Software Engineering Standards and Models: - 1. Introduction

21/04/2019
Module 4
Software Engineering
Standards and Models
4. Software Engineering • 1. Introduction

• Who can summarize what we

have seen till now?
1
21/04/2019
4. Software Engineering • 1. Introduction

• In this section, we are going to

have a look at various
standards that can enhance
SQA.
4. Software Engineering • 2. STANDARDS, COST OF QUALITY,

Standards and Models AND BUSINESS MODELS
• We will briefly review the main

business models in the software
industry, namely (adapted from
Iberle:
• Custom systems written on contract:

The organization makes profits by
selling tailored software
development services for clients.
• Custom software written in-house:

The organization develops software
to improve organizational efficiency.
2
21/04/2019
4. Software Engineering • 2. STANDARDS, COST OF QUALITY,

Standards and Models AND BUSINESS MODELS
• Commercial software: The company

makes profits by developing and
selling software to other
organizations.
• Mass-market software: The company

makes profits by developing and
selling software to consumers.
• Commercial and mass-market

firmware: The company makes
profits by selling software in
embedded hardware and systems.
• 2. STANDARDS, COST OF QUALITY, AND

4. Software Engineering BUSINESS MODELS
• The standards are commonly used in
the following business models:
– custom systems written on contract,

– mass-market software
– and commercial and mass-market
firmware.
• In these business models, standards are

used to optimally manage development
and minimize errors and risks.
• As for the “Custom systems written on

contract” business model, it is the client
who will decide whether or not to
impose standards.
3
21/04/2019
4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

Standards and Models MANAGEMENT
• ISO 9000 Family
• The ISO 9000 family includes the

following four standards.

• ISO 9000 Family
• The ISO 9001 standard provides the

basic concepts, principles and
vocabulary of quality management
systems (QMS) and is the basis for
other standards for QMSs.
4
21/04/2019
4. Software Engineering
• 3. MAIN STANDARDS FOR QUALITY
MANAGEMENT
• ISO 9000 Family
• ISO 9001 proposes the following for

each QMP:
– A statement that describes the

principle.
– A foundation that explains why this
principle is important for the
organization.
– The main benefits associated with
this principle.
– Possible actions to improve the
performance of the organization by
applying this principle.

4. Software Engineering MANAGEMENT
• ISO 9000 Family
• The seven QMP of the ISO 9001, presented

in order of priority, are:
• Principle 1: Customer focus

• Organizations depend on their customers
and therefore should understand current
and future customer needs, should meet
customer requirements and strive to exceed
customer expectations.
• Principle 2: Leadership
• Leaders establish unity of purpose and
direction of the organization. They should
create and maintain the internal
environment in which people can become
fully involved in achieving the organization’s
objectives.
5
21/04/2019

• ISO 9000 Family
• Principle 3: Involvement of people

• People at all levels are the essence of an
organization and their full involvement
enables their abilities to be used for the
organization’s benefit.
• Principle 4: Process approach

• A desired result is achieved more
efficiently when activities and related
resources are managed as a process.
MANAGEMENT
• ISO 9000 Family
• Principle 5: System approach to

management
• Identifying, understanding, and
managing interrelated processes as a
system contributes to the organization’s
effectiveness and efficiency in achieving
its objectives.
• Principle 6: Factual approach to decision

making
• Effective decisions are based on the
analysis of data and information.
6
21/04/2019

• ISO 9000 Family
• Principle 7: Mutually beneficial

supplier relationships
• An organization and its suppliers are
interdependent and a mutually
beneficial relationship enhances the
ability of both to create value.

• ISO 9000 Family
• The ISO 9001 standard applies to all

organizations regardless of size,
complexity, or business model.
• ISO 9001 uses the process approach,

the Plan-Do-Check-Act (PDCA)
approach, and a risk-based thinking
approach.
7
21/04/2019

4. Software Engineering MANAGEMENT
• ISO 9000 Family - PDCA
• The process approach allows an

organization to plan its processes and their
interactions.
• The PDCA cycle allows an organization to

ensure that its processes are adequately
resourced and appropriately managed and
that opportunities for improvement are
identified and implemented.
• The risk-based thinking approach allows an

organization to determine the factors that
may cause deviation from its processes and
its QMS in relation to expected results, to
implement preventive measures in order to
limit negative effects and exploit
opportunities when they arise.

• ISO/IEC 90003 Standard
• The ISO/IEC 90003 standard provides

guidelines for the application of the
ISO 9001 standard to computer
software.
• It provides organizations with

instructions for acquiring, supplying,
developing, using and maintaining
software.
8
21/04/2019

• ISO/IEC/IEEE 12207 STANDARD
• The third edition of the ISO/IEC/IEEE

12207 standard [ISO 17] establishes
a common framework for software
life cycle processes.
4. Software Engineering • 4. IEEE 730 STANDARD FOR SQA

Standards and Models PROCESSES
• QA according to IEEE is a set of

proactive measures to ensure the
quality of the software product.
• The IEEE 730 provides guidance for

the SQA activities of products or of
services.
9
21/04/2019

• The following text box provides the

definition SQA of the IEEE 730.

• Compliance with all requirements of

IEEE 730 [IEE 14] can be imposed by
a client in an agreement (e.g., a
contract) with the organization that
will develop software.
• However, a given project may not

need to use all the activities of the
standard.
• The implementation of the standard

implies the selection of a set of
activities adapted to a project.
10
21/04/2019
4. Software Engineering • 5. Process Maturity Models of the

Standards and Models SEI – CMMI DEV
• The SEI developed several Capability

Maturity Models (CMM®).
• Here, we will present the CMMI

model used to develop products
(e.g., software, system) and services
– CMMI DEV.
• The CMMI model was developed as

two versions: an initial staged
version and a continuous version.

• For each level of maturity, a set of

process areas are defined. Each area
encompasses a set of requirements
that must be met.
• Model practices are grouped into 22

process areas, which are further
broken down into five maturity
levels.
11
21/04/2019

• Maturity Level 1: Initial
• At maturity level 1, processes are

usually ad hoc and chaotic. The
organization usually does not
provide a stable environment to
support processes.
• Success in these organizations

depends on the competence and
heroics of the people in the
organization and not on the use of
proven processes.

• Maturity Level 2: Managed
• The projects have ensured that

processes are planned and executed
in accordance with policy.
• When these practices are in place,

projects are performed and
managed according to their
documented plans.
12
21/04/2019
• 5. Process Maturity Models of the SEI
– CMMI DEV
• Maturity Level 3: Defined
• At maturity level 3, processes are well

characterized and understood, and are
described in standards, procedures,
tools, and methods.
• The organization’s set of standard

processes is established.
• Projects establish their defined

processes by tailoring the organization’s
set of standard processes according to
tailoring guidelines.

• Maturity Level 4: Quantitatively

managed
• At maturity level 4, the organization

and projects establish quantitative
objectives for quality and process
performance and use them as
criteria in managing projects.
• Quality and process performance is

understood in statistical terms and is
managed throughout the life of
projects.
13
21/04/2019

• Maturity Level 5: Optimizing
• At maturity level 5, an organization

continually improves its processes
based on a quantitative
understanding of its business
objectives and performance needs.

14
21/04/2019

4. Software Engineering • 6. ITIL Framework and ISO/IEC

Standards and Models 20000
• What is a service?.
15
21/04/2019
4. Software Engineering • 6. ITIL Framework and ISO/IEC 20000

• In the 1980s, the British government
wanted to improve efficacy and reduce
IT costs in public companies by
developing a universal method that
could be applied to all public
organizations.
• The project, which was initiated in 1986,

really took off in 1988.
• The conclusions of the study quickly led

to the definition of general principles
and the development of best practices.
• 6. ITIL Framework and ISO/IEC 20000
• ITIL is therefore a compendium of good
practices and a compilation of
descriptions of business processes that
allow us to benefit from the experience
of many organizations.
• The definition of a service, when used in

the computing context, is as an
organizational unit of the company
similar to the accounting department, in
that it supports the organization. This
concept is also linked to the fact that
information systems render services to
users; services such as email, desktop
support, and others.
16
21/04/2019

• ITIL’s philosophy is based on the

following fundamental concepts:
• taking into account the client’s

expectations regarding
implementing computer services;


• the implementation of
interdependent ITIL processes to
ensure service quality;
• the implementation of a way of

measuring this quality from the
user’s point of view;
17
21/04/2019


• the importance of communication

between the computer department
and the rest of the company;
• ITIL is flexible enough and must

remain so in order to adapt to all
organizations.
4. Software Engineering • 7. COBIT Process

• What is IT governance?
18
21/04/2019

• IT governance (ITG) is defined as the
processes that ensure the effective
and efficient use of IT in enabling an
organization to achieve its goals.

• CobiT [COB 12] is a repository of
best practices for IT governance
established by ISACA (IT auditors).
• Oriented on auditing and

governance assessment information
systems.
• CobiT provides risk analysis and

assessment of the effectiveness of
internal controls.
19
21/04/2019

• This repository of best practices tries
to cover several concepts such as the
analysis of business processes,
technical aspects of IT, control needs
in information technology, and risk
management.
• This process is harmonized with the

ITIL reference, the PMBOK® Guide
from the Project Management
Institute as well as the ISO 27001
and ISO 27002 standards.

• CobiT version 5 covers 34 generic
guidance processes and 318 control
objectives divided into four process
domains:
• planning and organization;

• acquisition and implementation;
• distribution and support;
• monitoring and surveillance.
20
21/04/2019
4. Software Engineering • 8. ISO/IEC 27000 Family of

Standards and Models Standards for Information Security
• The ISO 27002 standard comprises

133 practical steps to be used by
anyone in charge of implementing or
maintaining an Information Security
Management System - ISMS.
• Information security is defined

within the standard as the
“preservation of confidentiality,
integrity and availability of
information.”
4. Software Engineering • 8. ISO/IEC 27000 Family of

Standards and Models Standards for Information Security
• This standard is not mandatory for

companies. However, it may be
required under a contract.
• The ISO 27002 standard is made up

of 11 main sections, which cover
security management as well as its
strategic and operational aspects.
Each section makes up a chapter of
the standard
21
21/04/2019
• 8. ISO/IEC 27000 Family of Standards

4. Software Engineering for Information Security
• security policy;
• information security organization;
• asset management;
• security related to human resources;
• physical and environmental security;
• communications and operations
management;
• access control;
• acquisition, development, and
maintenance of information systems;
• incident management related to
information security;
• activity continuity management;
• legal and regulatory compliance.
• 8. ISO/IEC 27000 Family of Standards

4. Software Engineering for Information Security
• security policy;
• information security organization;
• asset management;
• security related to human resources;
• physical and environmental security;
• communications and operations
management;
• access control;
• acquisition, development, and
maintenance of information systems;
• incident management related to
information security;
• activity continuity management;
• legal and regulatory compliance.
22
21/04/2019
4. Software Engineering • 9. STANDARDS AND THE SQAP

• Standards have a central place in a
project’s SQAP (Software Quality
Assurance Plan).
• The SQA function need to assess the

adherence of project processes and
products to the applicable
agreements (e.g., contracts),
regulations and laws, organizational
standards, and procedures.

• Standards have a central place in a
project’s SQAP (Software Quality
Assurance Plan).
• The SQAP identifies all applicable

standards, practices, and
conventions used for the project
such as:
– documentation standards;
– design standards;
– coding standards;
– standards for comments;
– testing standards and practices.
23
21/04/2019

• Once the standards are identified
and staff are trained on how to use
them, SQA has a duty to conduct
process and product assurance
evaluations.
4. Software Engineering • 9. SUCESS FACTORS

24
21/04/2019
4. Software Engineering • Homework

• Try to do a comparison between ITIL,
COBIT5 and ISO27002.
• Try to find the criteria of comparison

before starting the comparison.
25

Software Engineering Standards and Models: - 1. Introduction

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Software Engineering Standards and Models: - 1. Introduction

Uploaded by

Copyright:

Available Formats

21/04/2019

4. Software Engineering • 1. Introduction

• Who can summarize what we

4. Software Engineering • 1. Introduction

• In this section, we are going to

4. Software Engineering • 2. STANDARDS, COST OF QUALITY,

• We will briefly review the main

• Custom systems written on contract:

• Custom software written in-house:

4. Software Engineering • 2. STANDARDS, COST OF QUALITY,

• Commercial software: The company

• Mass-market software: The company

• Commercial and mass-market

• 2. STANDARDS, COST OF QUALITY, AND

– custom systems written on contract,

• In these business models, standards are

• As for the “Custom systems written on

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO 9000 Family

• The ISO 9000 family includes the

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO 9000 Family

• The ISO 9001 standard provides the

• ISO 9000 Family

• ISO 9001 proposes the following for

– A statement that describes the

• 3. MAIN STANDARDS FOR QUALITY

• The seven QMP of the ISO 9001, presented

• Principle 1: Customer focus

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO 9000 Family

• Principle 3: Involvement of people

• Principle 4: Process approach

• ISO 9000 Family

• Principle 5: System approach to

• Principle 6: Factual approach to decision

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO 9000 Family

• Principle 7: Mutually beneficial

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO 9000 Family

• The ISO 9001 standard applies to all

• ISO 9001 uses the process approach,

• 3. MAIN STANDARDS FOR QUALITY

• The process approach allows an

• The PDCA cycle allows an organization to

• The risk-based thinking approach allows an

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO/IEC 90003 Standard

• The ISO/IEC 90003 standard provides

• It provides organizations with

4. Software Engineering • 3. MAIN STANDARDS FOR QUALITY

• ISO/IEC/IEEE 12207 STANDARD

• The third edition of the ISO/IEC/IEEE

4. Software Engineering • 4. IEEE 730 STANDARD FOR SQA

• QA according to IEEE is a set of

• The IEEE 730 provides guidance for

4. Software Engineering • 4. IEEE 730 STANDARD FOR SQA

• The following text box provides the

4. Software Engineering • 4. IEEE 730 STANDARD FOR SQA

• Compliance with all requirements of

• However, a given project may not

• The implementation of the standard