Professional Documents
Culture Documents
GLOSARY
- AENOR: Is a certification body with various headquarters in the world, including
Latino America.
- Audit: Is an external review of the system.
- Benchmark: Bank of tests that generally is used to test software.
- BSI: British Standard Institution, is an international entity that publishes
standards, and
also gives certification services.
- Capacity: Ability of a process to meet some requirements.
- CMMI: Software model for the evaluation of the quality.
- Developers: People that develops software.
- Environment: Can be the place where an application is executed, for example an
internal
network, or a production environment.
- ISO: International organization that develops and publishes ISO standards.
- IT service: Service that is related to the Information Technologies.
- Knowledge base: Database with specific information about some topics.
- Maturity: Ability of an organization to offer quality in the software.
- Outcomes: Results of processes.
- PDCA: Model of continual improvement, composed by the following steps: Plan, Do,
Check, Act.
- Process: A set of activities that have several inputs and give several outputs.
- Software life cycle: The development of software is composed by different steps,
generally: Requirements analysis, Design the software, Implementation,
Documentation
and testing, and Operate and maintain the system.
Quality of the process
- Software product: Is the result of the development of the software, and the
product that
can be sold to the customers.
- Source code: Lines of code which the software is composed. This source code can
be
written in Java, C++, PHP, or any other programming language.
- SQuaRE: Software Quality Requirements and evaluation, is a model composed by
various standard for the evaluation of the software product.
Quality of the process
MODULE N° 1: Quality of the process
2. SPECIFIC INFORMATION ABOUT THE MODULE
TABLE OF CONTENT
1. Quality of the process.
1.1 Introduction to the maturity model.
1.2 Approach about SPICE
1.3 Structure of ISO/IEC 15504
1.4 Software life cycle processes – ISO 12207
1.5 SPICE certification
INTRODUCTION TO THE MODULE 1
In this module we will see the software quality from the point of view of the
processes,
so we will see the SPICE model, which is composed mainly by the standards ISO/IEC
15504 (evaluation) and ISO/IEC 12207 (processes).
Bibliographi
c reference
(APA)
What is
SPICE? wibas.
Capability
Maturity
Model
Integration
https://www.wibas.com/en/turningvisions/publications/articles/spice/what-spice/
https://es.wikipedia.org/wiki/Capability_Maturity_Model_Integrati
on
Quality of the process
2. Thematic unit 2 – Quality of the process
2.1.- Introduction to the maturity model.
In the industry of the engineering of the software, errors are typical. Probably
more than
once your computer, or an application you usually use to surf the internet, it has
shown you
an error message, not allowing you to work with her.
These errors were much more common in the past, given that is cared less for the
quality of
the product, or are not cared for properly.
Really, in systems that were developed in the past, quality focused on detecting
errors in a
test phase, once developed the software.
Currently, this has improved, and now not only is important the detection of
errors, also is
important the definition of process, and use them for the development of the
software, for of
this way improve the quality of the product developed.
Therefore, it is important to test the product once it has developed, but it is
also very
important to establish a series of processes, to be used for the development of the
product,
to thus ensure the quality of the software .
Software
process
Error
detection
Software
Software quality
Figure 1 – Software quality
Quality of the process
The concept of process software, includes to all them activities that is carried to
out,
and the methods that are defined, and practices that can be used for the
development and maintenance of the software.
You can define a process basically as a black box, where is carried out a series of
activities, taking as basis a series of entries, and providing as output a series
of
results.
Inputs
Activities
Outputs
Figure 2 - Process
Therefore, the activities will provide results, on the basis of some parameters.
These
activities may consist of the following actions:
•
•
•
They have to return the results that were expected, or that were established.
Quality of the process
•
•
Define the
process
Improve the
process
Measure
the process
Control the
process
The evaluation of the maturity model is generally more common, since it gives a
global picture of the organization,
However, these models are not incompatible, i.e., are often used in a way parallel,
thus can know the level of maturity of the organization, and also the level of
capacity
for each of their processes.
Capacity
evaluation
• Individual processes
Maturity
evaluation
• All processes
Level 3:
Established
Level 0:
Incomplete
On the other hand, the levels of maturity that defines ISO / IEC 15504 are the
following:
Quality of the process
Level 3:
Established
Level 2: Managed
Level 1: Basic
Level 0: Immature
The majority of organizations certified in the SPICE model, are level 2 and 3,
being
the level 2 the first certifiable level. So, levels 0 and 1 are not certifiable
(especially
the level 0, which indicates that the processes are not implemented).
On the other hand, the ISO/IEC 15504 also relies on another standard, the ISO/IEC
12207, which defines a common framework for software life cycle processes. We'll
talk more in detail about this standard later.
Therefore, an organization of software development based on the SPICE model, can
implement the processes of ISO/IEC 12207.
There is a specific model of SPICE focused in the industry of the automotive, which
is known as Automotive SPICE, and is composed by specific processes of this
industry.
CMMI-DEV defines the following levels of maturity:
Quality of the process
Level 5:
Optimized
Level 4:
Managed
Level 3:
Defined
Level 2:
Repeatable
Level 1: Initial
As you can observe, is very similar to the model of SPICE, therefore, is very
simple
mapping their levels.
•
•
Initial audit
Surveillance
audit
Recertification
audit
Figure 8 – Main types of certification audits
After each audit, the lead auditor is responsible for issuing a final report with
the
results of the audit. This report may contain findings that the company needs to
treat,
developing a corrective actions plan.
Once the organization presents the corrective actions plan, if the lead auditor
valid
it, gives a decision for the certification to the certification body, and finally
if it is all
right, the certification body gives the certificate to the company (valid for 3
years).
The organization must ensure, during the time of validity of the certificate, to
keep
the system implemented and maintained, and may lose certification if during any
Quality of the process
surveillance audit, or a recertification audit, has not worked on findings
identified
during an audit.
There is another type of audit, unusual, which is called extraordinary audit, which
is
used in those cases in which a very important finding is detected and the
certification
body must verify in situ, after a normal audit, if the organization has treated and
solved the very important finding.
These audits are performed by auditors qualified by certification bodies, which
also
have to conduct audits according to another standard: the ISO/IEC 17021. In other
words, this standard defines requirements for certification bodies, for the
activities
carried out during the certification audit.
2.3.- Structure of ISO/IEC 15504
When we speak about ISO/IEC 15504, really consists of 10 parts.
a.- ISO/IEC 15504-1:2004 Information technology. Process assessment. Part 1:
Concepts and vocabulary
This first part of the standard provides information about basic concepts related
to
the evaluation of processes. On the other hand, it also provides information about
the terminology used in the standard for the evaluation of processes.
Therefore, this standard simply provides information about basic concepts, and
vocabulary that is used in all standards for the evaluation of the processes.
Level 5
Level 4
Level 3
Level 2
Level 1
Level 0
Process A
Process B
Process C
Process D
ID of the process
attribute
N/A
Process attribute
PA 1.1
PA 2.1
PA 2.2
PA 3.1
PA 3.2
PA 4.1
PA 4.2
PA 5.1
PA 5.2
In this way, you can use an array like the one shown below to determine the level
of maturity of an organization:
Quality of the process
Level 5
Level 4
Level 3
ML3
Level 2
ML4
ML5
ML2
Level 1
ML1
1A
1B
1C
2D
2E
2F
3D
3E
3F
4D
4E
4F
5D
5E
5F
ISO/IEC 15504-1
ISO/IEC 15504-2
• Performing an assessment
ISO/IEC 15504-3
ISO/IEC 15504-4
ISO/IEC 15504-5
ISO/IEC 15504-6
ISO/IEC 15504-7
ISO/IEC 15504-8
ISO/IEC 15504-9
Agreement processes
Organizational project-enabling processes
Project processes
Technical processes
Software implementation processes
Software support processes
Software reuse processes
Each of these groups, defines specific processes, which are described below.
Agreement
processes
Acquisition
process
Supply
process
Organizational
project-enabling
processes
Life cycle
model
management
process
Infrastructure
managemend
process
Project
portfolio
management
process
Human
resource
management
process
Quality
management
process
experienced in the software life cycle processes, which will help the
organization reach its goals.
Quality management process: The main objective of this process is to
ensure the quality of products and services, which have to fulfil the objectives
of the customer, and their needs.
Project
processes
Project
planning
process
Project
assessment and
control process
Decision
management
process
Risk
management
process
Configuration
management
process
Information
management
process
Measurement
process
•
•
Technical
processes
Stakeholder
requirements
definition process
System
requirements
analysis process
System
architectural
design process
Implementation
process
System
integration
process
System
qualification
testing process
Software
installation
process
Software
acceptance
support process
Software
opeation process
Software
maintenance
process
Software disposal
process
•
•
•
•
Software
implementation
processes
Software
implementation
process
Software
requirements
analysis process
Software
architectural
design process
Software detailed
design process
Software
construction
process
Software
integration
process
Software
qualification
testing process
•
•
Software
support
processes
Software
documentation
management
process
Software
configuration
management
process
Software quality
assurance
process
Software
verification
process
Software
validation
process
Software review
process
Software audit
process
Software
problem
resolution
process
•
•
Software
reuse
processes
Domain
engineering
process
Reuse asset
management
process
Reuse program
management
process
•
•
ISO 12207
ISO 17021
SPICE certification
Figure 17 – Standards for the SPICE certification
We should also mention that you can meet different certification models of SPICE,
which can have a different selection of processes for each maturity level.
In other words, you know that to achieve each level of maturity, it is necessary to
implement certain processes of ISO/IEC 12207, with a certain level of ability. But
what processes?
In the case of the certification body AENOR, processes that must be implemented
for the maturity level of 1, 2 and 3 are as follows:
Quality of the process
Maturity
level 1
Supply process
Software
configuration
management
process
Maturity
level 2
Stakeholder
requirements
definition process
System
requirements
analysis process
Project planning
process
Project
assessment and
control process
Configuration
management
process
Measurement
process
Software quality
assurance
process
Maturity
level 3
Software
requirements
analysis process
Software
architectural
design process
System
architectural
design process
Infrastructure
management
process
Human resource
management
process
Risk management
process
Decision
management
process
Software
integration
process
System
integration
process
Software
veritication
process
Software
validation process