Unit 3, Part 2 - Software Quality Assurance
Unit 3, Part 2 - Software Quality Assurance
SQA Activities
SQA is ensured through a Quality Management System (QMS), QMS is made of
several components; it is a system integrated in the bigger system of software
development, which comprises project, process and product management systems.
The first and foremost requirement in SQA is that it is a separate group responsible
for quality in the organization. They set the goals, standards and mechanisms
(systems) for SQA. The role of the SQA group is to assist the software
development team in managing the quality requirements of the software. Every
software has certain quality goals specified by the customer. These quality goals
are to be achieved by the development team by introducing a set of activities or
ensuring the delivery of quality to the customer.
The responsibility of delivering the required quality to the customer rests with the
development team. The development team has an obligation to implement quality
policy in terms of goals, objectives, procedures, checks and controls,
documentation and feedback to management. For example, the quality policy
stipulates preparation of a test plan for stages for development as well as at the end
of the development process. SQA has a variety of tools to implement the policy.
They are
• Auditing
• Inspection
Software Defects
The causes for not meeting the quality commonly are
SQA is also concerned with two other aspects namely, software reliability and
software safety. Software reliability is defined as the probability of failure free
operation of a computer program in a specified environment for a specified time.
The nature of failure may be such that one error may require only a few repair, and
other may need hours. SQA collects data on these failures and examines why these
failures could not be prevented through earlier SQA activities.
Where MTTF is Mean Time to Failure and MTTR is Mean Time to Repair.
In short, SQA efforts assure software quality, reliability, availability and safety.
The SQA Plan helps to lay down the steps towards the quality goals of the
organization. A standard for SQA plan gives details and templates on all activities,
which have become part of the standard and which ensure quality standards
implementation.
• Project plan
• Models of data, classes and objects, processes, design, architecture
• Software Requirement Specifications (SRS)
• Test plans for testing SRS
• Users help documentation, manuals, online help, etc.
• Reviews and audits
The SQA process is made up of several activities. Some are organization specific,
some are software specific and some are customer specific. It helps effective
application of methods, tools, test plans and standards towards the goal of software
quality. It also include measures, measurement and metric for building a quality in
the organization.
Software Testing
Software testing is a popular risk management strategy .It is used to verify that
functional requirements were met. Responsibility for Inspections is stated in the
stated in the software quality assurance plan. For small projects, the project leader
or the department’s quality coordinator can perform the Inspections. For large
projects, a member of the software quality assurance group may lead an Inspection
performed by an audit team. Which is similar to the configuration control board
mentioned previously. Following the inspection, project personnel are assigned to
correct the problems on a specific schedule.
Testing Techniques for SQA
To test a code once it has been declared as complete is critical to achieving the
quality assured to the customer. This testing is expected to discover and, more
importantly, to correct errors before the software is demonstrated and delivered.
The goal is therefore to discover and correct so that the customer does not
encounter any error later. This is achieved through Test cases designed specifically
to detect errors in the code. The test cases are designed and written using testing
techniques. Reviews and SQA activities alone are not sufficient to detect errors. In
order to find the highest number of errors, test cases must also be designed and
systematically executed. Test cases are designed to test internal logic (white box
tests) and software requirements (back box tests). The test cases are executed and
if errors are detected they are corrected and proper documentation is prepared.
Testing Objectives and Principles
The testing objective is to test the code, whereby there is a high probability of
discovering all errors. This objective also demonstrates that the software functions
are working according to software requirement specifications (SRS) with regard to
functionality, features, facilities and performance. It should be another certification
is given by ISO, which also specifies the quality management infrastructure
required to achieve the best quality performance.
ISO 9000 Quality System
The ISO 9000 standards are a collection of formal International Standards,
technical reports, handbooks and web based documents on quality management
and quality assurance. ISO technical committee and web based documents on
quality management and quality assurance. ISO technical committee and its sub
committees are responsible for the development of the standards. The work is
conducted on the basis of “consensus” among quality and industry experts
nominated by the national standards bodies, representing a wide range of interested
parties.
The ISO 9000 series of standards are generic rather than industry specific. It can be
applied to any organization, large or small, whether its product, and whether it is a
business enterprise, a public administration, or a government department.
ISO 9000 is a family of standards for quality management systems. ISO 9000 is
maintained by ISO, the International Organization for Standardization and is
administered by accreditation and certification bodies. The rules are updated, the
time and changes in the requirements for quality, motive change. Recently, on
November 15, 2008, has made changes to the requirements of ISO 9001.
Some of the requirements in 9001 9 which is one of the standards in the ISO 9000
family) include
Although the standards originated in manufacturing, they are now employed across
several types of organizations. A “product”, in ISO vocabulary, can mean a
physical object, services, or software.
ISO 9000 Standards
• ISO 9001: 2008 Quality management systems — Requirements is intended for
use in any organization regardless of size, type or product (including service). It
provides a number of requirements which an organization needs to fulfill to
achieve customer satisfaction through consistent products and services which meet
customer expectations. It includes a requirement for continual (i.e., planned)
improvement of the Quality Management System, for which ISO 9004:2004
provides many hints.
This is the only implementation for which third party auditors can grant
certification. It should be noted that certification is not described as any of the
‘needs’ of an organization as a driver for using ISO 9001 but does recognize that it
may be used for such a purpose.
There are many more standards in the ISO 9001 series, many of them not even
carrying “ISO 9000” numbers. For example, some standards in the 10,000 range
are considered part of the 9000 group: ISO 10007: 1995 discusses configuration
management, which for most organizations is just one element of a complete
management system. The emphasis on certification tends to overshadow the fact
that there is an entire family of ISO 9000 standards… Organizations stand to
obtain the greatest value when the standards in the new core series are used in an
integrated manner, both with each other and with the other standards making up
the ISO 9000 family as a whole.
Note that the previous members of the ISO 9000 series 9002 and 9003 have been
integrated into 9001. In most cases, an organization claiming to be “ISO 9000
registered” is referring to ISO 9001.
ISO 9001 Scope of Software Quality
The ISO 9001 standard has 20 clauses (4.1 to 4.20) that lay down guidelines for the
development of quality assurance systems. These guidelines define the essential
features of the software quality management system and suggest controls and
methods that allow the software to meet customer needs.
The steps that have to be taken to set up the ISO 9001 standard are :
2. Identifying procedures to develop the software and to test whether it can meet
customer needs in a defined time.
5. Maintenance.
The management shall define the quality policy and ensure all concerned
understand this policy. The policy document should be signed by the CEO and be
displayed at prominent places.
The quality system adopted to satisfy the requirements for this information
standard shall be reviewed periodically to ensure continuity, suitability, and
effectiveness. The company shall appoint a management representative with the
responsibility to ensure that ISO guidelines are implemented.
The company shall establish a OSP and maintain a documented quality system as a
means of ensuring that it confirms to the specified requirements of ISO.
• QA manual
• Management procedures
• Technical work instructions
The company shall establish a procedure for contract review and coordination of
activities:
• Contractual requirements are adequately defined and documented
• Procedure to resolve any deviation
• Ensure capability to meet contractual requirement
• Records of contract review are maintained
Establish and maintain procedures to control and verify the design to ensure that
specified requirements are met. The points to be covered are
• Design documents
• Planning documents
• Procedural documents
• Reference documents
• Document master list and its revision log
• The organization for documentation
• Work Instruction
• Monitoring and control of activities
• Approval of processes and hardware and software/ tools etc.
• Workmanship standards
Establish a procedure to ensure that resources are as per the required standards. It
should cover
• Ensure that test plans are evolved for all stages of development
Set a procedure to ensure that only tested and quality assured products are
dispatched, used or installed.
Set up a procedure to ensure that corrective action is taken to set right non-
conforming software.
Ensure that unauthorized persons do not tamper with the software during
development and after completion, and as a result, deliver software that has quality
problems. Strict controls on access and us of media are necessary to control the
quality of outgoing software.
A procedure should be set to identify and maintain quality records with a clear and
unique relation to the software for which it is maintained. There should be a set of
guidelines for retention of quality records for future reference in case a dispute
arises. The retention period is of mutual convenience and as per contract terms, if
any.
A procedure should be in place to audit whether the quality procedures have been
complied with. The audit will be scheduled and results reported and corrective
action taken as laid down.
The company will maintain a procedure to identify the training needs of people
responsible for quality assurance. The training records will justify the inclusion of
personnel in the testing team.
If software includes support and service needs of the customer, then a support
procedure should be in place that ensures that this service is effectively carried out.
However, a broad statistical study of 800 Spanish companies found that ISO 9000
registration in itself creates little improvement because companies interested in it
have usually already made some type of commitment to quality management and
were performing just as well before registration.
In today’s service sector driven economy, more and more companies are using ISO
9000 as a business tool. Through the use of properly stated quality objectives,
customer satisfaction surveys and a well-defined continual improvement program
companies are using IO 9000 processes to increase their efficiency and
profitability.
Problems of ISO 9001
A common criticism of ISO 9001 is the amount of money, time and paperwork
required for registration. According to Barnes, “Opponents claim that it is only for
documentation. Proponents believe that if a company has documented its quality
systems, then most of the paperwork has already been completed.”
(1) Product and service development --- CMMI for development (CMMI DEV),
(2) Service establishment, management, and delivery --- CMMI for Services
(CMMI SVC), and
(3) Product and service acquisition ---- CMMI for Acquisition (CMMI ACQ).
CMMI was developed by a group of experts from industry, government, and the
Software Engineering Institute (SEI) at carnage Mellon University. CMMI models
provide guidance for developing or improving processes that meet the business
goals of an organization. A CMMI model may also be used as a framework for
appraising the process maturity of the organization.
Maturity
Abbreviation Name Area
Level
REQM Requirements Management Engineering 2
Project
PMC Project Monitoring and Control 2
Management
Project
PP Project Monitoring and Control 2
Management
CM Configuration Management Support 2
MA Measurement and Analysis Support 2
Process and product Quality
PPQA Support 2
Assurance
Process
OPD Organizational Process Definition 3
Management
Process
OPF Organizational Process Focus 3
Management
Process
OT Organizational Training 3
Management
Project
IPM Integrated Project Management 3
Management
Project
RSKM Risk Management 3
Management
DAR Decision analysis and resolution Support 3
Organizational Process Process
OPP 4
Performance Management
Project
QPM Quantitative Project Management 4
Management
Organizational Innovation and Process
OID 5
Deployment Management
CAR Casual Analysis and Resolution Support 5
CMMI Representation
CMMI enables you to approach process improvement because it provides the latest
best practices for product and service development and maintenance. The CMMI
best practices enable organizations to do the following:
• Expand the scope of and visibility into the product lifecycle and engineering
activities to ensure that the producer or service meets customer expectations
Level 1 Initial
Level 2 – Managed
Level 3 – Defined
It is characteristic of processes at this level that there are sets of defined and
documented standard processes established and subject to some degree of
improvement over time. These standard processes are in place (i.e., they are the
AS-IS processes) and used to establish consistency of process performance across
the organization.
Level 5- Optimizing
Six Sigma
Six Sigma is one of the most popular quality methods lately. It is the rating that
signifies “best in class,” with only 3.4 defects per million units or operations
(DPMO). Its concept works and results in remarkable and tangible quality
improvements when implemented wisely. Today, Six Sigma processes are being
executed in a vast array of organization and in a wide variety of functions.
Fueled by its success at large companies such as Motorola, General electric, Sony,
and Allied Signal, the methodology is proving to be much than just a quality
initiative. Why are these large companies embracing Six Sigma? What makes this
methodology different from the others?
The goal of Six Sigma is not to achieve six sigma levels of quality, but to improve
profitability. Prior to Six Sigma, improvements brought about by quality programs,
such as Total Quality Management (TOM) and ISO 9000, usually had no visible
impact on a company’s net income. In general, the consequences of immeasurable
improvement and invisible impact caused these quality programs gradually to be.
• Six Sigma stands for six standard deviation from mean (sigma is thee Greek letter
used to represent standard deviation in statistics).
• Six Sigma methodologies provide the techniques and tools to improve the
capability and reduce the defects in any process.
• Six Sigma strives for perfection. It allows for only 3.4 defects per million
opportunities ( or 99.999666 percent accuracy)
• Six Sigma improves the process performance decrease variation and maintains
consistent quality of the process output. This leads to defect reduction and
improvements in profits, product quality and customer satisfaction.
• Six Sigma incorporates the basic principles and techniques used in business,
statistics and engineering.
• The objective of Six Sigma principle is to achieve zero defects products/ process.
It allows and engineering.
• The objective of Six Sigma principle is to achieve zero defects products/ process.
It allows 4.4 defects per million opportunities.
Sigma Levels
• 1 sigma = 690, 000 DPMO= 31% efficiency
• 2 sigma = 308,000 DPMO= 69.2% efficiency
• 3 sigma = 66,800 DPMO= 93.32% efficiency
• 4 sigma= 6,210 DPMO = 99.379 % efficiency
• 5 sigma = 230 DPMO = 99.977 % efficiency
• 6 sigma = 3.4 DPMO = 99.9997 % efficiency
Note:
I willingly confess the liberal use of Excerpts from: https://www.tutorialspoint.com/ in
compiling this material.