Software Quality Assurance (SQA) is defined as a planned and systematic approach to the evaluation of the quality of and adherence to software product standards, processes, and procedures. SQA includes the process of assuring that standards and procedures are established and are followed throughout the software acquisition life cycle. Compliance with agreed-upon standards and procedures is evaluated through process monitoring, product evaluation, and audits.Software development and control processes should include quality assurance approval points, where an SQA evaluation of the product may be done in relation to the applicable standards.
B. Standards and Procedures:
Establishing standards and procedures for software development is critical, since these provide the frameworkfrom which the software evolves. Standards are the established criteria to which the software products are compared. Procedures are the established criteria to which the development and control processes are compared.Standards and procedures establish the prescribed methods for developing software; the SQA role is to ensure their existence and adequacy. Proper documentation of standards and procedures is necessary since the SQA activities of process monitoring, product evaluation, and auditing rely upon unequivocal definitions to measure project compliance.Types of standards include:
Documentation Standards specify form and content for planning, control, and product documentation and provide consistency throughout a project. The NASA Data Item Descriptions (DIDs) are documentation standards.
Design Standards specify the form and content of the design product. They provide rules and methods for translating the software requirements into the software design and for representing it in the design documentation.
Code Standards specify the language in which the code is to be written and define any restrictions on use of language features. They define legal language structures, style conventions, rules for data structures and interfaces, and internal code documentation.
Procedures are explicit steps to be followed in carrying outa process. All processes should have documented procedures.Examples of processes for which procedures are needed are configuration management, nonconformance reporting andcorrective action, testing, and formal inspections.If developed according to the NASA DID, the Management Plan describes the software development control processes, such as configuration management, for which there have to be procedures, and contains a list of the product standards.Standards are to be documented according to the Standards and Guidelines DID in the Product Specification. The planning activities required to assure that both products and processes comply with designated standards and procedures are described in the QA portion of the Management Plan.
C. Software Quality Assurance Activities:
Product evaluation and process monitoring are the SQA activities that assure the software development and control processes described in the project's Management Plan arecorrectly carried out and that the project's procedures andstandards are followed. Products are monitored for conformance to standards and processes are monitored for conformance to procedures. Audits are a key technique used to perform product evaluation and process monitoring.Review of the Management Plan should ensure that appropriate SQA approval points are built into these processes.
Product evaluation is an SQA activity that assures standards are being followed. Ideally, the first products monitored by SQA should be the project's standards and procedures. SQAassures that clear and achievable standards exist and then evaluates compliance of the software product to the established standards. Product evaluation assures that the software product reflects the requirements of the applicable standard(s) as identified in the Management Plan.
Process monitoring is an SQA activity that ensures that appropriate steps to carry out the process are being followed. SQA monitors processes by comparing the actual steps carried out with those in the documented procedures.The Assurance section of the Management Plan specifies the methods to be used by the SQA process monitoring activity.
A fundamental SQA technique is the audit, which looks at aprocess and/or a product in depth, comparing them to established procedures and standards. Audits are used to review management, technical, and assurance processes to provide an indication of the quality and status of the software product.
The purpose of an SQA audit is to assure that proper control procedures are being followed, that required documentation is maintained, and that the developer's status reports accurately reflect the status of the activity. The SQA product is an audit report to management consisting offindings and recommendations to bring the development into conformance with standards and/or procedures.
D. SQA Relationships to Other Assurance Activities : Some of the more important relationships of SQA to othermanagement and assurance activities are described below.
1. Configuration Management Monitoring
2. Verification and Validation Monitoring
3. Formal Test Monitoring
E. Software Quality Assurance: During the Software Acquisition Life Cycle In addition to the general activities described in subsections C and D, there are phase-specific SQA activities that should be conducted during the Software Acquisition Life Cycle. At the conclusion of each phase, SQA concurrence is a key element in the management decision to initiate the following life cycle phase. Suggested activities for each phase are described below.
1. Software Concept and Initiation Phase
2. Software Requirements Phase
3. Software Architectural (Preliminary) Design Phase
4. Software Detailed Design Phase
5. Software Implementation Phase
6. Software Integration and Test Phase
7. Software Acceptance and Delivery Phase
8. Software Sustaining Engineering and Operations Phase
F. Techniques and Tools: SQA should evaluate its needs for assurance tools versus those available off-the-shelf for applicability to the specific project, and must develop the others it requires.Useful tools might include audit and inspection check lists and automatic code standards analyzers.
