UNIT-II Chapter : Software Quality Assurance(SQA)
Quality Defined as a characteristic or attribute of something IEEE Glossary: Degree to which a system, component, or process meets (1) specified requirements, and (2) customer or user needs or expectations ISO: the totality of features and characteristics of a product or service that bear on its ability to satisfy specified or implied needs Refers to measurable characteristics that we can compare to known standards
Quality (continued) Two kinds of quality are sought out Quality of design The characteristic that designers specify for an item This encompasses requirements, specifications, and the design of the system Quality of conformance (i.e., implementation) The degree to which the design specifications are followed during manufacturing This focuses on how well the implementation follows the design and how well the resulting system meets its requirements 3
Quality Control It involves a series of inspections, reviews, and tests used throughout the software process Ensures that each work product meets the requirements placed on it Includes a feedback loop to the process that created the work product Combines measurement and feedback in order to adjust the process when product specifications are not met Quality control activities may be fully automated, entirely manual or a combination of both.
Quality Assurance It is the process of defining how software quality can be achieved and how the development organization knows that the software has the required level of quality. It is any action taken to prevent quality problems from occurring. It consists of the auditing and reporting functions of management. It provides management personnel with data that provides insight into the quality of the products. It alerts management personnel to quality problems so that they can apply the necessary resources to resolve quality issues.
Software Quality Assurance (SQA) According to IEEE standard, SQA can be defined as: The planned and systematic pattern of all actions necessary to provide adequate confidence that end product conforms to established technical requirements. A set of activities designed to evaluate the process used for developing and manufacturing products Aim of SQA process is to develop a high quality software product. Purpose of SQA group is to provide assurance that the procedures, tools, and techniques used during product development and modification are adequate to provide the desired level of confidence in the work product.
Process of SQA Defines the requirements for software controlled system fault/failure detection, isolation and recovery. Reviews the software development processes and products for software error prevention. Defines the process for measuring and analyzing defects as well as reliability and maintainability factors.
SQA group activities SQA group made up of software engineers, project managers, customers, salespeople, and the individuals members. Software quality assurance is composed of two different constituencies. Software engineers who do technical work SQA group that has responsibility for quality assurance planning, oversight, record keeping, analysis and reporting. Software engineers address quality activities by applying technical methods and measures, conducting formal technical reviews and performing well-planned software testing. SQA group is to assist the software team in achieving a high quality end product.
Role of an SQA group 1. Prepares an SQA plan for a project. The plan is developed during project planning and is reviewed by all stakeholders. The plan identifies Evaluations to be performed Audits and reviews to be performed Standards that are applicable to the project Procedures for error reporting and tracking Documents to be produced by the SQA group Amount of feedback provided to the software project team
Role of an SQA group 2. Participates in the development of the project’s software process description. The SQA group reviews the process description for compliance with organizational policy, internal software standards, externally imposed standards (e.g., ISO-9001), and other parts of the software project plan. 3. Reviews software engineering activities to verify compliance with the defined software process. The SQA group identifies, documents, and tracks deviations from the process and verifies that corrections have been made. 4. Audits designated software work products to verify compliance with those defined as part of the software process. The SQA group reviews selected work products; identifies, documents, and tracks deviations; verifies that corrections have been made; and periodically reports the results of its work to the project manager.
Role of an SQA group 5. Ensures that deviations in software work and work products are documented and handled according to a documented procedure. Deviations may be encountered in the project plan, process description, applicable standards, or technical work products. 6. Records any noncompliance and reports to senior management. Noncompliance items are tracked until they are resolved.
SQA plan Provides a road map for instituting software quality assurance in an organization Developed by the SQA group to serve as a template for SQA activities that are instituted for each software project in an organization Preparation of SQA plan for each software project is a primary responsibility of the SQA group.
Template for SQA plan Purpose of SQA plan List of reference documents Management tasks, responsibilities etc Documentation of all required documents Standards, practices, metrics etc., applied and used during development. Details of reviews, audits etc., to be used Details of tests unique to SQA Details of procedures for reporting problems and means to resolve the problems Identification of tools, techniques and methodologies and their use in SQA Description of techniques for code control Description of methods for media control Provisions for supplier control in case of outsourcing Documentation of all project records Training details Procedures for risk management
Verification and Validation Verification - represents the set of activities that are carried out to conform that the software correctly implements the specific functionality. Validation – represents set of activities that ensure that the software that has been built is satisfying the customer requirements. Their purpose is to confirm system specification and to meet the requirements of system customers. The difference between them is expressed by Boehm: Validation – Are we building the right product? Verification – Are we building the product right?
ISO 9000 Model ISO (International Organization for Standardization) is a worldwide federation of national standard bodies. The ISO 9000 standards are a collection of formal International Standards, Technical Specifications, Technical Reports, Handbooks and web based documents on Quality Management. There are approximately 25 documents in the collection altogether, with new or revised documents being developed on an ongoing basis.
ISO 9000 International set of standards for quality management It helps organization to ensure that their products and services satisfy customer expectations by meeting their specifications. These systems cover a wide variety of activities encompassing a product’s entire lifecycle including planning, controlling, measuring, testing and reporting and improving quality levels throughout the development and manufacturing process. Applicable to a range of organizations from manufacturing to service industries ISO 9001 applicable to organizations which design, develop and maintain products
Benefits of ISO 9000 Certification Continuous Improvement : Each procedure and work instruction must be documented and thus becomes the springboard for continuous improvement. Improved Customer Satisfaction : Customer satisfaction grows as a company transforms from a reactive to proactive, preventive organization. Boost Employee Morale : Morale increased as employees are asked to take control of their processes and document their work processes. Increased Employee Participation : It helps in reducing problems. Eliminate Variation : Documented processes help eliminate variation, thus improving efficiency and reducing cost of quality.
Benefits of ISO 900 Certification Higher Real and Perceived Quality : Development of solid corrective and preventive measures, permanent, company – wide solutions to quality problems results in higher quality. Better Product and Services : result from continuous improvement processes. Greater Quality Assurance : Maintaining quality is everyone’s responsibility. Improved Profit Levels : it result as productivity improves and rework costs are reduced. Improved Communication : improves quality, efficiency, on – time delivery and customer/supplier relations. Reduced Cost Competitive Edge : higher customer services add a competitive edge
Capability Maturity Model Integration (CMMI) The Software Engineering Institute (SEI) has developed process meta-model to measure organization different level of process capability and maturity. CMMI – developed by SEI The CMMI defines each process area in terms of “specific goals” and the “specific practices” required to achieve these goals. Specific goals establish the characteristics that must exist if the activities implied by a process area are to be effective. Specific practices refine a goal into a set of process-related activities.
CMM Staged Representation - 5 Maturity Levels Process performance continually improved through incremental and innovative technological improvements. Optimizing Level 4 Managed Processes are controlled using statistical and other quantitative techniques. Process Maturity Level 3 Processes are well characterized and understood. Processes, standards, procedures, tools, etc. are defined at the organizational (Organization X ) level. Proactive. Defined Level 2 Repeatable Processes are planned, documented, performed, monitored, and controlled at the project level. Often reactive. Level 1 Initial Processes are unpredictable, poorly controlled, reactive.
Behaviors at the Five Levels Maturity Level Process Characteristics Behaviors Focus on "fire prevention"; Optimizing Focus is on continuous quantitative improvement improvement anticipated and desired, and impacts assessed. Managed Process is measured and controlled Greater sense of teamwork and inter- dependencies Reliance on defined process. People understand, support and follow the process. Defined Process is characterized for the organization and is proactive Repeatable Process is characterized for projects and is often reactive Over reliance on experience of good people – when they go, the process goes. “Heroics.” Process is unpredictable, poorly controlled, and reactive Focus on "fire fighting"; Initial effectiveness low – frustration high.
ISO 9000 Certification v/s SEI - CMM Sr.No. ISO 9000 SEI CMM 1 Focus is customer supplier relationship, attempting to reduce customer’s risk in choosing a supplier Focus on the software supplier to improve its interval processes to achieve a higher quality product for the benefit of the customer 2 Created for hard goods manufacturing industries Created for software industry 3 Defines a minimum level of generic attributes for quality management program 5-level framework for measuring software engineering practices 4 Follow set of standards to make success repeatable Emphasizes a process of continuous improvement
ISO 9000 Certification v/s SEI - CMM Sr.No. ISO 9000 SEI CMM 5 Less depth than CMM More depth than ISO 6 Aims at Level 3 of CMM Model Aims for achieving Total Quality Management (TQM) 7 Requires procedures for handling, storage, packaging and delivery be established and maintained Replication, delivery and installation are not covered in CMM