Quality Management in Software Engineering 1 Why

Quality Management in Software Engineering 1

Why do we need a QMS on a Project? To try to ensure that the project runs smoothly and we produce a quality product at the end of it. Applies to any project e. g. building a bridge or a television set or a computer system 2

Following QMS Procedures helps the following: • Communication between individuals and teams ( via documents and reviews of documents ) • Manage changes to the design as the system is developed • Manage fixing of bugs found during testing • Software version control for bug fix releases • QMS helps particularly in Change Management area 3

ISO 9001 & Tick. IT • Being ISO 9001 & TICKIT registered means the company adheres to these QMS standards • Being ISO 9001 & TICKIT registered means the company is allowed to tender for large government contracts • British Standards Institute (BSI) inspectors visit the company at least once a year to carry out audits to check ISO 9001 & TICKIT compliance 4

Having a QMS Doesn’t Guarantee Quality • Team members may not follow the QMS • The project may be technically or financially flawed from the start • Impossibly tight timescales reduce quality corners are cut • Swanick Air Traffic Control Centre – type this into your search engine and be amazed when you read about the problems! 5

QMS In Manufacturing • E. g. applying a QMS to Car Production • Use good quality steel, paint etc • Use robots which don’t suffer human failings they do a perfect job every time! (If they are ‘setup’ right!) • A QMS will ensure the quality of the raw materials and build quality through inspections and measurements throughout the build process • Produces a quality car e. g a Mercedes renowned for their quality • Good quality costs - a Mercedes costs more than a Ford 6

When Safety Is Critical • QMS in safety critical systems is vital in both the development of those systems and in the running of those systems • The need for safety overrides cost factors which always limit the quality of a product e. g. far more testing would be done on a safety critical system ( nuclear reactor control system, flight control system ) than for a non safety critical system 7

Quality Management in Software Engineering Part 2 - Quality Standards & Tickit 8

Tick. IT §Tick. IT is a Quality Assurance Standard specifically for software §The Tick. IT Guide costs around £ 42 and contains guides for the auditors & s/w developers §Tick. IT relates to constructing and operating a Quality Management System for the production of software systems 9

Quality is: §“a degree of excellence” (The Oxford English Dictionary definition) §fitness for purpose §conformance to requirements 10

Philip Crosby’s view of Quality (Crosby is one of the so-called Quality gurus) Crosby’s definition of Quality: -“conformance to requirements” Quality in the system processes: - prevention not cure want to prevent faults getting into the product not just cure the faults when they’ve occurred measure of Quality: - cost of quality measure quality by the ‘cost of waste’. Implementing Quality Management Systems costs money but lack of quality costs more. Quality is an investment. “ Quality is Free” the target of a Quality Management System: - zero defects 11

Quality Standards § AQAP 1, 13 &14 (NATO) - one of the first standards - 1960 - a military standard § ANSI/IEEE - 730 - a standard for s/w development § DEF-STAN 00 -16 - a UK standard for s/w quality assurance § FAA-STD-018 - Federal Aviation Authority standard for s/w development § Do. D 2167 - an American Dept of Defence s/w development standard § (ISO 9001/BS 5750/EN 29000) - international standards for Quality Management Systems - all of these are similar § Tick. IT (ISO 9001: 2000 and ISO 9000 -3: 1997) - international standards for Quality Management Systems in the production of s/w systems 12

What is Tick. IT? § It is a scheme based upon the ISO 9000 -3 standard § ISO 9000 -3: 1997 …. the application of ISO 9001 to software § a ‘sector certification scheme’ § - run by the software profession - it trains people to be auditors. Auditors are generally s/w professionals themselves who have experience in s/w engineering § - the Tick. IT scheme was funded and promoted originally by the Department of Trade 13

Why go for Tick. IT? § to retain market share and satisfy the customer may demand it. Tick. IT hopefully identifies you as a producer of high quality s/w § invariably a mandatory condition of Govt. contracting § to improve both process and product - you get a better quality product because you have quality procedures built into your processes § to stimulate (software) developers to think about: § what quality really is § how it may be achieved - the s/w development team adhere to quality procedures and work in 14 a quality way

The role of the Auditor various Auditor roles: first, second and third party audits first party - your own organisation audits itself internally second party - someone else audits you against their own standard e. g. Mc. Donalds performs 2 nd party audits. Mc. Donalds headquarters checks their outlets which are franchises third party - someone else e. g. Lloyds Registers audits you against an international standard e. g. ISO 9001 - not one of their own making 15

The Role of the Auditor § the auditors: trained, registered and monitored § they check that a company conforms to the basic principles of ISO 9000 -3: documented, implemented and effective QMS 16

The Audit Process: 1. Application for Certification - the certificate gives the scope of the certification i. e. what parts of the standard you have conformed to 2. Certification Audit - a ‘lead’ auditor makes a preliminary visit to your company to discuss and plan the audit. The actual audit will take a few days and involve several auditors. There will be a debrief to discuss what the auditors have found. You pay for this audit. 17

The Audit Process: 3. Auditing - looks at documentation, records and activities. There may be non-conformances. There are 2 types of non-conformance. Major - means you fail to get certified. Minor - you get certified but subject to the company fixing some nonconformances. 4. ‘Health - check’ every 6 months - auditors should see a trend of quality processes improving 5. Full Review for Relevance Every 3 Years - full audit to determine if you still conform 18

Tick. IT / ISO 9001: 2000 • In December 2000, following considerable review of the effectiveness of 9001: 1994 and competitive systems such as the CMM, the International Standards Organisation (ISO/TC 176) published an update to ISO 9001: 1994 called ISO 9001: 2000 • ISO 9001: 2000 explicitly talks about continued improvement which previously was implicit. This brings ISO 9001 more into line with the CMM which rates continual improvement as very important. • Existing QM systems in 2000 were given a maximum of 3 years for compliance with ISO 9001: 2000 • New QM systems are assessed against ISO 9001: 2000. 19

ISO 9001: 2000 – Aim, Structure • The stress is upon: meeting requirements, value of each process, measuring process performance and effectiveness, continual improvement. • 9001 fundamentally takes a ‘process approach’ to QM systems – ‘plan, do, check, act’. • The four Main sections of the standard are: - Management Responsibility; - Resource Management; - Product Realization; - Measurement, Analysis and Improvement. 20

Main Sections (i) There are FOUR main sections to 9001: 2000: Management Responsibility Commitment, Policy, Planning, Responsibility Authority and Communication, Review Resource Management Provision, Human, Infrastructure, Environment 21

Main Sections (ii) Product Realization - Planning, - Customer Related Processes, - Design and Development, - Purchasing, - Production and Service Provision, - Control of Monitoring and Measuring Devices. Measurement, Analysis and Improvement - each has specific notes to be adhered to… 22

Main Sections (iii) Measurement, Customer Satisfaction, Internal Audit, of Processes, of Product, - Control of Nonconforming Product. Analysis - shall inform about conformity to requirements, trends in process and product, suppliers, and customer satisfaction. Improvement Continual Improvement, Corrective Action, Preventative Action. - one of the main things introduced by ISO 9001: 2000 - raising the profile of improvement in the QMS 23

What is ISO 9000 -3, in detail? § quality system - 1. framework § quality system - 2. life-cycle activities § quality system - 3. supporting activities 24

ISO 9000 - 3 1. Framework Defines procedures for: - § Management responsibility § Quality Management System § Internal QS audits § Corrective action necessary to improve quality 25

ISO 9000 - 3 2. Life-cycle Activities § Purchaser’s requirements specification § Development planning § Quality System planning § Design and implementation § Testing and validation § Replication, delivery and installation § Maintenance ( Support ) 26

ISO 9000 - 3 3. Supporting Activities § Config. management § Document control § Rules, practices and conventions § Tools and techniques § Included software product § Measurement § Purchasing § Training § Quality records - records of reviews, tests, things to put right following nonconformance 27

Who Uses Tick. IT? § Large Financial Institutions e. g. Barclays § Major s/w Development organisations e. g. Oracle § Telecommunications Companies e. g. BT § Government departments e. g. MOD § + Many SMEs also apply Tick. IT to improve their quality processes 28