Upload
kittuiyer
View
221
Download
0
Embed Size (px)
Citation preview
8/8/2019 IT Quality Assurance
1/20
IT Quality Assurance MIM - Sem V Page: 1 of 19
ISO 9001A Brief History
1968 AQAP - Allied Quality Assurance Publication Military standards
1972 BS4891- A Guide to QA - British Standards Institute
1974 BS5179 - Guide to Operation & Evaluation of QA Systems
1979 BS5750 - Quality Systems
1987 ISO 9000 series (EN 29000 series, IS 14000 series)
1994 ISO 9001 upgraded
2000 ISO 9001 upgraded
2008 New amendment
Major Benefits
Applicability to all product categories, in all sectors and to all sizes of organizations Simple to use, clear in language, readily translatable and easily understandable Significant reduction in amount or required documentation Connection of QMS to Organizational processes Provision of natural move towards improved organizational processes Greater orientation towards continual improvement and customer satisfaction Compatibility with other management systems such as ISO 14001
ISO 9000:2008 standards
ISO 9000:2008 Process Model
8/8/2019 IT Quality Assurance
2/20
IT Quality Assurance MIM - Sem V Page: 2 of 19
Eight Management Principles
Customer focus:Organizations depend on their customers and therefore should understand current and future customer
needs, should meet customer requirements and strive to exceed customer expectations.
Leadership:Leaders establish unity of purpose, direction, and the internal environment of the organization. They create
the environment in which people can become fully involved in achieving the organizations objectives
Involvement of people:People at all levels are the essence of an organization and their full involvement enables their abilities to be
used for the organizations benefit.
Process approach:A desired result is achieved more efficiently when related resources and activities are managed as a process
System approach to management:Identifying, understanding and managing a system of interrelated processes for a given objective to the
effectiveness and efficiency of the organization.
Continual improvement:A permanent objective of the organization is continual improvement
Factual approach to decision making:Effective decisions are based on the logical or intuitive analysis of data and information
Mutually beneficial supplier relationships:The ability of the organization and its suppliers to create value is enhanced by mutually beneficial relationships
ISO 9001:2008 clauses
1 Scope
1.1 General
1.2 Application
2 Normative reference
3 Terms and definitions
4 Quality management system
4.1 General requirements
4.2 Documentation requirements
5 Management responsibility5.1 Management commitment
5.2 Customer focus
5.3 Quality policy
5.4 Planning
5.5 Responsibility, authority & communication
5.6 Management review
8/8/2019 IT Quality Assurance
3/20
IT Quality Assurance MIM - Sem V Page: 3 of 19
6 Resource management
6.1 Provision of resources
6.2 Human resources
6.3 Infrastructure
6.4 Work environment
7 Product realization
7.1 Planning of product realization7.2 Customer-related processes
7.3 Design and development
7.4 Purchasing
7.5 Production and service provision
7.6 Control of monitoring & measuring equipment
8 Measurement, analysis and improvement
8.1 General
8.2 Monitoring and measurement
8.3 Control of nonconforming product8.4 Analysis of data
8.5 Improvement
ISO Certification Process
8/8/2019 IT Quality Assurance
4/20
IT Quality Assurance MIM - Sem V Page: 4 of 19
CMMIBackground
1986 US Federal govt needed a method to assess software contractors; Software Engineering Institute
(Carnegie Mellon University) and Mitre Corp. develop a process maturity framework
1987 Process maturity framework & maturity questionnaire developed by Watts Humphrey
1991 Capability Maturity Model v1.0 drafted based on feedback from government and industry
1992 CMM v1.1 drafted based on feedback from the software community and CMM Workshop1997 CMMI Project initiated2000 CMMI SE/SW v1.0 released2002 CMMI SE/SW/IPPD/SS v1.1 released2006 CMMI v1.2 released
SEI History
Established in 1984: to Provide leadership in advancing the state of the practice of software engineering to
improve the quality of systems that depend on software
Process Programme focus: Capability Maturity Models
CMM-based assessments
Software process-definitions
Personal software process
Software engineering measurement and analysis
CMMI, integrating Software, Hardware and Systems Engineering
CMMI Product Suite
CMMI for Dev constellation consists of 2 models
CMMI for Dev+IPPD CMMI for Dev
Disciplines
Hardware Engineering Systems Engineering Software Engineering
Representations
Staged Continuous
Training
Model Introduction to CMMI Intermediate Concepts Instructor Training Lead Appraiser
Appraisal methods
Appraisal Requirements for CMMI (ARC) SCAMPI Method Description Document (MDD)
8/8/2019 IT Quality Assurance
5/20
IT Quality Assurance MIM - Sem V Page: 5 of 19
CMMI Structure
One Model, Two Representations
CMMI Representations Based on the approaches of the source models Reflects the organization, use and presentation of components in a model Two representations
o Continuous - Process Capability approacho Staged - Organizational Maturity approach
The material in both representations is the same, just organized differentlyo Capability Levelso The Maturity Levels
The CMMI structure - Goals and Practices
Generic Goals:
Common goal statement for a process area Aimed at achieving institutionalization Same goal statement appears in multiple process areas Each capability level has an associated generic goal
Generic Practices:
Activities that ensure that the processes will be effective, repeatable, and lasting Generic practices contribute to the achievement of the generic goal when applied to a particular process area
Specific Goals:
Addresses the unique characteristics that describe what must be implemented to satisfy the process area Signify the scope, boundary and intent of the process area Help to determine whether the process area has been effectively implemented
Specific Practices:
Activities that are considered important in achieving the associated specific goal Describe what must be implemented to establish process capability
The CMMI structure
8/8/2019 IT Quality Assurance
6/20
IT Quality Assurance MIM - Sem V Page: 6 of 19
Example PA: Requirements Management
SG1: Manage Requirements
SP1.1 Obtain an understanding of requirements
SP1.2 Obtain commitment to requirements
SP1.3 Manage requirements changes
..
GG2: Institutionalize a Managed Process
GP2.1 Establish an organizational policyGP2.2 Plan the process
GP2.3 Provide resources
GP2.4 Assign responsibility
..
GG2: Institutionalize a Managed Process
GP 2.1
GP 2.2
GP 2.3
GP 2.4
GP 2.5
GP 2.6
GP 2.7
GP 2.8
GP 2.9
GP 2.10
Establish an Organizational Policy
Plan the Process
Provide Resources
Assign Responsibility
Train People
Manage Configurations
Identify and Involve Relevant Stakeholders
Monitor and Control the Process
Objectively Evaluate Adherence
Review Status with Higher Level Management
The 5 maturity Levels
8/8/2019 IT Quality Assurance
7/20
IT Quality Assurance MIM - Sem V Page: 7 of 19
Process Areas by Maturity Level
Level Focus Process Areas
5 Optimizing Continuous process improvement Organizational Innovation and Deploym
Causal Analysis and Resolution
4 Quantitatively Managed Quantitative Management Organizational Process Performance
Quantitative Project Management
3 Defined Process standardization at organization level;
Proactive
Requirements Development
Technical Solution
Product Integration
Verification
Validation
Organizational Process Focus
Organizational Process Definition
Organizational Training
Integrated Project Management
Risk ManagementDecision Analysis and Resolution
2 Managed Basic project management; often reactive Requirements Management
Project Planning
Project Monitoring and Control
Supplier Agreement Management
Measurement and Analysis
Process and Product Quality Assurance
Configuration Management
1 Performed
Performed/ Initial Level (L1)
Environment unstable for software development and maintenance Lack of sound management practices Ineffective planning Reaction-driven systems Person-dependent systems Process unpredictable, informal and poorly controlled
Managed Level (L2)
Focus on project management learning from previous experiences Basic software management controls installed Stakeholder commitment established Senior management visibility Processes planned, performed, measured and controlled Stable planning and tracking; earlier successes can be repeated
8/8/2019 IT Quality Assurance
8/20
IT Quality Assurance MIM - Sem V Page: 8 of 19
Process Areas for L2
Requirements Management: Manage requirements of the products & product components; identifyinconsistencies between requirements and the project's plans & products
Project Planning: Establish & maintain plans that define project activities Project Monitoring and Control: Provide an understanding of the projects progress; take appropriate
corrective actions when the projects performance deviates significantly from the plan
Supplier Agreement Management: Manage acquisition of products from suppliers where a formal agreementexists
Measurement and Analysis: Develop & sustain a measurement capability to support management informationneeds
Process and Product Quality Assurance: Provide staff & management with objective insight into processes &work products
Configuration Management: Establish & maintain integrity of work products by identifying, controlling,accounting and auditing configurable items
Defined Level (L3)
Focus on organization level
Software and management processes integrated Projects derive processes from organization-level and tailor them Processes more detailed - better understanding of inter-relationships Processes managed proactively OSSP ensures consistency across the organization
Process Areas for L3
Organization Process Focus: Plan & implement organizational process improvement based on a thoroughunderstanding of strengths & weaknesses of the organizations processes & process assets
Organizational Process Definition: Establish & maintain a usable set of organizational process assets Organizational Training: Develop skills & knowledge of people so that they can perform their roles effectively &
efficiently Integrated Project Management: Establish & manage the project & stakeholder involvement according to an
integrated & defined process tailored from the OSSP
Risk Management: Identify potential problems before they occur; plan & invoke risk-handling activities, whenrequired, across the life of the product/project to mitigate adverse impacts on achieving project objectives
Decision Analysis and Resolution: Analyze possible decisions using a formal evaluation process that evaluatesidentified alternatives against established criteria
Requirements Development: Produce and analyze customer, product and product-component requirements Technical Solution: Design, develop, and implement solutions to requirements. Solutions encompass products,
product components, and product-related life-cycle processes either singly or in combinations, as appropriate
Product Integration: Assemble the product from product components; ensure that the integrated productfunctions properly; deliver the product
Verification: Ensure that selected work products meet their specified requirements Validation: Demonstrate that product or product component fulfills its intended use when placed in its
intended environment
Quantitatively Managed Level (L4)
Quantifiable goals for product and process performance identified, measured and monitored throughout theprocess life cycle
8/8/2019 IT Quality Assurance
9/20
IT Quality Assurance MIM - Sem V Page: 9 of 19
Organization-wide measurement repository Key processes and sub-processes identified Process performance controlled using statistical and other techniques Quantitative goals established based on customer and organizational needs Quantitative goals understood in statistical terms
Process Areas for L4
Quantitative Project Management: Quantitatively manage the projects defined processes to achieveestablished quality & process-performance objectives
Organizational Process Performance: Establish & maintain a quantitative understanding of the OSSPsperformance (with respect to quality and process performance goals); provide process performance data,
baselines & models to quantitatively manage the organizations projects
Optimizing Level (L5)
Improvements to address common causes of process variation Measurably improve identified processes through incremental and innovative improvements Improvements selected based on expected RoI and impact Evaluation of known defects to identify root causes and prevent recurrence Organizational focus on improvement Process performance continually improved; quantitative goals established, based on business goals
Process Areas for L5
Causal Analysis and Resolution: Identify causes of defects & other problems; take action to prevent recurrence Organizational Innovation and Deployment: Select & deploy incremental & innovative improvements that
measurably improve the organization's processes & technologies; improvements support organization's quality
& process performance objectives, derived from the organization's business objectives
PAs in the Business Context
8/8/2019 IT Quality Assurance
10/20
IT Quality Assurance MIM - Sem V Page: 10 of 19
SEIs IDEALSM Approach for Implementing CMMI
CMMI Appraisal Process
8/8/2019 IT Quality Assurance
11/20
IT Quality Assurance MIM - Sem V Page: 11 of 19
ITILITIL - Background
ITIL (Information Technology Infrastructure Library) is a framework of best practices to facilitate the delivery ofhigh quality IT services; published in a series of books
ITIL focuses on aligning IT services with the ever changing needs of the business and improving the quality of ITservices
It is aimed at supporting businesses in achieving high financial quality and value in IT operations Reduce the long term cost of service provision Service management is all about the delivery of customer-focused IT services using a process-oriented
approach
Originally developed in the 1980s under the auspices of the UK Government's Central Computer andTelecommunications Agency (CCTA) - entitled "Government Information Technology Infrastructure
Management Methodology" (GITMM)
In 2001, the CCTA was merged into the United Kingdom's Office of Government Commerce (OGC) V1 = 31 Books | V2 = 7 books | V3 = 5 Books World-wide de facto standard in Service Management
What is Service Management?
Service
A means of delivering value to customers by facilitating outcomes customers want to achieve without the
ownership of specific costs and risks
Service Management
A set of specialized organizational capabilities for providing value to customers in the form of services
Service Life Cycle
8/8/2019 IT Quality Assurance
12/20
IT Quality Assurance MIM - Sem V Page: 12 of 19
Major Components
Service support: concentrates on the day to day running & support of IT Services
Service desk* Incident management Problem management Change management Release management
Service delivery: focuses on long term planning and improvement of IT Services Capacity management Availability management IT service continuity management Configuration management Financial management for IT Services
Service Desk
Provide vital day-to-day contact between clients, users, IT services & third party support organizations Provide a single point of contact for all calls Facilitate the restoration of normal operational service with minimal business impact on the client within
agreed service levels and business priorities
Generate reports and communicate Provide value to the organization
Configuration Management
Provide information on the IT Infrastructure - to all other processes to IT Management Enable control of the infrastructure by monitoring and maintaining information on - all resources needed to deliver services Configuration Items status and history Configuration Item relationships
Incident Management
Restore normal service operation as quickly as possible Minimize the adverse impact on business operations Ensure that best possible levels of service quality & availability are maintained according to SLAs
Problem Management
Minimize the adverse impact of incidents & problems on the business that are caused by errors within the ITinfrastructure
Prevent the recurrence of incidents related to errors Improve productive use of resources
Change Management
Ensure that standardized methods and procedures are used for efficient and prompt handling of all changes Implement approvedchanges efficiently, and with the acceptable riskto the existing and to the new IT services
8/8/2019 IT Quality Assurance
13/20
IT Quality Assurance MIM - Sem V Page: 13 of 19
Release Management
Plan and oversee the successful rollout of software and related hardware Ensure that change to hardware and software is traceable and secure Ensure that only correct, authorized and tested versions are installed
Capacity Management
Determine the right, cost justifiable, capacity of IT resources such that the Service Levels agreed upon areachieved at the right time
Availability Management
Predict, plan and manage the availability of services by ensuring that: all services are underpinned by sufficient, reliable and properly maintained CIs where CIs are not supported internally there are appropriate contractual arrangements with third-party
suppliers
changes are proposed to prevent future loss of servicesIT Service Continuity Management
Increase business dependency on IT Reduce cost and time of recovery Cost to customer relationship Survival Many businesses fail within a year of suffering a major IT disaster
Service Level Management
Maintain and improve IT Service quality, through a constant cycle of agreeing, monitoring and reporting uponIT Service achievements
Instigation of actions to eradicate poor service - in line with business or cost justification
8/8/2019 IT Quality Assurance
14/20
IT Quality Assurance MIM - Sem V Page: 14 of 19
ISO 20000International standard for IT service management
Published in Dec 2005, it supersedes the earlier BS 15000, which was based on ITIL ISO 20000 has two parts: ISO 20000-1 ('part 1') is a specification, which defines the requirements of the standard ISO 20000-2 ('part 2') is a 'code of practice', and describes the best practices for service management Objectives:
o To promote the adoption of an integrated process approach to deliver managed services to meet thebusiness and customer requirements.
o To enable the understanding of best practices, benefits, and possible problems of service managemento To help the organization generate revenue or be cost effective via professional service management.
PDCA in Service Management
ISO 20000 Process Model
8/8/2019 IT Quality Assurance
15/20
IT Quality Assurance MIM - Sem V Page: 15 of 19
ISO 20000 Clauses
4: Planning & Implementing Service Management
4.1 Plan Service Management
To plan the implementation and delivery of service management
4.2 Implementing Service management and provide the services (Do)
To implement the service management objective and plan
4.3 Monitoring, Measuring and Reviewing (Check)To monitor, measure and review that the service management objectives and plan are being achieved
4.4 Continual Improvement (Act)
To improve the effectiveness and efficiency of service delivery and management
5 : Planning & implementing new or changed services
To ensure that new services and changes to services will be deliverable and manageable at the agreed cost
and service quality.
6: Service Delivery Process
6.1 Service Level ManagementTo define, agree, record and manage levels of service
6.2 Service Reporting
To produce agreed timely, reliable, accurate reports for informed decision making and effective
communication
6.3 Service Continuity and Availability Management
To ensure that agreed service continuity and availability commitments to customers can be met in all
circumstances.
6.4 Budgeting and Accounting for IT Services
To budget and account for the cost of service provision.
6.5 Capacity ManagementTo ensure that the service provider has, at all times, sufficient capacity to meet the current and future
agreed demands of the customers business needs.
6.6 Information Security Management
To manage information security effectively within all service activities.
7 : Relationship Processes
7.1 General
Relationship processes describes the two related aspects of Supplier Management and Business
Relationship Management
7.2 Business Relationship ManagementTo establish and maintain a good relationship between the service provider and the customer based on
understanding the customer and their business drivers.
7.3 Supplier Management
To manage suppliers to ensure the provision of seamless, quality services.
8 : Resolution Processes
8.1 Background
Incident and problem management are separate processes, although they are closely linked.
8/8/2019 IT Quality Assurance
16/20
IT Quality Assurance MIM - Sem V Page: 16 of 19
8.2 Incident Management
To restore agreed service to the business as soon as possible or to respond to service requests
8.3 Problem Management
To minimize disruption to the business by proactive identification and analysis of the cause of
incidents and by managing problems to closure
9 : Control Processes
9.1 Configuration ManagementTo define and control the components of the service and infrastructure and maintain
configuration information.
9.2 Change Management
To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner.
10 : Release Process
10.1 Release Management Process
To deliver, distribute and track one or more changes into the live environment.
Benefits of Implementing ISO 20000 Provides control, greater efficiency and opportunities for improvement. Turns technology focused departments into ones with a service focus Ensures that IT services are aligned with and satisfy business deeds Improves system reliability and availability Provides a basis to agree on levels of service and the ability to measure IT service quality Establishes the true cost of IT
8/8/2019 IT Quality Assurance
17/20
IT Quality Assurance MIM - Sem V Page: 17 of 19
Demings PrinciplesWilliam Edwards Deming (October 14, 1900 December 20, 1993)
American statistician, professor, author and consultant Proponent of Total Quality Management (TQM) Helped in improving production in USA during World War II Best known for his significant contribution to Japan becoming renowned for innovative high-quality products Author of:
Out of the Crisis The New Economics for Industry, Government, Education
Founded the W. Edwards Deming Institute in Washington D.C. in 1993 Deming Prize established by JUSE (Japanese Union of Scientists & Engineers)
Some Common Problems
a) Defective products b) Rework c) Production delays d) Scrap/ waste e) Higher costs f) Client complaintsChain Reaction
Demings Philosophy
Need for awakening to the crisis followed by action Transformation can be achieved only by people not by machines / automation Management plays a critical role in transformation The 14 points for management
Provide a Roadmap for Change" - for achieving improved quality and productivity Apply to all organizations of any size Apply to all industries
Main Themes Leadership and teamwork Long-term planning Focus on Quality instead of Costs Strive for Continual Improvement
Demings 14 Principles
1. Create constancy of purpose
Define clear objectives Focus on long-term planningthink of problems of tomorrow; not just problemsof today Efficiency alone is not enough innovate! Constantly improve the design of products and services Be pro-active; not reactive
8/8/2019 IT Quality Assurance
18/20
IT Quality Assurance MIM - Sem V Page: 18 of 19
2. Adopt a new philosophy
Delays and mistakes increase costs Rework/ repair and replacements cost money and create customer dissatisfaction Adopt a new philosophy of cooperation (win-win) in which everybody wins Put it into practice by teaching it to employees, customers and suppliers Management should walk the talk
3. Cease dependence on mass inspection Inspection to achieve quality is too late and costly Putting more inspectors will not solve the problem Dont depend on quality control to achieve quality Instead, improve the process and build quality into the product from start to finish Focus on quality assurance Aim for preventing defects rather than detecting them4. Dont award business based on price only
Price has no meaning without a measure of the quality being purchased Dont compromise quality for the sake of saving costs Focus on total cost of ownership Aim for long term cost reduction rather than short term profits Advantages of single supplier:
Long-term contracts => partnership Economies of scale Mutual confidence - loyalty and trust
5. Improve constantly and forever
Quality must be built into the product from design Quality starts with the intent (of management) Teamwork across departments is essential Putting out fires is not improvement Strive for continual improvement in all areas6. Institute training for skills
People should be trained appropriately for their job Need for a structured training program across the organization Training for management and new employees7. Institute leadership for the management of people The job of management is leadership, not supervision Leaders must know the work they supervise Avoid MBO and MBWA Aim should be to help people do a better job Some performance will always be below average8. Drive out fear
People cannot deliver their best if they feel insecure
8/8/2019 IT Quality Assurance
19/20
IT Quality Assurance MIM - Sem V Page: 19 of 19
People should not be afraid to express ideas, ask questions, seek knowledge or admit mistakes Drive out fear and build trust9. Break down barriers between departments
Teamwork across departments is fundamental People in research, design, sales, and production must work as a team Abolish competition and build a win-win system of cooperation within the organization
Star Team vs. Team of Stars
10. Eliminate slogans and exhortations
Eliminate empty slogans and exhortations Instead, focus on the system Most errors are caused by the system, rather than people Strive to improve the processes to help in improving the quality and productivity11. Eliminate management by objectives
Dont focus only on numbers and quotas Quotas are a retardant to improvement Numerical goals without a roadmap to achieve them, are useless Stress on quality12. Remove barriers to pride of workmanship
People should be able to enjoy their work and take pride in their workmanship Focus on quality, instead of quantity (production targets) Dont treat people as a commodity Absenteeism is largely dependent on supervisorif people feel important, theyll come to work13. Institute education and self-improvement Institute a proper training program at organization level for everyone Ensure that the employees are appropriately trained for the job they are expected to perform This will also facilitate their professional development and self-improvement14. The transformation is everybody's job
Plan for action - Involve all the company employees to work on the transformation People should understand the objectives of the transformation This will ensure buy-in of the peopleThe 7 Deadly Diseases1. Lack of constancy of purpose.2. Emphasis on short-term profits.3. Evaluation by performance, merit rating, or annual review of performance.4. Mobility of management.5. Running a company on visible figures alone.6. Excessive medical costs.7. Excessive costs of warranty, fueled by lawyers who work for contingency fees.
8/8/2019 IT Quality Assurance
20/20
References Certified Software Quality Analyst - CBOK Out of the Crisis by W. Edwards Deming International Organisation for Standardisation (ISO) www.iso.org Software Engineering Institute (SEI) for CMMI www.sei.cmu.edu IT Service Management Forum International www.itsmfi.org
Quality Assurance Institute Worldwide www.qaiworldwide.org American Society for Quality www.asq.org IT Metrics & Productivity Institute www.itmpi.org The Total Quality Management Free Article Library www.work911.com/tqmarticles.htm
http://www.iso.org/http://www.iso.org/http://www.sei.cmu.edu/http://www.sei.cmu.edu/http://www.itsmfi.org/http://www.itsmfi.org/http://www.qaiworldwide.org/http://www.qaiworldwide.org/http://www.asq.org/http://www.asq.org/http://www.itmpi.org/http://www.itmpi.org/http://www.work911.com/tqmarticles.htmhttp://www.work911.com/tqmarticles.htmhttp://www.work911.com/tqmarticles.htmhttp://www.itmpi.org/http://www.asq.org/http://www.qaiworldwide.org/http://www.itsmfi.org/http://www.sei.cmu.edu/http://www.iso.org/