Software Quality Assurance Proces

By Valerie Fisher,2014-05-17 15:51
15 views 0
Software Quality Assurance Proces

Software Quality Assurance Process Page 1 of 5

    Software Quality Assurance Process

    Effective Date:

    Authorizing Manager:

    The Software Quality Assurance (SQA) Process provides independent verification PURPOSE

    that software development activities are being performed in an approved manner.

    The phrase "software development activities" refers to activities of the entire

    organization and includes the activities of development, product information,

    continuation engineering, and the various support functions. It includes

    management activities as well as nonmanagement activities.

    "In an approved manner" means that the activities and resulting products are in

    compliance or accord with applicable policies, processes, procedures, plans, and


    Although all software projects and most software development activities are SCOPE

    potentially subject to SQA review, not all software development activities require a

    formal SQA process, and applying SQA to some activities will result in greater

    benefits than applying it to others. In order to derive maximum benefit, the SEPG

    and the Steering Committee need to monitor and review the SQA process so that

    the available SQA resources are always being directed toward those areas that

    management deems most important for ensuring quality.

    The Steering Committee and SEPG will formulate and agree to an annual SQA

    Plan that identifies line management's SQA priorities and resource commitments

    to accomplish the plan, and will jointly review the SQA status, results, and plans


    The objectives of the SQA process are OBJECTIVES

    ? To independently verify that software development activities, such as code and

    document inspections, are being performed in an approved manner

    ? To ensure that process and product deficiencies are brought to management's

    attention and resolved satisfactorily

    ? To maximize the benefit of SQA activities by reviewing results and adjusting

    SQA plans on a regular basis

    ? To minimize SQA resources while maximizing assurance by establishing a

    clearly defined set of SQA activities

    ? To minimize SQA resources while maximizing assurance by documenting

    assurance procedures, allowing line management to more easily assure their

    own activities

    CMM Implementation Guide:

    Choreographing Software Process Improvement

    CD-ROM file ? 1993 Unisys Corporation

    Software Quality Assurance Process Page 2 of 5

The customer of the SQA process is any manager or group responsible for CUSTOMER

    complying with various policies, processes, procedures, plans and standards. NEEDS AND

    EXPECTATIONS SQA auditors are the primary user of the process. The customer of the SQA process expects an independent, objective evaluation

    against clearly defined evaluation criteria. (Personnel will conduct SQA

    evaluations only outside their own departments.) The customer needs an SQA process that is non-threatening -- that is, a process

    involving clearly understood criteria and requiring little or no preparation time by

    the group(s) being audited.

    A list of a project's applicable policies, processes, procedures, plans, and

    standards must be available. It is recommended that projects prepare this list

    during the project planning process and include it the project's Quality Plan.

    Projects need to maintain adequate quality records in the areas which SQA


    To help meet these expectations, the organization's annual SQA plan will identify

    as accurately as possible the following.

    ? What areas are subject to SQA audit

    ? When, or in which development stage, SQA will conduct an evaluation or


    ? What general procedures and/or criteria SQA will use to evaluate compliance

    ? What additional personnel resources, if any, the SQA group will require in

    order to carry out the annual plan

    SQA will develop and distribute copies of the detailed evaluation procedures and

    criteria based upon the requirements identified in the annual SQA plan. The

    SEPG may need to train those assisting in conducting audits. If necessary,

    include such training in the annual SQA Plan. The SEPG and the Steering Committee will evaluate how well the process is

    working using feedback obtained from users in the process of preparing the annual

    SQA plan and from periodic reviews of SQA activities.

The process involves two types of input: input to the annual SQA plan and input to INPUT

    the auditing process.

    Input to the Annual SQA Plan

    The SQA group will create an annual SQA plan and review and revise it

    periodically based upon input from various sources, including ? Line management's SQA priorities conveyed via the Steering Committee

    ? Feedback based upon the results of previous SQA activities ? ISO 9000 requirements and Software Engineering Institute (SEI) CMM


    Software Quality Assurance Process Page 3 of 5

Input to the SQA Audit Process

    The input to the audit process will vary depending upon which process, project, or

    product deliverable is being audited. In general, an SQA auditor must have

    access to the following material in order to conduct an audit. ? A definition of the scope of the audit (usually specified in the annual SQA plan)

    ? A list and copies of all applicable policies, processes, procedures, plans and

    standards (usually specified in the project's Quality Plan) ? The auditing procedures and/or criteria developed by the SQA group to

    evaluate compliance

    ? The quality records or other forms of supporting material that indicate

    compliance or noncompliance

    The SQA process includes the following types of activities. ACTIVITIES

    ? Providing independent confirmation that applicable policies, processes,

    procedures, plans, and standards are being followed ? Identifying deviations from the applicable policies, processes, procedures,

    plans, and standards and notifying the group that has been audited so that it

    may initiate corrective actions

    ? Working with the groups that have been audited to ensure that process and

    product deficiencies are tracked and resolved satisfactorily ? Escalating problems to higher levels of management if corrective actions are

    not completed as agreed upon

    The SQA audit is the primary mechanism used by the SQA group to perform the

    activities listed above. An SQA audit might not always involve interaction with

    project personnel, and to the extent it is practical, SQA will conduct audits without

    interaction with project personnel. For example, an audit might consist of only

    evaluating process data from a database or reading a project's local process or

    project documents.

    In conducting an SQA audit of any type, the SQA auditor will ? Determine the scope of the audit

    ? Acquire and study the applicable policies, processes, procedures, plans, and


    ? Inspect the deliverables of a process and/or review other documents that

    indicate compliance or noncompliance, and record the results of the audit

    ? Re-audit at a later date to determine the status of corrective actions, if an audit

    indicates that corrective actions are needed Audit Reports OUTPUT

    In cases where SQA audits specific projects, SQA will provide an audit report to

    the project manager, section manager, or team leader. The report will identify the

    processes audited and itemize each area of noncompliance. SQA will assign a

    unique identifier to each noncompliance item it finds so that it can track the item

    Software Quality Assurance Process Page 4 of 5

to closure. SQA will present the findings to the project manager, section

    manager, or team leader within one week of an audit. The manager will have 30

    days to respond to a noncompliance item, and 45 days to resolve the

    noncompliance, before SQA escalates the item to the Steering Committee. Monthly Status Reports

    The SQA group will produce a monthly SQA status report and distribute it to all project managers, section managers, team leaders, and department managers.

    The monthly report will include a list of all outstanding noncompliance items. Steering Committee Reviews of SQA Activities

    The SQA group will present status and results to the Steering Committee

    quarterly. The Steering Committee will assign each past-due, unresolved noncompliance item to a Steering Committee member for action, and will review

    the resolution of each item at the subsequent quarterly SQA review meeting. The Steering Committee member will escalate a noncompliance item to the director if

    it cannot be resolved by the agreed date.

    To assist in assurance tracking, the SQA auditor will record the following for each METRICS

    noncompliance item:

    ? A description of the item, its cause, and the correction needed ? The auditor and the date the item was found

    ? The manager responsible for correcting the item

    ? The date by which the item is to be corrected

    ? The date the item is actually corrected

    ? The manager responsible for approving closure

    ? The date and name of auditor verifying closure

The data tracked and reported includes:

    1) Number of noncompliance items found during each audit 2) Percentage of noncompliance items closed by the agreed date. Interdependent processes include: INTER-

    DEPENDENCIES: ? Project Planning Process

    ? Project Tracking Process

    Software Quality Assurance Process Page 5 of 5

    Process Flow

    Steering Committee Oversight ActivitiesAudit Planning and Execution Activities

    Obtain direction and priorities from SteeringReview and approve annual SQA planCommittee and prepare annual SQA plan

    Plan approved?NO

    Document and distributenew/revised planYES

    Develop detailed audit procedures and criteria,provide training

    Conduct audits

    Is it time forNOReport audit results atquarterly review? end-of-audit,end-of-month,end-of-phaseYES

    Review SQA plans, non-compliance items;assign action items for non-compliance items

    YESNeed to escalateEscalate to directorto director?


    YESNONeed to reviseSQA plan?

Report this document

For any questions or suggestions please email