This book introduces Software Quality Assurance (SQA) and provides an overview of standards used to implement SQA. It defines ways to assess the effectiveness of how one approaches software quality across key industry sectors such as telecommunications, transport, defense, and aerospace.* Includes supplementary website with an instructor's guide and solutions* Applies IEEE software standards as well as the Capability Maturity Model Integration for Development (CMMI)* Illustrates the application of software quality assurance practices through the use of practical examples, quotes from experts, and tips from the authors

Preface xvAcknowledgments xxiii1. Software Quality Fundamentals 11.1 Introduction 11.2 Defining Software Quality 21.3 Software Errors, Defects, and Failures 41.3.1 Problems with Defining Requirements 101.3.2 Maintaining Effective Communications Between Client and Developer 131.3.3 Deviations from Specifications 141.3.4 Architecture and Design Errors 151.3.5 Coding Errors 151.3.6 Non-Compliance with Current Processes/Procedures 161.3.7 Inadequate Reviews and Tests 171.3.8 Documentation Errors 171.4 Software Quality 191.5 Software Quality Assurance 201.6 Business Models and the Choice of Software Engineering Practices 221.6.1 Description of the Context 231.6.2 Anxiety and Fear 241.6.3 Choice of Software Practices 251.6.4 Business Model Descriptions 251.6.5 Description of Generic Situational Factors 261.6.6 Detailed Description of Each Business Model 271.7 Success Factors 321.8 Further Reading 331.9 Exercises 342. Quality Culture 352.1 Introduction 352.2 Cost of Quality 392.3 Quality Culture 492.4 The Five Dimensions of a Software Project 532.5 The Software Engineering Code of Ethics 562.5.1 Abridged Version: Preamble 582.5.2 The Example of the Code of Ethics of the Ordre des ing¿enieurs du Qüebec 602.5.3 Whistle Blowers 612.6 Success Factors 622.7 Further Reading 632.8 Exercises 633. Software Quality Requirements 663.1 Introduction 663.2 Software Quality Models 693.2.1 Initial Model Proposed by McCall 713.2.2 The First Standardized Model: IEEE 1061 733.2.3 Current Standardized Model: ISO 25000 Set of Standards 773.3 Definition of Software Quality Requirements 863.3.1 Specifying Quality Requirements: The Process 913.4 Requirement Traceability During the Software Life Cycle 953.5 Software Quality Requirements and the Software Quality Plan 953.6 Success Factors 963.7 Further Reading 973.8 Exercises 974. Software Engineering Standards and Models 1014.1 Introduction 1014.2 Standards, Cost of Quality, and Business Models 1084.3 Main Standards for Quality Management 1094.3.1 ISO 9000 Family 1094.3.2 ISO/IEC 90003 Standard 1154.4 ISO/IEC/IEEE 12207 Standard 1174.4.1 Limitations of the ISO 12207 Standard 1214.5 ISO/IEC/IEEE 15289 Standard for the Description of Information Elements 1214.6 IEEE 730 Standard for SQA Processes 1234.6.1 Activities and Tasks of SQA 1254.7 Other Quality Models, Standards, References, and Processes 1294.7.1 Process Maturity Models of the SEI 1304.7.2 Software Maintenance Maturity Model (S3m) 1354.7.3 ITIL Framework and ISO/IEC 20000 1384.7.4 CobiT Process 1424.7.5 ISO/IEC 27000 Family of Standards for Information Security 1434.7.6 ISO/IEC 29110 Standards and Guides for Very Small Entities 1444.7.7 ISO/IEC 29110 Standards for VSEs Developing Systems 1554.8 Specific Standards for an Application Domain 1564.8.1 DO-178 and ED-12 Guidance for Airborne Systems 1564.8.2 EN 50128 Standard for Railway Applications 1594.8.3 ISO 13485 Standard for Medical Devices 1614.9 Standards and the SQAP 1634.10 Success Factors 1654.11 Further Reading 1654.12 Exercises 1665. Reviews 1675.1 Introduction 1675.2 Personal Review and Desk-Check Review 1725.2.1 Personal Review 1725.2.2 Desk-Check Reviews 1755.3 Standards and Models 1795.3.1 ISO/IEC 20246 Software and Systems Engineering: Work Product Reviews 1795.3.2 Capability Maturity Model Integration 1805.3.3 The IEEE 1028 Standard 1815.4 Walk-Through 1845.4.1 Usefulness of a Walk-Through 1845.4.2 Identification of Roles and Responsibilities 1865.5 Inspection Review 1875.6 Project Launch Reviews and Project Assessments 1895.6.1 Project Launch Review 1905.6.2 Project Retrospectives 1925.7 Agile Meetings 1975.8 Measures 1995.9 Selecting the Type of Review 2025.10 Reviews and Business Models 2055.11 Software Quality Assurance Plan 2055.12 Success Factors 2065.13 Tools 2085.14 Further Reading 2085.15 Exercises 2086. Software Audits 2106.1 Introduction 2106.2 Types of Audits 2156.2.1 Internal Audit 2156.2.2 Second-Party Audit 2156.2.3 Third-Party Audit 2176.3 Audit and Software Problem Resolution According to ISO/IEC/IEEE 12207 2176.3.1 Project Assessment and Control Process 2186.3.2 Decision Management Process 2186.4 Audit According to the IEEE 1028 Standard 2186.4.1 Roles and Responsibilities 2206.4.2 IEEE 1028 Audit Clause 2216.4.3 Audit Conducted According to IEEE 1028 2226.5 Audit Process and the ISO 9001 Standard 2256.5.1 Steps of a Software Audit 2266.6 Audit According to the CMMI 2306.6.1 SCAMPI Assessment Method 2316.7 Corrective Actions 2336.7.1 Corrective Actions Process 2346.8 Audits for Very Small Entities 2386.9 Audit and the SQA Plan 2396.10 Presentation of an Audit Case Study 2416.11 Success Factors 2466.12 Further Reading 2476.13 Exercises 2477. Verification and Validation 2497.1 Introduction 2497.2 Benefits and Costs of V&V 2557.2.1 V&V and the Business Models 2577.3 V&V Standards and Process Models 2577.3.1 IEEE 1012 V&V Standard 2587.3.2 Integrity Levels 2607.3.3 Recommended V&V Activities for Software Requirements 2627.4 V&V According to ISO/IEC/IEEE 12207 2637.4.1 Verification Process 2657.4.2 Validation Process 2657.5 V&V According to the CMMI Model 2667.6 ISO/IEC 29110 and V&V 2677.7 Independent V&V 2687.7.1 IV&V Advantages with Regards to SQA 2717.8 Traceability 2717.8.1 Traceability Matrix 2737.8.2 Implementing Traceability 2767.9 Validation Phase of Software Development 2777.9.1 Validation Plan 2797.10 Tests 2817.11 Checklists 2827.11.1 How to Develop a Checklist 2837.11.2 How to Use a Checklist 2857.11.3 How to Improve and Manage a Checklist 2867.12 V&V Techniques 2877.12.1 Introduction to V&V Techniques 2877.12.2 Some V&V Techniques 2887.13 V&V Plan 2897.14 Limitations of V&V 2907.15 V&V in the SQA Plan 2917.16 Success Factors 2927.17 Further Reading 2937.18 Exercises 2938. Software Configuration Management 2958.1 Introduction 2958.2 Software Configuration Management 2968.3 Benefits of Good Configuration Management 2978.3.1 CM According to ISO 12207 2988.3.2 CM According to IEEE 828 2998.3.3 CM According to the CMMI 2998.4 SCM Activities 3018.4.1 Organizational Context of SCM 3018.4.2 Developing a SCM Plan 3028.4.3 Identification of CI to be Controlled 3038.5 Baselines 3098.6 Software Repository and Its Branches 3118.6.1 A Simple Branching Strategy 3158.6.2 A Typical Branching Strategy 3168.7 Configuration Control 3188.7.1 Requests, Evaluation, and Approval of Changes 3198.7.2 Configuration Control Board 3218.7.3 Request for Waivers 3228.7.4 Change Management Policy 3228.8 Configuration Status Accounting 3238.8.1 Information Concerning the Status of CI 3238.8.2 Configuration Item Status Reporting 3258.9 Software Configuration Audit 3258.9.1 Functional Configuration Audit 3278.9.2 Physical Configuration Audit 3278.9.3 Audits Performed During a Project 3288.10 Implementing SCM in Very Small Entities with ISO/IEC 29110 3298.11 SCM and the SQAP 3308.12 Success Factors 3318.13 Further Reading 3338.14 Exercises 3339. Policies, Processes, and Procedures 3359.1 Introduction 3359.1.1 Standards, theCost ofQuality, and Business Models 3419.2 Policies 3419.3 Processes 3459.4 Procedures 3519.5 Organizational Standards 3529.6 Graphical Representation of Processes and Procedures 3539.6.1 Some Pitfalls to Avoid 3569.6.2 Process Mapping 3579.6.3 ETVX Process Notation 3579.6.4 IDEF Notation 3669.6.5 BPMN Notation 3709.7 Process Notation of ISO/IEC 29110 3769.8 Case Study 3839.9 Personal Improvement Process 3889.10 Policies, Processes, and Procedures in the SQA Plan 3939.11 Success Factors 3949.12 Further Reading 3959.13 Exercises 39610. Measurement 39710.1 Introduction--the Importance of Measurement 39710.1.1 Standards, the Cost of Quality, and Software Business Models 40110.2 Software Measurement According to ISO/IEC/IEEE 12207 40210.3 Measurement According to ISO 9001 40310.4 The Practical Software and Systems Measurement Method 40410.5 ISO/IEC/IEEE 15939 Standard 41110.5.1 Measurement Process According to ISO 15939 41210.5.2 Activities and Tasks of the Measurement Process 41210.5.3 An Information Measurement Model of ISO 15939 41210.6 Measurement According to the CMMI Model 41810.7 Measurement in Very Small Entities 42110.8 The Survey as a Measurement Tool 42110.9 Implementing a Measurement Program 42510.9.1 Step 1: Management Commitment Build-Up 42610.9.2 Step 2: Staff Commitment Build-Up 42710.9.3 Step 3: Selection of Key Processes to be Improved 42710.9.4 Step 4: Identification of the Goals and Objectives Related to the Key Process 42710.9.5 Step 5: Design of the Measurement Program 42710.9.6 Step 6: Description of the Information System to Support Measurement 42810.9.7 Step 7: Deployment of the Measurement Program 42810.10 Practical Considerations 43010.10.1 Some Pitfalls with Regards to Measurement 43210.11 The Human Side of Measurement 43510.11.1 Cost of Measurement 43810.12 Measurement and the IEEE 730 SQAP 43910.12.1 Software Process Measurement 44010.12.2 Software Product Measurement 44110.13 Success Factors 44310.14 Further Reading 44310.15 Exercises 44411. Risk Management 44511.1 Introduction 44511.1.1 Risk, the Cost of Quality and Business Models 45111.1.2 Costs and Benefits of Risk Management 45311.2 Risk Management According to Standards and Models 45411.2.1 Risk Management According to ISO 9001 45411.2.2 Risk Management According to ISO/IEC/IEEE 12207 45511.2.3 Risk Management According to ISO/IEC/IEEE 16085 45611.2.4 Risk Management According to the CMMI Model 45911.2.5 Risk Management According to PMBOK(r) Guide 46111.2.6 Risk Management According to ISO 29110 46211.2.7 Risk Management and the SQA According to IEEE 730 46511.3 Practical Considerations for Risk Management 46611.3.1 Risk Evaluation Step 46811.3.2 Risk Control Step 47411.3.3 Lessons Learned Activity 47711.4 Risk Management Roles 47811.5 Measurement and Risk Management 47911.6 Human Factors and Risk Management 48311.7 Success Factors 48511.8 Conclusion 48611.9 Further Reading 48711.10 Exercises 48712. Supplier Management and Agreements 48912.1 Introduction 48912.2 Supplier Requirements of ISO 9001 49012.3 Agreement Processes of ISO 12207 49112.4 Supplier Agreement Management According to the CMMI 49412.5 Managing Suppliers 49612.6 Software Acquisition Life Cycle 49712.7 Software Contract Types 49912.7.1 Fixed Price Contract 50112.7.2 Cost plus Percentage of Cost 50212.7.3 Cost plus Fixed Fee 50212.7.4 Risk Sharing 50212.8 Software Contract Reviews 50512.8.1 Two Reviews: Initial and Final 50512.8.2 Initial Contract Review 50612.8.3 Final Contract Review 50912.9 Supplier and Acquirer Relationship and the SQAP 51012.10 Success Factors 51112.11 Further Reading 51212.12 Exercises 51213. Software Quality Assurance Plan 51413.1 Introduction 51413.2 SQA Planning 51813.2.1 Purpose and Scope 51813.2.2 Definitions and Acronyms 51813.2.3 Reference Documents 51913.2.4 SQAP Overview--Organization and Independence 52013.2.5 SQAP Overview--Software Product Risk 52413.2.6 SQAP Overview--Tools 52513.2.7 SQAP Overview--Standards, Practices, and Conventions 52513.2.8 SQAP Overview--Effort, Resources, and Schedule 52613.2.9 Activities, Outcomes, and Tasks--Product Assurance 52813.2.10 Activities, Outcomes, and Tasks--Process Assurance 52913.2.11 Additional Considerations 53113.2.12 SQA Records 53613.3 Executing the SQAP 53713.4 Conclusion 53913.5 Further Reading 53913.6 Exercises 540Appendix 1. Software Engineering Code of Ethics and ProfessionalPractice (Version 5.2) 541Appendix 2. Incidents and Horror Stories Involving Software 549Glossary - Abbreviations - Acronyms 555References 576Index 591