Hi,I was wondering if I can bounce some ideas around to see if I'm on the right track with respect to Physical and functional audits (for Software and Hardware). - I have posted this on elsmar and received a response, but I'm digging a little deeper for more information.
From reading the ISO 10007 I understand that:
A Functional configuration audit; is a formal examination to verify that a configuration item has achieved the functional and performance characteristics specified in its product configuration information; and
A Physical configuration audit; is a formal examination to verify that a configuration item has achieved the physical characteristics specified in its product configuration information.
I realized that when we perform a first article inspection (FAI) on our product, we test it to make sure it functions properly and we inspect it against the drawing to make sure it matches. Would I be able to use the results of my FAI as evidence of these two audits?
Now, as per the Software one (This comes from the IEEE Std 730):
A functional Audit is held prior to the software delivery to verify that all requirements specified in the SRD have been met.
A Physical Audit is held to verify internal consistency of the software and its documentation, and their readiness for release.
To me, a functional audit here sounds like me sitting by a SW tester and watching them perform SW testing? Would I be able to audit that test reports exist for this and move on?
and Physical auditing sounds like insuring the SW was released properly in our system with all it's required documents (SPMP, SCMP, SFD, etc)?
I'm still unsure how or what is expected of me for the SW audits, so if anyone has any ideas or suggestions or experience, I'm all ears.
I think the FAI package would work for the Hardware audit, I just want to see if someone else can see risks associated with doing this that I might have overlooked.
Thank you all, I appreciate your time and help with this.
Not familiar with software auditing, but I believe the key of a successful audit is focusing on inputs, outputs and process. Are these elements clearly defined? If so, using a turtle diagram to check and review the evidences of each element to verify if they meet the defined requirements.
Just my 2 cents.