Boost Your Project’s Chance of Success With an IV&V Vendor

If you work on large projects, you’ve probably heard of Independent Verification and Validation (IV&V). IV&V helps identify and mitigate risks associated with large projects by:

• Providing management with an objective analysis of the project allowing for informed decision-making
• Increasing quality of deliverables
• Identifying errors early and recommending corrective action

Most project managers are not eager to increase the amount of oversight on their project, but the right IV&V vendor will increase your project’s chance of success.

Click Procurement Examples for system shall statements.

What is IV&V?

Per IEEE 1012, Standard for Software Verification and Validation, IV&V processes determine whether the development products of a given activity conform to the requirements of that activity and whether the software satisfies its intended use and user needs.

IV&V stands for:

• Independent – Services are provided and managed by an independent organization
  • Contractual – requires that the IV&V contract be executed separately from the development contract
  • Managerial – requires that responsibility for the IV&V effort be vested in an organization that is separate from the development and project management organizations
  • Technical – requires the IV&V personnel are not involved in any stage of the project requirements, design, or development processes
  • Financial – requires that control of the IV&V budget be located in an organization independent of the organization that controls the project budget
• Verification – provides objective evidence whether the products of a development phase
  • Conform to requirements (e.g., for correctness, completeness, consistency, accuracy) for all life cycle activities during each life cycle process (acquisition, supply, development, operation, and maintenance)
  • Satisfy standards, practices, and conventions during life cycle processes
  • Successfully complete each life cycle activity and satisfy all the criteria for initiating succeeding life cycle activities (e.g., building the software correctly)
• Validation – provides evidence whether the products of a development phase
  • Satisfy system requirements allocated to software at the end of each life cycle activity
  • Solve the right problem (e.g., correctly address federal and state laws, implement business rules, use the proper system assumptions)
  • Satisfy intended use and user needs

IV&V Objectives

The purpose of IV&V is to help the organization build quality into project life cycle activities and processes by providing an objective assessment of products and processes throughout the life cycle.

The objectives of an IV&V project include:

• Enhance management insight into process and product risk
• Provide objective evidence of software and system conformance to support a formal certification process (e.g., Authorization to Operate)
• Facilitate early detection and correction of cost and schedule variances
• Provide early assessment of software and system performance
• Support the life cycle processes to ensure conformance to project performance, schedule, and budget
• Validate the project’s product and processes to ensure compliance with defined requirements
• Improve project life cycle activities and processes

What is the Scope of an IV&V Engagement?

As noted in IEEE 1012, the scope of an IV&V engagement will address some or all of the full software life cycle processes including management, acquisition, supply, development, operation, and maintenance. In practice, the IV&V engagement should be tailored to meet your project and organizational needs.

Below is a sample of processes and activities which may be included in an IV&V engagement:

1. Management – The management process monitors and evaluates all IV&V outputs
   • Develop and update the Project Management Plan (PMP) including managerial processes, technical processes, work breakdown structure,  schedule, cost, personnel, etc.
   • Deliver PMP and its updates
   • Report periodic progress, often monthly
   • Review project quality, risks, and measures
2. Acquisition – The acquisition process is used to scope the IV&V effort, plan interfaces with the supplier and acquirer, review the draft systems requirements to be included in the RFP, and provide the IV&V task results to support acquirer acceptance of the system
   • Scope the IV&V effort
   • Plan the interface between the IV&V effort and supplier
   • Review system requirements
   • Provide acceptance support
3. Supply – The Supply IV&V effort uses the supply process products to confirm that the request for proposal requirements and contract requirements are consistent and satisfy user needs before the contract is finalized
   • Plan the interface between the IV&V effort and supplier
   • Verify contract
4. Development – The development process contains the activities and tasks of the developer
   • Concept
     • Evaluate concept documentation
     • Analyze criticality
     • Analyze requirements allocation
     • Analyze traceability
     • Analyze hazards
     • Analyze security
     • Analyze risk
   • Requirements
     • Analyze traceability
     • Evaluate software requirements
     • Analyze interfaces
     • Analyze criticality
     • Generate system IV&V test plan
     • Generate acceptance IV&V test plan
     • Assess configuration management
     • Analyze hazards
     • Analyze security
     • Analyze risk
   • Design
     • Analyze traceability
     • Evaluate software design
     • Analyze interfaces
     • Analyze criticality
     • Generate component IV&V test plan
     • Generate integration IV&V test plan
     • Generate component IV&V test design
     • Generate integration IV&V test design
     • Generate system IV&V test design
     • Generate acceptance IV&V test design
     • Analyze hazards
     • Analyze security
     • Analyze risk
   • Implementation
     • Analyze traceability
     • Evaluate source code and source code documentation
     • Analyze interfaces
     • Analyze criticality
     • Generate component IV&V test case
     • Generate integration IV&V test case
     • Generate system IV&V test case
     • Generate acceptance IV&V test case
     • Generate component IV&V test procedure
     • Generate integration IV&V test procedure
     • Generate system IV&V test procedure
     • Execute component IV&V test
     • Analyze hazards
     • Analyze security
     • Analyze risk
   • Test
     • Analyze traceability
     • Generate acceptance IV&V test procedure
     • Execute integration IV&V test
     • Execute system IV&V test
     • Execute acceptance IV&V test
     • Analyze hazards
     • Analyze security
     • Analyze risk
   • Installation and checkout
     • Audit installation configuration
     • Checkout installation
     • Analyze hazards
     • Analyze security
     • Analyze risk
     • Generate IV&V final report
5. Operations – The operation process involves the use of the software system by the end user in an operational environment
   • Evaluate new constraints
   • Evaluate operating procedures
   • Analyze hazards
   • Analyze security
   • Analyze risk
6. Maintenance – The maintenance process is activated when the software system or associated documentation must be changed in response to a need for system maintenance
   • Revise software IV&V plan
   • Evaluate anomaly
   • Analyze criticality
   • Assess migration
   • Assess retirement
   • Analyze hazards
   • Analyze security
   • Analyze risk
   • Iterate task

IEEE 1012 includes significant additional details, breaking down each activity into tasks and task descriptions.

Common IV&V Findings and Next Steps

Common IV&V findings on projects include:

• lack of adequate communication
• deficiencies in the project management plan
• deficiencies in requirements
• inadequate risk management
• project not following defined processes
• poor or missing documentation

IV&V vendors will report on and track their findings until they are remediated.

Make sure your IV&V vendor categorizes their findings by priority, project impact, and probability. Most projects don’t have enough staff to implement all recommended changes at once.

When to Engage a Vendor?

Ideally and for maximum ROI, IV&V should be performed throughout the project’s life and can be executed incrementally at specific points in the life cycle or be performed in a manner that is integrated into all project efforts. It should not be left until the end to determine conformance.

Although costs increase, IV&V is most effective when integrated into the entire project life cycle, conducted in parallel with the project and product development activities.

IV&V can also be very helpful during the procurement and vendor selection phase of the project.

What to Look For When Choosing an IV&V Vendor?

Consider the following when selecting a vendor:

• Established – how many years of experience in IV&V does the vendor have?
• Subject Knowledge – does the vendor have the right domain and technology expertise for your project?
• Past Performance – does the vendor have demonstrated experience as an IV&V vendor?
• Methodology – review the vendor’s methodology including how they determine that products and processes meet quality standards such as those produced by ISO, IEEE, NIST, and other standards bodies.
• Approach – review the vendor’s project plan that identifies project scope, schedule, deliverables, and resource requirements.

Procurement Examples

Interested in including an IV&V vendor as part of your next procurement? Here’s some sample text to consider for your acquisition document:

The Agency may hold other contracts for additional or related work, including among others independent verification and validation (IV&V) work for this Project. The Awarded Vendor must fully cooperate with all other contractors and Agency employees and coordinate its work with such other contractors and Agency employees as may be required for the smooth and efficient operation of all related or additional work. The Awarded Vendor may not act in any way that may unreasonably interfere with the work of any other contractors or the Agency’s employees.

Further, the Awarded Vendor must fully cooperate with any IV&V contractor assigned to this Project and implement required improvements. Such cooperation includes expeditiously providing the IV&V contractor with full and complete access to all Project work products, records, materials, personnel, meetings, and correspondence as requested by the IV&V contractor. If the Agency assigns an IV&V contractor to the Project, the Agency will obligate the IV&V contractor to a confidentiality provision similar to the Confidentiality Section contained in this Contract. Additionally, the Awarded Vendor must include the obligations of this provision in all its contracts with its subcontractors that work on this Project.

Related Questions

What’s the difference between IV&V and quality assurance?

Where as IV&V addresses building the right product and building it correctly, quality assurance acts as the process of verifying whether a product meets required specifications and customer expectations.

What’s the difference between IV&V and testing?

IV&V answers the questions “Are we building the right product?” and “Are we building the product right?” Testing is an activity to determine if the actual results match the expected results.

Note: The procurement example above is provided for illustrative purposes only. It is not intended to cover each and every situation, nor can it anticipate specific needs. Take time to tailor it for your organization and unique situation. And be sure to conduct the proper reviews, especially with Procurement and Legal.