Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 4
Software Engineering Standards and Models

After completing this chapter, you will be able to:

– understand the evolution and the importance of software engineering standards for the SQA specialist;
– understand the standards for software quality management systems: ISO 9001, ISO/IEC 90003, ISO/IEC 20000, and the TickIT certification process [TIK 07];
– understand the software engineering standards: ISO/IEC/IEEE 12207 and IEEE 730 that govern the content of the SQA plan;
– include other improvement models, norms, standards, and quality processes: CMMI^® maturity models of software processes and S^3m, ITIL, the CobiT IT governance approach, the ISO/IEC 27000 information security standard, and the ISO/IEC 29110 standards for very small organizations;
– understand that there are also repositories and standards specific to certain application domains: DO-178 and ED-12 for aeronautics, EN 50128 for railways and ISO 13485 for the field of medical devices that contain software;
– understand the importance of standards in terms of SQA.

4.1 Introduction

Other engineering domains such as mechanical, chemical, electrical, or physics engineering are based on the laws of nature as discovered by scientists. Figure 4.1 illustrates some of the many laws of nature.

Equations show few nature laws used by some engineering disciplines with labels for Hooke’s Law, Gravitational Law, Newton’s Law, Boyle-Mariotte’s Law, Ohm’s Law, Curie’s Law, Coulomb’s law, and Refraction Law. — **Figure 4.1** A few laws of nature used by some engineering disciplines.

Unfortunately, software engineering, unlike other engineering disciplines, is not based on the laws of nature. This explains, in part, some of the setbacks discussed in Chapter 1. The number of defective software, accidents and deaths, projects over budget and that are delivered past deadlines, and frustrated users are some examples of these setbacks.

The development of software is based only on the laws of logic and mathematics. Software engineering, like other disciplines, is based on the use of well-defined practices for ensuring the quality of its products. In software engineering, there are several standards, which are actually guides for management practices. A rigorous process is the framework for the way standards are developed and approved including, among others, international ISO standards and standards from professional organizations such as IEEE.

The four principles for the development of ISO standards are:

– ISO standards meet a market need.
– ISO standards are based on worldwide expertise.
– ISO standards are the result of a multi-stakeholder process.
– ISO standards are based on consensus.

The ISO standards are developed by consensus, as defined below. Consensus is required to produce a standard that will be accepted by the community of interest.

Consensus means (adapted from Coallier (2003) [COA 03]):

– That all parties were able to express their views;
– The best effort has been made to take into account all opinions and solve all problems (i.e., all the submissions in a vote of the draft of a standard).

The first condition to bear in mind is that standards, which differ from other written guidelines, are quasi-legal documents. Standards can be used either to prove or refute elements in a court of law. Standards often become legal requirements when they are adopted by governments and regulatory agencies. When this occurs, the content of a standard is important, since organizations then use it to develop products and services that can greatly impact human life, the environment, or business.

The right-hand side of Figure 4.2 shows the development of standards as of the 1970s when the American Department of Defense (DoD) created the “DoD-STD-1679A” military standard [DOD 83]. At that time, a contract was given to a supplier to develop a piece of software, and it took months, if not a year before receiving the final product. Since the client did not see any development with this process, and, in the end, received boxes containing documents and magnetic tape, this approach was called the “Big Bang.” The DoD then decided that the entire software development process had to become more transparent to allow documents produced throughout the development cycle to be evaluated. The military standard required that the supplier write and have a number of documents approved. These approvals allowed clients to review, comment, and approve documents instead of waiting until the end and receiving software that did not meet their needs. Review and approval activities for documents were related to certain project management activities: the approval of these documents led to the payment of a large sum of money as agreed to in the contract with the supplier. This enabled the client to remotely control the development of the requested software. Over the years, other organizations such as the IEEE, the International Organization for Standardization (ISO), and the European Space Agency (ESA) developed standards. During the late 1980s, the American DoD decided to use commercial standards instead of military standards, such as ISO/IEC/IEEE 12207 [ISO 17], to develop its software. Military software engineering standards were then removed.

Diagram shows development of standards and models with labels for SDCE, SCE, CBA IPI, SCAMPI, ISO 15939, PSM, SA-CMM, et cetera. — **Figure 4.2** The development of standards and models.

*Source*: Adapted from Sheard (2001) [SHE 01] with the permission of Systems and Software Consortium, Inc.

On the left-hand side of the figure, we note the “Capability Maturity Model” (CMM^®). It was developed at the request of the American DoD, by the Software Engineering Institute (SEI) in order to provide a road map of engineering practices to improve the performance of the development, maintenance and service provisioning processes. This model is described in a later section.

The Continuous Evolution of Standards

The standards presented in this book are constantly evolving. They are reviewed periodically and, if necessary, updated. Some standards are updated about every 5 years. Others are updated if major changes are needed. In an organization, it is possible that different versions of the same standard are used. For example, when an agreement or a contract is signed, we normally quote the latest version of the standard in the contract. In some organizations, such as those working in military defense and aerospace, a development or maintenance project can span over many years if not several decades. In such cases, it is possible that the customer prefers to continue the project with the version of the standard used at the beginning of the project, while for the same organization, a new project will use the latest version of the same standard. Developers and SQA must then carry out their responsibilities with the two versions of the same standard and use templates and checklists specific to each version.

Figure 4.3 illustrates the evolution of standards that are maintained and published under the responsibility of the appointed subcommittee for standardized processes, tools, and supporting technologies for software engineering and systems: ISO/IEC JTC1 SC7.

Bar graph shows standards SC7 evolution on years from 1987 to 2017 versus range from 0 to 180 with plots for standards in portfolio and new standards. — **Figure 4.3** The evolution of standards SC7 [SUR 17].

In the 1980s, there were only five standards; in 2016, more than 160 standards make up the portfolio of sub-committee 7 (SC7). This rapid increase is due, among others, to the fact that more software engineering practices have matured and acquired a broad consensus since the late 1980s.

More than 39 countries actively participate in the development of SC7 standards and 20 countries participate as observers. For countries that actively participate and have the right to vote, the meaning of the Greek word “ISOS” implies that the vote of any ISO member country is equal to the vote of any other country, no matter its size, economic, or political influence.

The majority of software engineering standards of SC7 describe proven practices such as configuration management and quality assurance (QA) practices, while a small number of standards, such as ISO 25000 presented in the previous chapter, describe product requirements.

The ISO/IEC/IEEE 24765 [ISO 17a] glossary will be used as the reference for most of the definitions in this book. When a term is not defined in the ISO 24765, the definition of another standard will be used, such as ISO 9001, the IEEE standard or CMMI^® for Development [SEI 10a].

In recent years, some software engineering standards in the portfolio of SC7 saw their scope expanded as the practices described can be applied to a wider area than software engineering alone. For example, the scope of software engineering standards of verification and validation, risk management, and configuration management has been extended to cover the field of systems engineering that develop products which often include hardware (e.g., electronic, mechanical, and optical) and software. Thus, a greater number of engineers and developers use the same standards. This facilitates communication between different domains.

System

Combination of interacting elements organized to achieve one or more stated purposes.

Note 1 to entry: A system is sometimes considered as a product or as the services it provides.
Note 2 to entry: In practice, the interpretation of its meaning is frequently clarified by the use of an associative noun, e.g. aircraft system. Alternatively, the word “system” is substituted simply by a context-dependent synonym, e.g. aircraft, though this potentially obscures a system principles perspective.
Note 3 to entry: A complete system includes all of the associated equipment, facilities, material, computer programs, firmware, technical documentation, services and personnel required for operations and support to the degree necessary for self-sufficient use in its intended environment.

ISO 15288 [ISO 15c]

4.2 Standards, Cost of Quality, and Business Models

In a previous chapter, we presented the notions of cost of quality and business models. Regarding cost of quality, standards are an element of prevention costs: in other words, the costs incurred by an organization to prevent errors from happening during different stages in the development or maintenance process. Table 4.1 lists the different prevention cost elements. Purchasing, training, and standards implementation are also prevention costs.

Table 4.1 Prevention Costs (Adapted from Krasner (1998) [KRA 98])

Majorcategory	Subcategories	Definition	Typical cost
Prevention costs	Quality basis definition.	Efforts to define quality, set quality goals, standards, and thresholds. Quality trade-off analysis.	Defining release criteria for acceptance testing and related quality standards.
	Project and process-oriented interventions.	Efforts to prevent poor product quality or improve process quality.	Training, process improvements, metrics collection, and analysis.

Majorcategory

Subcategories

Definition

Typical cost

Prevention costs

Quality basis definition.

Efforts to define quality, set quality goals, standards, and thresholds.

Quality trade-off analysis.

Defining release criteria for acceptance testing and related quality standards.

Project and process-oriented interventions.

Efforts to prevent poor product quality or improve process quality.

Training, process improvements, metrics collection, and analysis.

We will briefly review the main business models in the software industry, namely (adapted from Iberle (2002) [IBE 02]):

– Custom systems written on contract: The organization makes profits by selling tailored software development services for clients.
– Custom software written in-house: The organization develops software to improve organizational efficiency.
– Commercial software: The company makes profits by developing and selling software to other organizations.
– Mass-market software: The company makes profits by developing and selling software to consumers.
– Commercial and mass-market firmware: The company makes profits by selling software in embedded hardware and systems.

The standards are commonly used in the following business models: custom systems written on contract, mass-market software and commercial and mass-market firmware. In these business models, standards are used to optimally manage development and minimize errors and risks. As for the “Custom systems written on contract” business model, it is the client who will decide whether or not to impose standards.

In this chapter, we present a brief overview of some standards: process standards, product standards, and quality systems. We also present the CMMI model because its widespread use has made it a de facto standard.

4.3 Main Standards for Quality Management

This section describes the main standards related to the management of software quality: ISO 9000 [ISO 15b] and ISO 9001 [ISO 15] and the application guide for software, the ISO/IEC 90003 standard. We also present a brief overview of the quality standard for the medical domain.

4.3.1 ISO 9000 Family

As described on the ISO website, “The ISO 9000 family addresses various aspects of quality management and contains some of ISO's best known standards. The standards provide guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer's requirements, and that quality is consistently improved.” The ISO 9000 family includes the following four standards.

The ISO 9001 standard provides the basic concepts, principles and vocabulary of quality management systems (QMS) and is the basis for other standards for QMSs [ISO 15]. The “Quality Management Principles” (QMP) are a set of values, rules, standards, and fundamental convictions regarded as fair and that could be the basis for quality management. ISO 9001 proposes the following for each QMP:

– A statement that describes the principle.
– A foundation that explains why this principle is important for the organization.
– The main benefits associated with this principle.
– Possible actions to improve the performance of the organization by applying this principle.

The seven QMP of the ISO 9001, presented in order of priority, are [ISO 15]:

– Principle 1: Customer focus

Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.

– Principle 2: Leadership

Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives.

– Principle 3: Involvement of people

People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.

– Principle 4: Process approach

A desired result is achieved more efficiently when activities and related resources are managed as a process.

– Principle 5: System approach to management

Identifying, understanding, and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives.

– Principle 6: Factual approach to decision making

Effective decisions are based on the analysis of data and information.

– Principle 7: Mutually beneficial supplier relationships

An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.

As an example, the first principle of customer focus is described in detail [ISO 15]:

– Statement

The main objective of quality management is to satisfy customer requirements and strive to exceed their expectations.

– Basis

Sustainable performance is achieved when an organization obtains and retains the confidence of customers and of other interested parties. Every aspect of the interaction with customers provides an opportunity to create more value for the customer. Understanding the current and future needs of customers and other stakeholders contributes to the sustainable performance of the organization.

– Benefits

Increased customer value

Increased customer satisfaction

Improved customer loyalty

Improved recurring business activity

Improved corporate image

Expanded customer base

Increased sales and market share

– Possible actions

Identify direct and indirect customers for which the organization creates value.

Understand the needs and expectations of current and future customers.

Link the objectives of the organization to the needs and expectations of its clients.

Communicate the needs and expectations of clients at all levels of the organization.

Plan, design, develop, produce, deliver, and support products and services to meet the needs and expectations of customers.

Measure and monitor customer satisfaction and take appropriate action.

Identify the needs and expectations of interested parties that may affect customer satisfaction and take appropriate action.

Actively manage relationships with customers to achieve sustainable performance.

The ISO 9001 standard [ISO 15] applies to all organizations regardless of size, complexity, or business model. ISO 9000 specifies requirements for a QMS, as defined in the following text box, for both internal groups and for external partners.

Management System

Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.

Note 1 to entry: A management system can address a single discipline or several disciplines, e.g. quality management, financial management or environmental management.
Note 2 to entry: The management system elements establish the organization's structure, roles and responsibilities, planning, operation, policies, practices, rules, beliefs, objectives and processes to achieve those objectives.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management standards.

Quality Management System

Part of a management system with regard to quality.

ISO 9001 [ISO 15]

ISO 9001 [ISO 15] is used worldwide in a wide range of organizations. About a million certificates of conformity to ISO 9001 are issued annually in nearly 187 countries.

ISO 9001 uses the process approach, the Plan-Do-Check-Act (PDCA) approach, and a risk-based thinking approach [ISO 15]:

– The process approach allows an organization to plan its processes and their interactions.
– The PDCA cycle allows an organization to ensure that its processes are adequately resourced and appropriately managed and that opportunities for improvement are identified and implemented.
– The risk-based thinking approach allows an organization to determine the factors that may cause deviation from its processes and its QMS in relation to expected results, to implement preventive measures in order to limit negative effects and exploit opportunities when they arise.

The ISO 9001 [ISO 15] standard indicates that an organization can use a complementary improvement approach to that of the continuous improvement approach such as a drastic change, an innovation or a reorganization.

Figure 4.4 shows the elements of a process and the interaction between these elements. Note that the figure shows the links between processes with “Input sources” (e.g., upstream process) and “Target outputs” (e.g., downstream processes) to illustrate that a process does not work in isolation in an organization. The organization must master not only the elements of a process, but also the interactions and interdependencies between them, in order to improve its overall performance, such as reduced rework as presented in the section on the cost of quality.

Flow diagram shows process elements with labels for sources of inputs, inputs, activities (starting point, ending point), outputs, and receiver of outputs. — **Figure 4.4** Elements of a process [ISO 15].

*Source*: Standards Council of Canada.

Also note that one of the output elements in Figure 4.4 is a service. ISO 9000 defines a service as follows: output of an organization with at least one activity necessarily performed between the organization and the customer. For example, in software development, the organization that developed software for its client could offer implementation services and maintenance of the software.

ISO 9001 describes the elements of the PDCA cycle as follows [ISO 15]:

– Plan: establish the objectives of the system, processes and resources to deliver results in accordance with customer requirements and policies of the organization, identify and address risks and opportunities;
– Do: implement what has been planned;
– Check: monitor and measure (if applicable) processes and the products and services obtained against policies, objectives, requirements and planned activities, and report the results;
– Act: take actions to improve performance, as needed.

The requirements of ISO 9001 are presented in the following 10 items:

Scope
Normative references
Terms and definitions
Context of the organization
Leadership
Planning
Support
Implementation of operational activities
Performance evaluation
Improvement

We have only briefly described the main articles of the standard. In regards to article 4, ISO 9001 [ISO 15] requires the organization to determine the pertinent external and internal issues. These issues, as for the needs and expectations of the interested parties, the QMS and its scope, have a great influence on the ability to achieve the expected results of its QMS. Article 5 of the standard explains that management must demonstrate leadership and commitment to the QMS and that the customer must ensure the establishment of the quality policy of the organization and must ensure that the responsibilities and authorities of roles have been assigned, communicated, and understood. Article 6 describes the actions to be implemented in regards to the risks and opportunities, the objectives of the QMS, the planning of actions to achieve these objectives, and the planning of changes to the QMS. Article 7 presents the requirements for resources for the establishment of the QMS, its implementation, updating, and the continuous improvement of the QMS: human resources, infrastructure, resources for monitoring, measurement, traceability, the knowledge and skills required of personnel, the needs of internal and external communication and documentation (e.g., creating, updating). Article 8 describes in detail the implementation of operational activities of the organization such as the process planning, the determination and review of the requirements of its products and services, design and development, products and services processes of its external suppliers, production and release of its product and services, and the identification of non-compliant output elements compared with requirements. Article 9 describes the requirements for performance evaluation, such as monitoring the extent of analysis and evaluation, customer satisfaction, internal audits, and management reviews of the QMS. Finally, article 10 provides the requirements for improvement such as improving customer satisfaction, non-compliance and corrective actions, and continuous improvement of the QMS.

The ISO 19011 standard [ISO 11g], which establishes guidelines for internal and external audits of QMSs, will be presented in the chapter on audits. ISO 9004 [ISO 09a], which shows how to increase the efficiency and effectiveness of a QMS, will be presented in the chapter concerning policies and processes.

4.3.2 ISO/IEC 90003 Standard

The ISO/IEC 90003 [ISO 14] standard provides guidelines for the application of the ISO 9001 standard to computer software. It provides organizations with instructions for acquiring, supplying, developing, using and maintaining software. The following text box is part of the introduction to the ISO 90003 standard.

It identifies the issues which should be addressed and is independent of the technology, life cycle models, development processes, sequence of activities and organizational structure used by an organization. The guidance and identified issues are intended to be comprehensive but not exhaustive. Where the scope of an organization's activities includes areas other than computer software development, the relationship between the computer software elements of that organization's quality management system and the remaining aspects should be clearly documented within the quality management system as a whole.

Throughout ISO 9001:2000, “shall” is used to express a provision that is binding between two or more parties, “should” to express a recommendation among possibilities and “may” to indicate a course of action permissible within the limits of ISO 9001:2000. In this International Standard (ISO/IEC 90003), “should” and “may” have the same meaning as in ISO 9001:2000, i.e. “should” to express a recommendation among possibilities and “may” to indicate a course of action permissible within the limits of this International Standard.

Organizations with quality management systems for developing, operating or maintaining software based on this International Standard may choose to use processes from ISO/IEC 12207 to support or complement the ISO 9001:2000 process model.

Where text has been quoted from ISO 9001:2000, that text is enclosed in a box, for ease of identification.

Adapted from ISO 90003 [ISO 14]

An example, Section 7.3.5 of the ISO 9001 standard is provided below as it is presented in the ISO 90003 standard.

The explanatory text from the ISO 90003 standard for Section 7.3.5 is shown in the following text box.

Verification of software is aimed at providing assurance that the output of a design and development activity conforms to the input requirements.

Verification should be performed as appropriate during design and development. Verification may comprise reviews of design and development output (e.g. by inspections and walk-throughs), analysis, demonstrations including prototypes, simulations or tests. Verification may be conducted on the output from other activities, e.g. COTS, purchased and customer-supplied products.

The verification results and any further actions should be recorded and checked when the actions are completed.

When the size, complexity or criticality of a software product warrants, specific assurance methods should be used for verification, such as complexity metrics, peer reviews, condition/decision coverage or formal methods.

Only verified design and development outputs should be submitted for acceptance and subsequent use. Any findings should be addressed and resolved, as appropriate. For more information, see ISO 12207.

Adapted from ISO 90003 [ISO 14]

The text of the ISO 90003 standard correctly explains what a software audit is for the organization wishing to set up a QMS as well as for the QMS auditor.

Differences between ISO 9001:2015 and CMMI^® for Development Version 1.3

The scope of the ISO 9001 is broader than that of the CMMI-DEV:

– CMMI-DEV applies to development and maintenance activities.
– The ISO 9001 applies to all activities of an organization. Sector-specific applications of ISO 9001 have been developed (e.g., medical devices, petroleum, petrochemical and natural gas industries).

The level of abstraction is different:

– CMMI-DEV is about 470 pages and contains a wealth of practical examples.
– The ISO 9001 is only 29 pages, whereas all the standards of the ISO 9000 family is about 180 pages (www.iso.org).

CMMI-DEV is less subject to interpretation given that each process area in the model is discussed at length. ISO/IEC 90003, a 54-page document, provides guidance for organizations in the application of ISO 9001 to the acquisition, supply, development, operation, and maintenance of computer software.

The assessment is different:

– CMMI: An organization is evaluated by a team comprised of a lead appraiser, licensed by the CMMI Institute (www.cmmiinstitute.com), accompanied by an assessment team that typically consists of members of the organization evaluated and external assessors.
– ISO 9001: The Quality Management System (QMS) of an organization is audited by an audit team, (i.e., one or more persons supported, if needed, by technical experts), authorized by a governmental or non-governmental certification body to perform ISO 9001 audits. An accreditation body is an organization that is usually established by a national government which assesses certification bodies and certifies their technical competence to carry out the certification process.

The CMMI appraisal usually lasts longer and is more in-depth than an ISO 9001 audit:

– CMMI: The main result of the appraisal is a list of strengths and weaknesses for initiating an improvement process. The appraisal team provides, for an appraisal using the staged representation of CMMI, a maturity level rating for the organization assessed.
– ISO 9001: The result of the audit is an ISO 9001 certificate–proof that the audited organization meets the requirements of the standard. A set of audit findings (i.e., results of the collected audit evidence against audit criteria) are documented.

The next section discusses the ISO/IEC/IEEE 12207 [ISO 17] standard for software engineering, which describes all the software life cycle processes (from cradle to grave).

4.4 ISO/IEC/IEEE 12207 Standard

The third edition of the ISO/IEC/IEEE 12207 standard [ISO 17] establishes a common framework for software life cycle processes. It applies to the acquisition of systems and software products and services, supply, development, operation, maintenance, and disposal of software products and the development of the software part of a system, whether performed internally or externally to an organization. In this standard, the software also includes the firmware. Each process of the standard is described in a few pages, and includes the following attributes [ISO 17]:

– The title conveys the scope of the whole process.
– The purpose describes the goals of performing the process.
– The outcomes express the observable results expected from the successful performance of the process.
– The activities are sets of cohesive tasks of a process.
– The tasks are requirements, recommendations, or permissible actions intended to support the achievement of the outcomes.

ISO 12207 [ISO 17] defines four sets of processes as shown in Figure 4.5:

– Two agreement processes between a customer and a supplier;
– Six organizational project-enabling processes;
– Eight processes for technology management;
– Fourteen technical processes.

Table shows groups of four life cycle process of ISO 12207 with columns for agreement processes, organization project-enabling processes, technical management process, and technical processes. — **Figure 4.5** The four life cycle process groups of ISO 12207 [ISO 17].

*Source*: Standards Council of Canada.

As most modern systems are now controlled by software, the ISO 12207 [ISO 17] standard has been updated to interface with the new edition of the standard in engineering systems: ISO/IEC/IEEE 15288 [ISO 15].

Since ISO 12207 [ISO 17] is an important software engineering standard, we briefly describe one process (we will not describe the details of each task): The QA process [ISO 17]:

– Purpose

The purpose of the QA process is to help ensure the effective application of the organization's quality management process to the project.

QA focuses on providing confidence that quality requirements will be fulfilled. Proactive analysis of the project life cycle processes and outputs is performed to assure that the product being produced will be of the desired quality and that organization and project policies and procedures are followed.

Outcomes

As a result of the successful implementation of the QA process:

Project QA procedures are defined and implemented.

Criteria and methods for QA evaluations are defined.

Evaluations of the project's products, services, and processes are performed, consistent with quality management policies, procedures, and requirements.

Results of evaluations are provided to relevant stakeholders.

Incidents are resolved.

Prioritized problems are treated.

– Activities and tasks

The project shall implement the following activities and tasks in accordance with applicable organization policies and procedures with respect to the measurement process.
Note IEEE 730-2014 [IEE 14], software quality assurance (SQA) processes, provides additional detail.

Prepare for QA. This activity consists of the following tasks:

Define a QA strategy.

Establish independence of QA from other life cycle processes.

Perform product or service evaluations. This activity consists of the following tasks:

Evaluate products and services for conformance to established criteria, contracts, standards, and regulations.

Monitor that verification and validation of the outputs of the life cycle processes are performed to determine conformance to specified requirements.

Perform process evaluations. This activity consists of the following tasks:

Evaluate project life cycle processes for conformance.

Evaluate tools and environments that support or automate the process for conformance.

Evaluate supplier processes for conformance to process requirements.

Manage QA records and reports. This activity consists of the following tasks:

Create records and reports related to QA activities.

Maintain, store, and distribute records and reports.

Identify incidents and problems associated with product, service, and process evaluations.

Treat incidents and problems. This activity consists of the following tasks:

Record, analyze, and classify incidents.

Identify selected incidents to associate with known errors or problems.

Record, analyze and classify problems.

Identify root causes and treatment of problems where feasible.

Prioritize treatment of problems (problem resolution) and track corrective actions.

Analyze trends in incidents and problems.

Identify improvements in processes and products that may prevent future incidents and problems.

Inform designated stakeholders of the status of incidents and problems.

Track incidents and problems to closure.

The reader may have noticed the use of the term “shall” in the sentence “The project shall implement the following activities and tasks.” In ISO engineering standards terminology, the words “shall”, “should” and “may” have been defined as follows: “Requirements of this document are marked by the use of the verb “shall”. Recommendations are marked by the use of the verb “should”. Permissions are marked by the use of the verb “may”. However, despite the verb that is used, the requirements for conformance are selected as described previously”.

In other words, unless you, as a supplier of a software, have been granted permission by your customer, all the activities and tasks have to be performed. The implementation of these activities and tasks may be verified through a formal audit conducted by the customer or his representative. Audits will be presented in Chapter 6 of this book.

The ISO 12207 standard can be used in one or more of the following modes [ISO 17]:

– By an organization: to help establish an environment of desired processes. These processes can be supported by an infrastructure of methods, procedures, techniques, tools, and trained personnel. The organization may then employ this environment to perform and manage its projects and progress software systems through their life cycle stages. In this mode this document is used to assess conformance of a declared, established environment to its provisions.
– By a project: to help select, structure and employ the elements of an established set of life cycle processes to provide products and services.
– By an acquirer and a supplier: to help develop an agreement concerning processes and activities.
– By organizations and assessors: to serve as a process reference model for use in the performance of process assessments that may be used to support organizational process improvement.

4.4.1 Limitations of the ISO 12207 Standard

The ISO 12207 standard describes the limitations to its use as follows (adapted from [ISO 17]):

– It does not prescribe a specific system or software life cycle model, development methodology, method, model, or technique.

The users of this document are responsible for selecting a life cycle model for the project and mapping the processes, activities, and tasks in this document into that model. The parties are also responsible for selecting and applying appropriate methodologies, methods, models, and techniques suitable for the project.

– It does not establish a management system or require the use of any management system standard.

It is intended to be compatible with the QMS specified by ISO 9001, the service management system specified by ISO/IEC 20000-1 [ISO 11h], and the information security management system (ISMS) specified by ISO/IEC 27000.

– It does not detail information items in terms of name, format, explicit content, and recording media.

ISO/IEC/IEEE 15289 addresses the content for life cycle process information items (documentation).

4.5 ISO/IEC/IEEE 15289 Standard for the Description of Information Elements

With the abandonment of military standards that defined the content and format of information elements, the international community developed a standard, ISO 15289 [ISO 17b], in support, among others, to ISO 12207 [ISO 17], to facilitate the description of the different types of information items to be produced.

The clauses of ISO 12207 [ISO 17] list the artifacts to produce without defining the content. The ISO 15289 standard describes seven types of documents: request, description, plan, policy, procedure, report, and specification. These document types are described in Table 4.2.

Table 4.2 Generic Types of Information Items Described by the ISO 15289 [ISO 17b]

Type	Purpose	Sample output
Description	Represents a plan or an existing function, design or item.	Description of the design
Policy	Establish an organization's high-level intention and approach to achieve objectives for, and ensuring effective control of, a service, process, or management system.	Quality management policy
Plan	Define when, how, and by whom specific processes or activities are to be performed.	Project plan
Procedure	Defines in detail when and how to perform certain activities or tasks including tools needed.	Problem resolution procedure
Report	Describe the results of activities such as investigations, assessments, and tests. A report communicates decisions.	Problem report Validation report
Request	Record information needed to solicit a response.	Change request
Specification	Provide requirements for a required service, product, or process.	Software specification

For example, the ISO 15289 standard defines what a procedure is and what it must describe. The following text box describes this type of document [ISO 17b].

The IEEE 730 [IEE 14] standard for the SQA process is presented next. This standard is based on ISO 12207 [ISO 17] and ISO 15289 [ISO 17b].

4.6 IEEE 730 Standard for SQA Processes

The scope of the IEEE 730-2014 Standard for SQA Processes [IEE 14] is very different from that of previous versions. Unlike previous versions, where the QA plan was the cornerstone of IEEE 730, the new version establishes the requirements for the planning and implementation of SQA activities for a software project. QA according to IEEE is a set of proactive measures to ensure the quality of the software product. The IEEE 730 provides guidance for the SQA activities of products or of services. The QA plan is presented in a clause and an annex of the standard.

The following text box provides the definition SQA of the IEEE 730 [IEE 14].

Publishers of a standard must use official versions of standards, that is, the latest published version, when producing a new standard or the revision of a published standard. The IEEE 730-2014 [IEE 14] standard is harmonized with the 2008 version of ISO 12207 [ISO 17] and the 2011 version of ISO 15289 [ISO 17b]. After the publication of the IEEE 730 in 2014, a new version of ISO 15289 was published in 2016 and ISO had also initiated a revision of ISO 12207 [ISO 17]. Given that the IEEE 730 used the 2008 version of the ISO 12207 as a normative reference, we present it below.

The IEEE 730 is structured as follows [IEE 14]:

– Clause 1 describes the scope, purpose, and an introduction.
– Clause 2 identifies normative references used by the IEEE 730.
– Clause 3 defines the terms, abbreviations and acronyms.
– Clause 4 describes the context for the SQA processes and SQA activities, and covers expectations for how this standard will be applied.
– Clause 5 specifies the processes, activities and SQA tasks. Sixteen activities grouped into three categories are described: implementation of SQA process, product assurance, and process assurance.
– Twelve informative annexes A–L, where annex C provides guidelines for creating a SQAP.

The following text, taken from clause 7 of ISO 12207-2008, describes the purpose and the outcomes of the SQA process.

The SQA process of the IEEE 730 is grouped into three activities: the implementation of the SQA process, product assurance, and process assurance. Activities consist of a set of tasks.

4.6.1 Activities and Tasks of SQA

IEEE 730 [IEE 14] describes what must be done by a project; it assumes that the organization has already implemented SQA processes before the start of a project. The activities and tasks of the IEEE 730 are presented next.

The standard includes a clause that describes what is meant by compliance. The following text box defines this term.

Compliance with all requirements of IEEE 730 [IEE 14] can be imposed by a client in an agreement (e.g., a contract) with the organization that will develop software. However, a given project may not need to use all the activities of the standard. The implementation of the standard implies the selection of a set of activities adapted to a project. For any activity or task that will not be performed, the standard requires that the SQAP describes them as not applicable and include a justification as to why the activity or task will not be performed. In order to improve, an organization can choose to gradually implement the activities and tasks of the IEEE 730.

Figure 4.6 shows the links between project requirements and artifacts produced during a project. The figure shows two categories of compliance: process assurance and product assurance. The figure also describes the transitive relationships for compliance: if process requirements are consistent with the contract and if the process and project plans meet the process requirements, then the project process and plans comply with the contract. This simplifies the work of the SQA as each artifact of the project does not have to be checked against the contract. Each artifact must be verified with respect to its immediate predecessor.

Flow diagram shows links between requirements and artifacts of project where rules, regulations, and laws leads to contract, leads to process requirements and product (system) requirements, et cetera, with markings for produces, derived from, and informs. — **Figure 4.6** The links between requirements and the artifacts of a project [IEE 14].

The IEEE 730 [IEE 14] does not require that the activities be performed by any unit of the organization (e.g., an SQA department); it requires that responsibilities are assigned to the SQA function with the resources needed to perform the SQA activities described by the standard.

A basic principle of the IEEE 730 is to first understand the risks of the software product to ensure that the SQA activities are appropriate for the risks of the product. This means that the extent and depth of SQA activities that will be defined in the SQAP are determined by the risk associated with the software product.

4.6.1.1 SQA Process Implementation Activities

These activities aim to develop a strategy for conducting SQA, planning, and executing the activities and producing and maintaining the evidence. The six SQA process implementation activities are [IEE 14]:

– Establish the SQA processes to define and establish documented SQA processes that exist independently of the organization's projects.
– Coordinate with related software processes to coordinate activities and SQA tasks with other software processes such as verification and validation, reviews, audits, and other processes of ISO 12207 [ISO 17] that are relevant to the achievement of project objectives.
– Document SQA planning to document the activities, tasks, and results that are appropriate for the risks of a specific project. Planning SQA also includes adapting generic processes to the specific needs and risks of a project. The result of this planning is documented in the SQAP. Figure 4.7 shows the contents of the SQAP. There are 13 tasks associated to this activity, we have only listed the main tasks of this activity:

Use this standard and appendix C to help prepare an SQAP that is appropriate for the project, which meets the needs of all stakeholders and which is appropriate for the risks of the product.

Review and update the SQA level as the project evolves.

Present information on the status of the project to management in the agreed manner.

Estimate the resources of the SQA function (including effort, schedule, people, required skills, tools and equipment) needed to perform the SQA activities, tasks, and outcomes.

Analyze product risks, standards, and assumptions that could impact quality and identify specific SQA activities, tasks, and specific outcomes that could help determine whether these risks are mitigated effectively.

Analyze the project and adapt SQA activities accordingly so that they are commensurate with the risks.

Define specific measures for the evaluation of projects, software quality, performance of SQA function compared with quality objectives of the project and those of the quality management of the organization.

Identify and track changes to the project that require additional planning from SQA function including changes to the requirements, resources, schedule, project scope, priorities, and product risk.

If process areas or activities are not adequately addressed by the quality management function of the organization, or if the organization does not have a quality management function, these process areas can be documented in the SQAP.

– Execute the SQAP in coordination with the project manager, the project team, and organizational quality management.
– Manage SQA records to create records of the activities, tasks and results of SQA; manage and control them and make them available to stakeholders.
– Evaluate organizational independence and objectivity to determine if those responsible for SQA occupy a position in the organization that allows them to have direct communication with the organization's management.

Table shows SQAP contents according to IEEE 730 with columns for purpose and scope, definitions and acronyms, reference documents, SQA plan overview, activities, outcomes and tasks, additional considerations, and SQA records. — **Figure 4.7** Table of contents of a SQAP according to the IEEE 730 [IEE 14].

We will not describe the remaining 10 activities of IEEE 730 listed below in detail here since they will be described in other chapters of this book.

4.6.1.2 Product Assurance Activities

The five product assurance activities that aim to evaluate adherence to the requirements are [IEE 14]:

– evaluate plans for compliance to contracts, standards, and regulations;
– evaluate product for compliance to established requirements;
– evaluate product for acceptability;
– evaluate the compliance of product support;
– measure products.

4.6.1.3 Process Assurance Activities

The five process assurance activities which verify adherence to standards and procedures are [IEE 14]:

– evaluate compliance of the processes and plans;
– evaluate environments for compliance;
– evaluate subcontractor processes for compliance;
– measure processes;
– assess the skill and knowledge of personnel.

4.7 Other Quality Models, Standards, References, and Processes

This section presents the quality models, standards, reference, and processes specific to the software industry and that are used by many organizations worldwide. First, maturity models for software processes are presented, followed by the ITIL reference and its ISO/IEC 20000-1 standard [ISO 11h]. Next, we will look at the IT governance processes proposed by the CobiT reference. We will then present the family of ISO 27000 standards for information security, followed by the ISO/IEC 29110 standards for very small organizations.

4.7.1 Process Maturity Models of the SEI

The SEI developed several Capability Maturity Models (CMM^®). In this section, we will present the CMMI model used to develop products (e.g., software, system) and services.

The CMMI for Development (CMMI-DEV) covers a broader area than its predecessor by adding other practices, such as systems engineering, and the development of integrated processes and products. It was formed from the following model practices: version 2.0 of the SW-CMM, the “Systems Engineering Capability Model” of the Electronic Industries Alliance [EIA 98] and version 0.98 of the “Integrated Product Development CMM” model.

The CMMI model was developed as two versions: an initial staged version and a continuous version, which is the first CMM model for systems engineering (Systems Engineering CMM, SE-CMM). The CMMI is available in several languages: Germany, English, Traditional Chinese, French, Spanish, Japanese, and Portuguese.

Just like the SW-CMM model, the objective of this model is to encourage organizations to check and continuously improve their development project process and evaluate their level of maturity on a five-level scale as proposed by the staged CMMI model.

Two other CMMI models were developed based on architecture, namely the CMMI for Services (CMMI-SVC) [SEI 10b] and the CMMI for Acquisition (CMMI-ACQ) [SEI 10c]. The CMMI-SVC model provides guidelines for organizations that provide services either internally or externally, whereas the CMMI-ACQ model provides guidelines for organizations that purchase products or services. All three CMMI models use 16 common process areas.

For each level of maturity, a set of process areas are defined. Each area encompasses a set of requirements that must be met. These requirements define which elements must be produced rather than how they are produced, thereby allowing the organization implementing the process to choose its own life cycle model, its design methodologies, its development tools, its programming languages, and its documentation standard. This approach enables a wide range of companies to implement this model while having processes that are compatible with other standards.

Table 4.3 describes the maturity levels as well as the process areas for each maturity level in the CMMI-DEV model.

Table 4.3 CMMI Maturity Levels of the Staged Representation [SEI 10a]

CMMI Development Model Maturity Levels [SEI 10a]

Model practices are grouped into 22 process areas, which are further broken down into five maturity levels.

Maturity Level 1: Initial

At maturity level 1, processes are usually ad hoc and chaotic. The organization usually does not provide a stable environment to support processes. Success in these organizations depends on the competence and heroics of the people in the organization and not on the use of proven processes. In spite of this chaos, maturity level 1 organizations often produce products and services that work, but they frequently exceed the budget and schedule documented in their plans.

Maturity level 1 organizations are characterized by a tendency to overcommit, abandon their processes in a time of crisis, and be unable to repeat their successes.

Maturity Level 2: Managed

At maturity level 2, the projects have ensured that processes are planned and executed in accordance with policy; the projects employ skilled people who have adequate resources to produce controlled outputs; involve relevant stakeholders; are monitored, controlled, and reviewed; and are evaluated for adherence to their process descriptions. The process discipline reflected by maturity level 2 helps to ensure that existing practices are retained during times of stress. When these practices are in place, projects are performed and managed according to their documented plans.

Process areas:

Requirements management
Project planning
Project monitoring and control
Supplier agreement management
Measurement and analysis
Process and product quality assurance
Configuration management

Maturity Level 3: Defined

At maturity level 3, processes are well characterized and understood, and are described in standards, procedures, tools, and methods. The organization's set of standard processes, which is the basis for maturity level 3, is established and improved over time. These standard processes are used to establish consistency across the organization. Projects establish their defined processes by tailoring the organization's set of standard processes according to tailoring guidelines.

Process areas:

Requirements development
Technical solution
Product integration
Verification
Validation
Organizational process focus
Organizational process definition
Organizational training integrated project management
Risk management
Decision analysis and resolution

Maturity Level 4: Quantitatively managed

At maturity level 4, the organization and projects establish quantitative objectives for quality and process performance and use them as criteria in managing projects. Quantitative objectives are based on the needs of the customer, end-users, organization, and process implementers. Quality and process performance is understood in statistical terms and is managed throughout the life of projects.

Process areas:

Organizational process performance
Quantitative project management

Maturity Level 5: Optimizing

At maturity level 5, an organization continually improves its processes based on a quantitative understanding of its business objectives and performance needs. The organization uses a quantitative approach to understand the variation inherent in the process and the causes of process outcomes.

Process areas

Organizational performance management
Causal analysis and resolution

Figure 4.8 presents an overview of the CMMI model structure. Each process area has generic and specific goals, practices, and sub-practices. The specific goals, practices, and sub-practices are “specific” to a process area, such as Requirements Management, although the generic goals, practices, and sub-practices apply to all process areas for a given maturity level. Each process area also includes explanatory notes and references for other process areas. As indicated in the legend for Figure 4.8, model components are required, expected, or informative. The SEI defines these three components in the following way [CHR 08]:

– Required components describe what an organization must achieve to satisfy a process area;
– Expected components describe what an organization can implement to achieve a required component. Expected components guide those who implement improvements or perform evaluations;
– Informative components provide details that help organizations initiate the process by specifying the way to understand required and expected components.

Flow diagram shows process area leads to specific goals, purpose statement, introductory notes, related process area, and generic goals, specific goals leads to specific practices, et cetera, and markings for required, expected, and informative. — **Figure 4.8** Structure of the staged representation of the CMMI [SEI 10a].

The concept of CMM model characteristics was transferred to the CMMI: these are generic goals and practices. For level 2 of the staged representation of the CMMI model, the 10 generic practices are [SEI 10a]:

Establish an organizational policy: establish and maintain an organizational policy for planning and performing the process.
Plan the process: establish and maintain the plan for performing the process.
Provide resources: provide adequate resources for performing the process, developing the work products, and providing the services of the process.
Assign responsibility: assign responsibility and authority for performing the process, developing the work products, and providing the services of the process.
Train people: train the people performing or supporting the process as needed.
Control work products: place selected work products of the process under appropriate levels of control.
Identify and involve relevant stakeholders: identify and involve the relevant stakeholders of the process as planned.
Monitor and control the process: monitor and control the process against the plan for performing the process and take appropriate corrective action.
Objectively evaluate adherence: objectively evaluate adherence of the process and selected work products against the process description, standards, and procedures, and address non-compliance.
Review status with higher level management: review the activities, status, and results of the process with higher level management and resolve issues.

Figure 4.9 presents the process areas associated with maturity levels in the staged version of the CMMI development model. The path flow through the CMMI model is carried out gradually. To meet the requirements for a process area, the organization must satisfy all the goals of the given process area. In the same way, in order to move up between maturity levels, all goals must be satisfied for the process areas in question, as well as for all the goals of the process areas of the lower levels of process maturity.

Table shows staged representation of CMMI for Developmental model with columns for level, focus, key process area, and rows for optimizing, quantitatively managed, defined, managed, and initial. — **Figure 4.9** The staged representation of the CMMI^® for Development model.

*Source*: Adapted from Konrad (2000) [KON 00].

This section presented a maturity model that should help software development organizations: “Given that software maintenance is a specific field of software engineering, it is therefore necessary to focus on the processes and methodologies that take into account the specific characteristics of software maintenance” [BAS 96]. The next section introduces a maturity model designed to improve the software maintenance process.

4.7.2 Software Maintenance Maturity Model (S^3m)

The software maintenance maturity model S^3m (available at www.s3m.ca) proposes a structured approach to address a number of issues that arise in the context of the daily maintenance of software [APR 08]:

– software maintenance is a discipline mainly derived from industrial practices;
– a relatively large gap exists between the academic literature and the industrial practices;
– validation of improvement proposals made by consultants;
– many inconsistencies in terms that are often poorly defined with regard to the different proposals, approaches, presentations, and publications in maintenance;
– scarcity and difficulty in acquiring/adapting a specific methodology for software maintenance;
– there is no universal consensus;
– publications that are often optimistic (i.e., proposing unproven theories and miracle tools);
– problems that take on their full meaning when software and organizations reach a certain size.

Figure 4.10 illustrates the structure of the S^3m model.

Diagram shows S3m model structure with labels for process management, request management, evolution engineering, and support to evolution engineering. — **Figure 4.10** Structure of the S^3m model [APR 08].

Some authors have studied the differences and similarities between software development and maintenance activities. The maintenance organizational unit is structured to meet quite different challenges, such as randomly occurring daily events and requests from users, while providing continued service on the software for which it is responsible.

When we refer to software maintenance in the S^3m model, we are specifically considering the operational support activities, corrections and software evolution that occur daily. The characteristics that are specific to software maintenance are [ABR 93]:

– Modification requests (MRs) come in on an irregular basis and cannot be accounted for individually in the annual budget planning process.
– MRs are reviewed and prioritized by the developer, often at the operational level. Most do not require senior management involvement.
– The maintenance workload is not managed using project management techniques but rather by using queue management techniques and sometimes supported by Helpdesk software.
– The size and complexity of maintenance requests is such that it can usually be handled by one or two maintainers.
– The maintenance workload is user-services oriented, for the short term, to ensure that the operating software is running smoothly on a daily basis.
– Priorities can be shifted around at any time (sometimes hourly), and problem reports requiring that corrections be made immediately to the software in production take priority over any other work in progress.

Additionally, in many organizations, maintenance is often performed by different organizational groups than the software development groups.

The software maintenance maturity model:

– relates to the daily software maintenance activities rather than large-scale activities that should be managed using proven techniques in project management—in these specific large maintenance projects, it is the CMMI model that should be used;
– is based on the customers’ perspective;
– is relevant for the maintenance of application software (a) developed and maintained internally, (b) configured and maintained internally or with a subcontractor's help, and (c) outsourced to an external supplier;
– provides references and details for each exemplary practice;
– offers an improvement approach based on road maps and maintenance categories;
– covers the software maintenance life cycle standards described in ISO 12207;
– covers most ISO 9001 characteristics and practices and relevant parts of the CMMI-DEV that apply to small maintenance;
– integrates references to additional software maintenance practices documented in other software and quality improvement models like ITIL, that we will cover in the next section.

images

A support team, which includes a technician and programmer for a section of the Canadian Forces, supports some 20 applications, which are all in use. Programmers are constantly in project mode and put the requests they receive from users in a priority order. The projects on which they are working all have delivery deadlines. However, it is very difficult to make time estimates when there may be weeks where the team receives a dozen requests that may require everything come to a halt until everything is fixed and validated.

The team had to set up a stringent daily schedule, where they work 30% of the day on requests and 70% on projects. On top of that, there are also standards for responding to the client in order to ensure better customer service. The team must now respond within 72 hours, and if the request is not completed, it must follow up every 14 days.

The previous sections described models for improving software development and maintenance processes. The next section considers the references and standards for improving processes for IT operations and infrastructure (also known as IT services).

4.7.3 ITIL Framework and ISO/IEC 20000

The ITIL framework was created in Great Britain based on good management practices for computer services. It consists of a set of five books providing advice and recommendations in order to offer quality service to IT service users. It should be pointed out that IT services are typically responsible for ensuring that the infrastructures are effective and running (backup copies, recovery, computer administration, telecommunications, and production data). The ITIL books systematically cover all aspects of the computer operations in a company while at the same time not claiming to have all the answers.

The list of guides illustrated in Figure 4.11 is:

– strategy;
– design;
– transition;
– operation;
– continuous improvement.

Photograph shows guides of main ITIL with markings for service strategy, service design, service operation, service transition, and continual service improvement. — **Figure 4.11** The main ITIL guides.

Support processes described in the ITIL are focused on daily operations. Their main goals are to resolve the problems when they arise or to prevent them from happening when there is a change in the computer environment or in the way the organization does things.

ITIL describes the support center function and the following five processes:

– Incident management
– Problem management
– Configuration management
– Change management
– Commissioning management

Service operation processes focus more on longer term management than support processes do. The main objective is to ensure that the IT infrastructure meets the business requirements of the organization. ITIL describes the following five processes for service operation:

– Service level management
– Financial management of IT services
– Capacity management
– IT service continuity management
– Availability management

ITIL is therefore a compendium of good practices and a compilation of descriptions of business processes that allow us to benefit from the experience of many organizations. It does not contain any implementation guidelines. ITIL is based on the sharing of operational experiences in IT.

Given the major recognition of ITIL worldwide, an international standard based on ITIL came into being: ISO/IEC 20000-1 [ISO 11h]. The principles of ITIL were successfully conveyed to many companies of all sizes and from all sectors of activity. The three main objectives are:

– to align computer services with the current and future needs of the company and its clients;
– to improve the quality of computer services provided;
– to reduce the long-term cost of service provision.

Just like the CMMI and S^3m references, ITIL is a process-based approach founded on the principle of continuous improvement of the Deming Cycle: PDCA.

In the 1980s, the British government wanted to improve efficacy and reduce IT costs in public companies. Initially this meant developing a universal method that could be applied to all public organizations. The project, which was initiated in 1986, really took off in 1988. The conclusions of the study quickly led to the definition of general principles and the development of best practices. These results were also applicable to the private sector. Work groups were struck, bringing together operational managers, independent experts, consultants, and trainers from public organizations and from the private sector. Private companies that participated and accepted to have their work methods studied by competing companies ensured the objectivity of the conclusions drawn, and at the same time, prevented any risk of being influenced by proprietary technologies or systems. ITIL places service at the center of information systems management. This principle was highly innovative in 1980 and promoted the notion of the client of information systems management. In 1989, 10 books were published in a first version of ITIL. The areas covered by this version were the processes of Service Support and Service Delivery. Over 30 books have been produced since, but an update between 2000 and 2011 has reduced the number to five books today.

4.7.3.1 Managing IT Services

The definition of a service, when used in the computing context, is as an organizational unit of the company similar to the accounting department, in that it supports the organization. This concept is also linked to the fact that information systems render services to users; services such as email, desktop support, and others.

ITIL's philosophy is based on the following fundamental concepts:

– taking into account the client's expectations regarding implementing computer services;
– the life cycle of computer projects must incorporate the different aspects of computer services management from the start;
– the implementation of interdependent ITIL processes to ensure service quality;
– the implementation of a way of measuring this quality from the user's point of view;
– the importance of communication between the computer department and the rest of the company;
– ITIL is flexible enough and must remain so in order to adapt to all organizations.

The main subjects handled under ITIL are:

– user support, which includes the management of incidents and is an extension of the concept of a Helpdesk;
– provision of services which involves managing processes that are dedicated to the daily operations of IT (cost control, management of service levels);
– management of the production environment infrastructure which involves implementing the means for network management and production tools (scheduling, backup, and monitoring);
– application management which consists of managing the support of an operational program;
– security management (confidentiality, data integrity, data availability, etc.) of the SI (security process).

Therefore, based on these guidelines, we can help define the processes for IT infrastructure and IT operations groups.

4.7.3.2 ISO/IEC 20000 Standard

The ISO/IEC 20000 standard is the first ISO standard dedicated to managing IT services. Inspired by the former British standard BSI 15000, which is based on ITIL, it was initially published on November 10, 2005, by the ISO. The main contribution of ISO 20000 is an international consensus on ITIL content.

As we show in Figure 4.12, this standard has two parts. The first part, ISO 20000-1 [ISO 11h] represents the certifiable part of the standard. It defines the IT service management requirements. These requirements are:

– specifications for service management;
– planning and implementing service management;
– planning and implementation of new services;
– service delivery process;
– relationship management;
– resolution management;
– control management;
– production management.

Table shows service management system with markings for service delivery process, control processes, resolution processes, and relationship processes. — **Figure 4.12** Processes of ISO 20000 service management system [ISO 11h].

*Source*: Standards Council of Canada.

The next section introduces the reference for exemplary practices in IT governance. This guide is used by internal auditors specialized in IT in order to evaluate the quality of controls set up in an organization.

4.7.4 CobiT Process

CobiT [COB 12] is a repository of best practices for IT governance established by ISACA (IT auditors). Oriented on auditing and governance assessment information systems, CobiT provides risk analysis and assessment of the effectiveness of internal controls. This repository of best practices tries to cover several concepts such as the analysis of business processes, technical aspects of IT, control needs in information technology, and risk management.

The CobiT process ensures that technological resources are well aligned with the company's fundamental objectives. It helps to achieve the right level of control to exercise on IT. This process is harmonized with the ITIL reference, the PMBOK^® Guide from the Project Management Institute [PMI 13] as well as the ISO 27001 and ISO 27002 standards.

CobiT version 5 covers 34 generic guidance processes and 318 control objectives divided into four process domains:

– planning and organization;
– acquisition and implementation;
– distribution and support;
– monitoring and surveillance.

The framework consists of checklists covering the four process domains, with 34 general control objectives and 302 detailed control objectives. The “planning and organization” domain has eleven goals covering everything related to strategy and tactics. These objectives identify means for IT to contribute most effectively to the achievement of the business goals of the company. The “acquisition and implementation” domain covers six goals for the achievement of the IT strategy: the identification, acquisition, development and implementation of IT solutions and their integration into business processes. The “distribution and support” domain considers thirteen goals, grouping the delivery of IT services required, that is, the operation, security, emergency plans, and training. The “monitoring and surveillance” domain has four objectives that allow management to assess the quality and compliance of process control requirements. The implementation tools include a presentation of cases where companies have implemented processes quickly and successfully using the CobiT methodology. These examples are therefore closely linked to business objectives while focusing particular attention on IT. This will reassure management, standardize work processes, and guarantee the security and controls of IT services.

The CobiT management section of the guide focuses on several aspects: the performance measurement and control of the IT profile and awareness of technological risks. This document provides the key indicator objectives, the key performance indicators, key success factors, and the maturity model. The maturity model evaluates the achievement of one or more general objectives of the process on a scale of 0–5:

– 0: non-existent;
– 1: existing but unorganized (initialized on an ad hoc basis);
– 2: renewable;
– 3: defined;
– 4: managed;
– 5: optimized.

The audit guideline allows an organization to evaluate and justify the risks and shortcomings of general and detailed objectives. Then, once this step is completed, corrective actions can be implemented. This audit guideline respects four principles: developing an in-depth understanding, evaluating controls, verifying compliance, and justifying the risk of not attaining the control objectives.

The next section presents information security standards.

4.7.5 ISO/IEC 27000 Family of Standards for Information Security

The ISO 17799 standard [ISO 05d] initially published in December 2000 by ISO introduces a code of good practices for information security management. The second edition of this standard was published in June 2005, and then obtained a new reference number in July 2007. This standard is now known as ISO/IEC 27002 [ISO 05c].

The ISO 27002 standard comprises 133 practical steps to be used by anyone in charge of implementing or maintaining an ISMS. Information security is defined within the standard as the “preservation of confidentiality, integrity and availability of information.”

This standard is not mandatory for companies. However, it may be required under a contract: a service provider could then agree to respect the standardized practices with a client.

The ISO 27002 standard is made up of 11 main sections, which cover security management as well as its strategic and operational aspects. Each section makes up a chapter of the standard:

– security policy;
– information security organization;
– asset management;
– security related to human resources;
– physical and environmental security;
– communications and operations management;
– access control;
– acquisition, development, and maintenance of information systems;
– incident management related to information security;
– activity continuity management;
– legal and regulatory compliance.

The chapters in the standard specify the objectives to reach and list practices that allow for the fulfillment of these objectives. The standard does not provide detailed practices, since each organization is supposed to carry out an evaluation of its own risks in order to determine its needs before choosing the practices that are appropriate in each of the possible cases.

This standard is based on the ISO 27000 family of standards as shown in the Figure 4.13.

Flow diagram shows overview and vocabulary of ISO 27000 where ISO 27006 leads to ISO 27001, ISO 27002 leads to ISO 27007, et cetera. — **Figure 4.13** Family of ISO 27000 Standards [ISO 05c].

*Source*: Standards Council of Canada.

Note that the ISO 20000 standard, based on ITIL, connects directly to the ISO 27001 guideline concerning information security.

The next section presents the ISO/IEC 29110 standard and guides that have been developed specifically for small organizations that develop software or systems.

4.7.6 ISO/IEC 29110 Standards and Guides for Very Small Entities

Worldwide there are numerous very small entities (VSEs), namely enterprises, organizations (e.g., public organizations and not-for profit organizations), departments or projects with up to 25 people. For example, in Europe more than 92.2% of companies have between 1 and 9 employees and only 6.5% of firms have between 10 and 49 employees [MOL 13]. In the US, about 95% of companies have 10 employees or less [USC 16]. In Canada, nearly 80% of software companies in the Montreal region have 25 or fewer employees, and 50% of companies have 10 employees or less [GAU 04]. In Brazil, small businesses represent approximately 70% of the total number of companies [ANA 04]. Lastly, in Northern Ireland [MCF 03], a survey showed that 66% of organizations employ fewer than 20 people.

Unfortunately, according to surveys and studies carried out, it is clear that the ISO standards were not developed for VSEs, that they do not meet their needs, and therefore they are difficult to apply in such contexts. In order to help VSEs, an international standardization project developed a set of ISO/IEC 29110 standards and guides [ISO 16f]. ISO 29110 standards were developed by taking relevant information for VSEs from existing standards, such as ISO 12207 and ISO 15289. This “assemblage” is called a profile. We will briefly introduce ISO 15289 at the end of this chapter.

In 2005, Professor Laporte was appointed as project editor of the ISO 29110 standards and guides. Since 2005, the working group has developed a set of ISO 29110 standards and guides to help VSEs that develop software, systems involving hardware and software or who provide maintenance services to their clients. The interest of several countries was such that several ISO 29110 documents have been translated into Czech, French, German, Japanese, Portuguese, Spanish. Some countries, such as Brazil, Japan and Peru, have adopted ISO 29110 as a national standard.

4.7.6.1 ISO 29110 Set of Profiles

The essential characteristic of organizations covered by ISO/IEC 29110 standards is size. However, we know that there are other aspects and characteristics of VSEs that may impact the preparation of profiles, such as the business model, situational factors like the application domain (e.g., medical), uncertainty, criticality, and risk levels. The creation of a profile for each possible combination of characteristics presented above would have resulted in a large and unmanageable number of profiles. Therefore, the profiles were designed so as to be applicable to more than one category. A profile group is a collection of profiles that are related either by process composition (e.g., activities, tasks) or by capacity level, or both [ISO 16f]. For example, the generic profile group was defined as applicable to VSEs that do not develop critical software or critical systems. Critical systems or software are systems or software having the potential for serious impact on the users or environment, due to factors including safety, performance, and security [ISO 16f]. The generic profile group is a roadmap made up of four profiles (Entry, Basic, Intermediate, and Advanced) providing a progressive approach in order to satisfy the greatest amount of VSEs. The main characteristics of these four profiles are described in Table 4.4.

Table 4.4 VSEs Targeted by Generic Profiles [ISO 16f]

Title of profile	VSEs targeted by each profile
Entry	This profile is for VSEs working on small projects (e.g., a project of up to six person-months) and for start-ups.
Basic	This profile is for VSEs developing only one project at a time with a single team.
Intermediate	This profile is for VSEs involved in the simultaneous development of more than one project with more than one team.
Advanced	This profile is for VSEs wishing to significantly improve the management of their business and their competitiveness.

Table 4.5 illustrates the documents that have been developed and the intended recipients. Technical reports are marked “TR” (Technical Report) in their titles whereas the other documents are standards [ISO 16f]:

– ISO/IEC TR 29110-1 [ISO 16f], entitled “Overview,” defines commonly used terminology in all documents of VSE profiles. It presents the process, life cycle concepts, and standards as well as all documents constituting the ISO/IEC 29110. It also describes the characteristics and needs of a VSE, and precisely why profiles, documents, standards, and guidelines have been developed for the VSE.
– ISO/IEC 29110-2-1, entitled “Framework for profile preparation,” presents the concepts of engineering profiles of systems and software for the VSE. It explains the logic behind the definition and application profiles. The document also specifies the elements common to all standardized profiles (structure, conformity assessment) of the ISO/IEC 29110.
– ISO/IEC 29110-3, entitled “Certification and Assessment Guidelines,” sets guidelines for the evaluation of the process and the compliance requirements necessary to achieve the objective of the profiles defined for VSEs. The report also contains information which can be useful for developers of methods and assessment tools. ISO/IEC TR 29110-3 is for those who have a direct relation to the assessment process, for example, the assessor and the person requesting the evaluation, which need guidance to ensure the requirements for performing an evaluation are met.
– ISO/IEC 29110-4-m, entitled “Profile Specifications,” provides the specifications for all profiles in a profile group based on subsets of relevant standards.
– ISO/IEC 29110-5-m-n provides management and engineering and service delivery guides for the profiles within the generic profile group.

Table 4.5 ISO 29110 Documents and their Targeted Recipients [ISO 16f]

ISO/IEC 29110	Title	Target
Part 1	Overview	The VSE and their customers, evaluators, standards developers, vendors of tools and methodologies.
Part 2	Framework for profile preparation	Standards developers, vendors of tools and methodologies. This document is not intended for VSEs.
Part 3	Certification and Assessment Guide	The VSE and their customers, assessors, accreditation bodies.
Part 4	Profile Specifications	The VSE, standards developers, vendors of tools and methodologies.
Part 5	Management and Engineering and Service Delivery Guides	The VSE and their customers.

When a new profile is required, only parts 4 and 5 of ISO 29110 are developed without affecting other documents. To facilitate the adoption of ISO 29110 by a large number of VSEs, Working Group 24, which was mandated to develop the ISO 29110, negotiated that the ISO technical reports be available for free.

4.7.6.2 ISO 29110 Software Basic Profile

The software basic profile is made up of two processes: the project management process and the software implementation process. The goal of the project management process is to establish a systematic way to carry out the tasks of implementing the software project which will meet the project objectives with regard to quality, schedule, and cost. The purpose of the software implementation process is the systematic performance of the analysis, design, construction, integration, and tests for new or modified software products according to the specified requirements.

Figure 4.14 shows the project management process and the software implementation process and their activities. Activities consist of tasks. The input to the project management process is a document entitled “Statement of Work (SOW),” the output of the implementation process is the set of deliverables (e.g., documentation, code) that are defined early in the project and called software configuration.

Figure 4.14 Management and implementation processes for the software Basic profile [LAP 16a].

The management and engineering guide of the ISO 29110 software Basic profile is presented next. Remember that a standard describes “what to do”, while management and engineering guides describe “how to do it”.

4.7.6.2.2 Management Processes for the Software Basic Profile

The goal of the project management process is to establish a systematic way to carry out the tasks of implementing the software project which will meet the project objectives with regard to quality, schedule and cost.

The management process, as illustrated in Figure 4.15, uses the SOW to develop the project plan. Assessment and control tasks for this process will use the project plan to assess project progress. Steps are taken, if necessary, either to eliminate gaps with the project plan or to incorporate changes into the plan. Project closure activities provide the deliverables that are produced during the implementation process to the client for their approval so as to officially close the project. A project repository is established to save work products and control their versions during the project.

Figure 4.15 Activities for the software Basic profile management process [ISO 11e].

Source: Standards Council of Canada.

The project management process includes four activities that are broken down into 26 tasks.

Software Implementation Process for the Basic Profile

The purpose of the software implementation process is the systematic performance of the analysis, design, construction, integration, and tests for new or modified software products according to the specified requirements. Carrying out the implementation process, as illustrated in Figure 4.16, is controlled by the project plan. The project plan guides the analysis of software requirements, detailed architecture and design, construction and integration of software, tests and delivery activities for the deliverables. To eliminate the defects in a product, verification and validation activities as well as test tasks are included in this process's activities. The client provides a SOW as input to the project management process and receives the set of deliverables initially identified in the project plan as the result of the implementation process.

Flow diagram shows activities of software implementation where software implementation initiation leads to software requirements analysis, leads to software architectural and detailed design, et cetera. — **Figure 4.16** Software implementation activities for the Basic profile [ISO 11e].

*Source*: Standards Council of Canada.

The implementation process, as shown in Figure 4.16, includes six activities that are broken down into 41 tasks. To illustrate how management and engineering guides facilitate the implementation of ISO 29110 in a VSE, Table 4.6 provides an example of the requirements analysis task (SI.2.4-Validate and obtain approval of the requirements specification). The left column lists the roles involved in this task: the Analyst (AN) and the Customer (CUS). A second column describes the task as well as some additional information to help execute the task and a third column describes the input work product required for task execution as well as its status (e.g., verified). The last column shows the output work products and their status resulting from the execution of the task.

Table 4.6 Description of One Task of the Requirements Analysis Activity [ISO 11e]

Roles	Tasks	Input workproducts	Output workproducts
CUSAN	SI.2.4 Validate and obtain approval of the Requirements Specifications Validate that requirements specification satisfies needs and agreed upon expectations, including the user interface usability. The results found are documented in a validation results and corrections are made until the document is approved by the CUS.	Requirements Specification [verified]	Validation Results Requirements Specification [validated]

Roles

Tasks

Input workproducts

Output workproducts

CUSAN

SI.2.4 Validate and obtain approval of the Requirements Specifications

Validate that requirements specification satisfies needs and agreed upon expectations, including the user interface usability. The results found are documented in a validation results and corrections are made until the document is approved by the CUS.

Requirements Specification [verified]

Validation Results

Requirements Specification [validated]

Table 4.7 shows an example of a document, a change request, and the content proposed by the ISO 29110 management and engineering guide. Note that the guide does not impose specific content by stating that a document “may,” not “shall,” include the following items, but provides information items that can be grouped. The right-hand column shows the source who requested the document. In this example, a change request is drafted by the client, the development team or by project management. We also note at the end of the description, the applicable status of this document.

Table 4.7 Description of the Content of a Document [ISO 11e]

Name	Description	Source
Change request	Identifies a Software, or documentation problem or desired improvement, and requests modifications. It may have the following characteristics: – Identifies purpose of change – Identifies request status – Identifies requester contact information – Impacted system(s) – Impact to operations of existing system(s) defined – Impact to associated documentation defined – Criticality of the request, date needed The applicable statuses are: initiated, evaluated, and accepted.	Customer Project management Software implementation

Name

Description

Source

Change request

Identifies a Software, or documentation problem or desired improvement, and requests modifications.

It may have the following characteristics:

– Identifies purpose of change
– Identifies request status
– Identifies requester contact information
– Impacted system(s)
– Impact to operations of existing system(s) defined
– Impact to associated documentation defined
– Criticality of the request, date needed

The applicable statuses are: initiated, evaluated, and accepted.

Customer

Project management

Software implementation

4.7.6.3 The Development of Deployment Packages

Although the ISO working group created a management and engineering guide, many VSEs do not have the resources to readily use the two processes described. Therefore, Professor Laporte, as the ISO 29110 project editor, recommended to the delegates for Working Group 24 during a meeting in Moscow in 2007, the development of material that can be used “as is” by VSEs [LAP 08a]. He coordinated the development of a set of documents called the Deployment Package (DP), based on the management and engineering guides.

A DP is a set of artifacts that facilitate and accelerate the implementation of the ISO 29110 standard in VSEs by providing them with ready-to-use processes. The table of contents for the package is described in Table 4.8. Note that the tasks from the management and engineering guides were broken down into steps to help the VSE concretely implement the standard.

Table 4.8 Table of Contents of a DP [LAP 08a]

Technical description
- Purpose of this document
- Why is this topic important?
Relationships with ISO/IEC 29110
Definitions
Overview of processes, activities, tasks, roles, and products
Description of processes, activities, tasks, steps, roles, and products
- Role description
- Product description
- Artifact description
Template(s)
Example(s)
Checklist(s)
Tool(s)
References to other standards and models (e.g., ISO 9001, ISO/IEC 12207, CMMI)
References
Evaluation form

Figure 4.17 shows the DPs that have been developed for the software Basic profile.

Figure 4.17 DPs for the software Basic profile [LAP 08].

These DPs are available for free in English, French, and Spanish on the Web (www.sqabook.org). This site also provides access to templates, checklists, and examples of the implementation of ISO 29110, such as the example provided below.

4.7.6.4 Example of the Implementation of the Software Basic Profile

Following is a brief description of the implementation of the ISO 29110 basic profile for BitPerfect Inc.—a start-up of four persons located in Lima, Peru [GAR 15].

images

Peruvian Start-Up VSE - BitPerfect (Adapted from [GAR 15])

The VSE had used agile practices for its first development projects (e.g., Scrum, test driven development, continuous integration). The basic profile of ISO 29110 had been tailored to agile practices already in use. The new process had been successfully applied to a project for a client of the VSE: software that facilitates communication between clients and judicial counselors to the second largest insurance company in Peru.

Project management and software development of the insurance company project took about 900 hours. The table below shows the effort for prevention, execution, evaluation, and correction.

Development phase	Prevention (hours)	Execution (hours)	Evaluation (hours)	Correction (hours)
Preparing the environment (e.g., server)	14
Developing the project plan		15	3	7
Implementation and project control		108
Implementation (sprints)		90
Assessment and control (sprint review)		18
Software specification		107	28	58
Statement of work		12	3	7
Specification of use cases		95	25	51
Architecture design		35	18	14
Development of the test plan		45	8	11
Coding and testing		253	70	62
Documentation of maintenance and operating guide		14	5	7
Software implementation		6
Project closure		2
Total (hours)	14	585	124	159

Efforts for prevention, execution, evaluation, and correction [GAR 15]

The percentage of effort invested in the correction of defects (i.e., rework) was only 18% (159 hours/882 hours) for the entire project. This percentage is similar to the performance of a CMM level 3 maturity level. The table below shows the percentage of correction efforts by CMM level of maturity.

Maturity Levels of the CMM Model and Correction Effort [DIA 02])

CMM maturity level	% Correction effort
2	23.2%
3	14.3%
4	9.5%
5	6.8%

It should be noted that this project was the first for which the VSE used the new ISO 29110 based process in a software development project. The correction percentage reflects the learning curve associated with the new process and the new documents to produce.

This Peruvian VSE was subsequently audited by an accredited auditor from Brazil. An ISO 29110 compliance audit was completed and a certificate of compliance for the Basic profile was issued by the Brazilian standards agency. ISO/IEC 29110 certification has facilitated access to new customers and larger projects. The certificate obtained by the VSE is recognized by the member countries of the International Accreditation Forum (IAF). In 2016, the Peruvian VSE employed more than 23 people.

The certification process for the Peruvian VSE will be presented in the chapter on audits.

4.7.7 ISO/IEC 29110 Standards for VSEs Developing Systems

Since a large number of VSEs develop systems that include hardware and software, members of the SC7 countries mandated Working Group 24 to develop a set of documents similar to those already created for the development of software: a roadmap consisting of a set of four profiles (Entry, Basic, Intermediate, and Advanced). The system development and software development profiles are similar since the strategy was to develop the system profiles using, as the foundation, the software profiles already published.

Figure 4.18 shows the processes and activities for the systems engineering Basic profile. Since this is based on the software Basic profile, there are similarities with the software Basic profile presented above:

– a client, called acquirer, presents a SOW for a VSE;
– a project management process that includes similar activities as the project management process of the software Basic profile. Some tasks were added to the profile for systems engineering such as the management of the purchase of hardware components.
– a technical process, referred to as System Definition and Realization process, has activities that are similar to the software implementation process. Several tasks were added to the systems engineering profile. It is during the execution of the activity entitled “Construction of the system” that the hardware components are purchased or manufactured by the VSE. It is also at this point that software components are developed. Next, during the system integration activity, software and hardware components are integrated, the system is verified and validated. The ISO 29110 systems engineering guide suggests that a VSE uses the software Basic profile for the development of the software components of the system.

Figure 4.18 Processes and activities for the Basic profile for the development of systems [ISO 16f].

The system and software management and engineering guides are freely available from ISO in French and English. A version in German is also available on the Web.

4.8 Specific Standards for an Application Domain

In this section, we provide examples of standards that are specific to an application domain, such as aerospace and railways, to highlight the fact that certain fields comprising critical systems have developed their own standards. Unlike ISO's software engineering standards, which are developed by representatives of member countries, the standards described below have been developed by the organizations involved in a specific field (e.g., aerospace companies and aviation authorities). One notable example is the CobiT guide [COB 12] that is used by internal auditors to audit the information systems organizations.

4.8.1 DO-178 and ED-12 Guidance for Airborne Systems

The development of DO-178 “Software Considerations in Airborne Systems and Equipment Certification,” was initiated in 1980 by the Radio Technical Commission for Aeronautics (RTCA). At the same time, the European Organisation for Civil Aviation (EUROCAE) had also developed a similar document. Later, the two organizations decided to develop a common guidance. In 1982, EUROCAE published ED-12 with technical content identical to DO-178. As stated in DO-178C, since 1992, the aviation industry and certification authorities around the world have used the considerations in DO-178B/ED-12B as an acceptable means of compliance for software approval in the certification of airborne systems and equipment. The latest version of these two documents was published in 2011 [EUR 11, RTC 11].

Their purpose is to provide guidance for the production of software for airborne systems and equipment. These systems must provide a high level of safety that complies with airworthiness requirements.

The reader may wonder why this document is called guidance and not a standard. This is the explanation extracted from DO-178 [RTC 11]: “This document recognizes that the guidance herein is not mandated by law, but represents a consensus of the aviation community. It also recognizes that alternative methods to the methods described herein may be available to the applicant. For these reasons, the use of words such as ‘shall’ and ‘must’ is avoided.”

However, DO-178 provides some text that transforms this guidance to a de facto standard for that industry [RTC 11]: “If an applicant adopts this document as a means of compliance, the applicant should satisfy all applicable objectives. This document should apply to the applicant and any of its suppliers, who are involved with any of the software life cycle processes or the outputs of those processes described herein. The applicant is responsible for oversight of all of its suppliers.”

Certification

Legal recognition by the certification authority that a product, service, organization, or person complies with the requirements.

Such certification comprises the activity of technically checking the product, service, organization, or person and the formal recognition of compliance with the applicable requirements by issue of a certificate, license, approval, or other documents as required by national laws and procedures. In particular, certification of a product involves:

the process of assessing the design of a product to ensure that it complies with a set of requirements applicable to that type of product so as to demonstrate an acceptable level of safety;
the process of assessing an individual product to ensure that it conforms with the certified type design;
the issuance of a certificate required by national laws to declare that compliance or conformity has been found with requirements in accordance with items (a) or (b) above.

DO-178 [RTC 11]

The purpose of this guidance includes [RTC 11]:

– objectives for software life cycle processes;
– activities that provide a means for satisfying those objectives;
– descriptions of evidence in the form of life cycle data that indicate that the objectives have been satisfied.

A system safety assessment determines the software level of the software components of a system. The software level may even be specified in the system requirements. The DO-178 divides software into five levels [RTC 11]:

Level A: Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a catastrophic failure condition for the aircraft.
Level B: Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a hazardous failure condition for the aircraft.
Level C: Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a major failure condition for the aircraft.
Level D: Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a minor failure condition for the aircraft.
Level E: Software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function with no effect on aircraft operational capability or pilot workload. If a software component is determined to be Level E and this is confirmed by the certification authority, no further guidance contained in this document applies.

4.8.2 EN 50128 Standard for Railway Applications

The EN 50128 standard describes the application domain in the following way [CEN 01]: by specifying the procedures and technical requirements applicable to the development of programmable electronic systems used in railway control and protection applications. It is meant to be used in any field having safety implications. It applies to all software used in developing and implementing railway control and protection systems, including application programming, operating systems, support tools, and micro-programming. It also focuses on the requirements applicable to the systems configured using application data.

The standard was developed for the following reasons [CEN 01]:

– To define a process for the specification and demonstration of dependability requirements for the railway industry;
– To foster an understanding and common approach to managing dependability;
– To provide the railway authorities and industry with a process that allows for a coherent management of reliability, availability, maintainability, and dependability.

The EN 50128 standard introduces five software safety integrity levels (SWSIL) where each level is associated with a degree of risk when using a software system. Level 0 is assigned to software that is non-safety-related, whereas level 4 means a very high risk. A special feature of this standard is that it imposes an organizational structure on organizations that develop risky software, that is, software with safety issues. Figure 4.19 illustrates the different organizational structures based on the SWSIL.

Diagram shows independence versus SWSIL with labels for DI, VER, VAL, ASSR, DU, VER, VAL, PRJ MGR, et cetera, and markings for can be same person, can be same company, verifier, validator, et cetera. — **Figure 4.19** Independence versus SWSIL [CEN 01].

The standard describes the sharing of roles and responsibilities of stakeholders. For level 0, there is no constraint, the designer/implementer, verifier, and validator can all be the same person.

For SWSIL levels 1 and 2, the verifier and validator can be the same person, but they cannot be the designer/implementer. However, the designer/implementer, verifier, and validator can all report through the project manager. At SWSIL levels 3 and 4, there are two acceptable arrangements:

– The verifier and the validator can be one and the same person, but they must not also be the designer/implementer. In addition, the verifier and validator cannot report to the project manager, as the designer/implementer does, and they must have the authority to prevent a product from being released.
– The designer/implementer, verifier and validator must all be different people. The designer/implementer and verifier can report to the project manager, whereas the validator cannot. The validator must have the authority to prevent a product from being released.

Moreover, in this standard, there are requirements about using or not using certain development techniques. The classification table has five levels, from mandatory to not recommended and appears in Table 4.9.

Table 4.9 Example of a Technique Classification Table (Translated from [CEN 01])

Classification	Explanation
The use of a technique is mandatory (M).
The technique is highly recommended (HR) for this safety integrity level.	If this technique or measure is not used then the rationale behind not using it should be detailed in the SQAP or in another document referenced by the SQAP.
The technique or measure is recommended (R) for this safety integrity level.
The technique or measure has no recommendation (-) for or against being used.
The technique or measure is positively not recommended (NR) for this safety integrity level.	If this technique or measure is used then the rationale behind using it should be detailed in the SQAP or in another document referenced by the SQAP.

Table 4.10 illustrates the classification of static analysis techniques for SWSIL from 0 to 4. Here, we see the requirement for performing design reviews is “HR” for all levels of criticality.

Table 4.10 Description of Classification of Static Analysis Techniques [CEN 01]

Technique	SW IL 0	SW IL 1	SW IL 2	SW IL 3	SW IL 4
Boundary value analysis	-	R	R	HR	HR
Checklists	-	R	R	R	R
Data flow analysis	-	HR	HR	HR	HR
Fagan inspections	-	R	R	HR	HR
Walk-through/design reviews	HR	HR	HR	HR	HR

In Table 4.11, we list requirements made as to whether or not to use certain programming languages, such as C or C++ (without restriction), for the five criticality levels.

Table 4.11 Description of Classification of Programming Languages [CEN 01]

Technique	SW IL 0	SW IL 1	SW IL 2	SW IL 3	SW IL 4
Ada	R	HR	HR	R	R
C or C++ (unrestricted)	R	-	-	NR	NR
Subset of C or C++ with coding standard	R	R	R	R	R

4.8.3 ISO 13485 Standard for Medical Devices

The ISO 13485 standard focuses on QA of products, customer requirements, and various items related to the management of quality systems [ISO 16d]. This standard specifies the requirements of a QMS that can be used by an organization for design and development, production, installation, and related services for medical devices, as well as the design, development, and supply of related services. The following definition of medical device illustrates the wide spectrum of devices that could be impacted by poor quality software.

Medical Device

Instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article, intended by the manufacturer to be used, alone or in combination, for human beings, for one or more of the specific medical purpose(s) of:

– diagnosis, prevention, monitoring, treatment or alleviation of disease;
– diagnosis, monitoring, treatment, alleviation of or compensation for an injury;
– investigation, replacement, modification, or support of the anatomy or of a physiological process;
– supporting or sustaining life;
– control of conception;
– disinfection of medical devices;
– providing information by means of in vitro examination of specimens derived from the human body;

and does not achieve its primary intended action by pharmacological, immunological or metabolic means, in or on the human body, but which may be assisted in its intended function by such means.

Note 1 to entry: Products which may be considered to be medical devices in some jurisdictions but not in others include:

– disinfection substances;
– aids for persons with disabilities;
– devices incorporating animal and/or human tissues;
– devices for in vitro fertilization or assisted reproduction technologies.

ISO 13485 [ISO 16d]

Although this standard is independent of ISO 9001, it is based upon it. Given that certain requirements of ISO 9001 were excluded from ISO 13485, organizations whose QMS comply with ISO 13485 can claim compliance with the ISO 9001 standard only if their QMSs comply with all the requirements of the ISO 9001standard. Appendix B of ISO 13485 provides correspondence between these two standards.

4.9 Standards and the SQAP

Standards have a central place in a project's SQAP (Software Quality Assurance Plan). In order to conduct product and process assurance activities, the project team as well as the SQA function need to assess the adherence of project processes and products to the applicable agreements (e.g., contracts), regulations and laws, organizational standards, and procedures. Effectiveness of organizational software processes need to be constantly evaluated and improvements suggested. Problems and non-conformance are identified and recorded. The IEEE 730 standard defines the requirements regarding standards, practices, and conventions that must be described in the SQAP of a project. The SQAP identifies all applicable standards, practices, and conventions used for the project such as:

– documentation standards;
– design standards;
– coding standards;
– standards for comments;
– testing standards and practices.

Once the standards are identified and staff are trained on how to use them, SQA has a duty to conduct process and product assurance evaluations based on organizational QA policies and processes. Both process and product assurance evaluations have to be done on all projects. Process assurance consists of the following activities [IEE 14]:

– evaluate life cycle processes and plans for conformance;
– evaluate environments for conformance;
– evaluate subcontractor processes for conformance;
– measure processes;
– assess staff skills and knowledge.

We have seen that organizational standards used by software and system engineers are adapted locally to fit each project specificity. To ensure consistency, high quality and reduce project risks, the SQA is asked to:

– identify the standards and procedures established by the project or organization;
– analyze, for identified projects, the product risks, standards, and assumptions that could impact quality and identify specific SQA activities, tasks, and outcomes that could help determine whether those risks can be effectively mitigated by the project;
– determine whether the proposed product measurements are consistent with standards and procedures established by the project.

Note that standard conformance, regulatory concerns, or customer requirements are to be included in any tailoring for projects that use an agile methodology. As well, the SQA cannot replace the project team's responsibility for the product quality. The IEEE 730 standard insists that resources and information necessary for performing SQA are identified, made available, allocated, and used in projects. The project team should ask the following questions, regarding standards, practices and conventions, at the project planning stage:

– what government regulations and industry standards are applicable to this project? Have all laws, regulations, standards, practices, conventions, and rules been identified?
– what specific standards are applicable to this project? Have specific criteria and standards against which all project plans are to be evaluated been identified and shared within the project team?
– what organizational reference documents (such as standard operating procedures, coding standards, and document templates) are applicable to this project?
– have specific criteria and standards against which software life cycle processes (e.g., supply, development, operation, maintenance, and support processes including QA) are to be evaluated been identified and shared with the project team?
– what reference documents are appropriate to include in the SQAP?
– is the SQA expected to assess the project's compliance with applicable regulations, standards, organizational documents, and project reference documents?

During the project execution, the project team will have to verify:

– the project level of adherence to plans, product quality, processes (such as the life cycle processes), and activities with regards to the applicable standards, procedures, and requirements. Additionally, they need to keep quality records of these activities in case of additional verification;
– that appropriate coding standards and conventions, identified during planning, are applied;
– that the criteria, standards, and contractual requirements against which software engineering practices, development environment, and libraries are to be reviewed have been identified and documented;
– deviations to the SQAP are reported, authorized, and documented.

4.10 Success Factors

The implementation of standards into practice may be facilitated or hindered depending on the factors at play in the organization. The following text box lists a few of these factors.

4.11 Further Reading

GLAZER H., DALTON J., ANDERSON D., KONRAD M., and SHRUM S. CMMI or Agile: Why Not Embrace Both!. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA, 2008, 41 p.
MOORE J. The Road Map to Software Engineering: A Standards-Based Guide. Wiley-IEEE Computer Society Press, Hoboken, New Jersey, USA, 2006, 440 p.
PFLEEGER S.L., FENTON N.E., and PAGE P. Evaluating software engineering standards. IEEE Computer, vol. 27, issue 9, 1994, pp. 71–79.

4.12 Exercises

Name five advantages and five disadvantages of software engineering standards.
Provide five advantages and five disadvantages of the CMMI-DEV.
If an organization implements all the standards needed for the development of its software products, is this sufficient to produce quality software?
If an organization implements all the standards needed for the development of its software products, is this sufficient to produce software and make a profit or bring other benefits to the organization?
Can the CMMI-DEV model be used for development in an organization with 10 developers? Explain why or why not.
Can software be developed in an environment that has adopted agile practices and the CMMI-DEV?
What could be the benefits of using ISO 29110 for a small organization?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 4 Software Engineering Standards and Models

Create new playlist

Sign In

Sign Up

4.1 Introduction

4.2 Standards, Cost of Quality, and Business Models

4.3 Main Standards for Quality Management

4.3.1 ISO 9000 Family

4.3.2 ISO/IEC 90003 Standard

4.4 ISO/IEC/IEEE 12207 Standard

4.4.1 Limitations of the ISO 12207 Standard

4.5 ISO/IEC/IEEE 15289 Standard for the Description of Information Elements

4.6 IEEE 730 Standard for SQA Processes

4.6.1 Activities and Tasks of SQA

4.6.1.1 SQA Process Implementation Activities

4.6.1.2 Product Assurance Activities

4.6.1.3 Process Assurance Activities

4.7 Other Quality Models, Standards, References, and Processes

4.7.1 Process Maturity Models of the SEI

4.7.2 Software Maintenance Maturity Model (S3m)

4.7.3 ITIL Framework and ISO/IEC 20000

4.7.3.1 Managing IT Services

4.7.3.2 ISO/IEC 20000 Standard

4.7.4 CobiT Process

4.7.5 ISO/IEC 27000 Family of Standards for Information Security

4.7.6 ISO/IEC 29110 Standards and Guides for Very Small Entities

4.7.6.1 ISO 29110 Set of Profiles

4.7.6.2 ISO 29110 Software Basic Profile

4.7.6.2.2 Management Processes for the Software Basic Profile

Software Implementation Process for the Basic Profile

4.7.6.3 The Development of Deployment Packages

4.7.6.4 Example of the Implementation of the Software Basic Profile

4.7.7 ISO/IEC 29110 Standards for VSEs Developing Systems

4.8 Specific Standards for an Application Domain

4.8.1 DO-178 and ED-12 Guidance for Airborne Systems

4.8.2 EN 50128 Standard for Railway Applications

4.8.3 ISO 13485 Standard for Medical Devices

4.9 Standards and the SQAP

4.10 Success Factors

4.11 Further Reading

4.12 Exercises

Table of Contents for
Chapter 4 Software Engineering Standards and Models

4.7.2 Software Maintenance Maturity Model (S^3m)