CSCS351 Software

Quality Assurance
Lecture 5

Dr. Aasia Khanum, Department of Computer Science, FC College, Lahore

 • Process Quality Standards
• ISO 9000, 9001, 9000-3
Outline • CMMI
 Delegates from 25 countries
met in London and decided to
create a new international
organization, of which the
objective would be "to
facilitate the international
coordination and unification of
industrial standards".

International
Standards 23 Feb. 1947

Organization 1946

(ISO)
The new organization,
International Standards
Organization (ISO), officially
began operations on 23
February 1947, in Geneva,
Switzerland.
 The ISO 9000 family of
Quality Management Systems standards is
designed to help organizations ensure
that they meet the needs of customers
and other stakeholders while meeting
ISO 9000 statutory and regulatory requirements
related to a product or program.
Standards
Family
ISO 9000 deals with the fundamentals of
Quality Management Systems, based upon
7 quality management principles.
 QMP 1 – Customer focus

QMP 2 – Leadership

Seven QMP 3 – Engagement of people

Principles of QMP 4 – Process approach

ISO 9000 QMP 5 – Improvement

QMP 6 – Evidence-based decision making

QMP 7 – Relationship management

Seven Principles of ISO 9000

Principle 1 – Principle 2 – Principle 3 – Principle 4 – Process

Customer focus Leadership Engagement of people approach
Organizations depend Leaders establish unity People at all levels are A desired result is
on their customers and of purpose and the essence of an achieved more
therefore should direction of the organization and their efficiently when
understand current organization. .create full involvement activities and related
and future customer and maintain the enables their abilities resources are managed
needs, should meet internal environment to be used for the as a process.
customer requirements in which people can organization's benefit.
and strive to exceed become fully involved
customer in achieving the
expectations. organization's
objectives.
Seven Principles of ISO 9000

Principle 5 – Improvement Principle 6 – Evidence-based Principle 7 – Relationship

decision making management
Improvement of the Effective decisions are based An organization and its
organization's overall on the analysis of data and external providers (suppliers,
performance should be a information. contractors, service providers)
permanent objective of the are interdependent and a
organization. mutually beneficial
relationship enhances the
ability of both to create value.
 ISO 9001 is the only standard within the ISO 9000 family that an
organisation can become certified against, because it is the standard that
defines the requirements of having a Quality Management System.

3rd-party certification bodies provide independent confirmation

that organizations meet the requirements of ISO 9001.

ISO 9001 Over one million organizations worldwide are

independently certified
Certification Follows the Plan, Do, Check, Act cycle in a process
Standard based approach

Encourages risk based thinking.

Latest version: 2015

ISO 9001
Requirements for a Quality Management Systems (QMS)

Before the certification body Sections 1 to 3 are not Section 4: Context of

can issue or renew a directly audited against, but the Organization
certificate, the auditor must be
satisfied that the company
because they provide context
and definitions for the rest of • E.g. organization size, Section 5: Section 6:
being assessed has
implemented the requirements
the standard, not that of the
organization, their contents
market, customers, Leadership Planning
of sections 4 to 10. must be taken into account. internal culture etc.

Section 9:
Section 7: Section 8: Section 10:
Performance
Support Operation Improvement
evaluation
 The ISO 9001 standard is
generic; its parts must be
carefully interpreted to make
Industry- sense within a particular
organization.
Specific
Interpretations Diverse organizations like police
of ISO 9001 departments, professional
soccer teams, and city councils
—have successfully implemented
ISO 9001 systems.
 The TickIT guidelines are an
interpretation of ISO 9001
produced by the UK Board of
Trade to suit the processes of
Software- the information technology
industry, especially software
Specific development.

Interpretations
of ISO 9001 ISO/IEC 90003:2018 provides
guidelines for the application
of ISO 9001 to computer
software.
CMMI (Capability Maturity Model Integration)

CMMI is a proven
industry framework to CMMI uses 5 levels to
improve product quality describe the
and development maturity of the
efficiency for both organization
hardware and software

Sponsored by US
Department of Defence in Many companies have CMMI has been
cooperation with Carnegie been involved in CMMI established as a model
Mellon University and the definition such as to improve business
Software Engineering Motorola and Ericsson results
Institute (SEI)
How can CMMI help?

CMMI provides a way to focus Behavioral changes are needed Initially a lot of investment
and manage hardware and at both management and staff required – but, if properly
software development from levels. E.g.: managed, will be more
product inception through efficient and productive while
deployment and turning out products with
maintenance. consistently higher quality.
ISO9000 is a process compliance standard Increased personal accountability
CMMI is a process improvement model Tighter links between Product
Management, Development, etc.
CMMI Staged Representation - 5 Maturity Levels

Level 5
Process performance continually improved
through incremental and innovative
Optimizing technological improvements.
Level 4

Quantitatively Processes are controlled using statistical and

ity
other quantitative techniques.
ur Managed
at
sM

Level 3
Processes are well characterized and understood.
es
oc

Defined Processes, standards, procedures, tools, etc. are

Pr

defined at the organizational (Organization X )

Level 2 level. Proactive.

Managed Processes are planned, documented, performed, monitored,

and controlled at the project level. Often reactive.
Level 1

Processes are unpredictable, poorly controlled, reactive.

Initial
Maturity Level 1
(Initial)

The process performance

may not be stable and may
Processes are
Maturity Level 1 deals with not meet specific
unpredictable, poorly
performed processes. objectives such as quality,
controlled, reactive.
cost, and schedule, but
useful work can be done.
Maturity Level 2
(Managed, at the Project Level)

• Maturity Level 2 deals with managed processes.

• A managed process is a performed process that is also:
• Planned and executed in accordance with a policy
• Employs skilled people
• Adequate resources are available
• Controlled outputs are produced
• Stakeholders are involved
• The process is reviewed and evaluated for adherence to requirements
• Processes are planned, documented, performed, monitored, and controlled
at the project level. Often reactive.
• The managed process comes closer to achieving the specific objectives such
as quality, cost, and schedule.
Maturity Level 3
(Defined, at the Organization Level)

Maturity Level 3 deals A defined process is a managed Major portions of the

with defined processes. process that is: organization cannot “opt out.”
Well defined, understood, deployed and
executed across the entire
organization. Proactive.
Processes, standards, procedures, tools,
etc. are defined at the organizational
level. Project or local tailoring is
allowed, however it must be based on
the organization’s set of standard
processes and defined per the
organization’s tailoring guidelines.
Maturity Level 4
(Quantitatively Managed)

• Process is measured and controlled

• Greater sense of teamwork and interdependencies

Dr. Aasia Khanum, Department of Computer Science, FC College, Lahore

Maturity Level 5
(Optimizing)

• Focus is on continuous quantitative improvement

• Focus on “fire prevention”; improvement anticipated and desired,
and impacts assessed

Dr. Aasia Khanum, Department of Computer Science, FC College, Lahore

 CMMI Process Areas
Maturity Level Project Managment Engineering Process Management Support
5 Organizational Innovation & Deployment Causal Analysis & Resolution
Optimizing
4 Quantitative Project Mngt Organizational Process Performance
Quantitatively
Managed
3 Integrated Project Mngt Requirements Development Organizational Process Focus Decision Analysis & Resolution
Defined Risk Management Technical Solution Organizational Process Definition
Product Integration Organizational Training
Verification
Validation
2 Project Planning Requirements Mngt Measurement & Analysis
Managed Project Monitoring & Process & Product Quality Assurance
Control Configuration Mngt
Supplier Agreement Mngt

1
Initial
 Thank You!

Dr. Aasia Khanum, Department of Computer Science, FC College, Lahore