SIST EN 9115:2013
(Main)Quality Management Systems - Requirements for Aviation, Space and Defence Organizations - Deliverable Software (Supplement to EN 9100)
Quality Management Systems - Requirements for Aviation, Space and Defence Organizations - Deliverable Software (Supplement to EN 9100)
The requirements of EN 9100 apply with the following clarification for software. This document supplements the EN 9100 standard requirements for deliverable software and contains quality management system requirements for organizations that design, develop, and/or produce deliverable software for the aviation, space, and defense industry. This includes, as required, support software that is used in the development and maintenance of deliverable software. The deliverable software may be stand-alone, embedded, or loadable into a target computer. Where the use of Hardware Description Language (HDL) or high order language is utilized as the design source of electronic hardware [e.g., Application Specific Integrated Circuit (ASIC), Programmable Logic Device (PLD)], the organization and customer shall agree on the extent of applicability of this supplement. Where Commercial-off-the-Shelf (COTS) or non-developmental software is integrated into a deliverable product, the organization and customer shall agree on the extent of applicability of this supplement. For the purposes of this document, the terms "product" and "software product" are considered synonymous. The requirements of EN 9100 apply with the following clarification for software. Exclusions to requirements in Clause 7 should only be considered after analysis of software attributes (e.g., size, safety, security, complexity, criticality, risk).
Qualitätsmanagementsysteme - Anforderungen an Organisationen der Luftfahrt, Raumfahrt und Verteidigung - Lieferbare Software (Ergänzung zu EN 9100)
1.1 Allgemeines
Es gelten die Anforderungen von EN 9100 zuzüglich der folgenden Präzisierung für Software.
Dieses Dokument ergänzt die Normanforderungen von EN 9100 bezüglich der mitgelieferten Software und enthält Anforderungen des Qualitätsmanagementsystems an Organisationen, die mitgelieferte Software für die Luft-, Raumfahrt- und Verteidigungsindustrie entwerfen, entwickeln und/oder herstellen. Bei Bedarf um-fasst das auch Unterstützungssoftware, die bei der Entwicklung und Instandhaltung mitgelieferter Software eingesetzt wird. Die mitgelieferte Software darf eigenständig, eingebettet in oder in den Zielcomputer ladbar sein.
Wenn eine Hardware-Beschreibungssprache (HDL [en: Hardware Description Language]) oder eine Sprache höherer Ordnung als Quelle für das Design elektronischer Hardware genutzt wird (z. B. Anwendungsspezi-fische Integrierte Schaltung [ASIC], Programmierbare Logische Schaltung [PLD]), müssen Organisation und Kunde den Umfang, in dem diese Ergänzung angewendet wird, vereinbaren.
ANMERKUNG 1 Zu Richtlinien für elektronische Hardware in Luftfahrzeugen siehe RTCA/DO-254 oder EUROCAE ED-80, zu Anforde¬rungen bei der Produktrealisierung siehe EN 9100.
Wenn handelsübliche (COTS) Software oder Fertig-Software in das zu liefernde Produkt integriert wird, müs-sen Organisation und Kunde den Umfang, in dem diese Ergänzung angewendet wird, vereinbaren.
Für den Zweck dieses Dokumentes werden die Begriffe „Produkt" und „Software-Produkt" als gleichbedeu-tend angesehen.
ANMERKUNG 2 Dieses Dokument ist unabhängig von Lebenszyklus-Modellen (z. B. Wasserfall-, Spiral-, evolutionä¬res, inkrementelles Modell) oder Methodiken (z. B. objektorientierter Entwurf, Vereinheitlichte Modellierungssprache, rechnergestützt).
1.2 Anwendung
Es gelten die Anforderungen von EN 9100 zuzüglich der folgenden Präzisierung für Software.
Ausnahmen von den Anforderungen in Abschnitt 7 sollten ausschließlich nach Analyse der Software-Eigen-schaften erwogen werden (z. B. Größe, Sicherheit, Schutz, Komplexität, Kritikalität, Risiko).
Systèmes de management de la Qualité - Exigences pour les Organisations de l'Aéronautique, l'Espace et la Défense - Logiciel livrable (Supplément à l'EN 9100)
Sistemi vodenja kakovosti - Zahteve za organizacije za zračni promet, astronavtiko in obrambo - Dobavljivost programske opreme (Dopolnilo k EN 9100)
Zahteve EN 9100 se uporabljajo z naslednjimi pojasnitvami za programsko opremo. Ta dokument dopolnjuje standardne zahteve EN 9100 za dobavljivo programsko opremo in vsebuje zahteve sistema vodenja kakovosti za organizacije, ki oblikujejo, razvijajo in/ali proizvajajo dobavljivo programsko opremo za letalsko, vesoljsko in obrambno industrijo. To po potrebi vključuje podporno programsko opremo, ki se uporablja pri razvijanju in vzdrževanju dobavljive programske opreme. Dobavljiva programska oprema je lahko samostoječa, vdelana ali jo je možno naložiti v ciljni računalnik. Kjer se uporaba opisnega jezika za strojno opremo (HDL) ali jezika visokega razreda uporablja kot vir oblikovanja elektronske strojne opreme (npr. integrirana vezja za določen namen (ASIC), logična naprava z možnostjo programiranja (PLD)), se morata organizacija in potrošnik strinjati o obsegu uporabnosti tega dodatka. Kjer je v dobavljivi izdelek vdelana kupljena komercialna (COTS) ali nerazvojna programska oprema, se morata organizacija in potrošnik strinjati o obsegu uporabnosti tega dodatka. Za namene tega dokumenta sta izraza »izdelek« in »programski izdelek« enakovredna. Zahteve EN 9100 se uporabljajo z naslednjimi pojasnitvami za programsko opremo. Izključitve pri zahtevah v točki 7 naj bi se upoštevale šele po analizi lastnosti programske opreme (npr. velikost, varnost, zaščita, kompleksnost, kritičnost, tveganje).
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN 9115:2013
01-julij-2013
6LVWHPLYRGHQMDNDNRYRVWL=DKWHYH]DRUJDQL]DFLMH]D]UDþQLSURPHWDVWURQDYWLNR
LQREUDPER'REDYOMLYRVWSURJUDPVNHRSUHPH'RSROQLORN(1
Quality Management Systems - Requirements for Aviation, Space and Defence
Organizations - Deliverable Software (Supplement to EN 9100)
Qualitätsmanagementsysteme - Anforderungen an Organisationen der Luftfahrt,
Raumfahrt und Verteidigung - Lieferbare Software (Ergänzung zu EN 9100)
Systèmes de management de la Qualité - Exigences pour les Organisations de
l'Aéronautique, l'Espace et la Défense - Logiciel livrable (Supplément à l'EN 9100)
Ta slovenski standard je istoveten z: EN 9115:2013
ICS:
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
95.020 Vojaška tehnika. Vojaške Military engineering. Military
zadeve. Orožje affairs. Weapons
SIST EN 9115:2013 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN 9115:2013
---------------------- Page: 2 ----------------------
SIST EN 9115:2013
EUROPEAN STANDARD
EN 9115
NORME EUROPÉENNE
EUROPÄISCHE NORM
January 2013
ICS 03.120.10; 49.020
English Version
Quality Management Systems - Requirements for Aviation,
Space and Defense Organizations - Deliverable Software
(Supplement to EN 9100)
Systèmes de management de la Qualité - Exigences pour Qualitätsmanagementsysteme - Anforderungen an
les Organisations de l'Aéronautique, l'Espace et la Défense Organisationen der Luftfahrt, Raumfahrt und Verteidigung -
- Logiciel livrable (Supplément à l'EN 9100) Mitgelieferte Software (Ergänzung zu EN 9100)
This European Standard was approved by CEN on 18 June 2011.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9115:2013: E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
Contents Page
Foreword .4
0 Introduction .6
0.1 General .6
0.2 Process approach .6
QUALITY MANAGEMENT SYSTEMS — REQUIREMENTS .6
1 Scope .6
1.1 General .6
1.2 Application .6
2 Normative references .7
3 Terms and definitions .7
4 Quality management system . 10
4.1 General requirements . 10
4.2 Documentation requirements . 10
4.2.1 General . 10
4.2.2 Quality manual . 10
4.2.3 Control of documents . 11
4.2.4 Control of records. 11
5 Management responsibility . 11
5.1 Management commitment . 11
5.2 Customer focus . 11
5.3 Quality policy . 11
5.4 Planning . 11
5.4.1 Quality objectives . 11
5.4.2 Quality management system planning . 11
5.5 Responsibility, authority and communication . 11
5.5.1 Responsibility and authority . 11
5.5.2 Management representative . 11
5.5.3 Internal communication . 11
5.6 Management review . 12
5.6.1 General . 12
5.6.2 Review input . 12
5.6.3 Review output . 12
6 Resource management . 12
6.1 Provision of resources . 12
6.2 Human resources. 12
6.2.1 General . 12
6.2.2 Competence, training and awareness . 12
6.3 Infrastructure . 12
6.4 Work environment . 13
7 Product realization. 13
7.1 Planning of product realization . 13
7.1.1 Project management . 13
7.1.2 Risk management . 14
7.1.3 Configuration management . 14
7.1.4 Control of work transfers . 16
7.2 Customer-related processes . 16
7.2.1 Determination of requirements related to the product . 16
2
---------------------- Page: 4 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
7.2.2 Review of requirements related to the product . 16
7.2.3 Customer communication . 17
7.3 Design and development . 17
7.3.1 Design and development planning . 17
7.3.2 Design and development inputs . 17
7.3.3 Design and development outputs . 17
7.3.4 Design and development review . 17
7.3.5 Design and development verification . 18
7.3.6 Design and development validation . 18
7.3.6.1 Design and development verification and validation testing . 18
7.3.6.2 Design and development verification and validation documentation . 18
7.3.7 Control of design and development changes . 18
7.4 Purchasing . 19
7.4.1 Purchasing process . 19
7.4.2 Purchasing information . 19
7.4.3 Verification of purchased product . 19
7.5 Production and service provision . 19
7.5.1 Control of production and service provision . 19
7.5.1.1 Production process verification . 19
7.5.1.2 Control of production process changes . 20
7.5.1.3 Control of production equipment, tools and software programs . 20
7.5.1.4 Post-delivery support . 20
7.5.2 Validation of processes for production and service provision . 20
7.5.3 Identification and traceability . 20
7.5.4 Customer property . 20
7.5.5 Preservation of product . 20
7.6 Control of monitoring and measuring equipment . 21
8 Measurement, analysis and improvement . 21
8.1 General . 21
8.2 Monitoring and measurement . 21
8.2.1 Customer satisfaction . 21
8.2.2 Internal audit . 21
8.2.3 Monitoring and measurement of processes . 21
8.2.4 Monitoring and measurement of product . 21
8.3 Control of nonconforming product . 22
8.4 Analysis of data . 22
8.5 Improvement . 22
8.5.1 Continual improvement . 22
8.5.2 Corrective action . 22
8.5.3 Preventive action . 22
Bibliography . 23
3
---------------------- Page: 5 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
Foreword
This document (EN 9115:2013) has been prepared by the Aerospace and Defence Industries Association of
Europe - Standardization (ASD-STAN).
After enquiries and votes carried out in accordance with the rules of this Association, this Standard has
received the approval of the National Associations and the Official Services of the member countries of ASD,
prior to its presentation to CEN.
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by July 2013, and conflicting national standards shall be withdrawn at the
latest by July 2013.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
This document standardizes, to the greatest extent possible, the software quality management system
requirements for the aviation, space, and defense industry. This was accomplished through the
harmonization of quality management system requirements from international aviation, space, and
defense software standards and other applicable documents. The establishment of common
requirements for use at all levels of the supply-chain by organizations around the world should result
in improved quality, schedule, and cost performance by the reduction or elimination of organization
unique requirements and wider application of good practice.
4
---------------------- Page: 6 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
SUMMARY/RATIONALE
The 9115 document supersedes AS9006, “Deliverable Aerospace Software Supplement for AS9100A,
Quality Management Systems — Aerospace — Requirements for Software”, published in March 2003.
The AS9006 standard was published as an Americas Aerospace Quality Group (AAQG) sector specific
document.
This is the initial release of 9115, which is an international supplement to 9100 providing clarification
of the corresponding 9100 requirements, as necessary, for deliverable software. In some cases, where
clarification is needed, it was necessary due to the complexity of software to decompose “shall”
statements in 9100 into more granular requirements. Where no software clarification is required of the
9100 requirements, the following phrase will be presented: “The requirements of 9100 apply. No
clarification required for software.”
NOTE This document must be used in conjunction with EN 9100; references throughout the text to EN 9100
are understood to mean EN 9100:2009.
5
---------------------- Page: 7 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
0 Introduction
0.1 General
The requirements of EN 9100 apply. No clarification required for software.
0.2 Process approach
The requirements of EN 9100 apply. No clarification required for software.
QUALITY MANAGEMENT SYSTEMS — REQUIREMENTS
1 Scope
1.1 General
The requirements of EN 9100 apply with the following clarification for software.
This document supplements the EN 9100 standard requirements for deliverable software and contains quality
management system requirements for organizations that design, develop, and/or produce deliverable software
for the aviation, space, and defense industry. This includes, as required, support software that is used in the
development and maintenance of deliverable software. The deliverable software may be stand-alone,
embedded, or loadable into a target computer.
Where the use of Hardware Description Language (HDL) or high order language is utilized as the design
source of electronic hardware [e.g., Application Specific Integrated Circuit (ASIC), Programmable Logic
Device (PLD)], the organization and customer shall agree on the extent of applicability of this supplement.
NOTE 1 For airborne electronic hardware guidance, see RTCA/DO-254 or EUROCAE ED-80; and for product
realization requirements, see EN 9100.
Where Commercial-off-the-Shelf (COTS) or non-developmental software is integrated into a deliverable
product, the organization and customer shall agree on the extent of applicability of this supplement.
For the purposes of this document, the terms “product” and “software product” are considered synonymous.
NOTE 2 This document is independent of the life cycle models (e.g., waterfall, spiral, evolutionary, incremental) or
methodology (e.g., objected oriented design, unified modeling language, agile).
1.2 Application
The requirements of EN 9100 apply with the following clarification for software.
Exclusions to requirements in Clause 7 should only be considered after analysis of software attributes (e.g.,
size, safety, security, complexity, criticality, risk).
6
---------------------- Page: 8 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
NOTE 1 The requirements of EN 9100 apply with the following clarification for software.
EN 9100:2009, Quality Management Systems — Requirements for Aviation, Space and Defence Organizations
NOTE 2 Documents referenced in this document, other than the normative references (i.e., 9100, ISO 9000) are listed
in the Bibliography. For undated references, the latest edition of the referenced document (including any
amendments) applies. The referenced documents are “informative” references; the requirements of these
referenced documents do not add any additional requirements to this standard.
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 9100 and ISO 9000 apply. The
following terms and definitions are included to support the understanding of this document.
3.1
baseline
the approved, recorded configuration of one or more configuration items, that thereafter serves as the basis
for further development, and that is changed only through change control procedures
[SOURCE: RTCA/DO-178, EUROCAE ED-12]
3.2
Commercial-Off-The-Shelf (COTS) software
commercially available applications sold by vendors through public catalog listings. COTS software is not
intended to be customized or enhanced. Contract-negotiated software developed for a specific application is
not COTS software.
[SOURCE: RTCA/DO-178, EUROCAE ED-12]
Note 1 to entry: COTS software is a type of non-developmental software.
3.3
configuration item
one or more hardware/software entities treated as a unit for configuration management purposes or software
life cycle data treated as a unit for configuration management purposes
[SOURCE: based on RTCA/DO-178, EUROCAE ED-12]
3.4
critical items
the definition in EN 9100, Clause 3.3, applies with the following clarification for software
Critical items in software are those characteristics, requirements, or attributes that have been determined to
be most important to achieve product realization (e.g., safety, maintainability, testability, usability,
performance). Critical items should be adequately managed and appropriate action taken to ensure visibility
throughout the product life cycle. For example, in a flight control system software response time can be
elevated to a critical item to ensure performance characteristics are met. Furthermore, if the project has
specific testability requirements, cyclomatic complexity may become a critical item.
7
---------------------- Page: 9 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
3.5
cyclic redundancy check (CRC)
a type of function that takes as input a data stream of any length and produces as output a value of a certain
space, commonly a 32-bit integer. A CRC can be used to detect alteration of data during transmission or
storage.
3.6
digital signature
a type of asymmetric cryptography used to express compliance with the security properties of a handwritten
signature on paper, also referred to as a digital signature scheme
3.7
key characteristic
the definition in EN 9100, Clause 3.4, applies with the following clarification for software
Key characteristics in software are those measurable attributes where variability can be measured by the
project and can, if left unchecked, adversely impact the project or product in areas (e.g., schedule, cost,
maintainability, testability, reliability, portability). Examples of key characteristics include defect severity,
complexity factors, nested menus, memory, timing, response time, and throughput targets.
3.8
Monitoring
the act of witnessing or inspecting selected instances of test, inspections, or other activities, or records of
those activities, to assure that the activity is under control and that the reported results are representative of
the expected results
Monitoring is usually associated with activities done over an extended period of time where 100 % witnessing
is considered impractical or unnecessary. Monitoring permits authentication that the claimed activity was
performed as planned.
[SOURCE: RTCA/DO-178, EUROCAE ED-12]
3.9
non-developmental software
deliverable software that is not developed under the contract, but is provided by the organization, customer, or
a third party (e.g., reused software, customer furnished software, COTS software, open source software)
3.10
phase
a collection of processes, activities, tasks, and outcomes within the software life cycle
3.11
release
a particular version of a configuration item that is made available for a specific purpose (e.g., test release)
[SOURCE: ISO/IEC 12207]
3.12
reliability
the probability of failure-free operation of a computer program in a specified environment for a specified time
[SOURCE: based on IEEE-STD-982.1]
Note 1 to entry: Software reliability requirements should consider the level and manner of fault and failure detection,
isolation, fault tolerance, and recovery expected to be fulfilled by the software.
3.13
risk
the definition in EN 9100 (see 3.1) applies. No clarification required for software.
8
---------------------- Page: 10 ----------------------
SIST EN 9115:2013
EN 9115:2013 (E)
3.14
robustness
the extent to which software can continue to operate correctly despite invalid inputs
[SOURCE: RTCA/DO-178, EUROCAE ED-12]
Note 1 to entry: Robustness, in the software context, means that the organization has utilized techniques (e.g.,
exception handling, redundancy, related verification techniques).
3.15
secure hash algorithm
cryptographic functions that compute a fixed-length digital representation, known as a message digest, of an
input data sequence of any length
3.16
software
computer programs, associated documentation, and data pertaining to the operation of a computer system
[SOURCE: based on RTCA/DO-178, EUROCAE ED-12]
Note 1 to entry: The executable programs and data that are embedded in hardware devices are considered to be
included in this definition (i.e., firmware).
Note 2 to entry: Firmware is the combination of a hardware memory device loaded with computer instructions and/or
digital data that reside as read-only software on a device that a computing system can read. The software
cannot typically be readily modified under program control.
3.17
software life cycle
the period of time that begins with the decision to produce or modify software and ends when the software
product support is no longer required. The software life cycle contains phases.
Note 1 to entry: The software life cycle typically includes a concept phase, requirements phase, design phase,
implementation phase, test phase, installation and checkout phase, operation and maintenance phase, and
sometimes, retirement phase
[SOURCE: IEEE-STD-610.12]
3.18
software product
the set of computer programs and associated documentation and data intended for, or required by, a
customer; or any intended output resulting from the product realization process
Note 1 to entry: A software product may be designated for delivery, an integral part of another software or hardware
product, or used in the development process.
3.19
special requirements
the definition in EN 9100, Clause 3.2, applies with the following clarification for software
Examples of special requirements that may introduce high risk for software include: the introduction of a new
compiler, new advanced modeling technique, qualification of tools, novel test equipment capabilities,
in
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.