170 likes | 381 Views
CPIS 357 Software Quality & Testing. I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010. Lecture3:Quality Standards. Lecture Objectives Sarbanes - Oxley ISO9000 Capability Maturity Model (CMM) Maturity Levels People CMM
E N D
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010
Lecture3:Quality Standards • Lecture Objectives • Sarbanes - Oxley • ISO9000 • Capability Maturity Model (CMM) • Maturity Levels • People CMM • CMMI • Malcolm Baldrige National Quality Award
Sarbanes - Oxley • Act of 2002 and known as the Public Company Accounting Reform protection. Commonly called Sox or Sarbox • Is designed to insure the following: • There are sufficient controls to prevent fraud, misuse, or loss of financial transaction . In many companies most of these controls are IT based • There are controls to enable speedy detection if and when such problems occur. • Effective action is taken to limit the effects of such problems. • Not only must controls be in place; they must be effective and it must be possible to note exception caught by controls and follow audit trials to take appropriate action in response to those exception.
Sarbanes - Oxley Table 1 : Top COBIT Controls
Sarbanes - Oxley Table 2 : COBIT Controls by Areas of Activity
ISO9000 • Is a quality series and comprises a set of five documents developed in 1987 by the International Standard Organization (ISO). • Becoming more and more important through Europe and United State for manufacture and hardware. • ISO9000 is a definitive set of quality standards, but is represents quality as a part of Total Quality Management (TQM). • It consists of ISO9001, ISO9002, or ISO9003 and it provides the guidelines for selecting and implementing a quality assurance standard.
ISO9000 Table 3: Companion ISO Standards • ISO9001 defines all the quality elements required to demonstrate the suppliers ability to design and deliver a quality product. • ISO9002 covers quality considerations for the supplier to control design and development activities. • ISO9003 demonstrates the supplier’s ability to detect and control protocol nonconformity during inspection and testing. • ISO9004 Describes the quality standards associated with ISO9001,ISO9002,ISO9003 and provides a comprehensive quality checklist.
Capability Maturity Model (CMM) • The Software engineering Institute – Capability Model (SEI- CMM) is a model for judging the following: • Judging the maturity of the software processes of an organization. • Identifying the key practices that are required to increase the maturity of these processes. • Describes the principles and practices underlying software process maturity and is intended to help software organization improve the maturity of their software processes in terms of an evolutionary path from ad hoc chaotic processes to mature software process
Capability Maturity Model (CMM) • The CMM is organized into five maturity levels • Level 1 : Initial • The software process is characterized as ad hoc, few processes are defined and success depends on individual efforts. • This period is chaotic without any procedure and process established for software development and testing. • Level 2 : Repreatable • Track cost, schedule, and functionality . • During this phase, measures and metrics will be reviewed to include percentage compliance with various processes, percentage of allocated requirements delivered, number of changes to requirements, number of changes to project plan, variance between estimated and actual size of deliverables.
Capability Maturity Model (CMM) • The CMM is organized unto five maturity levels • The following are the key process activities during Level 2: • Software configuration management • Software quality assurance • Software subcontract management • Software project tracking and oversight • Software project planning • Requirement management • Level 3: Defiened • The software process for management and engineering activities is documented, standardized and integrated into a standard software process for the organization. • All projects use an approved version of the organization standard software process for developing and maintaining software.
Capability Maturity Model (CMM) • The CMM is organized unto five maturity levels • In this phase measures and metrics will be reviewed to include percentage of total project time spent on test activities, test efficiency, inspection rate for deliverable, inspection efficiency, variance between actual attendance and planned attendance for training programs. • The following are the key process activities during Level 3: • Examine reviews • Intergroup coordination • Software program engineering • Integrated software management • Training Program • Organization process definition • Organization process focus
Capability Maturity Model (CMM) • The CMM is organized unto five maturity levels • Level 4: Managed • Detailed measures of the software process and product quality are collected and both are understood and controlled. • This phase denotes that the processes are well defined and proficiently managed. • The quality standard are on an upswing. • With sound quality process in place the organization is better equipped to meet customer expectations of high quality/ high performance software at reasonable cost and commitment deliveries .
Capability Maturity Model (CMM) • The CMM is organized unto five maturity levels • Level 5: Optimizing • Continues process improvement is enabled by quantitative feedback from the process and from piloting new idea and technologies. • Continuous emphasis on process improvement and defect reduction avoid process stagnancy and ensure continual improvement translating into improved productivity, tracing requirements across each development phase improves the completeness of software, reduce rework, and simplify maintenance. Verification and validation activities are planned and executed to reduce defect leakage. Customers have access to the project plane, receive regular status reports and their feedback is sought and used for process tuning.
Capability Maturity Model (CMM) • People CMM • Is a framework that helps organization successfully address their critical people issues such as human resources, knowledge management, and organizational development. • The people CMM guides organization in improving their processes for managing and developing their workforces. • People CMM helps organization characterize the maturity of their workforce practice. • Establish program of continuous workforce development (set priority) .
Capability Maturity Model (CMM) • CMMI • The CMMI product suite provides the latest best practices for product and services development and maintenance. • The models extend the best practices of the of the Capability Maturity Model Software (SW – CMM) , the Systems Engineering Capability Model (SECM) and the Integrated Product Development Capability Maturity Model (IPD – CMM). • Organization reported that CMMI is adequate for guiding their process suitable for their needs, although there are specific opportunities for improvement.
Malcolm Baldrige National Quality Award • Public law 100-107, signed into law on August20, 1987 created Malcolm Baldrige National Quality Award. The Award program led to the creation of a new public – private partnership. • The System for scoring examination items is based on these evaluation dimintions • Approach: Indicates the method that the company uses the achieve the purpose. Is the approach systematic/ used tools/is the system integrated. • Deployment: It evaluate whether the approach is implemented in all product and services • Result: This refers the outcome of the approach. The quality levels demonstrated, rate of the quality improvement, and significance.
Malcolm Baldrige National Quality Table 4 : Baldrige Performance Framework