Soft audit practice・Audit day 7: Points to check the development process
- 1. The development process checklist mainly confirms development management
- 2. First is the checklist of the development process
- 3. Development management is important when companies make software
- 4. Development management is a means to develop software as intended
- 5. Precautions for development process check ・ Part 1: Scale of development organization
- 6. Precautions for development process check-Part 2: Development plan
- 7. Precautions for development process check-Part 3: Management of development contractors
- 8. Precautions for development process check-Part 4: Document management
- 9. Precautions for development process check ・ Part 5: Existence of maintenance system
- 10. Next to the development process is requirements management confirmation
The development process checklist mainly confirms development management
The main work of software development audit is confirmation for each item using the following four types of software audit checklists.
- Development process checklist
- Checklist of requirements management for the first development technology
- Checklist for the second test of the developed technology
- Third design and implementation checklist for development technology
Details of each check item will be introduced in order from the article on Soft Audit Practice / Checklist Part 1: Development Process (Requirements Management) , but before explaining the detailed items, first of all, these four types of checklists I will explain the points when using this in this article and the following articles.
First is the checklist of the development process
In this article, I will introduce the points when using the first development process checklist, but the purpose of this checklist is to check whether the software development management ability is sufficient . The development process checklist is created by selecting important actions from the CMM level 2 check items, and by checking the implementation status of the development process according to this checklist, the ability of software development management can be estimated. To go.
Below is an example of the checklist, so please read the article while also looking at it.
Development management is important when companies make software
By the way, what is software development management and why is it necessary ? In fact, in software development, software development management not always necessary for . If the software engineer writes the source code and the source code can be built without error, the software is complete. In the case of software that individuals make as a hobby, there is no problem with this, and software development management is not particularly necessary.
However, when a company develops software for a product , software development management is required . Software development management is the management of requirements , man-hours (development costs) , development schedule (release time), and quality . If these are not managed properly, various problems will occur, such as missing necessary functions, not knowing when to release, not knowing how much development cost will be required, and quality being tattered at the time of release. When such a problem occurs, it becomes a problem when developing software as a company and providing it to the world.
Development management is a means to develop software as intended
By the way, what is development management ? It’s so basic that some people may be confused when asked suddenly. Management is a means to set goals, measure achievements, and take measures so that the achievements meet the goals to ensure the implementation of the goals . Therefore, software development management is to set goals for development requirements, costs, schedules, and quality, measure the results at the stage of proceeding with development work, and if there is a deviation from the goals, implement recovery measures and aim. To achieve Is to control the software development project . And the various mechanisms for performing this development management are the development process.
If a good software development process is decided and the development organization follows the development process and proceeds with development, development management will function normally. As a result, the software you expected should be completed in time for the scheduled delivery date, maintaining the required quality.
It’s supposed to be, but it’s always not going so well in the world, so software development is aimed at checking if there are any bad points in the development process and fixing them if there are any bad points. Check the process.
The development process checklist picks up the important ones from the CMM Level 2 confirmation items. Level 2 of CMM confirms the development process by dividing it into the following 6 areas, so the checklist of the development process is also divided into these 6 types.
- Requirements Management (Require Management)
- Project (Project Plammming)
- Progress management (Tracking and Oversight)
- quality assurance (Quality Assurance)
- Configuration management (Configuration Management)
- Subcontract Management (Subcontract Management)
When considering software development management, at least this is the 6 areas of CMM level 2 that have picked up the necessary areas, so check the software development process of the partner company according to this. However, CMM is not a panacea that works for everything. CMM is also a tool, so you need to know its features and limitations and use it effectively.
Now, let’s introduce the points that Father Gutara was careful about when confirming the development process.
Precautions for development process check ・ Part 1: Scale of development organization
One thing to keep in mind when reviewing the development process is that the appropriate development process depends on the size of the organization. thing . This is not limited to software development, but the same applies to general corporate operations. The appropriate business process is different between a greengrocer who is run by his father alone and a general trading company which has 1000 employees.
The development process checklist assumes large-scale development various check items . If the software development organization is large, it is necessary for all items, but if it is a small development organization with a few people, there are some items that are not necessary. For example, if the organization is large, it will be difficult to grasp the whole picture without using some kind of in-house system. However, if the engineers are working side by side in a team of three people, there is no need for an in-house system, and you can see the situation by looking sideways and looking at the complexion of the next person.
Progress management is important regardless of the size of the organization , but the optimal development process to implement it depends on the size of the organization. In this way, when checking the development process, first grasp the scale of the development organization and check the items on the checklist while always keeping in mind whether the optimal process is used for the organization of that scale. It is important to do.
Precautions for development process check-Part 2: Development plan
Next to the size of the organization, the software development plan should be checked carefully . Management starts with setting goals, so if you don’t set goals first, you can’t manage them in the first place. And since the goal that was decided first should be written in the software development plan, is the necessary goal written in the development plan without omission? Is an important confirmation point.
In addition, development requirements required for requirements management are usually written in requirement specifications, etc., so you will need to check that. However, important matters such as process plans, cost plans (equipment and man-hours), test plans, quality goals, development organizations and personnel, etc. other than requirements are often written in software development plans. Therefore, check carefully whether these items are properly written in the development plan.
Precautions for development process check-Part 3: Management of development contractors
The next thing to pay attention to after the software development plan is the management of the development contractor . The software development audit is a second-party audit conducted on the other party outsourced software development by our company, so the other party is the prime contractor of development. It is also common in software development that this prime contractor outsources all or part of the software development entrusted by us to another company (subcontracting or subcontracting). In such a case, the prime contractor confirms the development management and maintenance continuity of the subcontractor and subcontractor companies. .
First, check whether the prime contractor, which conducts software development audits, has the rules for outsourcing software development. If there are rules, (1) how to select a contractor, (2) how to manage the contracted business, (3) criteria for acceptance of delivered products from the contractor, and (4) be careful whether there are provisions for maintenance after delivery. confirm. Without the rules, I don’t want to outsource software development to such a company.
Recently, OSS source code has been increasingly used for development. Regarding the use of OSS, there are some items to be aware of, such as checking the license conditions and checking the quality status. These precautions should have been communicated to the prime contractor, which is the development contractor, in the required specifications from our company, but the same content should be surely communicated from the prime contractor to the subcontractors and subcontractors. It is also a point to check if the rules are as follows.
Also, regarding what to do with maintenance after the end of development , it is necessary to confirm whether there is a description in the rules when outsourcing development. Since maintenance of the software continues even after the first edition is shipped, maintenance after shipping will not be possible unless the main contractor can maintain the parts that the subcontractor and subcontractor were in charge of.
Precautions for development process check-Part 4: Document management
The next point to note about outsourced development management is document management . What is included in the document delivered at the end of software development should be specified in the requirement specifications and contract. It is a problem if those documents do not correspond to the version of the delivered software.
For example, if the delivered software includes version 2.1 of function A, the design document and test report related to function A will not be useful unless they are compatible with version 2.1. Since software design documents and reports generally have multiple versions, there is a mechanism to ensure consistency between the delivered software and the version of the original document, and it is operated properly. It is important to be there.
In software development, the version control of the source code is solid, or rather, if the version control of the source code is not done, the software will not be completed, so the version control of the source code will hardly be a problem. On the other hand, version control of documents such as design documents and test reports, which are the basis of source code, may not be implemented correctly unless the development leader is aware of it.
For example, a common example is that the contents of the corrections made to the source code at the debugging stage at the end of development are not compatible with the source code and the design documents because the corresponding design documents cannot be corrected in time. Since the source code has been corrected properly, the test passed without any problem and it seems that there is no problem as software. However, a few years after the release, when a problem occurred in the market and I tried to investigate the software, if the description of the design document and the contents of the source code do not match, I can not believe the design document and I am in great trouble. I fall into the situation.
To prevent this from happening, the source code and documents that make up the released software need a mechanism to maintain version consistency . In the world of software development, this is sometimes referred to as the development baseline. Strictly speaking, the development baseline includes other elements such as the development environment, so it is a little different, but since the documentation and source code are the main components of the development baseline, the mechanism for maintaining the development baseline There is also a way to check from the perspective of whether there is.
Precautions for development process check ・ Part 5: Existence of maintenance system
The final point to note in the development process check is the maintenance service and system for software that we have outsourced development to . Maintenance work will be required after the software is released. Maintenance work is the provision of maintenance services, to add a few words. Software maintenance services include various things such as providing improved version software, providing bug fix version software, investigating when problems occur, presenting workarounds, providing technical information for using the software, etc. there is.
Maintenance services usually take the form of providing services free of charge for a certain period of time after product shipment, for example, one year, and then providing services for a fee after the free period has expired. And in order for the company that sold the software to provide this maintenance service, the same development equipment and personnel as when developing the software are required.
If you are entrusted with the development of the software to other companies, soft and contractors of the company structured to provide maintenance services and not been able only, will stuck the provision of maintenance services to customers. So, even in software development audits, what kind of maintenance services will the audited company provide? is important to check what the paid period and free period are, and so on. Whether the development equipment and team will be left for the maintenance service even after the development is finished, how long it will take, whether a paid / free maintenance contract can be concluded, etc. Whether there is a mechanism necessary for the maintenance service Make sure.
Actually, these things are originally written as a basic transaction contract or maintenance contract , but if you outsource hardware manufacturing and software development to another company, hardware maintenance Even if there is a description in the contract, there are many cases where items related to software maintenance are omitted, so it is good to check carefully by audit.
Next to the development process is requirements management confirmation
These are the points that Father Gutara was careful about when auditing the development process. For software development audit work, we check specific rules and actual work one by one according to the software audit checklist, but if we summarize what viewpoints we were paying attention to when proceeding with the confirmation work, so far It is summarized in the five explained in. We hope that it will be helpful when you evaluate software development contractors.
Then, from the next article, I will introduce the points to be noted when auditing requirements management in software development audit.