“Verification and validation activities produce their best results when performed by a V&V agent who operates independently of the development project or specification agent,” –Barry Boehm
By Rafael Blanco, Director of Testing and IV & V for DV7. Rafael has 30 years of experience in these critical areas.
In the U.S, critical systems are certified by government authorities and the embedded software in these systems are categorized by its criticality and risk. There are specific standards used to guide these processes for the Software Development Life Cycle (SDLC) in these systems. The Federal Aviation Administration (FAA) uses DO-178C, “Software Considerations in Airborne Systems and Equipment Certification” and the Food & Drug Administration (FDA) uses IEC 62304, “Medical Device Software – Software Life Cycle Processes”.
FAA DO-178C
To determine the Design Assurance Level (DAL), a safety assessment process and hazard analysis are performed by identifying the effects of failure conditions in the system. The following failure conditions are categorized by the impact it has on the crew, passengers, and aircraft.
- Catastrophic – Failure may cause deaths, usually with loss of the airplane.
- Hazardous – Failure has a large negative impact on safety or performance or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload or causes serious or fatal injuries among the passengers.
- Major – Failure significantly reduces the safety margin or significantly increases crew workload. May result in passenger discomfort (or even minor injuries).
- Minor – Failure slightly reduces the safety margin or slightly increases crew workload. Examples might include causing passenger inconvenience or a routine flight plan change.
- No Effect – Failure has no impact on safety, aircraft operation, or crew workload.
Take note in the table above, on the objectives that are listed “With Independence”, as these are objectives that require separation of responsibilities where the objectivity of the Verification and Validation (V&V) processes is ensured by being independent from the software development team. The engineers performing these objectives and verifying the items (requirements, source code) may not be the engineer who created the item, and this separation must be clearly documented.
FDA IEC 62304
Software classification in the Medical Device world is based on the potential for hazards that could cause injury to the user or patient. IEC 62304 refers to this as Software Safety Classification (SSC).
Currently, IEC 62304 does not have a requirement to have V&V independent, which I fully disagree with, especially for CLASS C devices. Currently, the FDA recommends independence, but I believe this will eventually be a requirement.
From the FDA guidance document “General Principles of Software Validation; Final Guidance for Industry and FDA Staff” section 4.9:
Validation activities should be conducted using the basic quality assurance precept of “independence of review.” Self-validation is extremely difficult. When possible, an independent evaluation is always better, especially for higher-risk applications. Some firms contract out for third-party independent verification and validation, but this solution may not always be feasible.
CONTINUED FROM EMAIL
- The likelihood of uncovering high-risk issues early in the SDLC increases substantially.
- Software rework by developers reduced, and reduced costs for software development projects.
- Reduced defects in the software once it’s out in the market.
How do you step up your Verification and Validation (V&V) without making the road to certification even longer? The quickest – and increasingly safest and efficient – route is to bring in expertise. Usually, people only call for external help when they’re already stuck. Don’t let this happen to you.
DV7 Engineering is here to help. We offer a complimentary high-level technical and gap assessments to analyze software code complexity, testability, and the supporting documentation. This provides insight on your product and ways we can mitigate any found issues earlier in the process, saving valuable time, resources, and money. The ROI is always very evident.
We can help with:
- Software IV&V testing according to the regulated industry standard
- Requirement analysis
- Product system level testing
- Development and execution of IV&V Plan
- Testing at different levels (System/Integration/Unit)
- IV&V reports for objective evidence
- Full traceability from SRS to low level testing, forward and backwards
- Full 100% requirement coverage and 100% code coverage (all coverage shortfalls fully documented)
If you’d like to explore how the DV7 IV&V services can help you get your product through certification on time and on budget, contact us for a free consultation.
Be on the lookout for Upcoming blog posts covering important topics such as:
DV7 will be looking into the classification of Unmanned Aerial vehicles (UAV) and how IV&V plays a major role in getting through the approval process.
We will also show how the right Engineering processes also save time and money, while adding quality and safety in non-certified industries.