Key words: software quality, testing models, ISO/IEC 12119, cooperative model of testing.

Similar documents
Question Bank Unit 4 & Unit 5

The Components of the SW Quality Assurance System - Overview. 08/09/2006 SE7161 Software Quality Assurance Slide 1

Management System Manual International Compliance Group

Our Ref. April 28, 2005 Page 1/9. 1. Introduction References Certification... 4

Supplier Quality Survey. 1. Type of Business: g) Commodities supplied? Supplier Changes/comments: 2. Headcount breakdown by group: Purchasing

ISO9001:2008 SYSTEM KARAN ADVISER & INFORMATION CENTER QUALITY MANAGEMENT SYSTEM SYSTEM KARAN ADVISER & INFORMATION CENTER

How to manage the transition successfully ISO 9001:2015 TOP MANAGEMENT - QUALITY MANAGERS TECHNICAL GUIDE. Move Forward with Confidence

Software Process Assessment

PASS4TEST IT 인증시험덤프전문사이트

Guidance on the Application. of ISO / IEC Accreditation International Association for Certifying Bodies

Fiat Group Automobiles Policy for Software Quality Improvement

What is ISO 9001 QMS? Business Beam

1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General

IAF Mandatory Document. for the Audit and Certification of a Management System Operated by a Multi-Site Organization (IAF MD 1:2018)

SADCAS POLICY ISO/IEC 17020:2012 TRANSITION

INTERNATIONAL STANDARD

NATO REQUIREMENTS FOR DELIVERABLE QUALITY PLANS

INTRODUCTION IEEE Conformity Assessment Protocols

Software technology 3. Process improvement models. BSc Course Dr. Katalin Balla

E-vote SSA-V Appendix 2 Contractor Solution Specification Project: E-vote 2011

By: MSMZ. Standardization

Measuring Instruments Directive 2014/32/EU Assessment of Notified Bodies in Charge of Type Examination Presumption of Conformity based on EN 17065

INTERNATIONAL STANDARD

Checklist for assessment of Metrological Traceability and Measurement Uncertainty of calibration laboratories NC NA

REQUIREMENTS FOR ACCREDITATION OF INSPECTION BODIES

GENERIC QUALITY ASSURANCE REQUIREMENTS FOR: BUILT TO PRINT ITEMS, ITEMS TO STANDARD AND OFF THE SHELF ITEMS

BUSINESS ASSURANCE GUIDANCE FOR THE TRANSITIONING FROM ISO 9001:2008 TO ISO 9001:2015 SAFER, SMARTER, GREENER

General Accreditation Guidance. ISO/IEC 17025:2017 Gap analysis. April 2018

ANNEX 5 -QUALITY OVERSIGHT 1. INTRODUCTION 2. SCOPE

Quality Management of Software and Systems: Organization of Tests

Software Quality Management

EA-7/04 Legal Compliance as a part of accredited ISO 14001: 2004 certification

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes

Osprey Technologies, LLC. Quality Manual ISO9001:2008 Rev -

Software Project Management Sixth Edition. Chapter Software process quality

Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013

American Association for Laboratory Accreditation

Specification for Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry

PROCESSUS - Methodology for Quality System Improvement Assessment

Provläsningsexemplar / Preview. Second edition

ISO 9001: 2015 Quality Management System Certification. Awareness Training

June 21, 2011 (Tuesday)

General Requirements for the Competence of Testing and Calibration Laboratories

ISO /TS 29001:2010 SYSTEMKARAN ADVISER & INFORMATION CENTER SYSTEM KARAN ADVISER & INFORMATION CENTER

ISO 9001:2000 What does it mean in the supply chain?

Chapter 6. Software Quality Management & Estimation

Software Reliability

IATF - International Automotive Task Force IATF 16949:2016 Frequently Asked Question (FAQ)

IATF - International Automotive Task Force IATF 16949:2016 Frequently Asked Question (FAQ)

Centerwide System Level Procedure

Chapter 12. Contents Evaluating Process! Postmortem Analysis. Chapter 12 Objectives

Definitions contained in the above mentioned document and industry regulations are applicable herein.

PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)

PURCHASE ORDER ATTACHMENT Q-201 SOFTWARE QUALITY SUBCONTRACTOR REQUIREMENTS TASK DESCRIPTIONS - PURCHASE CATEGORY "A"

ISO INTERNATIONAL STANDARD. Specification for security management systems for the supply chain

Equipment In-house Calibration Requirements and use of Non-Accredited Calibration Service Providers

REQUIREMENTS FOR SAFETY RELATED SOFTWARE IN DEFENCE EQUIPMENT PART 1: REQUIREMENTS

ISO/IEC Second edition Reference number ISO/IEC 25051:2014(E) ISO/IEC 2014

NATO Integrated Quality Requirements for Software throughout the Life Cycle

INTERNATIONAL STANDARD

Policy on the Traceability of Measurement Results

Conformity assessment and ISO CASCO for standards writers

ISO 9000 and Total Quality

Vendor Qualification Survey

MEASURING PROCESS CAPABILITY VERSUS ORGANIZATIONAL PROCESS MATURITY

Erol Simsek, isystem. Qualification of a Software Tool According to ISO /6

ISO/IEC INTERNATIONAL STANDARD

SUPPLIER SURVEY FORM Instructions

Common Criteria Evaluation and Validation Scheme For. Information Technology Laboratory. Guidance to Validators of IT Security Evaluations

Section No.: PM 22 Issue No. 01 Issue Date Page 1 of 9 Rev. No. 03 Rev. Date: Procedure for Audit of a Multi-site Organization

STATIONARY SOURCE AUDIT SAMPLE PROGRAM [VOLUME 1, MODULE 2] GENERAL REQUIREMENTS FOR AN ACCREDITOR OF STATIONARY SOURCE AUDIT SAMPLE PROVIDERS

Quality management systems

Ensuring Food Safety. Through Accredited Third-Party Conformity Assessment. An ANSI-ASQ National Accreditation Board White Paper

ASSESSMENT AND CERTIFICATION OF SHIP RECYCLING MANAGEMENT SYSTEMS

DANAK ACCREDITION REGULATION

Green Product Mark Certification Scheme

ISO 9000 STANDARDS: QUALITY AS A MARKET STRATEGY

New ISO/IEC 17025:2017 Update Course (based on DIS Version) Dr. George Anastasopoulos Director, Conformity Assessment ISO/CASCO WG 44 Member

Title Procedure for setting up the accreditation of new conformity assessment schemes

A02 Assessment Rating Guide Revision 2.9 August 21, 2016

Technical Specifications (In-Cash Procurement)

Explanatory Note on the CSM Assessment Body in Regulation (EU) N 402/2013 and in OTIF UTP GEN-G of on the CSM for risk assessment

INTERNATIONAL STANDARD

QSS 0 Products and Services without Bespoke Contracts.

NASA Procedural Requirements

General requirements for the competence of testing and calibration laboratories. In this presentation:

1 General Information Supplier:

IATF - International Automotive Task Force IATF 16949:2016 Sanctioned Interpretations

MALAYSIAN STANDARD. Licensed to UNIMAP LIBRARY / Downloaded on : 22-Dec :14:03 PM / Single user license only, copying and networking prohibited

NEPCon Impartiality Policy

This document is a preview generated by EVS

ISO 9001:2015 Readiness Review

Explanatory Note on the CSM Assessment Body in Regulation (EU) N 402/2013 and in OTIF UTP GEN- G of on the CSM for risk assessment

AP Quality Consulting works with you to provide a custom solution

MALAYSIAN STANDARD QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS (FIRST REVISION) (ISO 9001:2008, IDT) (PUBLISHED BY STANDARDS MALAYSIA IN 2009)

ISO 9001:2015. Main changes in the world s most popular QMS standard SAFER, SMARTER, GREENER. DNV GL 2015 rev 2

Explanatory Note on the CSM Assessment Body in Regulation (EU) N 402/2013 and in OTIF UTP GEN- G of on the CSM for risk assessment

Supplier Quality Survey. 1. Type of Business: g) Commodities supplied? Supplier Changes/comments: 2. Headcount breakdown by group: Purchasing

CMI Guidance Document

CONSOLIDATED VERSION IEC Medical device software Software life cycle processes. colour inside. Edition

Transcription:

Marjan Pivka Vojko Potocan School of Business and Economics Maribor E-mail: Pivka@uni-mb-si UDC: 681.32.06 Original Scientific Paper How can Software Packages Certification Improve Software Process Popular software assesment models such as CMM, BOOTSTRAP, SPICE or ISO 9000 ignore the impact of software product certification on software quality. The first standard for software product quality was German DIN 66285. Based on this standard, the ISO developed a international standard for quality requirements and testing procedures for software packages: ISOIlEC 12119. This paper presents our experience with classical testing models based on ISO/IEC 12119 and DIN 66285 and with our improved model, call ed the cooperative model of testing. With this model we can achieve improvements in testing of efficiency and software production process. Practical experience shows that the roles of all parties in the testing process have changed. Knowledge transfer between the testing laboratory and supplier depends on supplier's maturity level. Key words: software quality, testing models, ISO/IEC 12119, cooperative model of testing. 1. Problem definition Assessment, evaluation and the software process improvement are nowadays known through the American CMM model, the European BOOTSTRAP model, the international SIPICE and the ISO 9000 model. All the models are based on a widely known fact that better product quality can only be achieved by improving the software process. The above stated models do not assure that the software, which is produced in a software process environment and is, for instance, at the third maturity level, will conform with the specific requirements of legislation, safety standards, etc. The users of such software products need more frequent the confirmation that the program product conforms with specific regulations and legislation and accordingly meets certain safety requirements, standards, etc. Such program products are business software packages, embedded software, safety critical or life critical software, etc. The testing of the software product activity for conformity with legislation or other specific requirements is only possible if there are standards or regulations for their testing. The assessment models do not provide direct response to the problem even if the program product is in accordance with the specific requirements of the user. 43

Pivka M., Potocan V. How can software packages certification improve software process There are more than two hundred software quality standards. Most of them are National or Multinational such as ANSI, BSI and DIN standards, and professional standards such as IEEE Standards, Defence standards etc. They cover software entities such as Management, Quality Assurance, Configuration Management, Safety, Design, Requirements Specification, Coding, Verification & Validation, etc. Only two international standards consider the software product. All the others are a part of the software design, implementation and maintenance process. The two international standards applicable to software products are: ISOIlEC 12119: 1994 Information Technology - Software packages - Quality requirements and testing and ISOIlEC 9126: 1991 Information Technology - Software product evaluation - Quality characteristics and guidelines for their use. The testing of a software product for conformity with legislation or specific regulations undoubtedly has an impact on the software developement process and thus, in the long run, on the supplier's software process improvement. This paper discusses the testing model of the software products with which we do not only test the software product's conformity with some standard, but also achieve software process improvement with of knowledge transfered from the testing laboratory to the supplier. 2. ISOfIEC 12119 The scope of ISOIlEC 12119: This International standard is applicable to software packages. Examples are text processors, spread-sheets, data base programs, graphic packages, programs for technical or scientific functions and utility programs (such as programs for data administration). It establishes requirements for software packages (quality requirements) and instructions on how to test a software package against these requirements (instructions for testing, in particular for third party testing). It deals only with software packages as they are offered and delivered. It does not deal with their production process (including activities and intermediate products, e.g. specifications). The supplier's quality system is outside the scope of this international standard. (ISOIlEC 12119). Sets of quality requirements based on this standard are: 1. Product description requirements. Each software package shall have a welldefined product description. It is a part of the software package documentation. It provides information on the user's documentation, programs and data, if any exist. 2. Each software package shall have complete, correct and consistent user's documentation. The documentation shall include complete information on how to install, use and maintain the software package. 3. Programs and data. Quality requirements consider six software quality characteristics defined in ISOIlEC 9126 standard. For functionality, to name one example, it defines the following requirements: installation, presence of functions, correctness and consistency. 44

Zbornik radova 1(22), 1997. ISOIlEe 12119 provides the instructions for the testing of software packages. The specification of the software product and documentation are tested by the inspection method while the testing of programs and data is conducted by black box testing. The classical mode of such testing presupposes that the program product has been completed, and that the testing laboratory is testing the product which is ready for the market or is already on the market. The outcome of such testing is a test report, which shows whether the program product meets the requirements of ISOIlEe 12119 and all the regulations related to this product. In such testing, the following facts have been established in practice: o the testing laboratory shall have to elaborate the testing data for testing, which makes the testing procedure demanding in terms of time and costs; o the testing laboratory shall be familiar with the field covered by the software product. For instance, construction industry packages can be tested only by teams that include experts from construction industry. This assures a high quality level of testing not, only of the programs and data but also of the user interfaces and documentation; o the testing laboratory has no direct impact on the developement process of the software product considered; "" o the knowledge transfer from the testing laboratory to the supplier is limited; o the market (on the users' and suppliers' side) is influenced by ISO 9000 standards and other assessment models and therefore does not understand or accept the meaning of the certified software products; o universities, research laboratories, etc. do not pay attention to the software product certification process. Due to the above-mentioned reasons the classical model of testing software packages for conformity with ISOIlEe 12119 requirements is not used in practice as often as the above mentioned assessment models. In our opinion, the reasons for this lie in the classical model of testing which requires the already performed work (integral testing and the testing of the documentation conformity) to be carried out by the supplier (supposition) and by the testing laboratory (obligation). The solution can be seen in the cooperative model of testing, which will be presented further on in this paper. 3. Cooperative Model of testing The characteristics follows: of the cooperative model of testing can be summarized as The cooperative model of testing is not in contrast with the requirements of the international ISOIlEe 12119 standard. It is used to test the conformity of software 45

Pivka M., Potocan V. How can software packages certification improve software process package with the requirements of standards, being the basis for the evaluation of software packages. A new value of this model can be seen in its impact on the quality of the supplier's software process. Testing in the testing laboratory is not an isolated activity, but the one included in the supplier's software process. Such testing, therefore, presents one of the phases in the life-cycle of the software process. Testing is implemented in many phases, providing a fast reaction to the established deviations. With updated corrections we can reduce the required time and the scope of work, which enables more economical testing. The testing laboratory, the supplier and the users or any other participants interested in software quality (professional associations, auditing agencies, consulting firms,...) actively participate in its implementation. The quality of testing depends upon the organizational maturity level, the participants in testing and the know-how transfer between them. The individual participants of testing have a specific knowledge. The testing laboratory passes the knowledge on the method of testing to suppliers and users. The supplier passes on the knowledge on technology and technique of the software production to the testing laboratory and to the users. The users or other participants in testing pass on specific expert knowledge and practical working experience to the supplier and the testing laboratory..: In the process of the know-how transfer, the cooperative cooperation of the participants in testing assure synergic results which affect the economy and the quality of testing as well as the software production process. The cooperative model of testing is shown in fig. 1. Cooperative testing involves preparation works, central phase - direct testing and final works. The starting points and commissioner basis for the performance of testing are defined in the preliminary phase. The communissioner of testing (supplier, user, professional associations,...) and the testing laboratory agree upon the purpose, goals and requirements, define the mode (selection of procedure, scope, participants in testing) and the terms of testing (testing plans, testing data, testing documentation,...). In special cases, the users with demands for testing and determination of particular and desired goals of testing can also take part in preparation. The central phase of testing follows. The testing of individual components of the software package (unit test) is usually carried out by the supplier without direct supervision of the testing laboratory or the users. In the testing laboratory and on the basis of the development documentation, the supplier examines the correctness and adequacy of individual software components. The testing laboratory or other participants, who pass on specific requirements, knowledge and experience to the supplier, can also take part in the unit test. 46

Zbornik radova 1(22), 1997. After the testing of components we continue with the integrated testing. The integral testing is carried out by the supplier based on the requirements and conditions of the testing laboratory. The testing laboratory carries out the function of controlling supplier's work directly, by control over the supplier, or indirectly, by examining the testing documentation. In the know-how transfer the testing laboratory has an impact on the improvement of the supplier's work, which enables a better quality of current and future products. With their experience and proposals the other participants can have an influence on the integration test. The central phase is completed with the final testing performed by the testing laboratory on the basis of the standard requirements and contractually - agreed obligations. The work covers the methodological, content and formal assessment of suitability. The selected functions, limited values, user's interfaces, user's documentation, volume, etc. are tested at random. The testing laboratory can also include the users or other participants in its work to ensure conformity of the software operation to needs and requirements of the user's environment. In the final phase, the testing laboratory elaborates the testing report, which is the basis for decision-making by the Certification Body (certificate approval, refusal of the approval). At the supplier's special request the testing laboratory can also take into consideration other proposals and opinions. 4. Application of the cooperative Model of testing Our knowledge and practical experience acquired through the application of the cooperative model of testing can be classified into three groups: First: the target software program is in process The reality concerning the planning of testing depends upon the supplier's software maturity level. In the process of development, the program package has been constantly changing, which requires continuous adjustment of testing plans as well as testing both by the supplier and the testing laboratory. Because of development, the documentation is incomplete, there are no sufficient testing data available or as such can not provide real and comprehensive testing of the software package. It was established that the low maturity level of the supplier's software process demands an intensified engagement of the testing laboratory which assures the adequate level of testing with increased control along with the know-how transfer. Second: testing implementation The second group of knowledge is related to the implementation of testing and to the configuration management of the software package in process (development). In the practical work has provided insight into the classic problems of testing without the configuration management in testing of the already tested modules; the same errors occur in various version of modules; the documentation does not follow the process (the development) and testing data are not available in sufficient scope and quality. 47

Pivka M., Potocan V. How can software packages certification improve software process Third: cooperation and communication The third group comprises knowledge on the cooperation and communication between the participants involved in the testing. Between the testing laboratory and the supplier a relationship of mutual respect and confidence should exist. Only in this way the reaction to the established deviations can be prompt, less conflicting and does not depend upon redundant formalities. In testing, we may have a situation in which the a program error can not be exactly documented. In such situations the solution is only possible by mutual cooperation and confidence. Also, the relationship between the testing laboratory and the users (potential and interested users) is very important. Their know-how, requirements and wishes represent considerable contribution to the quality of testing. 5. Conclusions This cooperative model presents a systemic approach to understanding of the software life-cycle as complete process which includes all the operations of the introductory (preliminary, initial) investigations since the termination of its application. Its application enables the knowledge major co-dependency and the synergical operation of the individual activity in the process, which is also true for testing.,;; In the cooperative model, the roles of the individual participants in testing and their mutual relations are based on creative cooperation and mutual exchange of know-how. The value of the cooperative model can be entirely seen in the testing of the software package in process (development). It was established in practice that the supplier's software process maturity level presents the most important problem. Organizational immaturity can be seen as the inadequate definition of the supplier's software life-cycle. For this reason, the supplier is not in a position to adequately carry out and document all development phases, especially the phases of testing. Technological development is usually above than the organizational (e.g. the application of 4GL) but without corresponding organizational support it does not enable the achievement of the expected results. Our practical knowledge can be summed up as follows: In the preparation phase, the testing laboratory assesses the supplier's software process maturity level. This can be established by the second party audit of supplier with a selected model (ISO 9001, CMM, BOOTSTRAP, SPICE or some other). The cooperation mode and control over the supplier depends on their maturity level. If the supplier is at the initial maturity level (CMM model: initial level) a larger scope of know-how and work transfer of the testing laboratory is necessary. The know-how transfer is related to the life-cycle, project management, configuration management, methods of testing, etc. 48

Zbornik radova 1(22), 1997. ~ 1 P_R_E_P_ARA T_IO_N_W_O_R_K_S...IJ. 1 ~.-----------------------~----~..IJ. Zo REQUIREMENTS... FOR TEST ~ PROCEDURES REQUIREMENTS FOR TEST PlANS REQUIREMENTS FOR TEST DATA SUPPLIER TEST LAB. ~ ~~-----q ~ SOFTWARE PROCESS SUPPLIER SUPPLIER NO SUPPLIER TEST LAB DOCUMENTES - TEST LAB. INSPECTION TESTING TEST LAB. TEST RECORDS AND REPORTS NO TEST LAB. CERTIFICATION BODY.(J.. YES L-. ----- Figure 1: The cooperative model of testing 49

Pivka M, Potocan V How can software packages certification improve software process I The users can pass on their observations and proposals to the supplier or to the testing laboratory. If the question concerns wishes, requirements or opinions which are defined in the standard, the testing laboratory is to make decisions in accordance with it. However, the supplier has to make decisions in case the question concerning the content requirements. It was also found that in certain cases the solution is possible only with a contractual agreement of the parties involved. The cooperative model of testing requires less sources for testing regardless of the supplier's maturity level. Greater efficiency and the know-how transfer have a direct impact on the quality of the software process and thus on the performance of the cooperative model of testing. Discussion The know-how transfer from the testing laboratory to the supplier opens questions concerning the principles of independence in the supplier - testing laboratory relationship. The impact of the testing laboratory on the supplier's software process is changing the classic relationship between the participants included in testing. Subsequently this opens up issues regarding the accreditation of the testing laboratories or the additional conditions for the independence of their work. The role of the testing laboratory has changed. The activities of the integral testing were transferred to the supplier, while the control, inspection testing and, if necessary, the know-how transfer are carried out by the testing laboratory. This model can be also applicable when software package has already been elaborated and is on the market. With its documentation the supplier can prove that the standard requirements have been met while the testing laboratory verifies the documentation. References [1] DIN 66285: 1990 Anwendungssoftware. Gtitebedingungen und Ptifbestimmungen. Buch Verlag Berlin 1990 [2] ISO 9000-3:1991 Quality Management and Quality Assurance Standards - Part 3: Guidelines for the application of ISO 9001 to the development, supply and maintenance of software. [3] ISOIlEC 9126:1991 Information Technology - Software product evaluation - Quality characteristics and guidelines for their use. [4] ISOIlEC 12119: 1995 Information Technology - Software packages - Quality requirements and testing. [5] Lindermeier, R. Softwarequalitat und Softwareprtifung. R. Oldenbourg Verlag Mtinchen Wien 1993. 50

Zbornik radova 1(22), 1997. [6] Pivka, M. 1995 Software quality system in a small software house. Procceeding of Software Quality Management 1995 Vol.1. Computational Mechanics Publication. [7] Paulk, et. al: M. Paulk, Bill Curtis, M.B. Chriss&C Webber, Capability Maturity Model, Version 1.1. IEEE Software, July 1993, pp18-27. [8] Rout, P.T.SPICE: A Framework for Software Process Assesment Software Process. Improvement and Practices. August 1995. Pp. 57-66. Received: 1996-07-15 Pivka M., Potocan V. Kako certifikacija sofverskog proizvoda moze poboljsati proces njegovog nastanka Sazetak Poznati modeli procjene, kao sto su CMM, BOOTSTRAP, SPICE ili ISO 9000 zanemaruju mogucnost (utjecaj) certifikacije kvalitete softverskog proizvoda. Prva norma za kvalitetu softverskog proizvoda bila je njemacka norma DIN 66285. Na osnovi ove norme ISO je razvio medunarodnu normu za specifikaciju kvalitete i procedure testiranja softverskih proizvoda, ISO/IEC 12119. U OVOI11 radu prikazuju se nasa iskustva s klasicnim modelima testiranja baziranim na ISO/IEC 12119 i DIN 66285 i s nasim poboljsanim modelom koji smo nazvali kooperativni model testiranja. S ovim modelom mozemo postici: poboljsanje efikasnosti testiranja i procesa proizvodnje softvera. Prakticna iskustva pokazuju da su se izmijenile uloge svih sudionika u procesu testiranja. Transfer znanja izmedu laboratorija za testiranje i dobavljaca ovisi od njegove razine zrelosti. 51

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback