ABS 254-2016 GUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafety VOLUME 5.pdf

《ABS 254-2016 GUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafety VOLUME 5.pdf》由会员分享，可在线阅读，更多相关《ABS 254-2016 GUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafety VOLUME 5.pdf（74页珍藏版）》请在麦多课文档分享上搜索。

1、 Guidance Notes on Software Provider Conformity Program ABS CyberSafetyTM Volume 5 GUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafetyTMVOLUME 5 SEPTEMBER 2016 American Bureau of Shipping Incorporated by Act of Legislature of the State of New York 1862 2016 American Bureau of Ship

2、ping. All rights reserved. ABS Plaza 16855 Northchase Drive Houston, TX 77060 USA Foreword Foreword The importance of the development of a positive safety culture has been recognized for some time, particularly in large-scale systems where the consequences of losses may be severe. The marine and off

3、shore industries are increasingly reliant on computer-based control systems; therefore, the specification and verification of the software used in the control systems and their integration into the system is an important element of safety assessments. This document has been developed with the object

4、ive of improving safety and environmental performance of ships and offshore assets by providing a process to improve control system software quality. The American Bureau of Shipping (ABS) provides this guidance in recognition of the beneficial effect that high software quality installed in various c

5、ontrol systems has on the performance of assets. The ABS Guide for Integrated Software Quality Management (ISQM) presents a risk-based software development and maintenance process for application on ships and offshore assets that is based upon internationally recognized standards. These Guidance Not

6、es augment the ISQM Guide by documenting procedures and recommendations developed with input from ABS clients and software development professionals and best practices for quality software development. The guidance provided is based on industry-accepted software quality development activities and pr

7、actices that are applicable to software System Providers (SPs) who are internally implementing and evaluating their application of ABS ISQM processes. The Guidance Notes are also intended to help providers of control system software gain recognition of their quality software development policies, pr

8、ocedures, and practices. The guidance is applicable to all divisions, groups, and companies engaged in developing, supplying, deploying, and maintaining software, and provides information to assist SPs in preparing for ABS ISQM conformity assessments. The information in this document is sufficiently

9、 general to allow SPs appropriate latitude in software development practices, yet sufficiently detailed so as to provide useful guidance to SPs as they implement an ISQM conformant quality assurance program. The ISQM conformity program is patterned upon three (3) of five (5) Tiers of Approval descri

10、bed in Appendix 1-1-A4 of the ABS Rules for Conditions of Classification (Part 1) (Part 1 of the ABS Rules for Building and Classing Steel Vessels (Steel Vessel Rules) and Appendix 1-1-A3 of the ABS Rules for Conditions of Classification Offshore Units and Structures (Part 1) (Part 1 of the ABS Rule

11、s for Building and Classing Mobile Offshore Drilling Units (MODU Rules). Although ABS does not offer type approval for software, Approval Tiers 1, 2 and 5 of the Steel Vessel Rules Type Approval are well suited for software quality management process certification, and are applied with certain alter

12、ations to the ABS ISQM Conformity Certification program. For comparison, Table 1 indicates the Tiers applicable to Steel Vessel Rules Approval and the Tiers applicable to the ISQM Conformity Certification. TABLE 1 ISQM Conformity Program Based on Steel Vessel Rules Approval Tiers These Guidance Note

13、s become effective on the first day of the month of publication. Users are advised to check periodically on the ABS website www.eagle.org to verify that this version of these Guidance Notes is the most current. We welcome your feedback. Comments or suggestions can be sent electronically by email to

14、rsdeagle.org. ii ABSGUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafetyTMVOL 5 .2016 Terms of Use The information presented herein is intended solely to assist the reader in the methodologies and/or techniques discussed. These Guidance Notes do not and cannot replace the analysis

15、and/or advice of a qualified professional. It is the responsibility of the reader to perform their own assessment and obtain professional advice. Information contained herein is considered to be pertinent at the time of publication, but may be invalidated as a result of subsequent legislations, regu

16、lations, standards, methods, and/or more updated information and the reader assumes full responsibility for compliance. This publication may not be copied or redistributed in part or in whole without prior written consent from ABS. ABSGUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberS

17、afetyTMVOL 5 .2016 iii Table of Contents GUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafetyTMVOLUME 5 CONTENTS SECTION 1 Introduction 1 1 Software Quality 1 1.1 Introduction 1 3 Three Tiers of Software Quality Assessment and Certification 2 3.1 Overview 2 3.3 Conformance to Quali

18、ty Standards 6 3.5 Software Quality Activities and Metrics 7 5 Software Development Life Cycle . 8 7 Scope of the Guidance Notes . 9 9 Definitions and Abbreviations . 9 9.1 Definitions 9 9.3 Abbreviations . 10 TABLE 1 Three Tiers of ISQM Conformity . 2 TABLE 2 ISQM Manufacturers Certification 3 TABL

19、E 3 ISQM Product Design Assessment . 3 TABLE 4 ISQM Unit Software Certification 4 FIGURE 1 ISQM Guidance Notes 1 FIGURE 2 ISQM Conformity Certification Process 6 FIGURE 3 Software Development Life Cycle . 9 SECTION 2 ISQM Product Design Assessment Part 1 . 11 1 Introduction . 11 1.1 Requesting a PDA

20、-Part 1 Evaluation . 11 1.3 Completing a PDA-Part 1 Evaluation . 12 3 Project Management . 13 3.1 Initiating Activities 13 3.3 Planning Activities 14 3.5 Execution and Monitoring 15 3.7 Control Activities 15 3.9 Closing Activities 16 iv ABSGUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS C

21、yberSafetyTMVOL 5 .2016 5 Software Development 17 5.1 Design Group 17 5.3 Construction Phase . 21 5.5 Verification, Validation, and Transition (V V expedited reviews and approvals; and providing a level of confidence that products available from the System Providers (SP) are developed so as to meet

22、the minimum quality requirements set forth in the ABS Guide for Integrated Software Quality Management (ISQM) (ISQM Guide). ISQM practices and processes are provided to help the SP establish a program that reinforces quality in the configuration and development of control system software. In additio

23、n to direct and specific application of ISQM to improve the quality of software, the SP may also find it useful to map internally developed quality assurance practices to those described in the ISQM Guide. By doing so, the SP can internally evaluate and measure its conformity to ISQM. ABS has develo

24、ped these Guidance Notes for managers, quality management personnel, and software developers engaged in software development or software quality assurance within SP organizations. These Guidance Notes are provided to: i) Clarify the evaluation processes required for ABS conformity recognitionii) Off

25、er additional information to help the SP implement the ISQM principlesiii) Assist the SP in evaluating its conformity to the ISQM GuideFIGURE 1 ISQM Guidance Notes Clarify ISQMConceptsImplement ISQMConceptsSelf Assess ISQMImplementationISQMGuidanceNotesSection 1 Introduction 3 Three Tiers of Softwar

26、e Quality Assessment and Certification 3.1 Overview The ISQM conformity program is patterned upon three (3) of five (5) Tiers of Approval described in Appendix 1-1-A4 of the ABS Rules for Conditions of Classification (Part 1) (Part 1 of the ABS Rules for Building and Classing Steel Vessels (Steel Ve

27、ssel Rules) and Appendix 1-1-A3 of the ABS Rules for Conditions of Classification Offshore Units and Structures (Part 1) (Part 1 of the ABS Rules for Building and Classing Mobile Offshore Drilling Units (MODU Rules). Although ABS does not offer type approval for software, Approval Tiers 1, 2 and 5 o

28、f the Steel Vessel Rules are well suited for software quality management process certification, and are applied with certain alterations to the ABS ISQM Conformity Certification program (Section 1, Table 1). For comparison, Section 1, Table 1 indicates the certification Tiers applicable to Steel Ves

29、sel Rules Type Approval (Section 4-9-31), MODU Rules Type Approval (Section 4-3-4/52, Section 6-1-53) and ISQM Conformity Certification. TABLE 1 Three Tiers of ISQM Conformity Demonstration of ISQM conformity by the supplier is recognized by ABS through the issuance of: i) A Manufacturers Certificat

30、ion Letter of Acknowledgement Tier 1 conformity approval patterned upon the ABS Rules for Conditions of Classification (Part 1); ii) A Product Design Assessment (PDA) certificate Tier 2 conformity approval patterned upon the ABS Rules for Conditions of Classification (Part 1); and, iii) A Unit Softw

31、are Certification (USC) report Tier 5 conformity approval patterned upon the ABS Rules for Conditions of Classification (Part 1). ABS does not provide software approval for Tier 3 Type Approval, or Tier 4 Product Certification via Product Quality Assurance (PQA), as defined in the ABS Rules for Cond

32、itions of Classification (Part 1). Type Approval of software products is not applicable because software is not “manufactured” in the conventional sense. Software is also subject to customization and frequent changes through field-installed updates and defect fixes, which makes Type Approval inappro

33、priate for software. Additionally, Product Certification via PQA is conventionally applicable to Mass Produced Products, which is a process not commonly applied to software systems. Therefore, neither Tier 3 nor Tier 4 approval are applied to ISQM Conformity Certification. 3.1.1 Tier 1: Manufacturer

34、s Certification (MC) The System Provider (SP) initiates Tier 1 approval by notifying ABS of its desire to be assessed for conformity to ISQM USC or the ISQM PDA. At the same time, the SP provides a letter to ABS asserting or certifying that it implements an ISO 9001 quality management program or a r

35、ecognized equivalent. ABS acknowledges receipt of the SP-provided Manufacturers Certification, and collaborates with the SP to initiate the ABS USC or the ISQM PDA conformity certification assessment. No ABS certificate is issued, and ABS does not perform a quality management documentation review or

36、 on-site assessment in connection with the MC. The SPs documentary 1ABS Steel Vessel Rules, 2012; 4-9-3/1: “Computer based systems where used for control, monitoring and safety systems are to comply with the provisions of Section 4-9-3, and are subject to the classification requirements regardless o

37、f ACC or ACCU notation, see 4-9-3/Table 1 for examples. See 4-9-1/7.3.9 for plans and data to be submitted for review.” 2ABS MODU Rules, 2016; 4-3-4/5: “Computer-based systems are to meet the requirements of 4-9-3/3 of the Steel Vessel Rules, even when the drilling unit will not be assigned with ACC

38、 or ACCU notations.” 3ABS MODU Rules, 2016; Section 6-1-5: Survey and Certification 2 ABSGUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafetyTMVOL 5 .2016 Section 1 Introduction evidence that supports quality management certification is “M” classification documentation, and is to b

39、e kept by the SP and made available for review as requested by ABS. For additional information on documentation management refer to Section 4-9-3 of the Steel Vessel Rules, “M = Evidence kept by manufacturer and upon request checked by ABS.” TABLE 2 ISQM Manufacturers Certification 3.1.2 Tier 2: ISQ

40、M Product Design Assessment The ABS PDA for software is organized as two parts. Both parts are to be completed by the SP before an ABS ISQM PDA is issued. Part 1 is an offsite review of software quality engineering process documentation. Part 2 is an onsite assessment of the SPs implementation of it

41、s software quality process, and includes interviews with project management, quality and software development teams. TABLE 3 ISQM Product Design Assessment 3.1.3 Tier 2: Product Design Assessment Part 1 The ISQM PDA-Part 1 assessment is a review of software quality management documentation pertinent

42、 to the software products to be named in the PDA or the USC. The ISQM-PDA-Part 1 assessment is an ABS review for indications that the SP possesses knowledge of the ISQM Guide, has implemented software quality management practices that conform to the ISQM Guide and recognized best practices, and has

43、mapped its software quality processes to those described in these Guidance Notes in order to facilitate the assessment. The SPs software quality engineering documentation is “S” classification documentation, and is checked by ABS. For additional information on documentation management refer to Secti

44、on 4-9-3 of the Steel Vessel Rules, S-category of documentation: “S = Evidence to be checked by ABS.” SP provided documentation is also reviewed for indications that formally documented software development life cycle development procedures, risk assessment and management procedures (i.e., safety re

45、views, FMEA or FMECA, revision control, etc.), and rigorous testing procedures (i.e., verification and validation) are in place. The ISQM-PDA-Part 1 assessment is concluded after the ABS documentation review is complete, findings are reported to the SP. And the Findings are remedied by the SP. ABS f

46、indings are communicated to the SP in a findings review meeting. To proceed to ISQM PDA-Part 2, the SP corrects any findings (shortfalls in process, procedure, or documentation) communicated by ABS. ABSGUIDANCE NOTES ON SOFTWARE PROVIDER CONFORMITY PROGRAM ABS CyberSafetyTMVOL 5 .2016 3 Section 1 In

47、troduction The SP is allowed six (6) months from the date of ABS findings communication meeting to respond to ABS with its remedies to findings. If ABS approves the remedies provided in the SPs response, the SP is issued an ISQM-PDA-Part 1 completion letter. From this point in the PDA assessment, th

48、e supplier may proceed with the PDA-Part 2 assessment in pursuit of an ISQM Product Design Assessment (PDA) Certification. In the event the SP does not provide documentation to ABS that demonstrates remediation of ABS findings within the six-month period following the ISQM-PDA-Part 1 findings commun

49、ication, the SP may not initiate a PDA-Part 2 assessment. 3.1.4 Tier 2: Product Design Assessment Part 2 In continuation of the ISQM PDA assessment process, ABS provides the Product Design Assessment Part 2 to document that ABS has reviewed the application-in-practice of the SPs quality processes, procedures, and tools in conformity to the ISQM Guide and these Guidance Notes. The PDA-Part 2 pertains only to the specific site, development team, and software products reviewed during the assessment. ABS PDA certification process include