Definition and Concepts
Quality assurance is the activity of providing evidence to establish confidence that quality requirements will be met. ISO defines quality assurance as all the planned and systematic activities within the quality system, and demonstrated as needed, to provide adequate confidence that an entity will fulfill requirements for quality.
Quality assurance activities provide protection against quality problems through early warnings of trouble ahead. The assurance comes from evidence provided by a set of facts. For simple products, the evidence is found through inspection or testing of the product. For a complex product, the evidence is provided by inspection and test data, and also reviews of plans and audits of the execution of plans. Three forms of company-wide quality assurance are quality audits, quality assessments and product audits.
A quality audit is an independent review conducted to compare aspects of quality performance against a standard. The word independent is significant because the reviewer is neither the person responsible for the performance of the process under review nor the immediate supervisor of that person. An independent quality audit provides an unbiased picture of the performance of the quality system.
An internal audit is called a first party audit and is conducted within an organization by an auditor appointed by that organization. External audits are either second or third party audits. A second party audit is conducted within a supplier's organization by the organization that makes purchases from the supplier. A third part audit is conducted by an organization that is independent of the purchaser and supplier organizations. A quality audit provides assurance that:
- Plans for attaining quality are such that, if followed the required quality will be attained.
- Products are fit for use and safe for the user.
- There is conformance to specifications.
- Procedures are adequate and are being followed.
- Opportunities for improvement are identified and the appropriate personnel are alerted.
- Deficiencies are identified and corrective action taken.
A product audit is an independent evaluation of the products fitness for use and conformance to specification. The purpose of product audit is to:
- Estimate the quality level delivered to customers.
- Providing useful information to improve outgoing product quality level and improving the effectiveness of inspection.
- Provide additional assurance beyond routine inspections.
- Evaluate inspection decisions in determining conformance to product specifications.
Ideally the product audit should compare the actual service performance to the users specification needs. Since this ideal is costly to administer most product audits consist of an approximation. For stable products the approximation of test results versus specifications is an economical way of conducting a product audit. For even complex products most of the quality characteristics identifiable by a user can be identified in the factory. Thus product characteristics that are essential for use are properly studied and evaluated at appropriate stages of product manufacturing.
Provision must be made for two types of audit: (1) random and (2) focused. The former is based on random selection of product characteristics to provide an unbiased picture of quality status. A focused audit concentrates on specific areas of the product that need to be improved based on experience.
Software Quality Assurance
Software differs from tangible products in the sense that no amount of inspection can make visible the final quality of the finished product. No amount of testing can take into account all possible combination of inputs and conditions that the software will be subject to during actual use. Hence a set of complimentary activities have to be undertaken encompassing prevention, appraisal and consequence mitigation during software development. These activities should address the products, processes and the personnel involved in software development.
- Products: Products can be inspected for the possession of specified characteristics. Standards must be applied to evaluate (1) the existence and format of documentation items (2) compliance with computer language syntax and (3) satisfaction of acceptance criteria for performance.
- Process: Software development process can be thought of as maturing through a series of stages or maturity levels. Evaluation of an organization and its practices can be used to assign that organization a development maturity level and prescribe remedial and improvement actions. The process assessment methodology developed by the Software Engineering Institute is based on in depth questionnaire and technical interviews. The goal is to zero in on a software development process under statistical control where it can generate products within anticipated limits of cost, schedule and confidence on quality.
- Personnel: Personnel qualifications must be established at a project, quality or industry level. A guideline that can be used is the certification being sponsored by the Software Division of the American Society for Quality Control. It grants individuals specializing in a particular technical field a qualification certificate based on a mix of formal training, job experience, examination results and personal recommendation.
Risk level assignments for software systems must be based on the evaluation of the size of the software and its impact on the system in which it is to function. Any system whose failure has the potential to threaten human health and safety must receive stringent attention.
Software must be both verified and validated. To verify the software is to confirm that it satisfies the specified requirements. Is it doing the job right? To validate the software is to map its performance against an objective external reference. Is it doing the right job? Well designed and well conducted quality evaluations can establish the desired level of confidence in terms of fitness of software for intended use.