Software Quality Management



Most of us agree to the fact that if we brought a product with some kind of assurance that it will meet a given need.

Customers has the right to expect that product should meet its need.

This fact is the driving force for Quality Assurance (QA): ensuring that the user is given a product that lives up to its standard and specified needs.

A mis-conceptation is that QA is equal to testing

In fact, Quality Assurance (QA) is a lot more than just testing. It makes sure the product is following a process in all phases of the development process



Common Question for Developer and Customers

In the context of software development, is there any standard software developers can follow ?

The answer is Yes. The ISO 9000 series of standard is a series of international quality standards, developed by the International Organization for Standardization.

The standards are applied to different quality management system and the process used to produce a product.

In other words, the ISO standard set a way to produce quality products by building quality into the products rather than testing quality into the products.

It is used to ensure that defects do not occur in the first place.

In this information resource page, we will explore some of the most common software development cycles and techniques. Topics such as software development cycle, testing cycle, defect tracking process, skill/training needs analysis, general process management process, etc. will be discussed. We will then explore how the actual processes map to ISO standards. Real working sample standards as well as process will be provided as example in this resource page. We hope executives, software developers, and customers will benefit from the information provided in this page. Happy quality products building !



Product Development

Remember that the Waterfall Model is as follows:

Requirement Analysis and Specification


Architecture Design

Module Design



Maintenance and evolution

While the model shows a very good sense of what to follow, almost no company will follow a strict Waterfall model

One "stage" is missing .... "Business", in software engineering, we would like to build the best product on the market in the lowest-cost manner. In some cases, a common four phases model is used:



Business Model Oriented Software Development Phases



Design and Test



Business ->                                                   |
-> Analysis ("Exploratory" / Top Down)                        |
-> Design and Test ("Build it" / Botton Up)                   |
-> Packaging to a driver or final product ---------------------

(Reusable Components Added)


Business Phase


User demand for a new system

Customer willingness to participate in a system development effort


Identify and document types of users

Identify and document initial user requirements

Contact customers interested in a development partnership


Initial cusomter requirements document draft - this document will contain the inital system requirements

Statement of target customer - this includes a statement of the type of customer as well as a list of customers willing to participate in the development effort


Analysis Phase

This phase uses an iteractive prototyping technique to develop its deliverables (it is like a mini design and implementation of iterative development)

It focus a "top-down" identification of new reusable business components

This phase will produce a prototype (which will not directly used to develop the final product, the design and test phase deliverable will)

The coding in here is usually "quick and dirty" (supposingly, prototype is throwaway)

One to two months iterations will be used


Requirements specification draft

Customer definition

Customer partner list


Write use cases (how to use the product, one use case for one major user function, you want to model the customer application, not yours ... use all the term from the customers)

Verify use cases with customers

Extract and document requirements from use cases

Extract nouns from use cases

Identify and document application classes from the noun list

Walk through use cases, using application classes

Prototype use cases

Update use cases and requirements as needed

Document customer requirements

Document the draft system architecture

Document the draft user's manual


Detailed requirements specification

The functional requirements

The customer type

The target language and hardware

System architecture draft

User manual draft

Throwaway prototype code


Design and Test Phase

This phase uses an iterative development technique to develop subsystems

The code evolves into the final product code with emphasis during iterations correspondingly changed from the analysis phase

Three to four month iterations will be typical

Scheduling will be driven by the detailed requirements from the analysis

Design is still exploratory and design patterns should be used if possible

Design Steps

Produce a development plan

Review the Analysis-Phase Deliverables

Document the target language, hardware, and software platforms

Search the reuse library for applicable off-the-shelf components (patterns ?)

Look for overlap of responsibilities, similarity of types of objects

Draw Class Diagrams

Draw Scenario Diagrams

Walk through the design diagrams and documentation

Implement subsystems

Test Steps

Assess Performance, Quality, Reusability: The emphasis is on meeting final product assessment criteria.

Iterate until requirements met


Subsystem testing

Reuse library testing

Problem Tracking

Document final subsystem designs

Document final architecture

Document final user manual

System test the complete system


1. Quality product code for each subsystem

2. Design documentation


Packaging Phase


Quality product code for each subsystem

System design documentation

User manual


Search for reusable components

Translate product


Final product code

New reuse-library components



Testing Cycle

More information on Validation and Verification



Defect Tracking Process

More information on Validation and Verification



Skill/Training Needs Analysis

Making sure your employee get the right education to perform their jobs is very important

Survery for available classes

Do education requirement (At least twice a year is recommended)

Finalize on classes offered

Managers / Employee do education plan

Signup classes (and trace class information)

Update plan as education need is fullfilled

Close plan once or twice a year and document changes (no class taken or education need switch also needed to be documented)



General Process Management Process

Info on process such as IPD (Not covered in here)



Why Building a Quality Management System with ISO 9000 ?

If you are a market/customer driven person, then the answer is simple.

Customers demand it. With company like IBM and Microsoft, there is at least 25% of the customers demand ISO 9000 certified products. Most of these customers are big corporations or government related companies. Some manufacturers are taking a hit of losing business because they are not ISO 9000 certification. The basic reason bebind the ISO 9000 certification demand is due to the fact that Customer wants quality products.



Brief Overview on the ISO Standard and How to Satisfy it

ISO Home Page

ISO 9000 and ISO 14000



Getting Start with the Certification Process

Contact the agent that will do certification

Here are some of them:

Underwriters Laboratories Inc.


About the Audit:

Sample Questions

What is your mission ?
(As a company or department)
Normally during an audit, you will be given a chance to present what processes and tools you are using in your company (department). And the auditors will use these processes and tools to start off some questions. The following are common questions that will be asked:

What is your key process ?
(ABC development process - A process own by a single department (QA Dept) and used by the whole company)

Do you (your department) own any process ?
(If yes - It better be well documented and always updated as needed)

How do you measure your company (department) effectiness ?
(Use pointers to the process you use, show traceabiliy in different stage of the development cycle)

What kind of meetings are used ?
(Examples are formal weekly meeting with attendance, agenda, minutes, etc
Informal meeting with no tracking record. If your process states that there will be formal review meetings, please make use you trace all the attendance, agenda, minutes, results, etc.)

How do you track your progress ?
(Review meetings, defect report, etc)

What kind of operation controls are used ?
(Team meetings, department meetings, Web, other documentation tool, etc)

How do you track improvement ?
(Review meeting, report tools, Reports on the web, suvery, etc)

What is your Quality records ?
(Formal Development Documents, Documents on the web, etc)

What about training need, how do you identify there is a need ?
(Skills Survey - Do a survery to your employee to find out what they want and map that into the business need. Keep track of all the records/results with the survery. Also, track all the way how you are going to close the results. For example, a class is scheduled for all employee, or due to change in business mission, no action taken. A trace with "no action" is a valid way to close a training item. Not saying anything is not.)

(Use of video tape, web, seminars, mentor, etc. Please stay whether that is formal or not)

Specific Quesitons on Training
(There are basic two types of training: Formal and Informal. Formal requires documentation traceability, Informal does not needed to be traced in detail.)

Where is your trace for training records ?
(Class attendence, on the job university course training, etc)

Do you keep track of attendence when there is a training meeting ?
(A hard copy of names is fine; if the training is informal, say so in your education documentation)

Is there any way to track on job training ?
(Education record for each employee)

(Note: A education/training plan should include 3 phases:

+ve close: For example, a class is scheduled, etc
-ve close: Due to change in business need, this specific training not need
+ve or -ve, we need some closing action

Can you tell us something about project improvement plan ?
(Team meeting, Project end internal feedback session, Notes/Web discussion database, External beta program for feedback)

How often do you review your company (department) master process document ?
(A master process document is a document that will contain all the process information on a company (department). For example, mission statement, processes used, etc)

The following is a sample of it:



ISO Master Document for Department X

Mission / Responsibilities
Department X is an internet software development company which produces different internet digital business products. The department is made up almost entirely of interent system programmers. The department is responsible for products: Remote Internet Printing, Internet Process Management, Host Connect Java Tool Kit, and Internet Development Framework.

Processes / Procedures

The following are the processes owned and used:

Quality Improvement Plan (Q.I.P)

Review Approach

Improvement Item

Date Completion

Using WWW as the major vehicle to track information under the second-line area TBD On-going
Using Lotus Notes as the main groupware under the second-line area to improve productivity TBD On-going
Management Quality Opinion Surveys and Executive Interviews and Roundtables are the vehicles for improvement On-going

Operational Controls/Quality Records

Activity Approach Level Frequency
Process Controls      
Weekly Staff Meeting Meeting 2nd line managers Weekly
Weekly Project Meeting Meeting (one on one with 1st line managers) 2nd line managers Weekly
Management Controls      
Lab Quality Meeting Meeting 3rd line managers Quarterly (4 times a year)


Quality Records Plan

Quality Record Process Media Type Where Stored Storage Owner Collection Owner Retention
Internal Audits (Completion Management Reports) Quality System Management Audtion Procedure Soft Copy Defect Database IS Department Defect Owner / ISO Area Coordinator Current Defect Database
Department Training Records N/A Soft Copy Personel Personel Department Manager Company Personel handles
Software Design Document N/A Soft Copy Design Database Design Database Department Manager Current Design Database
Quality System Management Reviews - Review of this document N/A Soft Copy Department Web Page Department Manager Department Manager Anually



The education rep for this department is Employee XYZ.

Department X uses the Company X Site Skills Planning Guide to determine training requirements. The process is described in the Company X Procedures Guide. More details on education information can be obtained from the education rep.

TRAINING for all managers is provided in 4 steps...

Position/Job Requirements Comments
Step1: Qualification
For new managers, or managers moving to a position with significantly higher levels of responsibility Initial qualification is determined by management review of the individual's:
  • education & training
  • experience
  • personal interview
For all managers Ongoing ability to perform assigned tasks is ensured through the planning counselling and project evaluation process Based on job performance, documented in reviews and appraisals
Step 2: Training Needs
For all managers Required training is defined by Personel Department Management Guide  
Step 3: Providing Training
For all managers Training is provided by Personel Department. Records tracked online by immediate manager  
Step 4: Training Records
For all managers Appropriate records of completed training and job experience are maintained under the tracking tool by Personnel Department Note: All Person records are confidential

TRAINING for all non-manager jobs is provided in 4 steps...

Position/Job Requirements Comments
Step 1: Qualification    
For all new hire candidates, non-regulars, and for all other people being considers for transfer into the department Initial qualification is determined by management review of the individual's
  • education & training
  • experience
  • personal interview
For all department members Ongoing ability to perform assigned tasks is ensured through project reviews and appraisals  
Step 2: Training Needs    
For all department members who require training Training needs are identified by one or more of the following
  • appraisals
  • Employee Development Plans
  • Individual Education Plans
Step 3: Provide Training    
For all department members who require training Individuals are responsible for enrolling in appropriate training classes through universities or by attending seminars.

Experience (on the job) training is provided by

  • team members/peers
  • team leader
  • special assignments
Step 4: Training Records    
Training records for all department members Appropriate records for completed training and job experience are maintained under Personel Department Note: All person records are confidential


QCB Self Reviews

Date Comments / Action Required or Taken Manager

Change History

Date Change Description Entered By

Delegate Authorization List



Special Note

This QCB is the most updated master copy. Any other soft or hard copies should be considered as not under formal control.



Review Question:

Do ISO help in work load or bad in general since it does somehow create additional paper work ?

It helps to create a basis for quality products, the image of the company is also improved due to the fact that we are ISO certified. Some customers also require us to be ISO certified. The additional documents are actually useful in doing our job and keep our process dynamic and sound.

It is a great thing. It helps building great processes. We can tun our plan process, software development process as well as a lot of things that is useful to our job. We use process (the core of ISO) in our day to day job. It does not take too much time and help building good business.



Copyright 1996-2001 OpenLoop Computing. All rights reserved.