1

Quality Management in Software Engineering

2

Why do we need a QMS on a Project?

To try to ensure that the project runs smoothly and we produce a quality product at the end of it. Applies to any project e.g. building a bridge or a television set or a computer system

3

Following QMS Procedures helps the following:

• Communication between individuals and teams ( via documents and reviews of documents )

• Manage changes to the design as the system is developed

• Manage fixing of bugs found during testing• Software version control for bug fix releases• QMS helps particularly in Change Management

area

4

ISO 9001 & TickIT

• Being ISO 9001 & TICKIT registered means the company adheres to these QMS standards

• Being ISO 9001 & TICKIT registered means the company is allowed to tender for large government contracts

• British Standards Institute (BSI) inspectors visit the company at least once a year to carry out audits to check ISO 9001 & TICKIT compliance

5

Having a QMS Doesn’t Guarantee Quality

• Team members may not follow the QMS• The project may be technically or

financially flawed from the start• Impossibly tight timescales reduce quality -

corners are cut• Swanick Air Traffic Control Centre – type

this into your search engine and be amazed when you read about the problems!

6

QMS In Manufacturing

• E.g. applying a QMS to Car Production• Use good quality steel, paint etc• Use robots which don’t suffer human failings - they

do a perfect job every time! (If they are ‘set-up’ right!)• A QMS will ensure the quality of the raw materials

and build quality through inspections and measurements throughout the build process

• Produces a quality car e.g a Mercedes - renowned for their quality

• Good quality costs - a Mercedes costs more than a Ford

7

When Safety Is Critical

• QMS in safety critical systems is vital in both the development of those systems and in the running of those systems

• The need for safety overrides cost factors which always limit the quality of a product

e.g. far more testing would be done on a safety critical system ( nuclear reactor control system, flight control system ) than for a non safety critical system

8

Quality Management in Software Engineering

Part 2 - Quality Standards & Tickit

9

TickIT is a Quality Assurance Standard

specifically for software

The TickIT Guide costs around £42 and

contains guides for the auditors & s/w

developers

TickIT relates to constructing and operating a

Quality Management System for the

production of software systems

TickIT

10

Quality is:

“a degree of excellence” (The Oxford

English Dictionary definition)

fitness for purpose

conformance to requirements

11

(Crosby is one of the so-called Quality gurus)

Crosby’s definition of Quality:-“conformance to requirements”

Quality in the system processes:- prevention not cure

want to prevent faults getting into the product not just cure the faults when they’ve occurred

measure of Quality:- cost of quality

measure quality by the ‘cost of waste’. Implementing Quality Management Systems costs money but lack of quality costs more. Quality is an investment. “ Quality is Free”

the target of a Quality Management System: -- zero defects

Philip Crosby’s view of Quality

12

Quality Standards AQAP 1, 13 &14 (NATO) - one of the first standards - 1960 - a

military standard

ANSI/IEEE - 730 - a standard for s/w development

DEF-STAN 00-16 - a UK standard for s/w quality assurance

FAA-STD-018 - Federal Aviation Authority standard for s/w

development

DoD 2167 - an American Dept of Defence s/w development

standard

(ISO 9001/BS5750/EN29000) - international standards for Quality

Management Systems - all of these are similar

TickIT (ISO 9001:2000 and ISO 9000-3:1997) - international

standards for Quality Management Systems in the production of

s/w systems

13

What is TickIT?

It is a scheme based upon the ISO 9000-3

standard ISO9000-3:1997 ….

the application of ISO 9001 to software

a ‘sector certification scheme’ - run by the software profession - it

trains people to be auditors. Auditors are generally s/w professionals themselves who have experience in s/w engineering

- the TickIT scheme was funded and promoted originally by the Department of Trade

14

Why go for TickIT? to retain market share and satisfy the customer - the

customer may demand it. TickIT hopefully identifies you as a producer of high quality s/w

invariably a mandatory condition of Govt. contracting to improve both process and product - you get a better

quality product because you have quality procedures built into your processes

to stimulate (software) developers to think about: what quality really is how it may be achieved - the s/w development team

adhere to quality procedures and work in a quality way

15

The role of the Auditorvarious Auditor roles:

first, second and third party audits

first party - your own organisation audits itself internally

second party - someone else audits you against their

own standard e.g.McDonalds performs 2nd party audits.

McDonalds headquarters checks their outlets which are

franchises

third party - someone else e.g. Lloyds Registers audits

you against an international standard e.g. ISO 9001 - not one

of their own making

16

The Role of the Auditor

the auditors:

trained, registered and monitored

they check that a company conforms to the

basic principles of ISO 9000-3:

documented, implemented and effective

QMS

17

The Audit Process:

1. Application for Certification - the certificate gives the scope of the certification i.e. what parts of the standard you have conformed to

2. Certification Audit - a ‘lead’ auditor makes a preliminary visit to your company to discuss and plan the audit. The actual audit will take a few days and involve several auditors. There will be a debrief to discuss what the auditors have found. You pay for this audit.

18

The Audit Process:

3. Auditing - looks at documentation, records and activities. There may be non-conformances. There are 2 types of non-conformance. Major - means you fail to get certified. Minor - you get certified but subject to the company fixing some non-conformances.

4. ‘Health - check’ every 6 months - auditors should see a trend of quality processes improving

5. Full Review for Relevance Every 3 Years - full audit to determine if you still conform

19

TickIT / ISO 9001:2000

•In December 2000, following considerable review of the effectiveness of 9001:1994 and competitive systems such as the CMM, the International Standards Organisation (ISO/TC 176) published an update to ISO9001:1994 called ISO9001:2000 •ISO9001:2000 explicitly talks about continued improvement which previously was implicit. This brings ISO9001 more into line with the CMM which rates continual improvement as very important.•Existing QM systems in 2000 were given a maximum of 3 years for compliance with ISO9001:2000 •New QM systems are assessed against ISO9001:2000.

20

ISO 9001:2000 – Aim, Structure

• The stress is upon: meeting requirements, value of each process, measuring process performance and effectiveness, continual improvement.

• 9001 fundamentally takes a ‘process approach’ to QM systems – ‘plan, do, check, act’.

• The four Main sections of the standard are: - Management Responsibility; - Resource Management; - Product Realization; - Measurement, Analysis and Improvement.

21

Main Sections (i)

There are FOUR main sections to 9001:2000:

Management Responsibility

Commitment, Policy, Planning, Responsibility Authority and Communication, Review

Resource Management

Provision, Human, Infrastructure, Environment

22

Main Sections (ii)

Product Realization

- Planning, - Customer Related Processes, - Design and Development, - Purchasing, - Production and Service Provision, - Control of Monitoring and Measuring Devices.

Measurement, Analysis and Improvement

- each has specific notes to be adhered to…

23

Main Sections (iii)

Measurement,

Customer Satisfaction, Internal Audit, of Processes, of Product, - Control of Nonconforming Product.

Analysis- shall inform about conformity to requirements, trends in process and product, suppliers, and customer satisfaction.

ImprovementContinual Improvement, Corrective Action, Preventative Action. - one of the main things introduced by ISO9001:2000 - raising the profile of improvement in the QMS

24

What is ISO 9000-3, in detail?

quality system - 1. framework

quality system - 2. life-cycle activities

quality system - 3. supporting activities

25

ISO 9000 - 3 1. Framework

Defines procedures for:- Management responsibility

Quality Management System

Internal QS audits

Corrective action necessary to improve quality

26

ISO 9000 - 3 2. Life-cycle Activities

Purchaser’s requirements specification

Development planning

Quality System planning

Design and implementation

Testing and validation

Replication, delivery and installation

Maintenance ( Support )

27

ISO 9000 - 3 3. Supporting Activities

Config. management Document control Rules, practices and

conventions Tools and techniques Included software

product

Measurement Purchasing Training Quality records -

records of reviews, tests, things to put right following non-conformance

28

Who Uses TickIT?

Large Financial Institutions e.g. Barclays Major s/w Development organisations e.g.

Oracle Telecommunications Companies e.g. BT Government departments e.g. MOD

+ Many SMEs also apply TickIT to improve their quality processes