The ability of the development contractor is cut off by software development audit

06/08/2018Audit for soft-Develop..

 

The ability of the development contractor is judged by auditing the process, requirements management, testing, and design implementation ability.

When outsourcing software development to another company, I would like to outsource it to a place with high software development capabilities. In such a case, it is safe to perform a software development audit to confirm the software development capability of the contractor and select a development contractor. In the software development audit, the software development ability is judged from the two aspects of process quality assurance ability and product quality assurance ability. Regarding product quality assurance capabilities , we will focus on confirming the technical capabilities , test technical capabilities , and design implementation technical capabilities that determine the required specifications and requirements that are important for software development consignment .

Now that software is getting bigger and bigger , it is impossible for many companies to develop everything in-house. As a result, it is becoming more common to outsource part or all of software development to companies in the same industry or companies that outsource development work such as software houses .

How do I know if it’s okay to outsource software development to a company ? I think that everyone is having a lot of trouble, such as the background of the company, the development results so far, the activity status in the industry, collecting various information and deciding whether it is okay, but in any case I would like to outsource to a company that develops software with functions, performance, and quality.

Software development audit is an audit method that combines ISO9001 and CMMI.

The term software development audit is not common, and there are no such standards or regulations. This is an original audit method that Father Gutara created and read the ISO9001 audit mechanism and CMMI’s priority confirmation items on his own. However, since we have audited many software development contractors for nearly 20 years, I think that some of the ways to proceed with software development audits may be helpful when you audit software development contractors. increase. In this article classification, we will introduce the software development audit of Gutara’s father’s style.

The function, performance and quality of the software are determined by the competence of the development team.

It seems that you have been in the software development site for a long time, but when choosing a software development contractor, there are more important things than the company’s career and development achievements. That is the ability of the development team to undertake this development . What kind of development process is used, what kind of development management is performed, what kind of development technology is possessed, and the competence of the development team that integrates these, greatly affects the function, performance, and quality of the finished software.

Most of the work is done in the mind of the engineer. The result of software development, which consists of design / implementation work, depends on the ability of each engineer after all . Then, the competence of the development team, which is a group of engineers, determines the function, performance, and quality of the finished software.

Therefore, if you know the competence of the development team that will be entrusted with the development, you can judge whether it is okay to outsource the software development to that company. However, it is difficult to know the competence of the development team, but once the software is actually completed, the quality, performance, and quality of the software can be known, so the competence of the development team can be known from the results. But that’s too late, what should I do?

Have you heard of software development audits?

I don’t think you’re used to the term software development audit . It’s still uncommon in the software industry, and some efforts are underway. IPA has been studying a " software quality audit system " since around 2010, but since this activity is an institutionalization of software verification work by a third party, the purpose of the software development audit introduced this time is It’s a different activity.

Well, the word software development audit is just what my father Gutara calls it, so it may be a coined word that does not exist in the general public, so please do not worry too much about this name itself. 

What the hell! Those who want to dig in have decent knowledge and judgment. In fact, software development audit is a method to judge process ability by combining the method of ISO9001 second party audit and the method of ability judgment of CMMI software development organization, and it is a technical level of requirements management, testing technology, coding technology. This is the name that Gutara’s father arbitrarily gave to the method of simmering in a messy state that combined the confirmation items .

Judging the quality of the development process by combining ISO9001 and CMMI

My father, Gutara, also liked it, and I didn’t come up with a dubious method called software development auditing. At one point, a major problem occurred with the software of the product that was outsourced to development, and I had to decide whether or not to continue outsourcing development to that company . At that time, we combined the ISO9001 audit method and CMMI audit items to perform an audit that would become the prototype of software development audit and confirmed the state of the development process.

As many of you have heard, the term ISO9001 audit is an audit framework for quality confirmation and improvement of processes throughout operations, which has evolved from improving the quality assurance capacity of manufacturing sites. .. A similar activity is CMMI in the software world, but this is certification, not auditing . ISO9001 judges pass / fail based on the quality of the manufacturing process by a method called audit, and the purpose is to promote the improvement / improvement of the organization to a better manufacturing process . Therefore, the emphasis is on improving and following up on the audit findings. CMMI, on the other hand , evaluates an organization’s ability to manage software development on a five-point scale at a given point in time . At that point, the emphasis is on criteria to determine in absolute terms what level of development control the organization has.

Is it useless with CMMI?

Gutara’s father needed the CMMI method because it was a decision on whether to outsource software development to a company. However, the actual software development audit is not limited to the situation where you want to decide whether or not to outsource the development to a certain company, but it is good software for the company that has already outsourced the development. There are many occasions when you want to instruct and improve your company so that it can be developed and delivered. The ISO9001 audit framework is better for this guidance and improvement objective.

So, Father Gutara combined the ISO9001 audit framework with the CMMI accreditation criteria to recreate a system that can be used to check the status of the software development process and provide guidance for improvement. This is the prototype of software development audit.

Evolved into software development audit by adding confirmation of product quality to the prototype?

While conducting audits of several companies using the prototype of this software development audit, I realized that I was in trouble. Both ISO9001 and CMMI are designed to guide the software development process to judge good and bad and to improve it. Of course, the software development process is important, but what we really want is the quality of the software products .

To be more specific, the technical capabilities of software, such as the ability to test products that determine product quality, the ability to define requirements, and the ability to design / implement , are not well understood by the mechanism of ISO9001 and CMMI. Both IS9001 and CMMI were devised for the purpose of improving the process on the premise that a good product will be produced as a result by adopting a good process. Therefore, it is unavoidable that the judgment of good or bad of the product quality itself is out of the range, but then it became a situation that Gutara’s father could not reach the itch.

Then, improve it, so add items to check the test ability, point definition ability, and design / implementation ability, and add items that can be used to judge the quality of the product and give guidance on improvement. Based on the experience of my father Gutara, I made it into the final software development audit method.

For process quality, ISO9001 and CMMI were combined, and for product quality, original items were added based on experience, and the Medetaku software development audit was completed. Somehow, it’s in a simmered state with various things properly attached, but …

However, this has been quite useful in practice as it allows us to determine the capabilities of the audited company and provide guidance for improvement in terms of both process quality and product quality . There are many parts that are made up of Gutara’s father’s dogma and prejudice, but if you are interested, I will introduce the method and implementation method of software development audit of Gutara’s style in the following article. Please go out with me.

I will introduce it as easily as possible

It has explained the background of software development auditing, but in short, software development auditing is a method created by Gutara’s father, which is not common in the world, so I think there are various points that are difficult to understand. I will introduce it as easily as possible, but there may be some parts that are difficult to understand. But, well, what’s written here is just the experience of Father Gutara, so you don’t have to understand everything exactly. 

Even if there is something that is difficult to understand, I think it’s okay if the person who reads the article can read it into something that is easy for them to do. What is written here is not a completed final form, but something that is in the process of being created. I would like to introduce such a thing as a reference for everyone.

At the beginning of the title of each article, there is a sub-category related to software development auditing . The subtitle following the subcategory is the outline of the specific article. There is no particular rule on the order of reading, so please read the articles in order from the one you are interested in. For those who want a quick overview , see the article, which outlines soft audits in small categories . That is written in the summary of the article to those who want to know a bit more , the software audit practices or visit the individual article, may I am proceeding to read the individual articles that are linked from the end of the sentence of the summary of the article in order I think.

  •   Soft Audit overview・Purpose 1: Audit to determine development capability
  •   Soft Audit overview・Purpose 2: Audit to improve development capacity 
  •   Soft Audit overview・Purpose 3: Audit to confirm the quality of bug-fixed software 
  •   Soft Audit overview・Target 1: Audit the development process 
  •   Soft Audit overview・Target 2: Audit the test technology 
  •   Soft Audit overview・Target 3: Audit the ability to grasp requirements
  •   Soft Audit overview・Target 4: Auditing design / implementation capabilities (1/2) 
  •   Soft Audit overview・Target 5: Auditing design / implementation capabilities (2/2)
  •   Soft Audit overview・Method 1: Soft audit is process audit + technical ability audit 
  •   Soft Audit overview・Method 2: The process audit procedure is IS9001 
  •   Soft Audit overview・Method 3: CMMI is the confirmation item for process audit
  •   Soft Audit overview・Method 4: Add ISO9001 and CMMI and divide by 2 
  •   Soft audit practice・Preparation 1: Explanation of audit plan
  •   Soft audit practice・Preparation 2: Obtaining materials and understanding the organization
  •   Soft audit practice・Preparation 3: Pre-filling the checklist
  •   Soft audit practice・Audit day 1: 3 Realism is important for soft auditing
  •   Soft audit practice・Audit day 2: First of all, the opening meeting 
  •   Soft audit practice・Audit day 3: Understanding the outline and scale of the organization (1/2) 
  •   Soft audit practice・Audit day 4: Understanding the outline and scale of the organization (2/2)
  •   Soft audit practice・Audit day 5: Functions required for software development and department in charge (1/2)
  •   Soft audit practice・Audit day 6: Functions required for software development and department in charge (2/2)
  •   Soft audit practice・Audit day 7: Points to check the development process
  •   Soft audit practice・Audit day 8: Requirements management check points
  •   Soft audit practice・Audit day 9: Points for checking test technology
  •   Soft audit practice・Audit day 10: Points to check design and mounting technology 
  •   Soft audit practice・Audit Day 11: Preparation of Audit Report (1/2)
  •   Soft audit practice・Audit Day 12: Preparation of Audit Report (2/2)
  •   Soft audit practice・Audit Day 13: Closing Meeting and Follow-up
  •   Soft audit Checklist・No1: Requirements management process
  •   Soft audit Checklist・No2: Planning management process
  •   Soft audit Checklist・No3: Tracking process 
  •   Soft audit Checklist・ No4: Quality Assurance Process (1/2)
  •   Soft audit Checklist・No5: Quality Assurance Process (2/2)
  •   Soft audit Checklist・No6: Configuration management process
  •   Soft audit Checklist・No7: Outsourcing management process
  •   Soft audit Checklist・No8: Requirements management technology (general)
  •   Soft audit Checklist・No9: Reliability/Availability Requirements Management Technology
  •   Soft audit Checklist・No10: Maintainability requirements management
  •   Soft audit Checklist・No11: Security Requirements Management Technology
  •   Soft audit Checklist・No12: Acceptance condition management technology
  •   Soft audit Checklist・No13: Development management technology (general)
  •   Soft audit Checklist・No14: Test management technology (1/2)
  •   Soft audit Checklist・No15: Test Management Technology (2/2)
  •   Soft audit Checklist・No16: Test technology
  •   Soft audit Checklist・No17: Design/Cording Technology (Overview)
  •   Soft audit Checklist・No18: Technology for using purchased software
  •   Soft audit Checklist・No19: OSS/Free software usage technology
  •   Soft audit Checklist・No20: In-house software design/implementation technology (1/2)
  •   Soft audit Checklist・No21: In-house software design/implementation technology (2/2)
  •   The ability of the development contractor is cut off by software development audit