Trustworthy operation of your technical system is dependent on reliable and safe software. Independent Software Validation and Verification (ISVV) imply verification and validation in addition and complementary to that carried out by the software developer, which will produce better software for less money. DNV provides independent software assessment, verification and validation of your technical system based on best-industry practice combined with a comprehensive experience in safety and mission critical systems.

Purpose

Independent Software Verification and Validation (ISVV) is an engineering practice intended to improve quality and reduce costs of a software product as well as to reduce development risks. You get verification and validation of your software’s specifications and codes independent of the software developer’s performance, which creates confidence for customers, owners, users, authorities, and other relevant stakeholders.

Independent verification and validation are requirements in many areas of the society, such as:

• ESA, the European Space Agency, performs ISVV regularly for critical software. They have made use of external contractors such as DNV to consolidate and define a uniform, cost effective and reproducible ISVV process and an ISVV Guide.

• NASA has built up an ISVV centre, the IV&V by NASA, as a consequence of the space shuttle “Challenger” accident in 1986. It is formal NASA policy that all projects shall be assessed for the need of ISVV.

• The Japanese space agency, JAXA uses ISVV on their projects.

Benefits

Separation of concerns: Any person or organisation is likely to discover that their activity inevitably produces conflicting demands and interests. Clearly separating roles and responsibilities ensures that such conflicts do not arise, which gives confidence to other stakeholders.

Different views: People interpret and produce messages in certain context differently. A second opinion complements the other view by identifying omissions, ambiguities, factual errors, logic errors etc.

Effectiveness and productivity: Staff specialised in independent software verification and validation develops technical competence and motivation that should lead to more effective and productive work because it necessitates the application of sophisticated tools.

The IEEE Standard for Software Verification and Validation (IEEE 1012:1998) distinguishes between the following types of independence:

• Technical independence requires the IV&V (Independent Verification and Validation) effort to utilise personnel who are not involved in the development of the software, which means the IV&V effort uses or develops its own set of test and analysis tools separate from the developer's tools. It is an important method to detect subtle errors overlooked by those too close to the solution.

• Managerial independence requires that the responsibility for the IV&V effort be vested in an organisation separate from the development and program management organisations, which independently selects the segments of the software and system to analyse and test, chooses the techniques, defines schedule of activities, and selects specific technical issues and problems to act upon. It provides findings in a timely fashion simultaneously to the development and program management organisations. It must be allowed to submit the results without any restrictions to the program management.

• Financial independence requires that control of the budget be vested in an organisation independent of the development organisation.

Process

• ISVV Process Management (MAN.PM): issues roles, responsibilities, planning, budgeting, communication, competence, confidentiality etc., involving responsibilities of customer and supplier.

• Criticality Analysis (MAN.CR): supports process management, verification and validation task, and provides important input for planning. It defines scope and rigour of subsequent IV&V activities by assigning software criticality categories and levels to software requirements, components and units.

• Technical Specification Analysis (IVE.TA): verification of technical specification, i.e. software requirements, ending with a Technical Specification Analysis Review (TAR).

• Design Analysis (IVE.DA): verification of software architectural design and software detailed design, ending with a Design Analysis Review (DAR).

• Code Analysis (IVE.CA: verification of software source code, ending with a Code Analysis Review (CAR).

• Validation (IVA): testing of software to demonstrate that implementation meets technical specification in a consistent, complete, efficient and robust way, ending with an Independent Validation Review (IVR).