Soft audit practice・Audit day 5: Functions required for software development and department in charge (1/2)

26/01/2021Audit for soft-Develop..

Six important functions and departments in charge of software quality assurance

In the articles so far, what kind of organization should be noted when receiving an explanation about the organization and rules from the partner company during the first time of software development audit ? I have introduced the viewpoint. Another important function is what kind of function is important for software quality assurance, and which department is in charge of it? From this article, I would like to introduce some points to note in software development audits.

There is no correct answer as to what is an important function for software quality assurance. However, from my experience with Gutara, I feel that software quality assurance requires the following functions , and that it is important for the organization outsourced to software development to have a department in charge of these functions. increase. 

  1. Software release judgment
  2. Confirmation of product quality
  3. Check process quality
  4. Checking the quality of purchased items and free software
  5. How to manage development plans and development projects
  6. Horizontal development of failure cases and technical education

The first three of the features listed here are the three quality assurance activities introduced in the Software Quality Assurance Department (SQA) earlier in this article, which are important activities to ensure the quality of software. However, these functions are not always the responsibility of the quality assurance department. It is good to pay attention to that and listen to the explanation of the audited company. Let’s introduce each point in detail.

(1) Software release judgment function

When you think about the most important thing about software quality assurance, you come up with the simple answer that you will not release poor quality software . Then, what should be done to prevent the release of poor quality software is also simple, and it is sufficient to judge the release of software. The specific method of software release judgment is introduced in detail in the release judgment article group, so if you are interested, please see that as well.

By the way, which department will carry out this release decision? If there is a software quality assurance department, it will be implemented there, so there is no problem, but in a company that develops embedded software, there is a quality assurance department but no software quality assurance department. Is also common . 

Many companies that develop embedded software are equipment manufacturers. We develop software to be incorporated into our products in-house or outsource development. Therefore, there is a quality assurance department to guarantee the quality of products, but the quality assurance department is generally a department that guarantees manufacturing quality . As part of the quality assurance of the products manufactured at the factory, the shipment judgment of the manufactured products is made, but in many cases, the release judgment of the software incorporated therein is not made.

In such a case, the software release judgment is carried out by the development department that develops the software , or by the test department that tests the software on behalf of the development department. is. In some cases , the release judgment is made by a meeting body where related departments of sales, development, design, and maintenance are gathered .

In any case, it is important to confirm whether the department that makes the most important release judgment in software quality assurance and who is in charge of the release judgment is clearly decided. .. The rules haven’t been set, and if someone says OK, the software has been released, which is a problem. .. ..

(2) Software product quality confirmation function

As the department was found to have implemented the software release decision of, to note the following, in any criteria for who is to ensure the quality of the software collected the information , the rattan whether it is determined that good or bad It is a point. The quality of the software mentioned here refers to the product quality of the software because it is the quality of the software itself .

This product quality judgment standard will be judged based on various information and judgment criteria, so it is introduced in detail in the product quality article , if you are interested, please see that article as well.

When listening to an organization’s explanation from the other party, it is important to pay attention to the information used for the judgment as well as what information the organization uses based on what criteria to confirm the product quality. It is also important to know which department collects the information and how .

How do you count the number of bugs in your tests?

For example, let’s assume that the number of bugs found in system tests is used as one of the information to judge the product quality . Which department records the bugs it finds, and who counts the number and how? Not all of the issues found in the tests are bugs. It could be a test mistake or a limitation at this point. The rest of these non-bug items are bugs, but they are also recorded in the test record. If you do n’t check who counts the number of bugs and how, you won’t know if the number of bugs is correct.

In addition, bug management in each organization determines whether the problem found in the test is a bug and whether it is recorded by the designer of the development department or the tester of the test department. It depends on the method. It doesn’t matter who is supposed to do it in any way, but since it is a work done by multiple people, if there are no clear rules and standards, the judgment will vary from person to person.

The number of bugs detected is important information for determining the release of software, so it is a problem if there is too much variation. Therefore, it is also important to confirm the department in charge of business and the specific implementation method, such as who records bugs according to what criteria in the organization .

(3) Software development process quality confirmation function

What specific actions do you think of when you hear the term process quality confirmation? Since the idea of ​​process quality verification is based on CMMI’s SQA / SQM activities, further explanation may not be necessary for those who have worked in CMMI accredited organizations. 

What is process quality in the first place? From that point on, it’s moya. Father Gutara defined process quality to adhere to the established software development process . For example, suppose you decide to perform 28 design reviews during the project planning phase. In this case, we specified the number of times in the development process called review, but if we can properly review 28 design reviews by the time of release, we judge that the quality of the development process is good. On the contrary, if the design review is carried out only 10 times, the quality of the development process is not good.

As for the development process, various things such as the number of reviews, the method of recording and tracing the points of the review, the scheduled date of the review, the start date of the test, the amount of the test, etc. are various things in the development plan. It is decided at the time of . At the time of the development plan, I decided that such a development process was necessary. Therefore, confirming whether the development process is being carried out properly is the confirmation of the development process.

And, when checking the process quality, it is important to know who is checking this development process, when and how, and how to use the result.

At CMMI, there is a person in charge of SQA, who is required to regularly check whether the planned development process is being carried out based on the development project plan. Therefore, most organizations that are CMMI certified can omit this confirmation in the software development audit if they are CMMI certified.

Next : Soft audit practice・Audit day 6: Functions required for software development and department in charge (2/2)