FEO Feature Requirements Inspection Checklist		status: draft security: NO safety: ASIL_B
tags: frameworks_feo

doc__req_inspection_frameworks_feo		Generic Document

FEO Feature Requirement Inspection Checklist#

Purpose The purpose of this requirement inspection checklist is to collect the topics to be checked during requirements inspection.

Checklist

Table 7 Feature Requirement Inspection Checklist FEO#

Review ID

Acceptance Criteria

Guidance

Passed

Remarks

Issue link

REQ_01_01

Is the requirement sentence template used?

see gd_temp__req_formulation, this includes the use of “shall”.

No

Reformulate requirements according template, may split as not atomic

Issue for Findings

REQ_02_01

Is the requirement description comprehensible ?

If you think the requirement is hard to understand, comment here.

No

May add diagrams to support natural language, split in more atomic requirements

Issue for Findings

REQ_02_02

Is the requirement description unambiguous ?

Especially search for “weak words” like “about”, “etc.”, “relevant” and others (see the internet documentation on this). This check shall be supported by tooling.

Yes

REQ_02_03

Is the requirement description atomic ?

A good way to think about this is to consider if the requirement may be tested by one (positive) test case or needs more of these. The sentence template should also avoid being non-atomic already. Note that there are cases where also non-atomic requirements are the better ones, for example if those are better understandable.

No

Split in more atomic requirements

Issue for Findings

REQ_02_04

Is the requirement description feasible ?

Expectation is that at the time of the inspection the requirement has already some implementation. This can be checked via traces, but also gd_req__req_attr_impl shows this. In case the requirement is not mature enough at the time of inspection (i.e. not implemented at least as “proof-of-concept”), a development expert should be invited to the Pull-Request review to explicitly check this item.

No

Implementation exists, but currently not traceability is established

Issue for Findings

REQ_02_05

Is the requirement description independent from implementation ?

This checkpoint should improve requirements definition in the sense that the “what” is described and not the “how” - the latter should be described in architecture/design derived from the requirement. But there can also be a good reason for this, for example we would require using a file format like JSON and even specify the formatting standard already on stakeholder requirement level because we want to be compatible. A finding in this checkpoint does not mean there is a safety problem in the requirement.

No

May create Assumptions of Use in addition

Issue for Findings

REQ_03_01

For stakeholder requirements: Is the rationale correct?

Rationales explain why the top level requirements were invented. Do those cover the requirement?

Yes

not applicable, feature requirements only

REQ_03_02

For other requirements: Is the linkage to the parent requirement correct?

Linkage to correct levels and ASIL attributes is checked automatically, but it needs checking if the child requirement implements (at least) a part of the parent requirement.

No

stkh_req__execution_model__processes is QM, but feature depends on that, so it looks furhter AoU are needed

Issue for Findings

REQ_04_01

Is the requirement internally and externally consistent?

Does the requirement contradict other requirements within the same or higher levels? One may restrict the search to the feature for component requirements, for features to other features using same components.

Yes

REQ_05_01

Do the software requirements consider timing constraints of the parent requirement?

This bullet point encourages to think about timing constraints even if those are not explicitly mentioned in the parent requirement. If the reviewer of a requirement already knows or suspects that the implementation will be time consuming, one should think of the expectation of a “user”.

Yes

REQ_06_01

Does the Requirement consider external interfaces?

The SW platform’s external interfaces (to the user) are defined in the Feature Architecture, so the Feature and Component Requirements should determine the data consumed and set on these interfaces. Are output values completely defined?

No

Feature request has some assumptions not phrased as requirements or Aou yet

Issue for Findings

REQ_07_01

Is the ASIL Attribute set correctly?

Derived requirements are checked automatically, see gd_req__req_linkage_safety. But for the top level requirements this needs to be checked for correctness. Also AoU from external components need check for correct ASIL as those are the “origin” of safety requirements towards the SW platform.

Yes

REQ_07_02

Is the attribute security set correctly?

Stakeholder requirements security attribute should be set based on Threat Analysis and Risk Assessment (TARA) (process is TBD). Checklist item is supported by automated check: “Every requirement which satisfies a requirement with security attribute set to YES inherits this”. Expectation is that the feature/component requirements/architecture may also be subject to a Software Security Criticality Analysis (process is TBD).

No

E.g. Trustable computation should include security considerations

Issue for Findings

REQ_08_01

Is the requirement verifiable?

Expectation is that at the time of the inspection already tests are created for the requirement. This can be checked via traces, but also gd_req__req_attr_test_covered shows this. In case the requirement is not mature enough at the time of inspection (i.e. missing test cases), a test expert should be invited to the Pull-Request review to explicitly check this item.

No

Follow the requirements template to make it verifiable.

Issue for Findings

REQ_09_01

For stakeholder requirements: Do those cover assumed safety mechanisms needed by the hardware and system?

Note that the feature/component requirements also cover safety mechanisms in case those are needed to mitigate failures found during gd_chklst__safety_analysis

Yes

Not applicable, feature requirements only

REQ_09_02

For other requirements: Do the requirements defining a safety mechanism contain the error reaction leading to a safe state?

Alternatively to the safe state there could also be “repair” mechanisms. Also do not forget to consider REQ_05_01 for these.

Yes

May consider reformulating of Error Handling to Safety Mechanism, including Safe State definition

Review ID	Acceptance Criteria	Guidance	Passed	Remarks	Issue link
REQ_01_01	Is the requirement sentence template used?	see gd_temp__req_formulation, this includes the use of “shall”.	No	Reformulate requirements according template, may split as not atomic	Issue for Findings
REQ_02_01	Is the requirement description comprehensible ?	If you think the requirement is hard to understand, comment here.	No	May add diagrams to support natural language, split in more atomic requirements	Issue for Findings
REQ_02_02	Is the requirement description unambiguous ?	Especially search for “weak words” like “about”, “etc.”, “relevant” and others (see the internet documentation on this). This check shall be supported by tooling.	Yes
REQ_02_03	Is the requirement description atomic ?	A good way to think about this is to consider if the requirement may be tested by one (positive) test case or needs more of these. The sentence template should also avoid being non-atomic already. Note that there are cases where also non-atomic requirements are the better ones, for example if those are better understandable.	No	Split in more atomic requirements	Issue for Findings
REQ_02_04	Is the requirement description feasible ?	Expectation is that at the time of the inspection the requirement has already some implementation. This can be checked via traces, but also gd_req__req_attr_impl shows this. In case the requirement is not mature enough at the time of inspection (i.e. not implemented at least as “proof-of-concept”), a development expert should be invited to the Pull-Request review to explicitly check this item.	No	Implementation exists, but currently not traceability is established	Issue for Findings
REQ_02_05	Is the requirement description independent from implementation ?	This checkpoint should improve requirements definition in the sense that the “what” is described and not the “how” - the latter should be described in architecture/design derived from the requirement. But there can also be a good reason for this, for example we would require using a file format like JSON and even specify the formatting standard already on stakeholder requirement level because we want to be compatible. A finding in this checkpoint does not mean there is a safety problem in the requirement.	No	May create Assumptions of Use in addition	Issue for Findings
REQ_03_01	For stakeholder requirements: Is the rationale correct?	Rationales explain why the top level requirements were invented. Do those cover the requirement?	Yes	not applicable, feature requirements only
REQ_03_02	For other requirements: Is the linkage to the parent requirement correct?	Linkage to correct levels and ASIL attributes is checked automatically, but it needs checking if the child requirement implements (at least) a part of the parent requirement.	No	stkh_req__execution_model__processes is QM, but feature depends on that, so it looks furhter AoU are needed	Issue for Findings
REQ_04_01	Is the requirement internally and externally consistent?	Does the requirement contradict other requirements within the same or higher levels? One may restrict the search to the feature for component requirements, for features to other features using same components.	Yes
REQ_05_01	Do the software requirements consider timing constraints of the parent requirement?	This bullet point encourages to think about timing constraints even if those are not explicitly mentioned in the parent requirement. If the reviewer of a requirement already knows or suspects that the implementation will be time consuming, one should think of the expectation of a “user”.	Yes
REQ_06_01	Does the Requirement consider external interfaces?	The SW platform’s external interfaces (to the user) are defined in the Feature Architecture, so the Feature and Component Requirements should determine the data consumed and set on these interfaces. Are output values completely defined?	No	Feature request has some assumptions not phrased as requirements or Aou yet	Issue for Findings
REQ_07_01	Is the ASIL Attribute set correctly?	Derived requirements are checked automatically, see gd_req__req_linkage_safety. But for the top level requirements this needs to be checked for correctness. Also AoU from external components need check for correct ASIL as those are the “origin” of safety requirements towards the SW platform.	Yes
REQ_07_02	Is the attribute security set correctly?	Stakeholder requirements security attribute should be set based on Threat Analysis and Risk Assessment (TARA) (process is TBD). Checklist item is supported by automated check: “Every requirement which satisfies a requirement with security attribute set to YES inherits this”. Expectation is that the feature/component requirements/architecture may also be subject to a Software Security Criticality Analysis (process is TBD).	No	E.g. Trustable computation should include security considerations	Issue for Findings
REQ_08_01	Is the requirement verifiable?	Expectation is that at the time of the inspection already tests are created for the requirement. This can be checked via traces, but also gd_req__req_attr_test_covered shows this. In case the requirement is not mature enough at the time of inspection (i.e. missing test cases), a test expert should be invited to the Pull-Request review to explicitly check this item.	No	Follow the requirements template to make it verifiable.	Issue for Findings
REQ_09_01	For stakeholder requirements: Do those cover assumed safety mechanisms needed by the hardware and system?	Note that the feature/component requirements also cover safety mechanisms in case those are needed to mitigate failures found during gd_chklst__safety_analysis	Yes	Not applicable, feature requirements only
REQ_09_02	For other requirements: Do the requirements defining a safety mechanism contain the error reaction leading to a safe state?	Alternatively to the safe state there could also be “repair” mechanisms. Also do not forget to consider REQ_05_01 for these.	Yes	May consider reformulating of Error Handling to Safety Mechanism, including Safe State definition

FEO Feature Requirement Inspection Checklist#

This Page