The IT Law Wiki
The IT Law Wiki

Definitions[]

Independent verification and validation (IV&V) is

a process whereby organizations can reduce the risks inherent in system development and acquisition efforts by having a knowledgeable party who is independent of the developer determine whether the system or product meets the users' needs and fulfills its intended purpose.[1]
[v]erification and validation performed by an organization that is technically, managerially, and financially independent of the development organization.[2]

Overview[]

IV&V involves proactively determining early in a program's life cycle what its risks are likely to be, and then identifying those that could be mitigated or lessened by performing additional reviews and quality assessments. IV&V activities can help ensure that quality is built into program deliverables from the beginning — starting with business and requirements analysis, continuing through software development and unit-testing activities, and ending with system and integration testing and acceptance.

A review published in 1999 by the Institute of Electrical and Electronics Engineers (IEEE)[3] found that IV&V had a measurable beneficial effect on a program's development. For example, it

  • promoted the earlier detection of system faults,
  • identified a greater number of faults,
  • helped to reduce the average time it takes to fix faults, and
  • enhanced operational correctness.

The study concluded that any process that systematically applies well-designed IV&V activities to a structured software development process would result in similar benefits.

Typically, IV&V is performed by an agent that is independent of the development organization to obtain unbiased reviews of a system's processes, products, and results, with the goal of verifying and validating that these meet stated requirements, standards, and user needs. IV&V is work above and beyond the normal quality assurance and performance review activities performed during system development and acquisition. This work must not substitute for the developer's responsibility, but should complement and reinforce the developer's systems engineering processes, configuration management, and qualification test functions. According to recognized industry standards,[4] IV&V can provide management with an objective assessment of a program's processes, products, and risks throughout its life cycle and help ensure conformance to program performance, schedule, and budget targets.

Furthermore, it can help facilitate the early detection and correction of system anomalies and support the system's conformance to performance, schedule, and budget goals, among other benefits.

The independence of the responsible agent is a key aspect of IV&V’s value to the IT acquisitions process. Independence is defined by the following three components:

  • Technical independence — requires the effort to be performed by personnel who are not involved in the development of the system. This ensures that the IV&V team brings a fresh viewpoint to the analysis of the system development process and its products.
IV&V
  • Managerial independence — requires that the agent be managed separately from the development and program management organizations. The effort must be allowed to freely select the system components or segments it will analyze and test, and the test and analysis techniques it will use. The agent must also be allowed to freely report its findings to program management, without prior approval from the development group.
  • Financial independence — requires that the funding for IV&V be controlled by an organization separate from the development organization. This ensures that the effort will not be curtailed by having its funding diverted to other program needs, and that financial pressures cannot be used to influence the effort.

An IV&V effort that exhibits all three of these characteristics is fully independent (see Fig. 2). Rigorous independence from the development or acquisition effort ensures that IV&V's insights into a program's processes and associated work products are objective.

References[]

  1. Information Technology: DHS Needs to Improve Its Independent Acquisition Reviews, at 1-2.
  2. Information Technology: An Audit Guide For Assessing Acquisition Risks, Glossary, at 92.
  3. See Institute of Electrical and Electronics Engineers, Inc., "Evaluating the Effectiveness of Independent Verification and Validation" 79 (Oct. 1999).
  4. Institute of Electrical and Electronics Engineers, Inc., "IEEE Standard for Software Verification and Validation" (IEEE Std 1012-2004) (June 8, 2005).

See also[]

Source[]