independent verification and validation approaches, software

metrics, software reuse, and any other activity that can be pertinent.
5.2 Software product assurance planning and control

The SPAP shall define the activities and tasks applied to ensure that software developed for a space

product satisfies the project’s established requirements and stakeholders' needs within project cost

and schedule constraints and with an acceptable level of risk.

The SPAP shall specify the product assurance management safety, dependability and quality activities

and tasks with their requirements, objectives and schedule to the related objectives in the software

engineering management, software development and software maintenance plans. The plan identifies

documents, standards, practices and regulations applied for the software and how these items are

monitored and controlled to ensure adequacy and compliance. The plan also identifies tools, techniques,

methodologies, procedures for problem reporting, corrective action, safety and security measure;

training, reporting and documentation.

The software product assurance shall monitor and control the effectiveness of the SPAP used during

the development of the software.
5.3 Risk management

The software engineering, together with the software product assurance, closely follows the risk

management. This shall ensure that the risks emanating from software are removed or mitigated and

have no impact on risks related to the functioning of the system. These activities are under supervision

of the project manager.

The software product assurance shall provide the results of the safety and security analyses including

the criticality classification of the software products to be developed and the information about the

failures that can be caused at higher level by the software products to be developed.

5.4 Supplier selection and monitoring

The contractor shall establish mandatory attributes or selection criteria that the organization will

evaluate in its arrangements with supplier selection, such as quality, safety, delivery, service, simplicity,

risk, agility.

The contractor shall establish a monitoring process which shall include the review and approval of the

suppliers’ product assurance documents, the continuous verification of processes and products, and

the monitoring of the final validation of the product.
5.5 Procurement process

The contractor defines a procurement life cycle requirement through phases, such as identification

and procurement planning, market research, solicitation and award, and management and closeout.

Each phase shall generate products such as the procurement plan, statement of work, request for

information (RFI), invitation to bid (ITB), request for proposals (RFP) or invitation to negotiate (ITN).

© ISO 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/FDIS 22893:2021(E)

The process of buying a software service (procurement) encompasses the entire life cycle from the

initial identification of a need to the retirement and disposal of the item.

The software product assurance shall provide quality requirement inputs to the procurement process,

defining a procurement life.
5.6 Tools and support environment

The software development environment shall be selected according to criteria defined together with the

software engineering, taking into considerations criteria like availability, compatibility, performance,

maintenance, the available support documentation, the acceptance and warranty conditions, the

conditions of installation, training and maintenance and intellectual property rights constraints.

5.7 Assessment and improvement process

The software product assurance shall monitor and control the effectiveness of the processes used

during the development of the software, including the services provided by third parties. The process

assessment and improvement performed at organization level can be used to provide evidence of

compliance for the project and with the organizational policies.

The process assessment model, the method, the scope, the results and the assessors shall comply with

the project requirements described in the SPAP or in an appropriated document. The results of the

assessment shall be used as feedback to improve as necessary the performed processes, to recommend

changes in the project, and to determine technology advancement needs.

The process improvement shall be conducted according to a documented process improvement.

Evidence of the improvement in performed processes or in project documentation shall be provided.

The software engineering shall ensure that the results of previous assessments are used in its project

activity.
6 Software process assurance
6.1 General

6.2 to 6.4 describe the main activities of the software product assurance related to the activities of

software engineering processes.
6.2 Software product assurance related to software engineering processes
6.2.1 General

The software product assurance related to software engineering processes shall describe the main

characteristics of the software development life cycle that shall be defined or referenced in the SPAP,

such as phases, input and output of each phase, status of completion of phase output, milestones,

dependencies, responsibilities and role of the stakeholders at each milestone review.

6.2.2 to 6.2.10 describe the main activities of software product assurance related to the activities of

software engineering.
6.2.2 System requirements analysis process

The system requirements baseline shall be defined during the system requirements analysis process

and subject to documentation control and configuration management as part of the development

documentation. For the definition of the system requirements baseline, all results from the safety and

security analyses in this level shall be used.
© ISO 2021 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/FDIS 22893:2021(E)

The contractor shall ensure that the system requirements are formal, correct and completely

described in terms of their functions, capabilities, safety, security, human-factors, interface, operations,

maintenance and quality requirements.
6.2.3 Software requirement analysis process

The software requirements shall be complete and unambiguously defined and subject to documentation

control and configuration management as part of the development documentation.

The software product assurance shall support the software requirement definition process, assuring

that the results from the safety and security analyses shall be used, including non-functional

requirements necessary to satisfy the requirements baseline, such as performance, safety, security,

quality, maintainability, configuration management and verification and validation.

The software product assurance shall conform to the traceability matrix of software requirements.

6.2.4 Software architectural design process
The software architecture design shall iden
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.