Appendix A: Quality Models and Verification Methods As indicated in previous chapters, we have excluded discussions on the various verification methods which still exist in many publications. The following table may be useful in researching appropriate methods to deal with the different artefacts in the product lifecycle. We do not claim completeness in the methods but have provided common verification methods which we apply in our projects. Artefact type Quality model Verification methods Documentation DocQMod • Peer Review • Structured Group Review • Inspection • Walk Through • Technical Review • Informal Review Business BPQMod • Peer Review processes • Structured Group Review • Formal Inspection (on business process models, e.g. swimlanes, business and application process models) • Walk Through • GUI Prototyping • Test Modelling (based on business processes) • Early Test Case Design • Usability Testing Requirements ReqQMod • Management Review • Peer Review • Structured Group Review • Audit • Inspection • Walk Through • Technical Review • Informal review • GUI Prototyping • Test Modelling (based on requirements) • Test Case Specification (based on requirements) (continued) M. Wieczorek et al., Systems and Software Quality, 165 DOI 10.1007/978-3-642-39971-8, © Springer-Verlag Berlin Heidelberg 2014 166 Appendix A: Quality Models and Verification Methods Artefact type Quality model Verification methods Architecture ArchQMod • Peer Review • Structured Group Review • Formal Inspection • ATAM • Prototyping (including functional and non-functional testing) • FMEA Database DataQMod • Formal Inspection (on e.g. normalisation) • Peer Review (on indexing, SQL statements, stored procedures) • Structured Group Review • Functional Testing (by application) • Non-functional testing (including performance and security) Source code CodeQMod • Peer Review • Walk Through • Formal Inspection (e.g. style guides, coding standards) • Static Source Code Analysis (tool based) • Profiling (e.g. memory leaks) • Functional and Non-Functional dynamic testing • Condition Testing • Branch Testing • LCSAJ Testing (Parts of) SysQMod • Business Process Testing application or • End-to-End Testing system • Functional Testing • Non-Functional Testing (e.g. reliability, performance, security, and usability testing) • Structure-based Testing • Specification-based Testing • Testing using Decision Tables • Testing using State Transition Diagrams • Testing using Equivalence Partitioning • Boundary Value Analysis • Cause-Effect Graphing • Combinatorial Testing • Use Case Testing • User Story Testing • Domain Analysis • Explorative Testing • Crowd Testing • Manual / Automated Testing Environment EnvQMod • Peer Review • Structured Group Review • Formal Inspection • ATAM • Prototyping (including functional and non-functional testing) • FMEA • Monitoring • In-Process Reviews (continued) Appendix A: Quality Models and Verification Methods 167 Artefact type Quality model Verification methods Long-term DigPresQMod • Inspection archive • Peer Review • Recoverability Testing • Regression Testing • Inspections by Samples • Spot Test Appendix B: Relevant International Standards All standards, quasi-standards or industry-specific standards like DO 178C, AQAP or CMMI are mostly derived from national or international standards developed by various national and international standardisation bodies. In the table below we have limited our scope to the international standards that are relevant for the purposes of this book and focus on quality governance, quality management and quality engineering. If there is a standard that does not apply by country, there should be a relatively close conversion within that country. Reference number Title IEC 31010: 2009 Risk management—Risk assessment techniques IEEE STD 1028: 2008 IEEE Standard for Software Reviews and Audits ISO 9000: 2005 Quality management systems—Fundamentals and vocabulary ISO 9001: 2008 Quality management systems—Requirements ISO 9004: 2009 Managing for the sustained success of an organization—A quality man- agement approach ISO 10001: 2007 Quality management—Customer satisfaction—Guidelines for codes of conduct for organizations ISO 10002: 2009 Quality management—Customer satisfaction—Guidelines for complaints handling in organizations ISO 10003: 2007 Quality management—Customer satisfaction—Guidelines for dispute resolution external to organizations ISO 10005: 2005 Quality management systems—Guidelines for quality plans ISO 10005: 2005 Quality management systems—Guidelines for quality plans ISO 10006: 2003 Quality management systems—Guidelines for quality management in projects ISO 10007: 2003 Quality management systems—Guidelines for configuration management ISO 10012: 2003 Measurement management systems—Requirements for measurement processes and measuring equipment ISO/TR 10013: 2001 Guidelines for quality management system documentation ISO 10014: 2007 Quality management—Guidelines for realizing financial and economic benefits ISO 10014: 2006 Quality management—Guidelines for realizing financial and economic benefits (continued) M. Wieczorek et al., Systems and Software Quality, 169 DOI 10.1007/978-3-642-39971-8, © Springer-Verlag Berlin Heidelberg 2014 170 Appendix B: Relevant International Standards Reference number Title ISO 10015: 1999 Quality management—Guidelines for training ISO 10018: 2012 Quality management—Guidelines on people involvement and competence ISO 10019: 2005 Guidelines for the selection of quality management system consultants and use of their service ISO 19011: 2012 Guidelines for auditing management systems ISO 26262-1: 2011 Road vehicles—Functional safety—Vocabulary ISO 26262-2: 2011 Road vehicles—Functional safety—Management of functional safety ISO 26262-3: 2011 Road vehicles—Functional safety—Concept phase ISO 26262-4: 2011 Road vehicles—Functional safety—Product development at the system level ISO 26262-5: 2011 Road vehicles—Functional safety—Product development at the hardware level ISO 26262-6: 2011 Road vehicles—Functional safety—Product development at the software level ISO 26262-7: 2011 Road vehicles—Functional safety—Production and operation ISO 26262-8: 2011 Road vehicles—Functional safety—Supporting processes ISO 26262-9: 2011 Road vehicles—Functional safety—Automotive Safety Integrity Level (ASIL)oriented and safety-oriented analyses ISO 26262-10: 2012 Road vehicles—Functional safety—Guideline on ISO 26262 ISO 31000: 2009 Risk management—Principles and guidelines ISO/IEC 12207: 2008 Systems and software engineering—Software life cycle processes ISO/IEC 15288: 2008 Systems and software engineering—System life cycle processes ISO/IEC 15504-1: Information technology—Process assessment—Part 1: Concepts and 2004 vocabulary ISO/IEC 15504-2: Information technology—Process assessment—Part 2: Performing an 2003 assessment ISO/IEC 15504-3: Information technology—Process assessment—Part 3: Guidance on 2004 performing an assessment ISO/IEC 15504-4: Information technology—Process assessment—Part 4: Guidance on use 2004 for process improvement and process capability determination ISO/IEC 15504-5: Information technology—Process assessment—An exemplar software 2012 life cycle process assessment model ISO/IEC 15504-7: Information technology—Process assessment—Part 7: Assessment of 2008 organizational maturity ISO/IEC 15504-9: Information technology—Process assessment—Part 9: Target process 2011 profiles ISO/IEC 15504-10: Information technology—Process assessment—Part 10: Safety extension 2011 ISO/IEC 16085: 2006 Systems and software engineering—Life cycle processes—Risk management ISO/IEC 20000-1: Information technology—Service management—Part 1: Service man- 2011 agement system requirements ISO/IEC 20000-2: Information technology—Service management—Part 2: Guidance on the 2012 application of service management systems ISO/IEC 25010: 2011 Systems and Software-Engineering—Systems and software Quality Requirements and Evaluation (SQuaRE)—System and software quality models (continued) Appendix B: Relevant International Standards 171 Reference number Title ISO/IEC 25012: 2008 Software-Engineering—Software product Quality Requirements and Evaluation (SQuaRE)—Data quality model ISO/IEC 25020: 2007 Software-Engineering—Software product Quality Requirements and Evaluation (SQuaRE)—Measurement reference model and guide ISO/IEC 25021: 2012 Systems and Software-Engineering—Systems and software Quality Requirements and Evaluation (SQuaRE)—Quality measure elements ISO/IEC 25030: 2007 Software-Engineering—Software product Quality Requirements and Evaluation (SQuaRE)—Quality requirements ISO/IEC 25040: 2011 Systems and Software-Engineering—Systems and software Quality Requirements and Evaluation (SQuaRE)—Evaluation process ISO/IEC 25041: 2012 Systems and Software-Engineering—Systems and software Quality Requirements and Evaluation (SQuaRE)—Evaluation guide for developers, acquirers and independent evaluators ISO/IEC 27001: 2013 Information technology—Security techniques—Information security management systems—Requirements ISO/IEC 90003: 2004 Software engineering—Guidelines for the application of ISO 9001 to computer software ISO/IEC FDIS 25000: Systems and Software-Engineering—Systems and software Quality 2013 Requirements and Evaluation (SQuaRE)—Guide to SQuaRE ISO/IEC FDIS 25001: Systems and Software-Engineering—Systems and software Quality 2013 Requirements and Evaluation (SQuaRE)—Planning and management ISO/IEC/IEEE 29119- Software and Systems-Engineering—Software-Testing—Concepts and 1: 2013 definitions ISO/IEC/IEEE 29119-