UNIT-IIChapter : Software Quality Assurance(SQA)

Quality Defined as a characteristic or attribute of something

IEEE Glossary: Degree to which a system, component, or process meets (1) specified requirements, and (2) customer or user needs or expectations

ISO: the totality of features and characteristics of a product or service that bear on its ability to satisfy specified or implied needs

Refers to measurable characteristics that we can compare to known standards

3

Quality (continued)

Two kinds of quality are sought out Quality of design

The characteristic that designers specify for an item

This encompasses requirements, specifications, and the design of the system

Quality of conformance (i.e., implementation) The degree to which the design specifications

are followed during manufacturing This focuses on how well the implementation

follows the design and how well the resulting system meets its requirements

Quality Control It involves a series of inspections, reviews, and tests

used throughout the software process Ensures that each work product meets the

requirements placed on it Includes a feedback loop to the process that created

the work product

Combines measurement and feedback in order to adjust the process when product specifications are not met

Quality control activities may be fully automated, entirely manual or a combination of both.

Quality Assurance It is the process of defining how software quality can

be achieved and how the development organization knows that the software has the required level of quality.

It is any action taken to prevent quality problems from occurring.

It consists of the auditing and reporting functions of management.

It provides management personnel with data that provides insight into the quality of the products.

It alerts management personnel to quality problems so that they can apply the necessary resources to resolve quality issues.

Software Quality Assurance (SQA) According to IEEE standard, SQA can be defined as:

The planned and systematic pattern of all actions necessary to provide adequate confidence that end product conforms to established technical requirements.

A set of activities designed to evaluate the process used for developing and manufacturing products

Aim of SQA process is to develop a high quality software product.

Purpose of SQA group is to provide assurance that the procedures, tools, and techniques used during product development and modification are adequate to provide the desired level of confidence in the work product.

Process of SQA

1. Defines the requirements for software controlled system fault/failure detection, isolation and recovery.

2. Reviews the software development processes and products for software error prevention.

3. Defines the process for measuring and analyzing defects as well as reliability and maintainability factors.

SQA group activities

SQA group made up of software engineers, project managers, customers, salespeople, and the individuals members.

Software quality assurance is composed of two different constituencies. Software engineers who do technical work SQA group that has responsibility for quality assurance

planning, oversight, record keeping, analysis and reporting.

Software engineers address quality activities by applying technical methods and measures, conducting formal technical reviews and performing well-planned software testing.

SQA group is to assist the software team in achieving a high quality end product.

Role of an SQA group1. Prepares an SQA plan for a project. The plan is developed during project planning

and is reviewed by all stakeholders. The plan identifies

Evaluations to be performed Audits and reviews to be performed Standards that are applicable to the project Procedures for error reporting and tracking Documents to be produced by the SQA group Amount of feedback provided to the software project

team

2. Participates in the development of the project’s software process description.

The SQA group reviews the process description for compliance with organizational policy, internal software standards, externally imposed standards (e.g., ISO-9001), and other parts of the software project plan.

3. Reviews software engineering activities to verify compliance with the defined software process.

The SQA group identifies, documents, and tracks deviations from the process and verifies that corrections have been made.

4. Audits designated software work products to verify compliance with those defined as part of the software process.

The SQA group reviews selected work products; identifies, documents, and tracks deviations; verifies that corrections have been made; and periodically reports the results of its work to the project manager.

Role of an SQA group

5. Ensures that deviations in software work and work products are documented and handled according to a documented procedure.

Deviations may be encountered in the project plan, process description, applicable standards, or technical work products.

6. Records any noncompliance and reports to senior management.

Noncompliance items are tracked until they are resolved.

Role of an SQA group

SQA plan

Provides a road map for instituting software quality assurance in an organization

Developed by the SQA group to serve as a template for SQA activities that are instituted for each software project in an organization

Preparation of SQA plan for each software project is a primary responsibility of the SQA group.

Template for SQA plan1. Purpose of SQA plan2. List of reference documents3. Management tasks, responsibilities etc4. Documentation of all required documents5. Standards, practices, metrics etc., applied and used during

development.6. Details of reviews, audits etc., to be used7. Details of tests unique to SQA8. Details of procedures for reporting problems and means to resolve

the problems9. Identification of tools, techniques and methodologies and their use

in SQA10. Description of techniques for code control11. Description of methods for media control12. Provisions for supplier control in case of outsourcing13. Documentation of all project records14. Training details15. Procedures for risk management

Verification and Validation

Verification - represents the set of activities that are carried out to conform that the software correctly implements the specific functionality. Validation – represents set of activities that ensure that the software that has been built is satisfying the customer requirements.

Their purpose is to confirm system specification and to meet the requirements of system customers.

The difference between them is expressed by Boehm:

Validation – Are we building the right product?

Verification – Are we building the product right?

ISO 9000 Model ISO (International Organization for Standardization) is a

worldwide federation of national standard bodies.

The ISO 9000 standards are a collection of formal International Standards, Technical Specifications, Technical Reports, Handbooks and web based documents on Quality Management.

There are approximately 25 documents in the collection altogether, with new or revised documents being developed on an ongoing basis.

ISO 9000 International set of standards for quality management It helps organization to ensure that their products and

services satisfy customer expectations by meeting their specifications.

These systems cover a wide variety of activities encompassing a product’s entire lifecycle including planning, controlling, measuring, testing and reporting and improving quality levels throughout the development and manufacturing process.

Applicable to a range of organizations from manufacturing to service industries

ISO 9001 applicable to organizations which design, develop and maintain products

Benefits of ISO 9000 Certification1. Continuous Improvement : Each procedure and work

instruction must be documented and thus becomes the springboard for continuous improvement.

2. Improved Customer Satisfaction : Customer satisfaction grows as a company transforms from a reactive to proactive, preventive organization.

3. Boost Employee Morale : Morale increased as employees are asked to take control of their processes and document their work processes.

4. Increased Employee Participation : It helps in reducing problems.

5. Eliminate Variation : Documented processes help eliminate variation, thus improving efficiency and reducing cost of quality.

Benefits of ISO 900 Certification6. Higher Real and Perceived Quality : Development of solid

corrective and preventive measures, permanent, company – wide solutions to quality problems results in higher quality.

7. Better Product and Services : result from continuous improvement processes.

8. Greater Quality Assurance : Maintaining quality is everyone’s responsibility.

9. Improved Profit Levels : it result as productivity improves and rework costs are reduced.

10.Improved Communication : improves quality, efficiency, on – time delivery and customer/supplier relations.

11.Reduced Cost 12.Competitive Edge : higher customer services add a

competitive edge

The Software Engineering Institute (SEI) has developed process meta-model to measure organization different level of process capability and maturity.

CMMI – developed by SEI

The CMMI defines each process area in terms of “specific goals” and the “specific practices” required to achieve these goals.

Specific goals establish the characteristics that must exist if the activities implied by a process area are to be effective.

Specific practices refine a goal into a set of process-related activities.

Capability Maturity Model Integration (CMMI)

CMM Staged Representation - 5 Maturity Levels

Level 5

Initial

Level 1

Processes are unpredictable, poorly controlled, reactive.

Repeatable

Level 2

Processes are planned, documented, performed, monitored, and controlled at the project level. Often reactive.

Defined

Level 3 Processes are well characterized and understood. Processes, standards, procedures, tools, etc. are defined at the organizational (Organization X ) level. Proactive.

Managed

Level 4

Processes are controlled using statistical and other quantitative techniques.

Optimizing

Proce

ss M

atur

ity

Process performance continually improved through incremental and innovative technological improvements.

Behaviors at the Five Levels

Initial

Repeatable

Defined

Managed

Optimizing

Process is unpredictable,poorly controlled, and reactive

Process is characterized for projects and is oftenreactive

Process is characterizedfor the organization andis proactive

Process is measuredand controlled

Focus is on continuousquantitative improvement

Maturity Level Process Characteristics Behaviors

Focus on "fire prevention";improvement anticipated anddesired, and impacts assessed.

Greater sense of teamwork and inter-dependencies

Reliance on defined process. People understand, support and follow the process.

Over reliance on experience of goodpeople – when they go, the processgoes. “Heroics.”

Focus on "fire fighting";effectiveness low – frustration high.

ISO 9000 Certification v/s SEI - CMMSr.No. ISO 9000 SEI CMM

1 Focus is customer supplier relationship, attempting to reduce customer’s risk in choosing a supplier

Focus on the software supplier to improve its interval processes to achieve a higher quality product for the benefit of the customer

2 Created for hard goods manufacturing industries

Created for software industry

3 Defines a minimum level of generic attributes for quality management program

5-level framework for measuring software engineering practices

4 Follow set of standards to make success repeatable

Emphasizes a process of continuous improvement

ISO 9000 Certification v/s SEI - CMMSr.No. ISO 9000 SEI CMM

5 Less depth than CMM More depth than ISO

6 Aims at Level 3 of CMM Model Aims for achieving Total Quality Management (TQM)

7 Requires procedures for handling, storage, packaging and delivery be established and maintained

Replication, delivery and installation are not covered in CMM