1. UNIT-II Chapter : Software Quality Assurance(SQA)

2. Quality Defined as a characteristic or attribute of something
IEEE Glossary: Degree to which a system, component, or process meets (1) specified requirements, and (2) customer or user needs or expectations
ISO: the totality of features and characteristics of a product or service that bear on its ability to satisfy specified or implied needs
Refers to measurable characteristics that we can compare to known standards

3. Quality (continued) Two kinds of quality are sought out
Quality of design
The characteristic that designers specify for an item
This encompasses requirements, specifications, and the design of the system
Quality of conformance (i.e., implementation)
The degree to which the design specifications are followed during manufacturing
This focuses on how well the implementation follows the design and how well the resulting system meets its requirements 3

4. Quality Control
It involves a series of inspections, reviews, and tests used throughout the software process
Ensures that each work product meets the requirements placed on it
Includes a feedback loop to the process that created the work product
Combines measurement and feedback in order to adjust the process when product specifications are not met
Quality control activities may be fully automated, entirely manual or a combination of both.

5. Quality Assurance
It is the process of defining how software quality can be achieved and how the development organization knows that the software has the required level of quality.
It is any action taken to prevent quality problems from occurring.
It consists of the auditing and reporting functions of management.
It provides management personnel with data that provides insight into the quality of the products.
It alerts management personnel to quality problems so that they can apply the necessary resources to resolve quality issues.

6. Software Quality Assurance (SQA)
According to IEEE standard, SQA can be defined as:
The planned and systematic pattern of all actions necessary to provide adequate confidence that end product conforms to established technical requirements.
A set of activities designed to evaluate the process used for developing and manufacturing products
Aim of SQA process is to develop a high quality software product.
Purpose of SQA group is to provide assurance that the procedures, tools, and techniques used during product development and modification are adequate to provide the desired level of confidence in the work product.

7. Process of SQA
Defines the requirements for software controlled system fault/failure detection, isolation and recovery.
Reviews the software development processes and products for software error prevention.
Defines the process for measuring and analyzing defects as well as reliability and maintainability factors.

8. SQA group activities
SQA group made up of software engineers, project managers, customers, salespeople, and the individuals members.
Software quality assurance is composed of two different constituencies.
Software engineers who do technical work
SQA group that has responsibility for quality assurance planning, oversight, record keeping, analysis and reporting.
Software engineers address quality activities by applying technical methods and measures, conducting formal technical reviews and performing well-planned software testing.
SQA group is to assist the software team in achieving a high quality end product.

9. Role of an SQA group 1. Prepares an SQA plan for a project.
The plan is developed during project planning and is reviewed by all stakeholders.
The plan identifies
Evaluations to be performed
Audits and reviews to be performed
Standards that are applicable to the project
Procedures for error reporting and tracking
Documents to be produced by the SQA group
Amount of feedback provided to the software project team

10. Role of an SQA group
2. Participates in the development of the project’s software process description.
The SQA group reviews the process description for compliance with organizational policy, internal software standards, externally imposed standards (e.g., ISO-9001), and other parts of the software project plan.
3. Reviews software engineering activities to verify compliance with the defined software process.
The SQA group identifies, documents, and tracks deviations from the process and verifies that corrections have been made.
4. Audits designated software work products to verify compliance with those defined as part of the software process.
The SQA group reviews selected work products; identifies, documents, and tracks deviations; verifies that corrections have been made; and periodically reports the results of its work to the project manager.

11. Role of an SQA group
5. Ensures that deviations in software work and work products are documented and handled according to a documented procedure.
Deviations may be encountered in the project plan, process description, applicable standards, or technical work products.
6. Records any noncompliance and reports to senior management.
Noncompliance items are tracked until they are resolved.

12. SQA plan
Provides a road map for instituting software quality assurance in an organization
Developed by the SQA group to serve as a template for SQA activities that are instituted for each software project in an organization
Preparation of SQA plan for each software project is a primary responsibility of the SQA group.

13. Template for SQA plan Purpose of SQA plan List of reference documents
Management tasks, responsibilities etc
Documentation of all required documents
Standards, practices, metrics etc., applied and used during development.
Details of reviews, audits etc., to be used
Details of tests unique to SQA
Details of procedures for reporting problems and means to resolve the problems
Identification of tools, techniques and methodologies and their use in SQA
Description of techniques for code control
Description of methods for media control
Provisions for supplier control in case of outsourcing
Documentation of all project records
Training details
Procedures for risk management

14. Verification and Validation
Verification - represents the set of activities that are carried out to conform that the software correctly implements the specific functionality.
Validation – represents set of activities that ensure that the software that has been built is satisfying the customer requirements.
Their purpose is to confirm system specification and to meet the requirements of system customers.
The difference between them is expressed by Boehm:
Validation – Are we building the right product?
Verification – Are we building the product right?

15. ISO 9000 Model
ISO (International Organization for Standardization) is a worldwide federation of national standard bodies.
The ISO 9000 standards are a collection of formal International Standards, Technical Specifications, Technical Reports, Handbooks and web based documents on Quality Management.
There are approximately 25 documents in the collection altogether, with new or revised documents being developed on an ongoing basis.

16. ISO 9000 International set of standards for quality management
It helps organization to ensure that their products and services satisfy customer expectations by meeting their specifications.
These systems cover a wide variety of activities encompassing a product’s entire lifecycle including planning, controlling, measuring, testing and reporting and improving quality levels throughout the development and manufacturing process.
Applicable to a range of organizations from manufacturing to service industries
ISO 9001 applicable to organizations which design, develop and maintain products

17. Benefits of ISO 9000 Certification
Continuous Improvement : Each procedure and work instruction must be documented and thus becomes the springboard for continuous improvement.
Improved Customer Satisfaction : Customer satisfaction grows as a company transforms from a reactive to proactive, preventive organization.
Boost Employee Morale : Morale increased as employees are asked to take control of their processes and document their work processes.
Increased Employee Participation : It helps in reducing problems.
Eliminate Variation : Documented processes help eliminate variation, thus improving efficiency and reducing cost of quality.

18. Benefits of ISO 900 Certification
Higher Real and Perceived Quality : Development of solid corrective and preventive measures, permanent, company – wide solutions to quality problems results in higher quality.
Better Product and Services : result from continuous improvement processes.
Greater Quality Assurance : Maintaining quality is everyone’s responsibility.
Improved Profit Levels : it result as productivity improves and rework costs are reduced.
Improved Communication : improves quality, efficiency, on – time delivery and customer/supplier relations.
Reduced Cost
Competitive Edge : higher customer services add a competitive edge

19. Capability Maturity Model Integration (CMMI)
The Software Engineering Institute (SEI) has developed process meta-model to measure organization different level of process capability and maturity.
CMMI – developed by SEI
The CMMI defines each process area in terms of “specific goals” and the “specific practices” required to achieve these goals.
Specific goals establish the characteristics that must exist if the activities implied by a process area are to be effective.
Specific practices refine a goal into a set of process-related activities.

21. CMM Staged Representation - 5 Maturity Levels
Process performance continually improved through incremental and innovative technological improvements.
Optimizing
Level 4
Managed
Processes are controlled using statistical and other quantitative techniques.
Process Maturity
Level 3
Processes are well characterized and understood. Processes, standards, procedures, tools, etc. are defined at the organizational (Organization X ) level. Proactive.
Defined
Level 2
Repeatable
Processes are planned, documented, performed, monitored, and controlled at the project level. Often reactive.
Level 1
Initial
Processes are unpredictable, poorly controlled, reactive.

22. Behaviors at the Five Levels
Maturity Level
Process Characteristics
Behaviors
Focus on "fire prevention";
Optimizing
Focus is on continuous
quantitative improvement
improvement anticipated and
desired, and impacts assessed.
Managed
Process is measured
and controlled
Greater sense of teamwork and inter-
dependencies
Reliance on defined process. People understand, support and follow the process.
Defined
Process is characterized
for the organization and
is proactive
Repeatable
Process is characterized
for projects and is often
reactive
Over reliance on experience of good
people – when they go, the process
goes. “Heroics.”
Process is unpredictable,
poorly controlled, and
reactive
Focus on "fire fighting";
Initial
effectiveness low – frustration high.

23. ISO 9000 Certification v/s SEI - CMM
Sr.No.
ISO 9000
SEI CMM 1
Focus is customer supplier relationship, attempting to reduce customer’s risk in choosing a supplier
Focus on the software supplier to improve its interval processes to achieve a higher quality product for the benefit of the customer 2
Created for hard goods manufacturing industries
Created for software industry 3
Defines a minimum level of generic attributes for quality management program
5-level framework for measuring software engineering practices 4
Follow set of standards to make success repeatable
Emphasizes a process of continuous improvement

24. ISO 9000 Certification v/s SEI - CMM
Sr.No.
ISO 9000
SEI CMM 5
Less depth than CMM
More depth than ISO 6
Aims at Level 3 of CMM Model
Aims for achieving Total Quality Management (TQM) 7
Requires procedures for handling, storage, packaging and delivery be established and maintained
Replication, delivery and installation are not covered in CMM