QA4 CFICSE99

1
QA4 CFICSE 99

• Terry Shepard
• October 1999

2
Quality Plans and Standards

• ISO 9000
• IEEE 730-1989, 730.1-1995
• standard for SQA Plans
• IEEE 982.1-1998, 982.2-1988
• IEEE 1061-1992
• IEEE 1228-1994
• IEEE 1298-1992

3
ISO 9000 QA Standards

• treat an enterprise as a network of
  interconnected processes
• Cover quality planning, control, assurance and
  improvement
• what but not how
• ISO 9001 applies to engineering
• ISO 9000-3 applies to software engineering

4
ISO 9001

• Quality systems - Model for quality assurance in
  design/development, production, installation and
  servicing

5
ISO 9001 20 requirements (part 1)

• management responsibility
• quality system
• contract review
• design control
• document and data control
• purchasing
• control of customer supplied product
• product identification and traceability
• process control
• inspection and testing

6
ISO 9001 20 requirements (part 2)

• control of inspection, measuring, and test
  equipment
• inspection and test status
• control of nonconforming product
• corrective and preventive action
• handling, storage, packaging, preservation and
  delivery
• control of quality records
• internal quality audits
• training
• servicing
• statistical techniques

7
ISO 9000-3

• Quality Management and quality assurance
  standards - Part 3
• Guidelines for the application of ISO 9001 to the
  development, supply and maintenance of software

8
ISO 9000-3

• primarily intended to cover software purchase
  contracts
• directly extends 9001
• bias toward waterfall model
• includes clauses that allow close collaboration
  between purchaser and supplier during contract
  execution
• no explicit provision for multiple contracts
  under one umbrella (e.g. IVV)
• allows for subcontracting (ISO 9001)

9
(some of the)IEEE Standards related to quality

• IEEE 730 Software QA Plans
• IEEE 982 Dictionary of measures to produce
  reliable software
• IEEE 1061 Software quality metrics methodology
• IEEE 1228 Software safety plan
• IEEE 1298 Software quality management system
  (Part 1)

10
IEEE 730 Software QA Plans

• basic rationale is legal liability
• intended for critical software
• extended by 1228
• sets out required elements for adequacy
• description is sparse
• template for further standards

11
IEEE 730 plan sections (part 1)

• Purpose
• Reference Documents
• Management
• Documentation
• Standards, practices, conventions, and metrics
• Reviews and audits
• Test

12
IEEE 730 plan sections (part 2)

• Problem reporting and corrective action
• Tools, techniques, and methodologies
• Code control
• Media control
• Supplier control
• Records collection, maintenance, and retention
• Training
• Risk management

13
IEEE 730 Management section

• Organization
• degree of independence of SQA function can vary
• Tasks
• portion of life cycle covered by SQA plan
• relationship to checkpoints
• Responsibilities
• to be assigned by organizational unit

14
IEEE 730 Documentation section

• Requires
• SRS
• SDD
• SVVP
• SVVR
• User Documentation
• SCMP

15
IEEE 730 Standards, practices, conventions, and
metrics section

• Requires
• Documentation standards
• Logic structure standards
• Coding standards
• Commentary standards
• Testing standards and practices
• Selected SQA product and process metrics
• eg. Branch, decision point, domain, error
  message, requirements demonstration

16
IEEE 730 Reviews and Audits section

• Requires
• SRR
• PDR
• CDR
• SVVPR
• Functional audit
• Physical audit
• In-process audits (consistency checks)
• Managerial reviews
• SCMPR
• Post mortem review

17
IEEE 730.1-1995

• supports 730 by identifying approaches to good
  SQA practices
• significantly longer than 730
• (46 pp. vice 12 pp.)
• makes it clearer that the primary intent of 730
  is to govern the behaviour of a separate SQA
  organization

18
IEEE 982.1 Dictionary of measures to produce
reliable software

• Standard is misnamed it is a collection of
  definitions of metrics
• see overhead of Table 3-1 from the standard
• IEEE 982.2 is a guide for the use of 982.1

19
IEEE 1061 Software quality metrics methodology

• Not another quality model
• framework factors, subfactors, metrics
• process for applying framework
• Annex A example of a quality model
• (looks like 9126)
• Annex B sample metrics descriptions
• Halstead, COCOMO, function points, McCabe
• Annex C Examples of use of the methodology
• Annex D annotated bibliography

20
IEEE 1228 Software safety plan (top level)

• Purpose
• Definitions, acronyms and abbreviations, and
  references
• Software Safety Management
• Software Safety Analysis
• Post Development
• Plan Approval

21
IEEE 1228 Software Safety Management (part 1)

• Organization and responsibilities
• resources
• staff qualifications and training
• software life cycle
• documentation requirements
• software safety program records
• software configuration management activities

22
IEEE 1228 Software Safety Management (part 2)

• software quality assurance activities
• software verification and validation activities
• tool support and approval
• previously developed or purchased software
• subcontract management
• process certification

23
IEEE 1228 Software Safety Analysis

• Software Safety analyses preparation
• Software Safety requirements analysis
• Software Safety design analysis
• Software Safety code analysis
• Software Safety test analysis
• Software Safety change analysis

24
IEEE 1228 Post Development

• Training
• Deployment
• installation
• startup and transition
• operations support
• monitoring
• maintenance
• retirement and notification

25
IEEE 1298 Software quality management system

• adapted from Australian Standard AS 3563.1-1991
• closely tied to ISO 9000
• one standard too many?