Soft audit Checklist・No10: Maintainability requirements management
The third requirement management checklist is maintainability
In this article, we will introduce each item of the audit checklist used for software development audit . The audit checklist is divided into ( 1) development process, ( 2) requirements management, (3) testing, and (4) design and implementation. In this article, (2 ) individual items of configuration management in requirements management are introduced. (The checklist itself can be found in the article on Software Audit Practice / Checklist No. 8: Development Technology / Requirements Management (General Management) , so please refer to that.)
In maintainability, check the function for dealing with failures.
The word maintenance is also used for repairs in the event of a failure, but also for inspections to prevent failures . And repairs and inspections are not about selling tangible products, but about providing a service called maintenance . Manufacturers who sell equipment or equipment usually provide maintenance services for the duration of use of the equipment or equipment after it is sold.
By the way, the story is a little off, but services are originally paid . Many people think that the word service is provided free of charge, but since service is some kind of activity that you pay for and receive, it is originally paid. Therefore, maintenance service is originally charged.
However, if it breaks down in half a year or a year after it is sold, it means that the product is sold with too poor quality, and the trust of the manufacturer is lost. Therefore, there is usually a free warranty period of about one year , and if a problem occurs during this period, you can receive maintenance service, that is, repair or replacement.
And in order to provide this maintenance service, the equipment and devices have built-in maintenance functions in advance . It is because the maintenance function is built into the equipment and devices that the LED indicates that the failure has occurred, and the maintenance staff of the manufacturer can connect the investigation equipment for diagnosing the faulty part and inspect the inside.
The check item for maintainability is to check how the maintenance functions of the device or equipment are described in the required specifications. There are 5 items whose item numbers start with SA-, so let’s look at them in order.
[Item number: SA-01]
There are various types of maintenance functions built into a device or device. And every maintenance function is used together with the maintenance service that uses the maintenance function . For example, it is used by the manufacturer’s service personnel to select parts to be replaced at the repair site, and recently, the manufacturer’s maintenance center checks the status of equipment and equipment failures via the Internet. In this way, the required functions of the maintenance function vary depending on the type of maintenance service that uses it, so first check whether the basic policy for the maintenance function is written in the requirement specifications.
[Item number: SA-02]
Is to use most often in the maintenance function, the apparatus and equipment examined the failure location or determine the cause of the failure is the ability to or. The movement when the device is operating and the signs of failure are recorded in the device or device as data called a log. What kind of log data or to record, or to record Where are the log information, or retrieve recorded log data is how, for the specific logging etc., confirmed in mind that if it were written in the requirements specification To do.
[Item number: SA-03 ]
The target of maintenance service includes both hardware and software. Hardware maintenance is often the repair of a defective product or the replacement of a non-defective product. As a result of the progress of miniaturization and high integration of hardware of recent electronic devices, it is no longer necessary to replace and repair parts as in the past, and most of them are replaced in units called modules.
On the other hand in the case of software to have first caused find the bug out, that fixes a bug with a prototype software was a problem with the software the prototype is sure that it is resolved , the final in the We will replace the software installed in the products on the market with the bug-fixed version .
If the device or device is connected to the Internet, it is possible to replace it with the latest software via the Internet, so it is natural that recent devices and devices have a software version upgrade function . However, in order to provide maintenance of these software, it is necessary to maintain a development organization equivalent to the period of software development, which is quite costly as a manufacturer.
Depending on the extent to which software maintenance services are expected to be provided, it will be necessary to maintain the development organization for years or even ten years after the software is released. It corresponds to the required specifications for maintenance required after development, but the required specifications of the product must specifically describe what is required as a maintenance service after the software is released . We will check whether such contents are written in the requirement specifications, paying attention to the point.
[Item number: SA-04]
If you outsource the development of the entire software to be installed in a device or device to another company, you will have to outsource the entire maintenance to the development outsourcer, which is easy to understand. However, in many cases, the development contractors primary software to outsource the work for the development and testing of the parts are a lot more things. It is common for some to be developed in-house, some to be outsourced to company A, and some to be outsourced to company B.
In such a case, it is necessary to clarify the demarcation point of responsibility when the released software causes a problem in the market . If the cause of the problem is company A, company A, company B, company B, and if it is in-house, company A will investigate and take countermeasures. The most important thing at this time is how to determine where the cause of the problem is.
The cause of the defect, that is, which company is responsible for the defect, and the boundary of responsibility are called the demarcation point of responsibility. What to adopt as this demarcation point of responsibility is an important item in the requirement specifications. Make sure that the demarcation point of responsibility is clearly stated in the requirement specifications.
[Item number: SA-05]
There are various costs involved in providing maintenance services. The cost of preventing future failures such as regular maintenance is easy to understand because the work content is clear, and it is also clear where the cost will come from.
However, if a problem occurs in the market and the countermeasure is costly , for example , if the device is collected from the end user’s house or a new call center is set up for the problem and the countermeasure, a high cost will be incurred. To do. These maintenance costs only tell you what and how much you will need when a major problem occurs in the market.
By the way, who pays for these maintenance costs ? Is it natural for the company that caused the problem to bear the burden? If the cause is a bug in the software created by the development contractor, will the development contractor pay for the equipment collection cost and call center installation cost? Unfortunately, the contractor will not pay such costs unless it is clearly stated in a document such as a contract with the contractor .
Unless you have such a contract, you are not obliged to pay. All commercial transactions are contract-based and we are not responsible for anything not stated in the contract. Therefore, clearly state in the requirement specifications how much of the cost required for such maintenance will be paid by the development contractor, consult with the development contractor about the contents, and maintain the agreed result. It is necessary to conclude it as a contract . Make sure that such a thing is properly written in the requirement specifications.
Next to maintainability is security
After checking maintainability, we will introduce the items to check about security in the next article.