IT Quality Assurance

8/8/2019 IT Quality Assurance

1/20

IT Quality Assurance MIM - Sem V Page: 1 of 19

ISO 9001A Brief History

1968 AQAP - Allied Quality Assurance Publication Military standards

1972 BS4891- A Guide to QA - British Standards Institute

1974 BS5179 - Guide to Operation & Evaluation of QA Systems

1979 BS5750 - Quality Systems

1987 ISO 9000 series (EN 29000 series, IS 14000 series)

1994 ISO 9001 upgraded

2000 ISO 9001 upgraded

2008 New amendment

Major Benefits

Applicability to all product categories, in all sectors and to all sizes of organizations Simple to use, clear in language, readily translatable and easily understandable Significant reduction in amount or required documentation Connection of QMS to Organizational processes Provision of natural move towards improved organizational processes Greater orientation towards continual improvement and customer satisfaction Compatibility with other management systems such as ISO 14001

ISO 9000:2008 standards

ISO 9000:2008 Process Model


2/20


Eight Management Principles

Customer focus:Organizations depend on their customers and therefore should understand current and future customer

needs, should meet customer requirements and strive to exceed customer expectations.

Leadership:Leaders establish unity of purpose, direction, and the internal environment of the organization. They create

the environment in which people can become fully involved in achieving the organizations objectives

Involvement of people:People at all levels are the essence of an organization and their full involvement enables their abilities to be

used for the organizations benefit.

Process approach:A desired result is achieved more efficiently when related resources and activities are managed as a process

System approach to management:Identifying, understanding and managing a system of interrelated processes for a given objective to the

effectiveness and efficiency of the organization.

Continual improvement:A permanent objective of the organization is continual improvement

Factual approach to decision making:Effective decisions are based on the logical or intuitive analysis of data and information

Mutually beneficial supplier relationships:The ability of the organization and its suppliers to create value is enhanced by mutually beneficial relationships

ISO 9001:2008 clauses

1 Scope

1.1 General

1.2 Application

2 Normative reference

3 Terms and definitions

4 Quality management system

4.1 General requirements

4.2 Documentation requirements

5 Management responsibility5.1 Management commitment

5.2 Customer focus

5.3 Quality policy

5.4 Planning

5.5 Responsibility, authority & communication

5.6 Management review


3/20


6 Resource management

6.1 Provision of resources

6.2 Human resources

6.3 Infrastructure

6.4 Work environment

7 Product realization

7.1 Planning of product realization7.2 Customer-related processes

7.3 Design and development

7.4 Purchasing

7.5 Production and service provision

7.6 Control of monitoring & measuring equipment

8 Measurement, analysis and improvement

8.1 General

8.2 Monitoring and measurement

8.3 Control of nonconforming product8.4 Analysis of data

8.5 Improvement

ISO Certification Process


4/20


CMMIBackground

1986 US Federal govt needed a method to assess software contractors; Software Engineering Institute

(Carnegie Mellon University) and Mitre Corp. develop a process maturity framework

1987 Process maturity framework & maturity questionnaire developed by Watts Humphrey

1991 Capability Maturity Model v1.0 drafted based on feedback from government and industry

1992 CMM v1.1 drafted based on feedback from the software community and CMM Workshop1997 CMMI Project initiated2000 CMMI SE/SW v1.0 released2002 CMMI SE/SW/IPPD/SS v1.1 released2006 CMMI v1.2 released

SEI History

Established in 1984: to Provide leadership in advancing the state of the practice of software engineering to

improve the quality of systems that depend on software

Process Programme focus: Capability Maturity Models

CMM-based assessments

Software process-definitions

Personal software process

Software engineering measurement and analysis

CMMI, integrating Software, Hardware and Systems Engineering

CMMI Product Suite

CMMI for Dev constellation consists of 2 models

CMMI for Dev+IPPD CMMI for Dev

Disciplines

Hardware Engineering Systems Engineering Software Engineering

Representations

Staged Continuous

Training

Model Introduction to CMMI Intermediate Concepts Instructor Training Lead Appraiser

Appraisal methods

Appraisal Requirements for CMMI (ARC) SCAMPI Method Description Document (MDD)


5/20


CMMI Structure

One Model, Two Representations

CMMI Representations Based on the approaches of the source models Reflects the organization, use and presentation of components in a model Two representations

o Continuous - Process Capability approacho Staged - Organizational Maturity approach

The material in both representations is the same, just organized differentlyo Capability Levelso The Maturity Levels

The CMMI structure - Goals and Practices

Generic Goals:

Common goal statement for a process area Aimed at achieving institutionalization Same goal statement appears in multiple process areas Each capability level has an associated generic goal

Generic Practices:

Activities that ensure that the processes will be effective, repeatable, and lasting Generic practices contribute to the achievement of the generic goal when applied to a particular process area

Specific Goals:

Addresses the unique characteristics that describe what must be implemented to satisfy the process area Signify the scope, boundary and intent of the process area Help to determine whether the process area has been effectively implemented

Specific Practices:

Activities that are considered important in achieving the associated specific goal Describe what must be implemented to establish process capability

The CMMI structure


6/20


Example PA: Requirements Management

SG1: Manage Requirements

SP1.1 Obtain an understanding of requirements

SP1.2 Obtain commitment to requirements

SP1.3 Manage requirements changes

..

GG2: Institutionalize a Managed Process

GP2.1 Establish an organizational policyGP2.2 Plan the process

GP2.3 Provide resources

GP2.4 Assign responsibility

..

GG2: Institutionalize a Managed Process

GP 2.1

GP 2.2

GP 2.3

GP 2.4

GP 2.5

GP 2.6

GP 2.7

GP 2.8

GP 2.9

GP 2.10

Establish an Organizational Policy

Plan the Process

Provide Resources

Assign Responsibility

Train People

Manage Configurations

Identify and Involve Relevant Stakeholders

Monitor and Control the Process

Objectively Evaluate Adherence

Review Status with Higher Level Management

The 5 maturity Levels


7/20


Process Areas by Maturity Level

Level Focus Process Areas

5 Optimizing Continuous process improvement Organizational Innovation and Deploym

Causal Analysis and Resolution

4 Quantitatively Managed Quantitative Management Organizational Process Performance

Quantitative Project Management

3 Defined Process standardization at organization level;

Proactive

Requirements Development

Technical Solution

Product Integration

Verification

Validation

Organizational Process Focus

Organizational Process Definition

Organizational Training

Integrated Project Management

Risk ManagementDecision Analysis and Resolution

2 Managed Basic project management; often reactive Requirements Management

Project Planning

Project Monitoring and Control

Supplier Agreement Management

Measurement and Analysis

Process and Product Quality Assurance

Configuration Management

1 Performed

Performed/ Initial Level (L1)

Environment unstable for software development and maintenance Lack of sound management practices Ineffective planning Reaction-driven systems Person-dependent systems Process unpredictable, informal and poorly controlled

Managed Level (L2)

Focus on project management learning from previous experiences Basic software management controls installed Stakeholder commitment established Senior management visibility Processes planned, performed, measured and controlled Stable planning and tracking; earlier successes can be repeated


8/20


Process Areas for L2

Requirements Management: Manage requirements of the products & product components; identifyinconsistencies between requirements and the project's plans & products

Project Planning: Establish & maintain plans that define project activities Project Monitoring and Control: Provide an understanding of the projects progress; take appropriate

corrective actions when the projects performance deviates significantly from the plan

Supplier Agreement Management: Manage acquisition of products from suppliers where a formal agreementexists

Measurement and Analysis: Develop & sustain a measurement capability to support management informationneeds

Process and Product Quality Assurance: Provide staff & management with objective insight into processes &work products

Configuration Management: Establish & maintain integrity of work products by identifying, controlling,accounting and auditing configurable items

Defined Level (L3)

Focus on organization level

Software and management processes integrated Projects derive processes from organization-level and tailor them Processes more detailed - better understanding of inter-relationships Processes managed proactively OSSP ensures consistency across the organization


Organization Process Focus: Plan & implement organizational process improvement based on a thoroughunderstanding of strengths & weaknesses of the organizations processes & process assets

Organizational Process Definition: Establish & maintain a usable set of organizational process assets Organizational Training: Develop skills & knowledge of people so that they can perform their roles effectively &

efficiently Integrated Project Management: Establish & manage the project & stakeholder involvement according to an

integrated & defined process tailored from the OSSP

Risk Management: Identify potential problems before they occur; plan & invoke risk-handling activities, whenrequired, across the life of the product/project to mitigate adverse impacts on achieving project objectives

Decision Analysis and Resolution: Analyze possible decisions using a formal evaluation process that evaluatesidentified alternatives against established criteria

Requirements Development: Produce and analyze customer, product and product-component requirements Technical Solution: Design, develop, and implement solutions to requirements. Solutions encompass products,

product components, and product-related life-cycle processes either singly or in combinations, as appropriate

Product Integration: Assemble the product from product components; ensure that the integrated productfunctions properly; deliver the product

Verification: Ensure that selected work products meet their specified requirements Validation: Demonstrate that product or product component fulfills its intended use when placed in its

intended environment

Quantitatively Managed Level (L4)

Quantifiable goals for product and process performance identified, measured and monitored throughout theprocess life cycle


9/20


Organization-wide measurement repository Key processes and sub-processes identified Process performance controlled using statistical and other techniques Quantitative goals established based on customer and organizational needs Quantitative goals understood in statistical terms


Quantitative Project Management: Quantitatively manage the projects defined processes to achieveestablished quality & process-performance objectives

Organizational Process Performance: Establish & maintain a quantitative understanding of the OSSPsperformance (with respect to quality and process performance goals); provide process performance data,

baselines & models to quantitatively manage the organizations projects

Optimizing Level (L5)

Improvements to address common causes of process variation Measurably improve identified processes through incremental and innovative improvements Improvements selected based on expected RoI and impact Evaluation of known defects to identify root causes and prevent recurrence Organizational focus on improvement Process performance continually improved; quantitative goals established, based on business goals


Causal Analysis and Resolution: Identify causes of defects & other problems; take action to prevent recurrence Organizational Innovation and Deployment: Select & deploy incremental & innovative improvements that

measurably improve the organization's processes & technologies; improvements support organization's quality

& process performance objectives, derived from the organization's business objectives

PAs in the Business Context


10/20


SEIs IDEALSM Approach for Implementing CMMI

CMMI Appraisal Process


11/20


ITILITIL - Background

ITIL (Information Technology Infrastructure Library) is a framework of best practices to facilitate the delivery ofhigh quality IT services; published in a series of books

ITIL focuses on aligning IT services with the ever changing needs of the business and improving the quality of ITservices

It is aimed at supporting businesses in achieving high financial quality and value in IT operations Reduce the long term cost of service provision Service management is all about the delivery of customer-focused IT services using a process-oriented

approach

Originally developed in the 1980s under the auspices of the UK Government's Central Computer andTelecommunications Agency (CCTA) - entitled "Government Information Technology Infrastructure

Management Methodology" (GITMM)

In 2001, the CCTA was merged into the United Kingdom's Office of Government Commerce (OGC) V1 = 31 Books | V2 = 7 books | V3 = 5 Books World-wide de facto standard in Service Management

What is Service Management?

Service

A means of delivering value to customers by facilitating outcomes customers want to achieve without the

ownership of specific costs and risks

Service Management

A set of specialized organizational capabilities for providing value to customers in the form of services

Service Life Cycle


12/20


Major Components

Service support: concentrates on the day to day running & support of IT Services

Service desk* Incident management Problem management Change management Release management

Service delivery: focuses on long term planning and improvement of IT Services Capacity management Availability management IT service continuity management Configuration management Financial management for IT Services

Service Desk

Provide vital day-to-day contact between clients, users, IT services & third party support organizations Provide a single point of contact for all calls Facilitate the restoration of normal operational service with minimal business impact on the client within

agreed service levels and business priorities

Generate reports and communicate Provide value to the organization

Configuration Management

Provide information on the IT Infrastructure - to all other processes to IT Management Enable control of the infrastructure by monitoring and maintaining information on - all resources needed to deliver services Configuration Items status and history Configuration Item relationships

Incident Management

Restore normal service operation as quickly as possible Minimize the adverse impact on business operations Ensure that best possible levels of service quality & availability are maintained according to SLAs

Problem Management

Minimize the adverse impact of incidents & problems on the business that are caused by errors within the ITinfrastructure

Prevent the recurrence of incidents related to errors Improve productive use of resources

Change Management

Ensure that standardized methods and procedures are used for efficient and prompt handling of all changes Implement approvedchanges efficiently, and with the acceptable riskto the existing and to the new IT services


13/20


Release Management

Plan and oversee the successful rollout of software and related hardware Ensure that change to hardware and software is traceable and secure Ensure that only correct, authorized and tested versions are installed

Capacity Management

Determine the right, cost justifiable, capacity of IT resources such that the Service Levels agreed upon areachieved at the right time

Availability Management

Predict, plan and manage the availability of services by ensuring that: all services are underpinned by sufficient, reliable and properly maintained CIs where CIs are not supported internally there are appropriate contractual arrangements with third-party

suppliers

changes are proposed to prevent future loss of servicesIT Service Continuity Management

Increase business dependency on IT Reduce cost and time of recovery Cost to customer relationship Survival Many businesses fail within a year of suffering a major IT disaster

Service Level Management

Maintain and improve IT Service quality, through a constant cycle of agreeing, monitoring and reporting uponIT Service achievements

Instigation of actions to eradicate poor service - in line with business or cost justification


14/20


ISO 20000International standard for IT service management

Published in Dec 2005, it supersedes the earlier BS 15000, which was based on ITIL ISO 20000 has two parts: ISO 20000-1 ('part 1') is a specification, which defines the requirements of the standard ISO 20000-2 ('part 2') is a 'code of practice', and describes the best practices for service management Objectives:

o To promote the adoption of an integrated process approach to deliver managed services to meet thebusiness and customer requirements.

o To enable the understanding of best practices, benefits, and possible problems of service managemento To help the organization generate revenue or be cost effective via professional service management.

PDCA in Service Management

ISO 20000 Process Model


15/20


ISO 20000 Clauses

4: Planning & Implementing Service Management

4.1 Plan Service Management

To plan the implementation and delivery of service management

4.2 Implementing Service management and provide the services (Do)

To implement the service management objective and plan

4.3 Monitoring, Measuring and Reviewing (Check)To monitor, measure and review that the service management objectives and plan are being achieved

4.4 Continual Improvement (Act)

To improve the effectiveness and efficiency of service delivery and management

5 : Planning & implementing new or changed services

To ensure that new services and changes to services will be deliverable and manageable at the agreed cost

and service quality.

6: Service Delivery Process

6.1 Service Level ManagementTo define, agree, record and manage levels of service

6.2 Service Reporting

To produce agreed timely, reliable, accurate reports for informed decision making and effective

communication

6.3 Service Continuity and Availability Management

To ensure that agreed service continuity and availability commitments to customers can be met in all

circumstances.

6.4 Budgeting and Accounting for IT Services

To budget and account for the cost of service provision.

6.5 Capacity ManagementTo ensure that the service provider has, at all times, sufficient capacity to meet the current and future

agreed demands of the customers business needs.

6.6 Information Security Management

To manage information security effectively within all service activities.

7 : Relationship Processes

7.1 General

Relationship processes describes the two related aspects of Supplier Management and Business

Relationship Management

7.2 Business Relationship ManagementTo establish and maintain a good relationship between the service provider and the customer based on

understanding the customer and their business drivers.

7.3 Supplier Management

To manage suppliers to ensure the provision of seamless, quality services.

8 : Resolution Processes

8.1 Background

Incident and problem management are separate processes, although they are closely linked.


16/20


8.2 Incident Management

To restore agreed service to the business as soon as possible or to respond to service requests

8.3 Problem Management

To minimize disruption to the business by proactive identification and analysis of the cause of

incidents and by managing problems to closure

9 : Control Processes

9.1 Configuration ManagementTo define and control the components of the service and infrastructure and maintain

configuration information.

9.2 Change Management

To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner.

10 : Release Process

10.1 Release Management Process

To deliver, distribute and track one or more changes into the live environment.

Benefits of Implementing ISO 20000 Provides control, greater efficiency and opportunities for improvement. Turns technology focused departments into ones with a service focus Ensures that IT services are aligned with and satisfy business deeds Improves system reliability and availability Provides a basis to agree on levels of service and the ability to measure IT service quality Establishes the true cost of IT


17/20


Demings PrinciplesWilliam Edwards Deming (October 14, 1900 December 20, 1993)

American statistician, professor, author and consultant Proponent of Total Quality Management (TQM) Helped in improving production in USA during World War II Best known for his significant contribution to Japan becoming renowned for innovative high-quality products Author of:

Out of the Crisis The New Economics for Industry, Government, Education

Founded the W. Edwards Deming Institute in Washington D.C. in 1993 Deming Prize established by JUSE (Japanese Union of Scientists & Engineers)

Some Common Problems

a) Defective products b) Rework c) Production delays d) Scrap/ waste e) Higher costs f) Client complaintsChain Reaction

Demings Philosophy

Need for awakening to the crisis followed by action Transformation can be achieved only by people not by machines / automation Management plays a critical role in transformation The 14 points for management

Provide a Roadmap for Change" - for achieving improved quality and productivity Apply to all organizations of any size Apply to all industries

Main Themes Leadership and teamwork Long-term planning Focus on Quality instead of Costs Strive for Continual Improvement

Demings 14 Principles

1. Create constancy of purpose

Define clear objectives Focus on long-term planningthink of problems of tomorrow; not just problemsof today Efficiency alone is not enough innovate! Constantly improve the design of products and services Be pro-active; not reactive


18/20


2. Adopt a new philosophy

Delays and mistakes increase costs Rework/ repair and replacements cost money and create customer dissatisfaction Adopt a new philosophy of cooperation (win-win) in which everybody wins Put it into practice by teaching it to employees, customers and suppliers Management should walk the talk

3. Cease dependence on mass inspection Inspection to achieve quality is too late and costly Putting more inspectors will not solve the problem Dont depend on quality control to achieve quality Instead, improve the process and build quality into the product from start to finish Focus on quality assurance Aim for preventing defects rather than detecting them4. Dont award business based on price only

Price has no meaning without a measure of the quality being purchased Dont compromise quality for the sake of saving costs Focus on total cost of ownership Aim for long term cost reduction rather than short term profits Advantages of single supplier:

Long-term contracts => partnership Economies of scale Mutual confidence - loyalty and trust

5. Improve constantly and forever

Quality must be built into the product from design Quality starts with the intent (of management) Teamwork across departments is essential Putting out fires is not improvement Strive for continual improvement in all areas6. Institute training for skills

People should be trained appropriately for their job Need for a structured training program across the organization Training for management and new employees7. Institute leadership for the management of people The job of management is leadership, not supervision Leaders must know the work they supervise Avoid MBO and MBWA Aim should be to help people do a better job Some performance will always be below average8. Drive out fear

People cannot deliver their best if they feel insecure


19/20


People should not be afraid to express ideas, ask questions, seek knowledge or admit mistakes Drive out fear and build trust9. Break down barriers between departments

Teamwork across departments is fundamental People in research, design, sales, and production must work as a team Abolish competition and build a win-win system of cooperation within the organization

Star Team vs. Team of Stars

10. Eliminate slogans and exhortations

Eliminate empty slogans and exhortations Instead, focus on the system Most errors are caused by the system, rather than people Strive to improve the processes to help in improving the quality and productivity11. Eliminate management by objectives

Dont focus only on numbers and quotas Quotas are a retardant to improvement Numerical goals without a roadmap to achieve them, are useless Stress on quality12. Remove barriers to pride of workmanship

People should be able to enjoy their work and take pride in their workmanship Focus on quality, instead of quantity (production targets) Dont treat people as a commodity Absenteeism is largely dependent on supervisorif people feel important, theyll come to work13. Institute education and self-improvement Institute a proper training program at organization level for everyone Ensure that the employees are appropriately trained for the job they are expected to perform This will also facilitate their professional development and self-improvement14. The transformation is everybody's job

Plan for action - Involve all the company employees to work on the transformation People should understand the objectives of the transformation This will ensure buy-in of the peopleThe 7 Deadly Diseases1. Lack of constancy of purpose.2. Emphasis on short-term profits.3. Evaluation by performance, merit rating, or annual review of performance.4. Mobility of management.5. Running a company on visible figures alone.6. Excessive medical costs.7. Excessive costs of warranty, fueled by lawyers who work for contingency fees.


20/20

References Certified Software Quality Analyst - CBOK Out of the Crisis by W. Edwards Deming International Organisation for Standardisation (ISO) www.iso.org Software Engineering Institute (SEI) for CMMI www.sei.cmu.edu IT Service Management Forum International www.itsmfi.org

Quality Assurance Institute Worldwide www.qaiworldwide.org American Society for Quality www.asq.org IT Metrics & Productivity Institute www.itmpi.org The Total Quality Management Free Article Library www.work911.com/tqmarticles.htm
http://www.iso.org/http://www.iso.org/http://www.sei.cmu.edu/http://www.sei.cmu.edu/http://www.itsmfi.org/http://www.itsmfi.org/http://www.qaiworldwide.org/http://www.qaiworldwide.org/http://www.asq.org/http://www.asq.org/http://www.itmpi.org/http://www.itmpi.org/http://www.work911.com/tqmarticles.htmhttp://www.work911.com/tqmarticles.htmhttp://www.work911.com/tqmarticles.htmhttp://www.itmpi.org/http://www.asq.org/http://www.qaiworldwide.org/http://www.itsmfi.org/http://www.sei.cmu.edu/http://www.iso.org/

IT Quality Assurance

Documents

Transcript of IT Quality Assurance