Planning for Software Quality Assurance

By Mr. Fazal Wahab

Importance of SQAP SQA plan provides a road map for instituting

software quality assurance. The plan serves as a template for SQA activities

that are instituted for each software project. define the techniques, procedures, and

methodologies that will be used to assure timely delivery of the software that meets specified requirements within project resources.

Software Quality Assurance Planning What is not tracked is not done” The Goals of Software Quality Assurance:

To improve software quality by appropriately monitoring both the software and the development process that produces it.

To ensure full compliance with the established standards and procedures for the software and the software process.

To ensure that any inadequacies in the process, product and standards are brought to managements attention so that these inadequacies can be fixed

Software Quality Assurance Plan For each development project the SQAP

specifies: Its goals SQA tasks to be performed Standards against which development work is to

be measured Software quality organizational structure Software quality procedures

IEEE Standard for SQAP IEEE Std 730-1989

Standard for Software Quality Assurance Plans

IEEE Guide for Software Quality Assurance Planning

IEEE 730-1989 Standard for Software Quality Assurance Plans1. Purpose2. Reference Documents3. Management4. Documentation5. Standards, Practices, Conventions and Metrics6. Reviews and Audits7. Test8. Problem Reporting and Corrective Action9. Tools, Techniques, and Methodologies10. Code Control11. Media Control12. Supplier Control13. Records Collection14. Training15. Risk Management

Contents of SQA Plan - Purpose Purpose

Describes the purpose of the project SQAP List software covered by SQAP State portion of software life cycle covered Measurable Objectives Answers the following:

What is the intended use of the software (criticality, interfaces etc…)?

What is the scope of this SQAP? How will this plan contribute to the success of the project? Name the SDLC that applies to the project and deviations.

Contents of SQA Plan – Purpose (Measurable Objectives) Example Objectives Technical review of all project documents

Ensure maximum inspection rates of 6 pages/hour for documentation and 200 LOC/hour for code.

Have a process defect yield of 99.9% before delivery.

Have a delivered defect density < 1 defect/1000 LOC for first 12 months of operation

Contents of SQA Plan – Reference Documents Reference Documents

complete list of documents referenced elsewhere in the SQAP

For example: Standards and guidelines

Contents of SQA Plan – Management organization - depict structure of org.

responsibilities tasks

tasks to be performed relationship between tasks and checkpoints sequence of tasks

responsibilities of each organizational unit

Contents of SQA Plan – Documentation identify required documents state how documents will be evaluated minimum documents required by IEEE 730

SRS - Software Requirements Specification SDD - Software Design Description SVVP – S. Verification and Validation Plan SVVR - S. Verification and Validation Report User documentation - manual, guide SCMP – S. Configuration Management Plan

Contents of SQA Plan – Standards, Practices, Conventions and metrics Identify S,P,C,and M to be applied How compliance is to be monitored and assured Minimum

documentation standards, logic structure standards, coding standards, testing standards

List Selected SQA product and process metrics Defects Found, Change Activity, Software Structure,

Availability,… Must be related to measurable objectives in Purpose Section.

Contents of SQA Plan – Reviews and Audits purpose

define what reviews/audits will be done how they will be accomplished what further actions are required

Minimum Software Requirements Reviews Preliminary Design Review

evaluate technical adequacy of top-level design

Min Set of Reviews/Audits Critical Design Review

acceptability of detailed designs Software Verification and Validation Plan Review

adequacy of planned verification and validation Functional Audit

all requirements in SRS have been met Physical Audit

software and documents are consistent and ready In-Process Audit Managerial Reviews

Test and Problem Reporting Contents of SQA Plan – Test

Identify all tests that are not included in SVVP for the software covered by the SQAP and shall state the methods to be used.

Contents of SQA Plan – Problem Reporting Practices and Procedures for reporting, tracking,

and resolving problems Organizational responsibilities

Tool, Techniques etc Contents of SQA Plan – Tools, Techniques and

Methodologies identify the special software tools, techniques and

methodologies purpose describe use

Code Control The purpose of this section is to define the methods and

facilities used to maintain, store, secure and document controlled versions of the identified software.

Code control includes the items listed below: Identifying, labeling, and cataloging the software to be

controlled Identifying the physical location of the software under control Identifying the location, maintenance, and use of backup copies Distributing copies of the code Identifying the documentation that is affected by a change Establishing a new version Regulating user access to the code.

Media Control Media control includes the items listed below:

Regularly scheduled backup of the media. Labeled and inventoried media filed in a storage

area in accordance with security requirements and in a controlled environment that prevents degradation or damage to the media.

Adequate protection from unauthorized access.

Supplier Control The purpose of this section is to state the

provisions by which SQA assures that software provided by suppliers meets established requirements.

Records - collection, maintenance, and retention Identify the SQA documentation to be retained,

state the methods and facilities to be used to assemble, safeguard, and maintain this documentation, and designate the retention period.

SQA activities are documented by records and reports that provide a history of product quality throughout the software life cycle. Measurement data collected will be reviewed for trends and process improvement.

Training Identify the training activities necessary to meet

the needs of the SQA Plan. provides a matrix that identifies the required skills

to perform SQA tasks to implement this SQA Plan. The training schedule will be compatible with the

project schedule In some cases, training will be conducted as On-

the-Job (OJT) training

Risk Management Specify the methods and procedures employed to

identify, assess, monitor, and control areas of risk arising during the portion of the software life cycle covered by the SQA Plan

SQA will review and evaluate the technical risk analysis and any risk reduction plan

SQA reporting will confirm that the identified risks are managed in accordance with the provisions of the project’s risk management plans.

Standards Standards provide a basis against which activities

can be measured and evaluated Document, established by consensus and

approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context. (ISO – International Organization for Standardization)

Types of Standards Regulatory Standards - imposed by

Government legislation or regulation; Speed Limits; Electric Voltages for Distribution; Some Communications standards.

Consensus Standards - adopted by a community of interest to further the interests of the community most professional Standards and many manufacturing

Standards.

Types of Standards External Standards - define the ways in

which an organisation relates to its clients and competitors. e.g. AS 3563; ISO 9001; ANSI/IEEE 730 etc.

Internal Standards - define the practices and procedures in place within an organisation.

Focus of Standards Standards which define in detail a specific

product . Standards which define the process through

which products in the field need to pass. Standards which define requirements for a

particular resource to be used in the development process.

The Language of Standards “shall” or “shall not”

to indicate requirements strictly to be followed in order to conform to the standard and from which no deviation is permitted.

“should” or “should not” to indicate that among several possibilities one is recommended

as particularly suitable, or that a certain course of action is preferred but not necessarily required.

“may” or “need not” to indicate a course of action permissible within the limits of the

standard. “can” or “cannot”

for statements of possibility and capability, whether material, physical or causal.

Sources of Standards International Standards

The International Organisation for Standardisation (ISO)

The International ElectroTechnical Commission (IEC).

Other bodies concerned with international standards exist but normally have a limited scope of interest (e.g. the International Telecommunications Union (ITU); Internet Standards Group; etc.)

Sources of Standards In Information Technology, the ISO and IEC

have set up a Joint Technical Committee, JTC1. JTC1 operates through a series of sub-

committees Sub-committee 7 (JTC1/SC7) is responsible for

Software Engineering Standards

Sources of Standards In-house Development

Standards from whatever source may need to be tailored or adapted to an individual companies needs.

Three Major Approaches Ad Hoc standardization Standards Groups Standards Committees

The Standards Process – usually followed

Formulation

Definition

Approval

Implementation

Comment

Areas of Standardization in Software Development examples Software Development Life Cycle standards Documentation Coding standards Naming standards Operating Procedures and Protocols User Development