SQA Notes PDF
SQA Notes PDF
com
UNIT - I
Software quality
In the context of software engineering, software quality measures how well software is
designed (quality of design), and how well the software conforms to that design (quality
of conformance), although there are several different definitions.
Product quality
o conformance to requirements or program specification; related to
Reliability
Scalability
o Correctness
Completeness
absence of bugs
Fault-tolerance
o Extensibility
o Maintainability
Documentation
Understandability
Completeness
Maintainability
Conciseness
Portability
Consistency
Testability
Usability
Reliability
Structured ness
Efficiency
Security
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Completeness
Conciseness
Is all code reachable? Is any code redundant? How many statements within loops could
be placed outside the loop, thus reducing computation time? Are branch decisions too
complex?
Portability
Does the program depend upon system or library routines unique to a particular
installation? Have machine-dependent statements been flagged and commented?
Has dependency on internal bit representation of alphanumeric or special
characters been avoided?
The effort required to transfer the program from one hardware/software system
environment to another.
Consistency
Is one variable name used to represent different physical entities in the program? Does
the program contain only one representation for physical or mathematical constants? Are
functionally similar arithmetic expressions similarly constructed? Is a consistent scheme
for indentation used?'
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Quality Models
Why a quality model?
Hierarchical models
www.Vidyarthiplus.com
www.Vidyarthiplus.com
assessment of quality
Questions
what criteria should be employed?
how do they inter-relate?
how can they be combined to provide an overall assessment of quality?
www.Vidyarthiplus.com
www.Vidyarthiplus.com
McCall’s Model
Boehm’s Model
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The Goal Question Metric (GQM) approach is based upon the assumption that for
an
organization to measure in a purposeful way it must first specify the goals for
itself and its projects, then it must trace those goals to the data that are intended to
define those goals operationally, and finally provide a framework for interpreting
the data with respect to the stated goals.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The approach was originally defined for evaluating defects for a set of projects in
the NASA Goddard Space Flight Center environment.
The result of the application of the Goal Question Metric approach application is
the specification of a measurement system targeting a particular set of issues and
a set of rules for the interpretation of the measurement data.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The next step consists in specifying the measures that need to be collected in
order to answer those questions, and to track the conformance of products and
processes to the goals.
After the measures have been specified, we need to develop the data collection
mechanisms, including validation and analysis mechanisms.
CONCLUSION
In summary, the Goal Question Metric approach is a mechanism for defining and
interpreting operational and measurable software. It can be used in isolation or, better,
within the context of a more general approach to software quality improvement.
Figure below outlines the basic roles and flows of information for this model.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
UNIT-II
Quality Engineering
The activity consisting of the cohesive collection of all tasks that are
primarily performed to ensure and help continually improve the
quality of an endeavor’s process and work products .
Goals
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Objectives
Examples
Preconditions
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Completion Criteria
Tasks
The following diagram illustrates the relationships between the quality tasks:
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Plan
Teams
The SQA team shall check that the quality is maintained during the
project and that the proper quality procedures are being followed,
discovered problems are reported to the Project Management.
The members of the project team must work according to the part(s)
of the SQAP that applies to their specific task.
For the first phase of the project (UR), the SQA team must see to it that the
following documents are properly reviewed internally before they are
submitted for an external review.
The URD
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The SQA team must check whether the goals of the project are clearly
described. A life cycle approach for the project must be defined. The
SQA team must ensure that the SPMP is realistic by checking:
With respect to the SCMP, the SQA team has to check whether the
document provides procedures concerning:
o CI identification
o CI storage
o CI change control
o CI status indication
The SQAP
With respect to the SQAP, the SQA team must check wether the
SQAP contains:
o Project standards
o Review procedures
o Problem reporting procedures
o Responsibilities of the project members with respect to quality
assurance
For the second phase of the project (SR), the SQA team must see to it that
the following documents are properly reviewed internally before they are
submitted for an external review.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The SRD
The SQA team must ensure that the SPMP is realistic by checking:
Whith respect to the SCMP, the SQA team must check wether the
SCP contains:
With respect to the SQAP, the SQA team must check wether the
SQAP contains:
For the third phase of the project (AD), the SQA team must see to it that the
following documents are properly reviewed internally before they are
submitted for an external review.
The ADD
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The SQA team must ensure that the SPMP is realistic by checking:
Whith respect to the SCMP, the SQA team must check wether the
SCMP contains:
With respect to the SQAP, the SQA team must check wether the
SQAP contains:
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Documentation:
Review:
www.Vidyarthiplus.com
www.Vidyarthiplus.com
UNITIII
Although the terms reliability and quality are often used interchangeably,
there is a difference between these two disciplines.
While reliability is concerned with the performance of a product over its
entire lifetime, quality control is concerned with the performance of a
product at one point in time, usually during the manufacturing process.
As stated in the definition, reliability assures that components, equipment
and systems function without failure for desired periods during their whole
design life, from conception (birth) to junking (death).
Quality control is a single, albeit vital, link in the total reliability process.
Quality control assures conformance to specifications.
This reduces manufacturing variance, which can degrade reliability.
Quality control also checks that the incoming parts and components meet
specifications, that products are inspected and tested correctly, and that the
shipped products have a quality level equal to or greater than that specified.
The specified quality level should be one that is acceptable to the users, the
consumer and the public.
No product can perform reliably without the inputs of quality control
because quality parts and components are needed to go into the product so
that its reliability is assured.
Quality Tools:
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Quality pros have many names for these seven basic tools of quality, first
emphasized by Kaoru Ishikawa, a professor of engineering at Tokyo
University and the father of “quality circles.”
Start your quality journey by mastering these tools, and you'll have a name
for them too: "indispensable."
www.Vidyarthiplus.com
www.Vidyarthiplus.com
sources so that patterns can be seen (some lists replace "stratification" with
"flowchart" or "run chart").
Case tools:
If an organization has no defect prevention methods in place then they are totally
reliant on defect removal efficiency.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Defect Prevention
www.Vidyarthiplus.com
www.Vidyarthiplus.com
and effort required to discover and remove this defects is much less also.
The above table represents the number of defects that an organization that does
items 1 and 2 above and is medium at discovery and removal.
Clearly, the fewer number of defects that an organization must discover and
remove the better. The way this is accomplished is by better process, a more stable
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Most software models contain the following parts: assumptions, factors, and
a mathematical function that relates the reliability with the factors.
The mathematical function is usually higher order exponential or
logarithmic.
Rayleigh Model
Rayleigh model has been found to be most suitable for predicting reliability
of software product.
It predicts the expected value of defect density at different stages of life
cycle of the project, once parameters like total number of defects or total
cumulative defect rate and peak of the curve in terms of unit of time for the
curve are decided.
The nature of curve indicates the pattern of defect removal rate in the life
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Rayleigh Curve
35
30
Defects /KLOC
LLD
25 CODING
20
15 UT
10
IT
5 HLD
0
0.05
0.45
0.85
1.25
1.65
2.05
2.45
2.85
3.25
3.65
4.05
4.45
4.85
5.25
5.65
6.05
6.45
6.85
Life cycle stages
Rayleigh plot
The red line indicates the actual defect density observed as against the predicted
values (brown smooth curve) obtained through a theoretical model. Observed
defect density closely matches with the defect density predicted by the model.
The curve indicates the defect density at the time of system testing as 21 defects.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
ISO
Unit IV
www.Vidyarthiplus.com
www.Vidyarthiplus.com
production methods.
Quality management systems are the outgrowth of work done by W.
Edwards Deming, a statistician, after whom The Deming Prize for
quality is named.
Quality, as a profession and The managerial process associated with
The quality function, was introduced during The second-half of The
20th century, and has evolved since then.
Over this period, few other disciplines have seen as many changes as
The quality profession.
The quality profession grew from simple control, to engineering, to
systems engineering.
Quality control activities were predominant in the 1940s, 1950s, and
1960s.
The 1970s were an era of quality engineering and The 1990s saw
quality systems as an emerging field.
Like medicine, accounting, and engineering, quality has achieved
status as a recognized profession
Quality Management System (QMS)
Quality Management System (QMS) can be defined as a set of
policies, processes and procedures required for planning and
execution (production / development / service) in the core
business area of an organization.
QMS integrates the various internal processes within the
organization and intends to provide a process approach for
project execution. QMS enables the organizations to identify,
measure, control and improve
The various core business processes that will ultimately lead to
improved business performance.
ELEMENTS OF QUALITY MANAGEMENT SYSTEMS
The standards of ISO 9000 detail 20 requirements for an organization's
quality management system in The following areas:
Management Responsibility
Quality System
Order Entry
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Design Control
Document and Data Control
Purchasing
Control of Customer Supplied Products
Product Identification and Tractability
Process Control
Inspection and Testing Control of Inspection, Measuring, and Test
Equipment
Inspection and Test Status
Control of Nonconforming Products
Corrective and Preventive Action
Handling, Storage, Packaging, and Delivery
Control of Quality Records
Internal Quality Audits
Training
Servicing
Statistical Techniques
The Rayleigh Model Framework
Perhaps The most important principle in software engineering is "do it
right The first time."
This principle speaks to the importance of managing quality throughout
The development process.
The interpretation of the principle, in The context of software quality
management, is threefold:
The best scenario is to prevent errors from being injected into The
development process.
When errors are introduced, improve the front end of The
development process to remove as many of them as early as
possible. Specifically, in the context of the waterfall development
process, rigorous design reviews and code inspections are needed.
In the Cleanroom methodology, function verification by The team
is used.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
If the project is beyond the design and code phases, unit tests and
any additional tests by the developers serve as gatekeepers for defects to
escape the front-end process before the code is integrated into the
configuration management system (The system library).
In other words, the phase of unit test or pre-integration test (The
development phase prior to system integration) is The last chance to do
it right The "first time."
The Rayleigh model is a good overall model for quality management. It
articulates The points on defect prevention and early defect removal related
to The preceding items.
Based on the model, if The error injection rate is reduced, The entire
area under the Rayleigh curve becomes smaller, leading to a smaller
projected field defect rate.
Also, more defect removal at the front end of the development process
will lead to a lower defect rate at later testing phases and during
maintenance. Both scenarios aim to lower the defects in The latter testing
phases, which in turn lead to fewer defects in The field.
The relationship between formal machine-testing defects and field
defects, as described by The model, is congruent with The famous
counterintuitive principle in software testing by Myers (1979), which
basically states that The more defects found during formal testing, The
more that remained to be found later.
The reason is that at The late stage of formal testing, error injection of
The development process (mainly during design and code implementation)
is basically determined (except for bad fixes during testing).
High testing defect rates indicate that the error injection is high; if no
extra effort is exerted, more defects will escape to The field.
If we use the iceberg analogy to describe the relationship between testing
and field defect rates, The tip of The iceberg is the testing defect rate and
The submerged part is The field defect rate.
The size of The iceberg is equivalent to The amount of error injection.
By the time formal testing starts, the iceberg is already formed and its size
determined.
The larger its tip, the larger The entire iceberg. To reduce the
submerged part, extra effort must be applied to expose more of The iceberg
above The water.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The defect arrival patterns represented by the triangles and circles indicate
two later releases of the same product.
Compared to the baseline model curve, both new releases witnessed a
significant reduction in defect rate during the system test phase.
Figure : Reliability Growth Model for Quality Management
As a second example, when another product was just about at the start of
system testing, the PTR arrival rates were unusually high compared to the
model.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Both types of model tend to treat the software more or less as a black
box. In other words, they are based on either the external behavior (e.g.,
failure data) of the product or the intermediate process data (e.g., type and
magnitude of inspection defects), without looking into the internal dynamics
of design and code of the software.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Lines of Code
Because the LOC count represents the program size and complexity, it is
not a surprise that the more lines of code there are in a program, the more
defects are expected.
Shen and colleagues (1985) studied software written in Pascal, PL/S, and
Assembly language and found an inverse relationship existed up to about
500 lines.
Since larger modules are generally more complex, a lower defect rate is
somewhat counterintuitive.
For instance, Withrow (1990) studied modules written in Ada for a large
project at Unisys and confirmed the concave relationship between defect
density (during formal test and integration phases) and module size.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Specifically, of 362 modules with a wide range in size (from fewer than
63 lines to more than 1,000), Withrow found the lowest defect density in the
category of about 250 lines.
This new finding is also consistent with previous studies that did not
address the defect density of very large modules.
The curvilinear model between size and defect density sheds new light on
software quality engineering.
It implies that there may be an optimal program size that can lead to the
lowest defect rate.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
What the clients really want is the interpretation and analysis of the data
to provide actionable information: What can we learn from it? What actions
does it suggest that we take to improve customer satisfaction with what we
offer?
The analysis process starts by performing statistical tests to reveal
relationships or differences in ratings of the performance on different
product and service attributes, and how they affect overall satisfaction.
We compare the performance to the peers, utilizing The Benchmark
database to describe how the performance rates on a relative basis.
We identify the customers' product and service priorities and we
compare these to their perceptions of the performance through Quadrant
Analysis.
We look for gaps in performance versus expectations in The search for
major opportunities for improvement.
We augment The analysis of the quantitative survey data with careful
study of the qualitative information – the comments and observations made
by The customers.
These are an invaluable The of insight into the reasons behind their
ratings. In most cases, The analysis is aimed at identifying the key drivers
of satisfaction – those product or service elements that are most closely
related to customer satisfaction.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The clients benefit from the perspective of The years of experience with
a wide variety of clients. Applying The knowledge,
The goal is to deliver actionable results – information you can use to create
change that will improve The competitive position and The bottom line
www.Vidyarthiplus.com
www.Vidyarthiplus.com
UNIT V
QUALITY STANDARDS
Topics Covered:
www.Vidyarthiplus.com
www.Vidyarthiplus.com
ISO-9001 covers the entire process from product design through after sales
service.
ISO-9001:
Some of the requirements in ISO 9001 (which is one of the standards in the
ISO 9000 family) would include
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
ISO-9002:
The ISO 9002 standard is an emerging global standard for product and process
quality, adopted by 91 countries which comprise the International Organisation for
Standardisation (ISO).
ISO 9002 is best known to European countries who use the certification as a means of
identifying companies dedicated to providing a customer with the best product and
service possible.
According to ISO assessors, the certification process is rigorous and only a minority
of the applicants who strive to become certified are successful on their first audit.
Scorpion Research is amongst this minority of organisations that passed the required
certification audit on the first assessment demonstrating its consistent emphasis
towards a high quality standard.
Scorpion Research joins firms such as British Telecom, Sony, IBM, Compaq, Digital
Equipment, Xerox, Toshiba and Hewlett-Packard in ISO certification.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
ISO-9003:
I003
This is the least complex and easiest to install of three standards in the
ISO 9000 series.
This standard is for organizations that do not participate in design and
development, purchasing or have production controls.
It is designed for organizations that only require final inspection and
testing of their products and services to ensure that they have met the
specified requirements.
This system is generally only relevant to simple products and services.
It is also an option for organizations that cannot justify the expense of
one of the other systems but still desire a quality management system
for their organization.
ISO-9004:
Your quality system must balance two needs:
Your customers' need to have quality
products at a reasonable price.
Your company's need to make quality
products at a reasonable cost.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Acceptance testing.
Management activities.
Project supervision.
Progress reviews.
Reporting requirements.
Your software development plan should:
Define your project.
Identify related plans and projects.
List your project objectives.
Define project inputs and outputs.
Define inputs for each project activity.
Define outputs for each project activity.
Explain how your project will be organized.
Explain how your teams will be structured.
Explain who will be responsible for what.
Explain how subcontractors will be used.
Explain how project participants will interact.
Explain how all resources will be managed.
Discuss project risks and potential problems.
Identify important project assumptions.
Present your project schedule.
Define project phases and dependencies.
Specify project time lines and milestones.
Introduce your project budget.
Describe the work that will be done.
Describe each task.
Describe the inputs for each task.
Describe the outputs for each task.
Identify all relevant control strategies.
Identify all relevant standards and conventions.
Identify all relevant rules and regulations.
Identify all relevant practices and procedures.
Identify configuration management practices.
Identify backup and recovery procedures.
Identify archiving procedures.
Identify all relevant methods and approaches.
Identify methods used to control nonconforming products.
Identify methods used to control software development software
Identify methods used to control virus protection activities.
Identify all relevant tools and techniques.
Identify methods used to qualify all tools and techniques.
Identify methods used to control all tools and techniques.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
Maintainability requirements.
Portability requirements.
Interface requirements.
Hardware interface requirements.
Software interface requirements.
Your design input specification may also need
to address the following kinds of requirements:
Operational requirements.
Safety requirements.
Security requirements.
Statutory requirements.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
4.4.8 Develop procedures that validate the assumption that your newly
Design designed products will meet customer needs. Develop design
validation validation procedures that:
Confirm that your new product performs properly
under all real-world operating conditions.
Confirm that your new product will meet every
legitimate customer need and expectation.
Ensure that validations are carried out early in the design process
whenever this will help guarantee that customer needs will be
met.
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
www.Vidyarthiplus.com
The term "six sigma process" comes from the notion that if one has
six standard deviations between the mean of a process and the nearest
specification limit, there will be practically no items that fail to meet
the specifications.
This is the basis of the Process Capability Study, often used by quality
professionals.
The term "Six Sigma" has its roots in this tool, rather than in simple
process standard deviation, which is also measured in sigmas.
Criticism of the tool itself, and the way that the term was derived from
the tool, often sparks criticism of Six Sigma.
www.Vidyarthiplus.com