Embed Size (px)
Citation preview
Prof. Dr. Mohamed BATOUHEDept. of Software Engineering
CCIS – King Saud University
SQA – SWE 333 SQA – SWE 333 Software Quality Software Quality
AssuranceAssurance
1
The scope of quality management standards
2
The Benefits of using Standards* The ability to apply methodologies and procedures of the highest professional level.
* Better mutual understanding and coordination among development teams but
especially between development and maintenance teams.
* Greater cooperation between the software developer and external participants in
the project.
* Better understanding and cooperation between suppliers and customers, based on
the adoption of standards as part of the contract.
3
Organizations involved in SQA Standards Development
Most prominent developers of SQA standards:
IEEE (Institute of Electric and Electronic Engineers) Computer Society
ISO (International Standards Organization)
DOD (US Department of Defense)
ANSI (American National Standards Institute)
IEC (International Electrotechnical Commission)
EIA (Electronic Industries Association)
4
Scope of quality management standards – Certification Standards
* Enable a software development organization to demonstrate consistent ability to assure
acceptable quality of its software products or maintenance services. Certification is granted by
an external body.
* Serve as an agreed-upon basis for customer and supplier evaluation of the supplier’s quality
management system. Accomplished by performance of a quality audit by the customer.
* Support the organization's efforts to improve its quality management system through
compliance with the standard’s requirements.
→ One indication of the importance of standards is the current trend of
software development tenders, which require certification of participants …
5
ISO 9001 and ISO 9000-3
6
ISO 9000In 1946, delegates from 25 countries met in London
and decided to create a new international organization, of which the object would be "to facilitate the international coordination and unification of industrial standards". The new organization, ISO, officially began operations on 23 February 1947, in Geneva, Switzerland.
ISO 9000 is a series of documented standards prescribing quality management.
ISO 9000 has a broad scope: hardware, software, processed materials and services.
The standard outlines the basic elements of a good quality management system. These elements are good business practice.
7
ISO 9000 ISO 9000 is a written set of standard which describe
and define the basic elements/clauses of the quality system needed to ensure that an organization’s products/or services meet or exceed customer needs and expectations
ISO 9000 is based on documentation and is based on the following:- Document what you do;- Do what your document; - Prove it and improve it
ISO 9000 emphasizes prevention.
8
ISO 9000 ISO 9000 and ISO 9004 are guidelines for quality management and are not
Mandatory for certification.
ISO 9001, ISO 9002, and ISO 9003 are Quality system standards.
ISO 9001 is the broadest standard and provides a model for design, development, production, installation and servicing
ISO 9002 is limited to production, installation and servicing
ISO 9003 is further limited to inspection and testing
A company should first use ISO 9000 to design and to implement a quality system. Once the quality has been installed, the company may use the quality assurance models of ISO 9001, ISO 9002, or ISO 9003 to demonstrate the adequacy of the quality system.
9
Why ISO 9000 Certification?Better organizational definition
greater quality awareness
better documentation of processes
increased control of operations
Ongoing analysis of and solution to problems
Positive cultural change
Improved customer satisfaction and increased market opportunities
10
The criteria for getting ISO 9000/9001 certification Review the current operation and business structure of your facility.
Provide an introductory session in ISO 9000/9001 requirements and instruct in the preparation of job descriptions and work instruction style documentation.
Audit the completed job descriptions and work instructions and prepare the structure for the policies and procedures manual.
Write the first draft of the policy and procedures manual to meet ISO 9000/9001 standards incorporating the existing documented work instructions.
The criteria for getting ISO 9000/9001 certification Submit first draft of manuals for review and approval.
Prepare final draft of documentation and audit manuals for compliance to ISO 9000/9001 requirements.
Train staff on the policies, procedures and work instruction manuals and receive feedback as to the accuracy of the documentation.
Conduct a simulated third party audit of the implemented Quality System utilizing qualified auditors.
Make final adjustments to the Quality System to prepare for certified third party audit.
Overview of ISO 9000
13
ISO 9000-3ISO 9000-3, the guidelines offered by ISO, represent
implementation of the ISO 9000 standards to the special case of software development and maintenance.
ISO 9000-3 is a standard for quality software systems.
It is very short (approximately 30 pages) and very high level (abstraction).
It explains what to do and not how to do !!
14
ISO 9000-3: An Excerpt ISO 9000-3 4.4 Software development and design
GeneralDevelop and document procedures to control the product design and
development process. These procedures must ensure that all requirements are being met.
Software developmentControl your software development project and make sure that it is
executed in a disciplined manner. Use one or more life cycle models to help organize your software
development project. Develop and document your software development procedures. These
procedures should ensure that: Software products meet all requirements. Software development follows your:
Quality plan. Development plan.
15From http://www.praxiom.com/iso-9000-3.htm
The 8 guiding quality management principles:
Principle 1 Customer focus Principle 2 Leadership Principle 3 Involvement of people Principle 4 Process approach Principle 5 System approach to management Principle 6 Continual improvement Principle 7 Factual approach to decision making Principle 8 Mutually beneficial supplier
relationships
16
Organizations depend on their Organizations depend on their customers and therefore should customers and therefore should
understand current and future customer understand current and future customer needs, should meet customer needs, should meet customer
requirements and strive to exceed requirements and strive to exceed customer expectations. customer expectations.
17
18
Leaders establish unity of purpose and Leaders establish unity of purpose and direction of the organization (the direction of the organization (the
organization’s vision). They should organization’s vision). They should create and maintain the internal create and maintain the internal environment in which people can environment in which people can
become fully involved in achieving the become fully involved in achieving the organization's objectives. organization's objectives.
19
Principle 2Principle 2 LEADERSHIP LEADERSHIPKey benefits
People will understand and be motivated towards the organization's goals and objectives.
Activities are evaluated, aligned and implemented in a unified way.
Miscommunication between levels of an
organization will be minimized.
20
Principle 3Principle 3Involvement of peopleInvolvement of people
People at all levels are the essence of People at all levels are the essence of an organization and their full an organization and their full
involvement enables their abilities to involvement enables their abilities to be used for the organization's benefit.be used for the organization's benefit.
21
Principle 4Principle 4Process approachProcess approach
A desired result is achieved more A desired result is achieved more efficiently when activities and related efficiently when activities and related resources are managed as a process.resources are managed as a process.
22
Activity
Right Resources: Qualified People Right Facilities/Equipment Correct Materials Proven Methods
Desired Results: Quality Products Quality Services Customer Satisfaction Employee Satisfaction
OUTPUTINPUT
How is a Process Managed?Monitor & Measure the Process
make sure the inputs are right, the transformation activities consistently work, and the desired results are achieved, then - improve the process as needed
EfficientNo Waste
EffectiveDesired Results Achieved
23
Principle 5 Principle 5 System approach to System approach to
managementmanagementIdentifying, understanding and Identifying, understanding and
managing interrelated processes as a managing interrelated processes as a system contributes to the system contributes to the
organization's effectiveness and organization's effectiveness and efficiency in achieving its objectives.efficiency in achieving its objectives.
24
Principle 6Principle 6Continual improvementContinual improvement
Continual improvement of the Continual improvement of the organization's overall performance organization's overall performance should be a permanent objective of the should be a permanent objective of the organization.organization.
Plan Do
Act Check
QMS
Results
Baseline Performance
Improvement Objective
Improve Process through PDCA Cycle
Measure/Monitor Results Against Objectives - Improve Process and Change QMS as Needed to
Achieve and Sustain Desired Results
The Quality Management System (QMS) must be used for continuous improvement ...
25
26
Continual improvement of theQuality management system
Managementresponsibility
Productrealization
Resourcemanagement
Measurement,analysis andimprovement
Customers
Requirements
Customers
Satisfaction
ProductOutputInput
Information flowValue-adding activities
27
Effective decisions are based on the Effective decisions are based on the analysis of data and informationanalysis of data and information
Principle 7Principle 7Factual approach to decision Factual approach to decision
makingmaking
28
Principle 8 Principle 8 Mutually beneficialMutually beneficial supplier supplier
relationshipsrelationships
An organization and its suppliers are An organization and its suppliers are interdependent and a mutually interdependent and a mutually
beneficial relationship enhances the beneficial relationship enhances the ability of both to create added valueability of both to create added value
ISO 9000-3: RequirementsThe ISO 9000-3 includes about 20
requirements that relate to various aspects of software quality management classified into the following five groups:
Quality management system Management responsibilitiesResource managementProduct realizationMeasurement, analysis and improvement
29
ISO 9000-3: Principal areas of quality focus
• management responsibility• quality system requirements• contract review requirements• product design requirements• document and data control• purchasing requirements• customer supplied products• product identification and
traceability• process control requirements• inspection and testing
30
• control of inspection, measuring, and test equipment• inspection and test status• control of nonconforming products• corrective and preventive actions• handling, storage, and delivery• control of quality records• internal quality audit requirements• training requirements• servicing requirements• statistical techniques
Organization requesting certification
Yes
No
The decision
Planning process leading to
certification
Development of the organization’s SQA system Organization’s
quality manual and SQA procedures
Implementation of
organization’s SQA system
Review of the quality manual and
SQA procedures
Do the quality manual and procedures
comply with ISO 9000-3 ?
Performance audit of SQA management
system
Yes
No
The decision
Planning process leading to
certification
Development of the organization’s SQA system Organization’s
quality manual and SQA procedures
Implementation of
organization’s SQA system
Review of the quality manual and
SQA procedures
Do the quality manual and procedures
comply with ISO 9000-3 ?
Performance audit of SQA management
system
The decision
Planning process leading to
certification
Development of the organization’s SQA system
Implementation of
organization’s SQA system
Yes
Yes
No
The decision
Planning process leading to certification
Development of the organization’s SQA
system Organization’s quality
manual and SQA procedures
Implementation of organization’s SQA
system
Review of the quality manual and SQA procedures
Do the quality manual and
procedures comply with ISO 9000-3 ?
Performance audit of SQA management system
Carry out performance improvements of SQA management system
ISO 9000-3 certification
The certifying organization
No Does the performance of the SQA system comply
with ISO 9000-3?
ISO 9000-3 CertificationISO 9000-3 Certification
31
ISO 9000-3 CertificationISO 9000-3 CertificationDevelopment of the organization’s SQA system:
Development of a quality model and SQA procedures
Development of other SQA infrastructureStaff trainingPreventive and corrective actions proceduresConfiguration management servicesDocumentation and quality record control
Development of a project progress control system32
ISO 9000-3 CertificationISO 9000-3 CertificationImplementation of the organization’s SQA system:
Setting up a staff instruction program
Leaders and managers are expected to follow up and support the implementation efforts made by their units.
Internal quality audits are carried out to verify the success in implementation.
The findings will determine of whether the organization has reached a satisfactory level of implementation.
33
Williaw E. Lewis, “Software Testing And Continuous Quality Improvement”, Third Edition, CRC Press, 2009.
K. Naik and P. Tripathy: “Software Testing and Quality Assurance”, Wiley, 2008.
Ian Sommerville, Software Engineering, 8th edition, 2006.
Aditya P. Mathur,“Foundations of Software Testing”, Pearson Education, 2009.
D. Galin, “Software Quality Assurance: From Theory to Implementation”, Pearson Education, 2004
David Gustafson, “Theory and Problems of Software Engineering”, Schaum’s Outline Series, McGRAW-HILL, 2002.
Michael R. Liu, Handbook of Software Reliability Engineering, IEEE Computer Society Press, McGraw-Hill, 2005.
34
References
35
