You are here

CRAD, Criteria and Guidelines For the Assessment of Safety System Software and Firmware at Defense Nuclear Facilities

Performance Objective:

The purpose and scope of this CRAD is to provide a set of consistent assessment criteria and guidelines for the assessment of safety system software and firmware that performs an SC or SS function, as described in the Background section. The scope of the assessment, henceforth, is called "I&C software."


  • Existing software attributes such as complexity and importance to safety should be considered when determining the rigor and adequacy of the software QA. Additional guidance is provided in the tailoring sections of this CRAD.
  • The team should review the results previous assessments, such as the reviews performed in response to DNFSB Recommendation 2000-2 IP and other SQA reviews, to gather data as appropriate. This review will enable the team to understand previous assessments, I&C software qualification processes, associated requirements and performance criteria, and assumptions concerning system operations.
  • The physical boundaries of the software within the safety system or subsystem level or portions thereof under review should be agreed upon by DOE, the contractor line management and the team prior to the start of the assessment, and should be documented in the assessment report.
  • Where applicable, I&C software should be categorized in the same manner as other system components using DOE-STD 3009-94, and the appropriate level of rigor should be applied to its design and use.
  • Care should be taken to balance the effort invested during the assessment in verifying the SQA processes and their supporting documentation against the demonstrated effect on improving the software quality and safety and on eliminating the costly errors that result from misunderstood requirements.