Quality Management Systems - Requirements for Aviation, Space and Defense Organizations - Deliverable Software (Supplement to EN 9100)

The requirements of EN 9100 apply with the following clarification for software.
This European standard supplements the EN 9100 standard requirements for deliverable software and
contains quality management system requirements for organizations that design, develop, and/or
produce deliverable software and services for the aviation, space, and defence industry. This includes,
as required, support software that is used in the development and maintenance of deliverable software
and services. The deliverable software may be stand-alone, embedded, mobile application, or loadable
into a target computer
This deliverable software may also be part of services (e.g., cloud environment, web hosted solutions or
platforms).
Where the use of Hardware Description Language (HDL) or high order language is utilized as the design
source of electronic hardware [e.g., Application Specific Integrated Circuit (ASIC), Programmable Logic
Device (PLD)]; the organization and customer, and/or supplier shall agree on the extent of applicability
of this supplement.
NOTE For airborne electronic hardware guidance, see RTCA/DO-254 or EUROCAE ED-80. For operations
requirements, see EN 9100, clause 8.
Where Commercial-Off-The-Shelf (COTS) or non-developmental software is integrated into a
deliverable product, the organization and customer shall agree on the extent of applicability of this
supplement.
For the purposes of this document, the terms “product” and “software product” are considered
synonymous.
For the purposes of this document, the term “services” may be considered a product.

Qualitätsmanagementsysteme - Anforderungen an Organisationen der Luftfahrt, Raumfahrt und Verteidigung - Mitgelieferte Software (Ergänzung zu EN 9100)

Systèmes de management de la Qualité - Exigences pour les Organisations de l'Aéronautique, l'Espace et la Défense - Logiciel livrable (Supplément à l'EN 9100)

Sistemi vodenja kakovosti - Zahteve za organizacije za zračni promet, astronavtiko in obrambo - Dobavljivost programske opreme (dopolnilo k EN 9100)

Zahteve EN 9100 se uporabljajo z naslednjimi pojasnitvami za programsko opremo.
Ta evropski standard dopolnjuje zahteve standarda EN 9100 za dobavljivo programsko opremo in vsebuje zahteve sistema vodenja kakovosti za organizacije, ki oblikujejo, razvijajo in/ali proizvajajo dobavljivo programsko opremo in storitve za letalsko, vesoljsko in obrambno industrijo. To po potrebi vključuje podporno programsko opremo, ki se uporablja pri razvijanju in vzdrževanju dobavljive programske opreme in storitev. Dobavljiva programska oprema je lahko samostojna, vdelana, mobilna aplikacija ali pa jo je možno naložiti v ciljni računalnik. Ta dobavljiva programska oprema je lahko del storitev (npr., v oblaku, spletne rešitve ali platforme).
Kjer se uporaba opisnega jezika za strojno opremo (HDL) ali jezika visokega razreda uporablja kot vir oblikovanja elektronske strojne opreme (npr. integrirana vezja za določen namen (ASIC), logična naprava z možnostjo programiranja (PLD)), se morata organizacija in potrošnik in/ali dobavitelj strinjati o obsegu uporabnosti tega dodatka.
OPOMBA Za smernice glede elektronske opreme v zraku glejte RTCA/DO-254 ali EUROCAE ED-80. Za zahteve za obratovanje glejte standard EN 9100, točka 8.
Kjer je v dobavljivi izdelek vdelana kupljena komercialna (COTS) ali nerazvojna programska oprema, se morata organizacija in potrošnik strinjati o obsegu uporabnosti tega dodatka.
Za namene tega dokumenta sta izraza »izdelek« in »programski izdelek« enakovredna.
V tem dokumentu izraz »storitve« lahko pomeni izdelek.

General Information

Status
Published
Publication Date
04-Sep-2018
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
26-Jul-2018
Due Date
30-Sep-2018
Completion Date
05-Sep-2018

RELATIONS

Buy Standard

Standard
SIST EN 9115:2018 - BARVE na PDF-str 10
English language
27 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN 9115:2018
01-oktober-2018
1DGRPHãþD
SIST EN 9115:2013

6LVWHPLYRGHQMDNDNRYRVWL=DKWHYH]DRUJDQL]DFLMH]D]UDþQLSURPHWDVWURQDYWLNR

LQREUDPER'REDYOMLYRVWSURJUDPVNHRSUHPH GRSROQLORN(1
Quality Management Systems - Requirements for Aviation, Space and Defense
Organizations - Deliverable Software (Supplement to EN 9100)
Qualitätsmanagementsysteme - Anforderungen an Organisationen der Luftfahrt,
Raumfahrt und Verteidigung - Mitgelieferte Software (Ergänzung zu EN 9100)
Systèmes de management de la Qualité - Exigences pour les Organisations de

l'Aéronautique, l'Espace et la Défense - Logiciel livrable (Supplément à l'EN 9100)

Ta slovenski standard je istoveten z: EN 9115:2018
ICS:
03.100.70 Sistemi vodenja Management systems
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
95.020 Vojaštvo na splošno Military in general
SIST EN 9115:2018 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 9115:2018
---------------------- Page: 2 ----------------------
SIST EN 9115:2018
EN 9115
EUROPEAN STANDARD
NORME EUROPÉENNE
July 2018
EUROPÄISCHE NORM
ICS 03.100.70; 03.120.10; 35.080; 49.020 Supersedes EN 9115:2013
English Version
Quality Management Systems - Requirements for Aviation,
Space and Defense Organizations - Deliverable Software
(Supplement to EN 9100)

Systèmes de management de la Qualité - Exigences Qualitätsmanagementsysteme - Anforderungen an

pour les Organisations de l'Aéronautique, l'Espace et la Organisationen der Luftfahrt, Raumfahrt und

Défense - Logiciel livrable (Supplément à l'EN 9100) Verteidigung - Mitgelieferte Software (Ergänzung zu

EN 9100)
This European Standard was approved by CEN on 28 March 2018.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this

European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references

concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN

member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by

translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management

Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9115:2018 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
Contents
Page

European foreword ....................................................................................................................................................... 3

Rationale ........................................................................................................................................................................... 4

Foreword .......................................................................................................................................................................... 4

Intended Application ................................................................................................................................................... 4

0 Introduction ...................................................................................................................................................... 5

1 Scope .................................................................................................................................................................... 6

2 Normative references .................................................................................................................................... 6

3 Terms and definitions ................................................................................................................................... 6

4 Context of the organization ...................................................................................................................... 11

5 Leadership ...................................................................................................................................................... 12

6 Planning ........................................................................................................................................................... 12

7 Support ............................................................................................................................................................ 12

8 Operation ........................................................................................................................................................ 14

9 Performance evaluation ............................................................................................................................ 25

10 Improvement ................................................................................................................................................. 26

Bibliography ................................................................................................................................................................. 27

---------------------- Page: 4 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
European foreword

This document (EN 9115:2018) has been prepared by the Aerospace and Defence Industries

Association of Europe - Standardization (ASD-STAN).

After enquiries and votes carried out in accordance with the rules of this Association, this Standard has

received the approval of the National Associations and the Official Services of the member countries of

ASD, prior to its presentation to CEN.

This European Standard shall be given the status of a national standard, either by publication of an

identical text or by endorsement, at the latest by January 2019, and conflicting national standards shall

be withdrawn at the latest by January 2019.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

This document supersedes EN 9115:2013.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,

France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,

Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and the United Kingdom.
---------------------- Page: 5 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
Rationale

This European standard supersedes the initial release of prEN 9115 published in April 2010. This

European standard has been revised to incorporate the new clause structure and content of

EN ISO 9001:2015. In addition, industry requirements, definitions, and notes have been revised in

response to EN ISO 9001:2015 and EN 9100:2016 revisions and stakeholder needs.

This is the second revision of EN 9115 which is an international supplement to EN 9100 providing

clarification of the corresponding EN 9100 requirements, as necessary, for deliverable software. In

some cases, where clarification is needed, it was necessary due to the complexity of software to

decompose “shall” statements in EN 9100 into more granular requirements. Where no software

clarification is required of the EN 9100 requirements, the following phrase is presented: “The

requirements of EN 9100 apply. No clarification required for software.”

NOTE This document must be used in conjunction with EN 9100:2016; references throughout the text to

EN 9100 are understood to mean EN 9100:2016.
Foreword

This document standardizes, to the greatest extent possible, the software quality management system

requirements for the aviation, space, and defence industry. This was accomplished through the

harmonization of quality management system requirements from international aviation, space, and

defence software standards and other applicable documents and good practice. The establishment of

common requirements for use at all levels of the supply-chain by organizations around the world

should result in improved quality, schedule, and cost performance by the reduction or elimination of

organization unique requirements and wider application of good practice.
Intended Application
The requirements of EN 9100 apply with the following clarification for software.

Organizations whose products are deliverable software or contain deliverable software should use the

supplemental EN 9115 standard when planning and evaluating the software design, development,

release, procurement, and management activities of the organization. The EN 9115 standard provides

guidance to the requirements of EN 9100 when it is desired to add “deliverable software” to the

organization’s EN 9100-registration certificate, and a greater depth of specificity and granularity to the

requirements for assuring that the objectives of EN 9100 will be met for deliverable software.

NOTE This document is independent of the life cycle models (e.g., waterfall, spiral, agile, evolutionary,

incremental) or methodology (e.g., objected oriented design, unified modelling language).

---------------------- Page: 6 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
0 Introduction
0.1 General
The requirements of EN 9100 apply. No clarification required for software.
0.2 Quality management principles
The requirements of EN 9100 apply. No clarification required for software.
0.3 Process approach
The requirements of EN 9100 apply. No clarification required for software.
0.3.1 General
The requirements of EN 9100 apply. No clarification required for software.
0.3.2 Plan-do-check-act cycle
The requirements of EN 9100 apply. No clarification required for software.
0.3.3 Risk-based thinking
The requirements of EN 9100 apply. No clarification required for software.
0.4 Relationship with other management system standards
The requirements of EN 9100 apply. No clarification required for software.
---------------------- Page: 7 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
1 Scope
The requirements of EN 9100 apply with the following clarification for software.

This European standard supplements the EN 9100 standard requirements for deliverable software and

contains quality management system requirements for organizations that design, develop, and/or

produce deliverable software and services for the aviation, space, and defence industry. This includes,

as required, support software that is used in the development and maintenance of deliverable software

and services. The deliverable software may be stand-alone, embedded, mobile application, or loadable

into a target computer

This deliverable software may also be part of services (e.g., cloud environment, web hosted solutions or

platforms).

Where the use of Hardware Description Language (HDL) or high order language is utilized as the design

source of electronic hardware [e.g., Application Specific Integrated Circuit (ASIC), Programmable Logic

Device (PLD)]; the organization and customer, and/or supplier shall agree on the extent of applicability

of this supplement.

NOTE For airborne electronic hardware guidance, see RTCA/DO-254 or EUROCAE ED-80. For operations

requirements, see EN 9100, clause 8.

Where Commercial-Off-The-Shelf (COTS) or non-developmental software is integrated into a

deliverable product, the organization and customer shall agree on the extent of applicability of this

supplement.

For the purposes of this document, the terms “product” and “software product” are considered

synonymous.

For the purposes of this document, the term “services” may be considered a product.

2 Normative references
The requirements of EN 9100 apply with the following clarification for software.

EN 9100:2016, Quality Management Systems — Requirements for Aviation, Space and Defence

Organizations

NOTE Documents referenced in this European standard, other than the normative references

(i.e., EN ISO 9000, EN ISO 9001, EN 9100), are listed in the supporting bibliographies (see Annex A and Annex B).

For undated references, the latest edition of the referenced document (including any amendments) applies. The

referenced documents are “informative” references; the requirements of these referenced documents do not add

any additional requirements to this European standard.
3 Terms and definitions

For the purposes of this document, the terms and definitions given in EN 9100 and EN ISO 9000 apply.

The following terms and definitions are included to support the understanding of this document.

3.1
baseline

approved, recorded configuration of one or more configuration items that thereafter serves as the basis

for further development, and is changed only through change control documented information

[see RTCA/DO-178 or EUROCAE ED-12]
---------------------- Page: 8 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
3.2
Commercial-Off-The-Shelf (COTS) Software

commercially available applications sold by vendors through public catalogue listings. COTS software is

not intended to be customized or enhanced. Contract-negotiated software developed for a specific

application is not COTS software [see RTCA/DO-178 or EUROCAE ED-12]
Note 1 to entry: COTS software is a type of non-developmental software.
3.3
configuration item

one or more hardware/software entities treated as a unit for configuration management purposes or

software life cycle data treated as a unit for configuration management purposes
[SOURCE: RTCA/DO-178 or EUROCAE ED-12, modified]
3.4
critical items

definition in EN 9100, 3.2, applies with the following clarification for software

Critical items in software are those characteristics, requirements, or attributes that have been

determined to be most important to achieve product realization (e.g., safety, maintainability, testability,

usability, performance). For example, in the case of an aircraft’s flight control system software, the

response time could be elevated to a critical item to ensure overall performance characteristics are met;

or if a project has customer specific testability requirements, cyclomatic complexity may become a

critical item.
3.5
Cyclic Redundancy Check
CRC

type of function that takes a data stream of any length as an input and produces a value of a certain

space (commonly a 32-bit integer) as an output. A CRC can be used to detect alteration of data during

transmission or storage
3.6
digital signature
digital signature scheme

type of asymmetric cryptography used to express compliance with the security properties of a

handwritten signature on paper
3.7
Information Assurance

set of activities needed to protect information and information systems by ensuring availability,

integrity, authentication, confidentiality, and non-repudiation including protection, detection, and

reaction capabilities

This includes activities conducted to reduce vulnerability of operational networks, Information

Technology (IT), and computing equipment. Activities may include development of innovative and cost-

effective ways to mitigate those vulnerabilities. IA may include actions to provide assured access, and

transparent identification and authentication across the network or within systems of systems.

See Figure 1 for added clarity of related terms.
---------------------- Page: 9 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)

Figure 1 — Relationship of information assurance, information security and cybersecurity

References:

— Committee on National Security Systems National Information Assurance Glossary, CNSSI

Instruction No. 4009 (26 April 2010)

— ISO 27001:2013, Information technology — Security techniques — Information security management

systems — Requirements

— ISO 27002:2013, Information technology — Security techniques — Code of practice for information

security controls

— ISO 27034-1:2011, Information technology — Security techniques — Application security — Part 1:

Overview and concepts
3.8
interested parties

party having a right, share, or claim in a system or in its possession of characteristics that meet that

party’s needs and expectations [see ISO/IEC 12207]

Note 1 to entry: Interested parties include, but are not limited to customers, suppliers, regulatory bodies, and

functional organizations or groups needed to achieve product quality.
---------------------- Page: 10 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
3.9
key characteristic
definition in EN 9100, 3.3 applies with the following clarification for software

Key characteristics in software are those measurable attributes where variability can be measured by

the project and can, if left unchecked, adversely impact the project or product in areas (e.g., memory

utilization, response time, functionality, reliability, usability, efficiency, maintainability, portability).

3.10
monitoring

act of witnessing or inspecting selected instances of test, inspections, or other activities, or documented

information of those activities, to assure that the activity is under control and that the reported results

are representative of the expected results. Such activities could be performed and used as evidence for

formal test verification to support conformity, certification, and customer acceptance

Monitoring is usually associated with activities done over an extended period of time where 100 %

witnessing is considered impractical or unnecessary. Monitoring permits authentication that the

claimed activity was performed as planned [see RTCA/DO-178 or EUROCAE ED-12].
3.11
non-developmental software

deliverable software that is not developed under the contract, but is provided by the organization,

customer, or a third party [e.g., reused software, customer furnished software, COTS software,

Government off-the Shelf (GOTS) software, open source software]
3.12
phase

collection of processes, activities, tasks, and outcomes within the software life cycle [see IEEE 24765]

3.13
release

particular version of a configuration item that is made available for a specific purpose (e.g., test release)

[SOURCE: ISO/IEC 12207]
3.14
reliability

probability of failure-free operation of a computer program in a specified environment for a specified

time [based on IEEE 982.1]

Note 1 to entry: Software reliability requirements should consider the level and manner of fault and failure

detection, isolation, fault tolerance, and recovery expected to be fulfilled by the software.

---------------------- Page: 11 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
3.15
robustness

extent to which software can continue to operate correctly despite invalid inputs [see RTCA/DO-178 or

EUROCAE ED-12]

Note 1 to entry: Robustness, in the software context, means that the organization has utilized techniques

(e.g., exception handling, redundancy, related verification techniques).
3.16
secure hash algorithm

cryptographic functions that compute a fixed-length digital representation, known as a message digest,

of an input data sequence of any length
3.17
software

computer programs, associated documentation, and data pertaining to the operation of a computer

system
[SOURCE: RTCA/DO-178 or EUROCAE ED-12, modified]

Note 1 to entry: The executable programs and data that are embedded in hardware devices are considered to

be included in this definition (i.e., firmware).

Note 2 to entry: Firmware is the combination of a hardware memory device loaded with computer instructions

and/or digital data that reside as read-only software on a device that a computing system can read. The software

cannot typically be readily modified under program control.
3.18
software life cycle

period of time that begins with the decision to produce or modify software, and ends when the software

product support is no longer required. The software life cycle typically contains a concept phase,

requirements phase, design phase, implementation phase, test phase, installation and checkout phase,

and operation and maintenance phase; could at times include the retirement phase. These phases may

overlap or be performed iteratively
[SOURCE: IEEE 610.12:1990, IEEE 15288, modified]
3.19
software product

set of computer programs and associated documentation/data intended for, or required by, a customer;

or any intended output resulting from the product development process

Note 1 to entry: A software product may be designated for delivery, an integral part of another software or

hardware product, or used in the development process.
3.20
special requirements
definition in EN 9100, 3.5 applies with the following clarification for software

Examples of special requirements that may introduce high risk for software include: the introduction of

a new compiler, new advanced modelling technique, qualification of tools, specific test equipment

capabilities, introduction of a new type of interface, or specific customer technical requirements. These

requirements are included in the risk management process.
---------------------- Page: 12 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
3.21
support software

software or a program that aids in the development, compilation, maintenance, or use of other software

or provides general application-independent capability
[SOURCE: see ISO/IEC 2382-1]
3.22
validation

determination that the requirements for a product are correct and complete; confirms the organization

is building the right aircraft system/function/item
[SOURCE: SAE ARP 4754, modified]
3.23
verification

evaluation of an implementation of requirements to determine that they have been met; confirms the

organization built the aircraft system/function/item correctly
[SOURCE: SAE ARP 4754, modified]
4 Context of the organization
4.1 Understanding the organization and its context
The requirements of EN 9100 apply. No clarification required for software.
4.2 Understanding the needs and expectations of interested parties
The requirements of EN 9100 apply. No clarification required for software.
4.3 Determining the scope of the quality management system
The requirements of EN 9100 apply with the following clarification for software.

When determining the scope of the quality management system, the organization shall include the

elements of IA (e.g., culture of security, including personal identifiable information security; technical

security; software development life-cycle security elements; supply chain security; internal security

audits; notification; response; recovery), appropriate to the size, criticality, complexity, or consequence

of exploitation of the organization’s processes, products, or services.

NOTE For further information, see the IAQG Supply Chain Management Handbook (SCMH).

4.4 Quality management system and its processes
The requirements of EN 9100 apply with the following clarification for software.

The documented information shall address quality management system requirements for software

processes, products, or services by inclusion or reference.
---------------------- Page: 13 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
5 Leadership
5.1 Leadership and commitment
5.1.1 General
The requirements of EN 9100 apply. No clarification required for software.
5.1.2 Customer focus
The requirements of EN 9100 apply. No clarification required for software.
5.2 Policy
5.2.1 Establishing the quality policy
The requirements of EN 9100 apply. No clarification required for software.
5.2.2 Communicating the quality policy
The requirements of EN 9100 apply. No clarification required for software.
5.3 Organizational roles, responsibilities, and authorities
The requirements of EN 9100 apply. No clarification required for software.
6 Planning
6.1 Actions to address risks and opportunities
The requirements of EN 9100 apply with the following clarification for software.

The organization shall consider deliverable software products, processes, and services when

determining risk and opportunities.
NOTE This should include consideration of external providers, when appropriate.
6.2 Quality objectives and planning to achieve them
The requirements of EN 9100 apply. No clarification required for software.
6.3 Planning of changes
The requirements of EN 9100 apply. No clarification required for software.
7 Support
7.1 Resources
7.1.1 General
The requirements of EN 9100 apply. No clarification required for software.
---------------------- Page: 14 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
7.1.2 People
The requirements of EN 9100 apply. No clarification required for software.
7.1.3 Infrastructure
The requirements of EN 9100 apply with the following clarification for software.

The organization shall determine, provide, and maintain an infrastructure, as appropriate, to support

software activities, including services.
Organization infrastructure includes, as applicable:

a) software development tools and utilities, including host computer and support software;

b) software verification tools and utilities, including test equipment and test software;

c) equipment, tools, software and utilities for archiving and storage (e.g., network, web or cloud based

storage), backup, disaster recovery, protection, replication, software loading, transmittal, and

documented information retention;

d) integrity verification tools and utilities (e.g., virus protection/checking, digital signatures, secure

hash algorithms, CRC);

e) security for software environments against threats (e.g., cyber/information security breaches,

malicious code, enumeration, electronic fingerprints, worms, viruses, backdoors, spyware, trojan

horses, malware).

NOTE Further elaboration on potential security elements may be found in the IAQG SCMH. In addition

references to publications dealing with software cyber vulnerabilities and weaknesses [e.g., Mitre Top 25

Common Weakness Enumeration, SANS Institute 20 Critical Controls; Institute of Electrical and Electronic

Engineers (IEEE) Top 10 Software Security Design Flaws] can be found in the IAQG SCMH.

7.1.4 Environment for the operation of processes
The requirements of EN 9100 apply with the following clarification for software.

The organization shall ensure that the operational environment appropriately protects the software

against unauthorized access and tampering.
7.1.5 Monitoring and measuring resources
7.1.5.1 General
The requirements of EN 9100 apply with the following clarification for software.

The organization shall determine the development and verification resources needed for monitoring

and measuring of software.

The software test environment and support tools shall be evaluated for their intended use, verified as

appropriate, and controlled. Any limitations to testing shall be recorded.
7.1.5.2 Measurement traceability
The requirements of EN 9100 apply. No clarification required for software.
---------------------- Page: 15 ----------------------
SIST EN 9115:2018
EN 9115:2018 (E)
7.1.6 Organizational knowledge
The requirements of EN 9100 apply. No clarification required for software.
7.2 Competence
The requirements of EN 9100 apply with the following clarification for software.

Software practitioners (e.g., Engineering, Quality, Testers) shall be qualified by education, experience,

and training appropriate for the criticality, complexity, customer and regulatory requirements, and

other relevant attributes (e.g., IA) of the associated software product and activities.

7.3 Awareness
The requirements of EN 9100 apply with the following clarification for software.

The organization shall ensure software developers and other relevant personnel are aware of software

product requirements, including IA, customer, and regulatory requirements.
7.4 Communication
The requirements of EN 9100 apply. No clarification required for software.
7.5 Documented information
7.5.1 General
The requirements of EN 9100 apply. No clarification required for software.
7.5.2 Creating and updating
The requirements of EN 9100 apply. No clarification required for software.
7.5.3 Control of documented information
The requirements of EN 9100 apply with the following clarification for software.

Electronic documented information associated with deliverable software (i.e., executable) may include

source code, and any necessary life-cycle support data.
Where docum
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.