Transcription
System Quality Assurance ChecklistProject NameVersionYour Company NameSystem Quality Assurance ChecklistDateConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 1 of 22
System Quality Assurance ChecklistProject NameVersionRevision HistoryDateVersionAuthorChangeCOPYRIGHT NOTICEConfidential – 2015 Documentation ConsultantsAll rights reserved. These materials are for internal use only. No part of these materials may bereproduced, published in any form or by any means, electronic or mechanical, including photocopy or anyinformation storage or retrieval system, nor may the materials be disclosed to third parties without the writtenauthorization of (Your Company Name).Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 2 of 22
System Quality Assurance ChecklistProject NameVersionTable of Contents12345678Project Management (PM) . 4Methodology . 5Testing . 11Configuration Management (Cm) . 15Documentation and Records Management . 17Security . 19Training and Education . 21Maintenance. 22Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 3 of 22
System Quality Assurance ChecklistProject NameVersion1Project Management (PM)System TopicsYes/NoCommentsProcedural Controls Project planning organizational policy is available. Procedures available for establishing and reviewingproject plans, commitments, complexity, costs,efforts, resources, facilities, personnel assignments. Procedures available for work breakdown.Resources PM assigned. PM can negotiate work commitments. PM trained in project planning and estimating.Documented Activities Project activities documented, e.g., statement ofwork, project plans, resource estimates, riskassessment, faculties, work breakdown structures,metrics, project status, control, management, andcontract reviews, etc.Tracking and Oversight Policies exist to track project and oversight. Project uses procedures to track actual time,funding, costs, and QA results, work size andcomplexity, scope, corrective action, changes,commitments, agreements, plans, schedules, risk,and resources.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 4 of 22
System Quality Assurance ChecklistProject NameVersion2MethodologySystem TopicsYes/NoCommentsSoftware Methodology Management has a formal methodology for softwaredevelopment projects and/or enhancement projects. Requirements used to establish softwareengineering and management. Allocated requirements change when adjustmentsare made to project plans, work products, andactivities. Methodology allows for a formal and approved set ofdesigns based on requirements. Methodology supports construction based onapproved design information. Methodology supports integration of softwareelements into a working product. Methodology ensures formal testing of softwarecomponents at specific process phases. Methodology ensures release and support of thefinal product. Measurements are used to determine the status ofthe completed activities throughout projects. Guidelines, standards, and/or procedures are usedfor product enhancements and replacements. Release process for enhancements includes fulldocumentation of new functions by updatingoperating manuals and release notes.Application of Written Controls Plans and methodology support the use ofstandards, procedures, and guidelines for:oDefining software requirements.oDesigning and building software.oIntegration of software components.oTesting of components and integratedproduct.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 5 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsoYes/NoCommentsRelease and product support. Projects follow a written organizational policy forproject planning. Projects follow a written organizational policy formanaging requirements and design information.Technical Reviews During Development Plans and methodology ensure technical reviews for:oRequirements.oDesigns.oCoding.oProduct test plans and scripts.oAnalysis of test results.Review outcomes help support improvements to thesoftware process.Testing Planned testing activities include:oUnit testing.oIntegration testing.oSystem testing.oRelease testing. All test documents are approved prior to use. Process exists that assures errors found duringtesting are corrected and re-tested. Test documents contain test cases with definedinputs, defined outputs, observed results, tester ID,and recorded errors.Requirements Information Information exists about reusable software productsor components, which describes the functions andcapabilities of the reusable entity. Reusable entity information is used during thesoftware process for new and evolving products.Design Information Design information exists on reusable softwareproducts or components.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 6 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsCode Listing Existing code information on the reusable softwareconforms to established code managementpractices.Performance and Maintenance History Performance and maintenance history records areavailable. Performance and maintenance records of reusableproducts are used to support the software process.Purchased Software Products and Services A formal organizational practice exists for selectingand managing product and service suppliers duringthe course of a project. Selection procedures include analysis of suppliersproven capabilities. Practices require purchased product specificationsand documentation be evaluated prior to purchase.Compatibility with Bundled Product Purchased components are tested to assesscompatibility with the bundled package.Virus Free Entity Evaluation practices for purchased products assurefreedom from virus infection.Source Code Source listings conform to written standards for:oHeader informationoFile namingoProgram descriptionoRevision recordoCoding styleoModularityoAnnotationoVariable definitionoParameters for interaction.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 7 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsHardware Methodology A formal methodology, endorsed by management isused for all hardware development projects and/orenhancement projects. Methodology allows for approved requirementsbased on known processing needs. Requirements are used to establish a basis forhardware engineering and management use. Project plans, work products, and activities aremodified when requirements change. Methodology requires formal and approveddocumentation. Methodology ensures a rigorous practice forhardware element integration into a working product. Methodology enforces a rigorous practice for testinghardware components at predetermined phases. Methodology enforces formal practices for releaseand support of the final hardware product. Measurements are used to determine the status ofthe activities performed for managing requirementsand design information throughout projects. Hardware project plans document activities to beperformed. Measurements are used to determine progressagainst planned activities. Adequate resources are provided for planning ahardware project.Application of Written Controls Plans and methodology enforce the use ofstandards, procedures, and guidelines for:oDefining hardware specifications.oDesigning and building hardware.oIntegration of hardware components.oTesting of components and integratedproduct.oRelease and support of product.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 8 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsoYes/NoCommentsInstallation procedures and testingdiagnostics. Projects follow a written organizational policy forproject planning. Projects follow a written organizational policy formanaging hardware specifications and designinformation.Technical Reviews Plans and methodology ensure technical reviews for:oRequirements.oDesigns.oDrawings and specification analysis.oProduct test plans, scripts, and results.oEngineering notebooks and logs.Project managers review progress against plannedactivities.Testing Planned testing activities include:oIntegrated Committee testing.oFunctional hardware unit testing.oHardware release testing. Test documents are approved prior to use. Mechanism exists that assures errors found duringtesting are corrected and re-tested. Reviewed test results are used as a basis forrelease. Product errors found during testing are used asfeedback for the improvement of hardwareprocesses.Purchased Hardware Products and Services Selection procedures include analysis of suppliersproven capabilities. Practices require that purchased productspecifications and documentation be evaluated priorto purchase.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 9 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsCompatibility with Bundle Product Purchased components are tested to assesscomponent compatibility with the bundled hardware.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 10 of 22
System Quality Assurance ChecklistProject NameVersion3TestingSystem TopicsYes/NoCommentsProcedural Controls Policies exist for the testing process. Testing procedures describe:o Test document development and itsmanagement.o Testing types and levels required.o Features and attributes.o Test outcomes and acceptability. Procedures describe which organizational groupsare responsible for:o Testing.o Reviewing results.o Distribution of results.o Maintenance of documentation.o Release of products based on test results.o How testing errors are recorded, tracked andresolved.o Where and when to use approved tools fortesting.o How to manage testing information within atesting tool environment.o How software tools used in the testingprocess are evaluated and selected.Test Document and Structure Testing documentation contains the followinginformation:o Document title.o Document version.o Accountability signatures. Test plans contain the following information:o Identification of component to be tested.o Resource requirements.o Schedules.o Prerequisites for testing.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 11 of 22
System Quality Assurance ChecklistProject NameVersionSystem Topics Test documentation contain the followinginformation:o References to design and requirementsdocumentation.o Data and test equipment specifications.o Test environment description.o Features and attributes.o Criteria for acceptance and release of testcomponents. Finalized test cases contain the followinginformation:o Documented test cases with defined inputs,expected outputs, and actual outputs.o Traceability of test cases to specifications.o Error log.o Actual results (not merely pass / fail)recorded where appropriate.o Results summary.o Analysis.o Approval / release (before and afterexecution).o Tester identification and date. Test tracking records contain the following incidentinformation:o Tracking identifier/number.o Traceability to test case.o Corrective action taken.o Results of retest.o Timing (dates) of all activities.Yes/NoCommentsTesting in the User Environment Organization performs pre-release testing in the userenvironment. Organizational prepared procedures describe howtesting will be performed. Instructions for documenting test activity and results. Organization corrected the product or informedcustomer of known product limitations.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 12 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsSoftware Software development procedures exist for softwaretesting activities. Test documents exist for:o Unit level testing.o Integration level testing.o System level testing. Test cases are approved prior to testing. Test cases are traceable to requirements and designspecifications. Testing results are used to adjust or correct functionsor operations. Procedures explain how corrected, enhanced, ormodified software is tested for product featureeffectiveness. Regression testing is performed for enhancementsand feature and function corrections. Original test documents and records are used forregression testing purposes.Hardware Hardware testing procedures are used for thefollowing (where appropriate):oComponents.oSub-units.oFully assembled units or systems.Hardware compatibility testing procedures are usedfor bundled software products.Product Maintenance Procedures describe how repaired, enhanced ormodified hardware is tested and its effectiveness. Original design documentation and test cases areused to support regression testing. Periodic hardware tests are performed to assure thatperformance specifications are valid.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 13 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsUser Manual User manuals are reviewed and tested forcorrectness prior to release and distribution.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 14 of 22
System Quality Assurance ChecklistProject NameVersion4Configuration Management (Cm)System TopicsYes/NoCommentsGeneral Projects follow a written organizational policy forimplementing configuration management. Configuration Management training is providedwithin the organization.Planned and User Activities A configuration management plan exists and is used. Resources and funding were allocated for CMplanning and activities. CM Plans include activities for the following:oIdentify CM items.oBase-line and version items.oControl changes to items.oEstablish and manage repositories.oReport status of items. Responsibility for coordinating and implementingconfiguration management exists. Training was provided for individuals configurationmanagement activities, including objectives,procedures, and methods for performing theiractivities. Defined procedure for access privileges have beenset and are used. CM tools are used for CM implementation. CM tool users have been trained for their use.Glossary of Items Configuration items are defined. A configuration management library repository existsfor the work product baselines. The repository is used to manage and control accessto the CM items.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 15 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsChange Management Procedures exist for change requests and problemreports for configuration items/units initiated,recorded, reviewed, approved, and tracked. Methods exist to restore previous work items in caseof problems.Version Management Procedures describe a methodology for establishingversions.oMajor releases.oMaintenance releases.oIndividual hardware / software items.oCustom work.Version management procedures ensure traceabilityto documentation and records.Status of CM Items Status of configuration items and units are recorded. Configuration management report activities arecommunicated to respective groups and individuals. Status information is provided to management. Base audits are performed.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 16 of 22
System Quality Assurance ChecklistProject NameVersion5Documentation and Records ManagementSystem TopicsYes/NoCommentsControl of RecordsDocuments that Direct Work Activity Policies and procedures are used to manage andmaintain documentation. Review of procedures and policies are performedperiodically. Responsibilities are defined for reviewing / approvingnew and/or revised documents. A notification / distribution process exists for newlyapproved documents. Outdated and superseded documents are removedfrom circulation and destroyed. Procedures include mechanisms for version controlof policies and procedures.Technical Documentation A procedure exists for managing technicaldocuments associated with computer products andservices. Format and content standards exist for technicaldocuments. Procedures exist for review and approval of thesedocuments. Procedures exist for making these documentsavailable for use within the organization. Procedures exist for archiving and/or retention ofthese documents?User Documentation Procedures exist for management and control ofmanuals. Procedures exist to inform end users how to operateand use the computer products. Format and content standards exist for userdocumentation.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 17 of 22
System Quality Assurance ChecklistProject NameVersionSystem Topics Procedures exist that define how users will benotified of manual changes. Procedures exist that define how user manualchanges are to be kept in sync with product orsystem changes.Yes/NoCommentsSupporting Records Procedures exist that define how to manage andcontrol supporting records, e.g., technical reviews,problem resolution, error logs. Procedures exist that define what supporting recordsneed to be maintained. A record retention schedules exists and is used.Electronic Documents and Records A policy exists for managing electronic records. Procedures exist for managing electronic records:oMaintain audit trails.oSign electronic documents.oRetention life of document.oRecord access and administration.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 18 of 22
System Quality Assurance ChecklistProject NameVersion6SecuritySystem TopicsYes/NoCommentsGeneralSecurity Policies and Procedures A policy exists for the following security items:oComputer security goals.oUse of passwords.oRoles and responsibilities.oVirus protection.oDisaster recovery. Password procedures describe non-complianceconsequences. Responsibilities exist for implementing andadministering security functions. Employees are trained in computer security policiesand rules. Computer security administrators are trained to fulfilltheir functions.Security Administration Security measures are designed to mitigateunauthorized changes, theft, and threats. Procedures exist to implement the following:oLogical and physical security.oEstablish and maintain access.oDetect and report incidents.oCompliance evaluation.Security Tools Security tools are evaluated relative to the securitygoals. Approved tools are periodically evaluated forsuitability. Tools are made available to the individualsadministering security.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 19 of 22
System Quality Assurance ChecklistProject NameVersionSystem TopicsYes/NoCommentsSoftware Virus Program Programs are available to prevent the introduction ofviruses. Virus programs provide proactive detection andelimination.Backup and Recovery A program exists to backup mission critical workproducts, tools, and files. Procedures exist for periodic backup. Procedures provide for systematic recovery during adisaster. The disaster recovery procedures have been tested.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 20 of 22
System Quality Assurance ChecklistProject NameVersion7Training and EducationSystem TopicsYes/NoCommentsGeneralControls A training policy exists. Policies and procedures describe the following::oJob descriptions.oTraining requirements for each jobdescription.oTraining and education to maintain andimprove skills.Training and Education Records Organization maintains records of training andeducation. Records are maintained and are up to date. Management reviews records to ensure objectives.Training and Education Plans Employee training and education plans aremaintained. Management reviews employee training plans. Training and education plans identify the skillsrequired with a schedule to satisfy them.Training and Education Responsibilities Someone (or a group) is assigned responsibility fortraining and education. Sufficient resources have been provided to carry outthe training and education program.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 21 of 22
System Quality Assurance ChecklistProject NameVersion8MaintenanceSystem TopicsYes/NoCommentsGeneralProcedural Controls Procedures exist for product maintenance. Procedures exist for: oListing reported problems.oProblem analysis.oProblem resolution.Support maintenance procedures exist for:oContracts.oSupport escalation for mission criticalapplications.Reporting of known problems Procedures exist to notify customers of knownproblems. Procedures exist to proactively provide notificationfor problems relating to:oData collection.oData processing.oDisplay information.oComputer security.oSafety.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 5150Page 22 of 22
System Quality Assurance Checklist Project Name Version Confidential – 2015 Documentation Consultants (www.SDLCforms.com) Document: 5150 Page 5 of 22 2 Methodology System Topics Yes/No Comments Software Methodology Management has a formal methodology for software
