SOI #3 - Verification Review

A number of verification activities are required by DO-178C. Some of these activities involve verification of the developed software, while some involve verification that your DO-178C verification process was correctly followed. Many verification activities can be performed either manually or by using automated tools to help run the analysis. When automated tools are used to achieve a DO-178C objective without their output being verified, those tools must be qualified for use following the DO-330^* guidelines.

*DO-330: Software Tool Qualification Considerations supplement to DO-178C gives specific guidance on situations in which you need to qualify any verification tools you use in order to demonstrate that they work as intended. Because of this, it makes sense to begin your verification activities early and not leave verification activities until late in your project life cycle.

Certification authorities will expect that you document your verification results in a series of documents, some of which you will submit in your final compliance demonstration data. The documents that are typically expected include:

• Software Accomplishment Summary (SAS), which gives the overall compliance position, states the timing and memory margins, and summarizes any agreed process deviations and open or deferred problem reports. This document is always submitted.
• Software Verification Results (SVR), which lists the verification activities conducted (reviews, analyses and tests), gives the results, summarizes problem reports for any failed verification activities, and typically also includes traceability and coverage data. This document is sometimes submitted and sometimes just made available for external review.
• Software Verification Cases and Procedures (SVCP), which gives the design of each review, analysis and test to conduct. This includes details such as test environment setup, schedules, staffing, auditing, and efficiency concerns. It isn’t expected that this document is submitted.

Similarly to SOI #2(development review), SOI #3 should be conducted with the certification authority when there are examples of each of the verification artifacts available for review. SOI #3 focuses not only on test cases and test procedures, but also on test results and coverage analyses.

You do not need to complete the verification of your software before SOI #3, but this milestone is usually reached after:

• Around half or more of the total expected test cases and procedures have been developed and reviewed.
• The approach you’ll take for verifying your verification process (e.g., structural coverage, data coupling and control coupling coverage) is demonstrable (ideally with at least sample data being available).
• The approach you’ll take for verifying non-functional properties of your software, including resource usage, is demonstrable (ideally with at least sample data being available).

The review will examine traceability information and also examine how changes have been managed throughout the life cycle of your project.

Learn more about DO-178C by downloading the free 70-page handbook here.