Chapter # 8 Quality Management Standards 435-INFS-3 Software Quality Assurance Chapter # 8 Quality Management Standards Software Quality Assurance from Theory to Implementation by Daniel Galin Prepared by: S.Hashmi
The scope of Quality Management standards Certification standards vary from assessment standards by content as well as by emphasis. The scope of certification standards is determined by the aims of certification, which are to: ■ Enable a software development organization to demonstrate consistent ability to assure that its software products or maintenance services comply with acceptable quality requirements. ■ Support the software development organization’s efforts to improve quality management system performance and enhance customer satisfaction through compliance with the standard’s requirements. The scope of assessment standards is also determined by the aims for assessment, which are to: ■ Serve software development and maintenance organizations as a tool for self- assessment of their ability to carry out software development projects.
Continue Serve as a tool for improvement of development and maintenance processes. Help purchasing organizations determine the capabilities of potential suppliers. Guide training of assessors by delineating qualifications and training program curricula. To sum up, while the certification standards emphasis is external – to support the supplier–customer relationships – the emphasis of the assessment standards is internal because it focuses on software process improvement.
ISO 9001 and ISO 9000-3 ISO 9000-3, the Guidelines offered by the International Organization for Standardization (ISO), represent implementation of the general methodology of quality management ISO 9000 Standards to the special case of software development and maintenance. Both ISO 9001 and ISO 9000-3 are reviewed and updated once every 5–8 years, with each treated separately. ISO 9000-3 quality management system: guiding principles Eight principles guide the new ISO 9000-3 standard; these were originally set down in the ISO 9000:2000 standard (ISO, 2000b), as follows: (1) Customer focus. Organizations depend on their customers and therefore should understand current and future customer needs. (2) Leadership. Leaders establish the organization’s vision. They should create and maintain an internal environment in which people can become fully involved in achieving the organization’s objectives via the designated route. (3) Involvement of people. People are the essence of an organization; their full involvement, at all levels of the organization, enables their abilities to be applied for the organization’s benefit.
continue (4) Process approach. A desired result is achieved more efficiently when activities and resources are managed as a process. (5) System approach to management. Identifying, understanding and managing processes, if viewed as a system, contribute to the organization’s effectiveness and efficiency. (6) Continual improvement. Ongoing improvement of overall performance should be high on the organization’s agenda. (7) Factual approach to decision making. Effective decisions are based on the analysis of information. (8) Mutually supportive supplier relationships. An organization and its suppliers are interdependent; a mutually supportive relationship enhances the ability of both to create added value. ISO 9000-3: requirements The current standard edition of ISO, 9000-3 (ISO 1997) includes 20 requirements that relate to the various aspects of software quality management systems. The new ISO 9000-3 (ISO/IEC, 2001) offers a new structure, with its 22 requirements classified into the following five groups:
Continue ■ Quality management system ■ Management responsibilities ■ Resource management ■ Product realization ■ Management, analysis and improvement The new structure is presented in Table 8.1. Table 8.1: ISO 9000-3 new edition – Requirements and their classification Requirement class Requirement subjects
Certification according to ISO 9000-3 The ISO 9000-3 certification process verifies that an organization’s software development and maintenance processes fully comply with the standard’s requirements. To acquire ISO 9000-3 certification, organizations must: ■ Plan the organization’s activities for gaining certification ■ Develop the organization’s SQA system, including procedures ■ Obtain approval of procedures by the certifying organization ■ Implement the organization’s SQA system ■ Undergo certification audits of actual performance of the SQA system. Development of the organization’s SQA system Before proceeding, the organization’s SQA management system should be developed to a level adequate to meet ISO 9000-3 requirements ■ Development of a quality manual and a comprehensive set of SQA procedures. ■ Development of other SQA infrastructure: Staff training and instruction programs, including staff certification programs– Preventive and corrective actions procedures, including the CAB committee.
Continue Documentation and quality record controls ■ Development of a project progress control system. Implementation of the organization’s SQA system Once the components of the SQA management system conform to certification demands, efforts are shifted towards implementing the system. These include setting up a staff instruction program and support services appropriate to task of solving problems that may arise when implementing SQA tools. Undergoing the certification audits The certification audits are carried out in two stages: (1) Review of the quality manual and SQA procedures developed by the organization. The review ascertains completeness and accuracy. (2) Verification audits of compliance with the requirements defined by the organization in its quality manual and SQA procedures. .
Capability Maturity Models – CMM and CMMI assessment methodology The principles of CMM ■ Application of more highly elaborated software quality management methods increases the organization’s capability to control quality and improve software process productivity ■ Application of the five levels of the CMM enables the organization to evaluate its achievements and determine what additional efforts are needed to reach the next capability level ■ Process areas are generic, with the model defining “what” and leaving the “how” to the implementing organizations, i.e., the choice of life cycle model, design methodology, software development tool, programming language and documentation standard. The evolution of CMM
Continue
Capability Maturity Model Integration (CMMI) In the late 1990s a new developmental direction was taken – development of integrated CMM models. Development of specialized CMM models involved development of different sets of key processes for model variants for different departments that exhibited joint processes. In practice, this created a situation where departments that applied different CMM variants in the same organization faced difficulties in cooperation and coordination. The CMMI structure and processes areas The CMMI model, like the original CMM models, is composed of five levels. The CMMI capability levels are the same as those of the original, apart from a minor change related to capability level 4, namely: ■ Capability maturity level 1: Initial ■ Capability maturity level 2: Managed ■ Capability maturity level 3: Defined ■ Capability maturity level 4: Quantitatively managed ■ Capability maturity level 5: Optimizing.
THANK YOU