CPIS 357 Software Quality & Testing

I.Rehab Bahaaddin Ashary

Faculty of Computing and Information Technology

Information Systems DepartmentFall 2010

Lecture3:Quality Standards

Lecture Objectives• Sarbanes - Oxley• ISO9000• Capability Maturity Model (CMM)

• Maturity Levels• People CMM• CMMI

• Malcolm Baldrige National Quality Award

Sarbanes - Oxley

• Act of 2002 and known as the Public Company Accounting Reform protection. Commonly called Sox or Sarbox

• Is designed to insure the following: 1. There are sufficient controls to prevent fraud, misuse, or

loss of financial transaction . In many companies most of these controls are IT based

2. There are controls to enable speedy detection if and when such problems occur.

3. Effective action is taken to limit the effects of such problems.

• Not only must controls be in place; they must be effective and it

must be possible to note exception caught by controls and follow audit trials to take appropriate action in response to those exception.

Sarbanes - Oxley

Table 1 : Top COBIT Controls

Sarbanes - Oxley

Table 2 : COBIT Controls by Areas of Activity

ISO9000

• Is a quality series and comprises a set of five documents developed in 1987 by the International Standard Organization (ISO).

• Becoming more and more important through Europe and United State for manufacture and hardware.

• ISO9000 is a definitive set of quality standards, but is represents quality as a part of Total Quality Management (TQM).

• It consists of ISO9001, ISO9002, or ISO9003 and it provides the guidelines for selecting and implementing a quality assurance standard.

ISO9000

• ISO9001 defines all the quality elements required to demonstrate the suppliers ability to design and deliver a quality product.

• ISO9002 covers quality considerations for the supplier to control design and development activities.

• ISO9003 demonstrates the supplier’s ability to detect and control protocol nonconformity during inspection and testing.

• ISO9004 Describes the quality standards associated with ISO9001,ISO9002,ISO9003 and provides a comprehensive quality checklist.

Table 3: Companion ISO Standards

Capability Maturity Model (CMM)

• The Software engineering Institute – Capability Model (SEI- CMM) is a model for judging the following:

Judging the maturity of the software processes of an organization.

Identifying the key practices that are required to increase the maturity of these processes.

Describes the principles and practices underlying software process maturity and is intended to help software organization improve the maturity of their software processes in terms of an evolutionary path from ad hoc chaotic processes to mature software process

Capability Maturity Model (CMM)

The CMM is organized into five maturity levels

Level 1 : Initial• The software process is characterized as ad hoc, few processes are

defined and success depends on individual efforts.• This period is chaotic without any procedure and process

established for software development and testing. Level 2 : Repreatable• Track cost, schedule, and functionality .• During this phase, measures and metrics will be reviewed to

include percentage compliance with various processes, percentage of allocated requirements delivered, number of changes to requirements, number of changes to project plan, variance between estimated and actual size of deliverables.

Capability Maturity Model (CMM)

The CMM is organized unto five maturity levels

• The following are the key process activities during Level 2: Software configuration management Software quality assurance Software subcontract management Software project tracking and oversight Software project planning Requirement management

Level 3: Defiened• The software process for management and engineering activities is

documented, standardized and integrated into a standard software process for the organization.

• All projects use an approved version of the organization standard software process for developing and maintaining software.

Capability Maturity Model (CMM)

The CMM is organized unto five maturity levels• In this phase measures and metrics will be reviewed to include

percentage of total project time spent on test activities, test efficiency, inspection rate for deliverable, inspection efficiency, variance between actual attendance and planned attendance for training programs.

• The following are the key process activities during Level 3: Examine reviews Intergroup coordination Software program engineering Integrated software management Training Program Organization process definition Organization process focus

Capability Maturity Model (CMM)

The CMM is organized unto five maturity levels

Level 4: Managed• Detailed measures of the software process and product quality are

collected and both are understood and controlled.• This phase denotes that the processes are well defined and

proficiently managed.• The quality standard are on an upswing.• With sound quality process in place the organization is better

equipped to meet customer expectations of high quality/ high performance software at reasonable cost and commitment deliveries .

Capability Maturity Model (CMM)

The CMM is organized unto five maturity levelsLevel 5: Optimizing• Continues process improvement is enabled by quantitative

feedback from the process and from piloting new idea and technologies.

• Continuous emphasis on process improvement and defect reduction avoid process stagnancy and ensure continual improvement translating into improved productivity, tracing requirements across each development phase improves the completeness of software, reduce rework, and simplify maintenance. Verification and validation activities are planned and executed to reduce defect leakage. Customers have access to the project plane, receive regular status reports and their feedback is sought and used for process tuning.

Capability Maturity Model (CMM)

People CMM• Is a framework that helps organization successfully address their

critical people issues such as human resources, knowledge management, and organizational development.

• The people CMM guides organization in improving their processes for managing and developing their workforces.

• People CMM helps organization characterize the maturity of their workforce practice.

• Establish program of continuous workforce development (set priority) .

Capability Maturity Model (CMM)

CMMI• The CMMI product suite provides the latest best practices for

product and services development and maintenance.

• The models extend the best practices of the of the Capability Maturity Model Software (SW – CMM) , the Systems Engineering Capability Model (SECM) and the Integrated Product Development Capability Maturity Model (IPD – CMM).

• Organization reported that CMMI is adequate for guiding their process suitable for their needs, although there are specific opportunities for improvement.

Malcolm Baldrige National Quality Award

• Public law 100-107, signed into law on August20, 1987 created Malcolm Baldrige National Quality Award. The Award program led to the creation of a new public – private partnership.

The System for scoring examination items is based on these evaluation dimintions

1. Approach: Indicates the method that the company uses the achieve the purpose. Is the approach systematic/ used tools/is the system integrated.

2. Deployment: It evaluate whether the approach is implemented in all product and services

3. Result: This refers the outcome of the approach. The quality levels demonstrated, rate of the quality improvement, and significance.

Malcolm Baldrige National Quality

Table 4 : Baldrige Performance Framework