Management is an essential aspect for ISVV success. The topics presented below are important to consider.
Roles responsibilities and tasks
ISVV is a service provided by an ISVV supplier to an ISVV customer, in which the process may interface with other roles, such as:
Software supplier or validation facility supplier
System supplier or customer.
One of the two latter roles is likely to be the ISVV customer.
Process planning tasks:
| Task | Cust | Supplier |
| Define ISVV objectives | X | - |
| Perform system level software criticality analysis | X | - |
| Define the ISVV scope and determine the ISVV budget | X | - |
| Perform technical specification criticality analysis | (X) | X |
| Estimate ISVV budget | - | X |
| Develop/revise ISVV plan | - | X |
| Approve ISVV plan | X | - |
| Determine confidentiality issues and prepare NDA's | X | (X) |
| Approve scope definition resulting from criticality analysis | X | - |
Process execution, monitoring and control tasks:
| Activities | Cust | Supplier |
| Manage ISVV project | - | X |
| Submit documentation and code to ISVV supplier | X | - |
| Check received documentation | - | X |
| Perform verification and validation activities | - | X |
| Request clarifications | - | X |
| Respond to requests for clarification | X | - |
| Report early ISVV findings | - | X |
| Review early ISVV findings | X | - |
| Produce ISVV verification report | - | X |
| Conduct review meeting | X | (X) |
| Produce ISVV findings resolution report | X | - |
| Implement resolutions | X | - |
| Update criticality analyses | (X) | X |
Criticality analysis
The objective is to reduce the number of items subject to ISVV, and determine which verification and validation tasks to carry out for each individual item.
The budget should reflect the criticality of the software to be scrutinised, distinguish between different criticality categories to allow expending more effort in verification and validation of high instead of less criticality software.
It is carried out throughout the project. The first task is the most important as it is carried out by the customer and forms the basis for allocating a budget for the contract. It may be repeated by the supplier to verify the realism of the budget.
Later analysis are intended to refine the scope. It should be done by the supplier, with the ISVV customer reviewing results and accepting specified scope, which might lead to updates of the ISVV plan and budget.
The objective of the software criticality analysis is to limit the scope of work, and guide subsequent verification and validation activities. It is carried out by using (software) failure modes, effects and criticality analysis ((S)FMECA), supported by traceability analysis, control flow/call graphs analysis, and complexity measurements.
Criticality analysis consists of four tasks:
System level software criticality analysis
Software technical specification criticality analysis
Software design criticality analysis
Software code criticality analysis.
Scheduling and milestones
Scheduling the project is difficult due to dependence on software development progress.
It is recommended that input from software suppliers should be sufficiently mature:
Verification of specific specifications should be performed to balance the needs of early detection and confidence.
Identification of test cases may start when stable documentation is available.
Effective independent validation testing of software requires completion of software development validation testing.
Non-disclosure and security
Spacecraft software is high value intellectual property. Access to documents and codes is strictly controlled when handed
over to an ISVV supplier. This supplier and other stakeholders involved in the process must fulfil requirements including non-disclosure and secure handling of information.The ISVV customer must, in cooperation with software suppliers and other stakeholders, determine confidentiality requirements for handling of documents, including:
Classification
Distribution and storage
Authorisation of personnel
Identification of documents and confidentiality class.
The ISVV supplier should have an information security management system in place to ensure that distribution, storage, and handling of data fulfils confidentiality requirements based on BS 7799-2:2002.