SECTION A

1. What is the definition of software quality?

Software quality refers to the degree to which a software product or system meets its
specified requirements and is free from defects or errors that can affect its performance,
reliability, maintainability, and usability.

2. List TWO (2) fundamental differences between software products and other products:
Tangibility: Software products are intangible, meaning they cannot be physically touched or
held. In contrast, physical products like a car or a chair are tangible and can be seen,
touched, and held.

Production: Software products are produced through a process of coding, testing, and
deployment. This process involves the use of tools such as programming languages,
integrated development environments (IDEs), and version control systems. In contrast,
physical products are produced through a process of manufacturing, which involves the use
of raw materials, machines, and labor.

3. Configuration Management (CM) may be seen as part of a more general quality

management process. What is your justification to this statement?
Configuration Management (CM) can be seen as part of a more general quality management
process because it is a set of processes and tools that are used to manage and control
changes to software products and systems. CM ensures that the software product or system
being developed meets its intended requirements, is stable, and can be easily maintained
and updated.

Quality management, on the other hand, is a broader process that encompasses all activities
that organizations use to ensure that their products and services meet their customers'
expectations. This includes processes such as planning, control, assurance, and improvement
of quality throughout the software development lifecycle.

Configuration management is an essential part of quality management because it enables

organizations to identify and manage changes that affect software quality. By using CM tools
and processes, organizations can ensure that changes are properly documented, tracked,
and tested before being implemented, thus reducing the risk of introducing defects or errors
into the software product or system. In this way, CM contributes to the overall quality of the
software product or system, which is the ultimate goal of quality management.
4. One of the objectives of inspections is to remove defects as early as possible in the
development process. What should you do once the defects found in order to help achieving
this objective:
Once defects are found during inspections, there are several steps that can be taken to help
achieve the objective of removing defects as early as possible in the development process:

Document the defects: All defects found during inspections should be documented in a
defect tracking system, which provides a centralized location to manage and track the
defects throughout the development process.

Prioritize the defects: Defects should be prioritized based on their severity and impact on
the software product or system. This ensures that critical defects are addressed first,
reducing the risk of defects remaining in the software product or system.

Assign responsibility: Defects should be assigned to specific team members responsible for
fixing them. This ensures that the defects are addressed in a timely and effective manner.

Resolve the defects: Once defects are assigned, the team members responsible for fixing
them should work to resolve them as soon as possible. This can involve making changes to
the software code or documentation, as well as testing to ensure that the defects are fully
resolved.

Verify the fixes: After the defects have been resolved, the fixes should be verified through
testing to ensure that they have been successfully addressed and that no new defects have
been introduced.

By following these steps, defects can be identified and removed early in the development
process, reducing the likelihood of defects being carried forward to later stages of
development or even to production, where they can be much more costly and difficult to
address.

5. List TWO (2) possible concerns for quality manager to complete a quality plan?
Here are two possible concerns that a quality manager may have when completing a quality
plan:

Resource constraints: A quality plan typically requires the allocation of resources such as
time, budget, and personnel. A quality manager may be concerned about whether they have
sufficient resources to complete the plan and ensure that the software product or system
meets its quality objectives.

Uncertainty: A quality plan is often created early in the development process, and it may be
based on assumptions about the software product or system that have not been fully
validated. A quality manager may be concerned about whether the plan will remain valid as
the development process progresses, and whether it will be able to accommodate changes
to the software product or system that may arise during development.
6. List THREE (3) main components of software quality assurance plan (SQAP)?
The three main components of a Software Quality Assurance Plan (SQAP) are:

Goals and Objectives: This component defines the goals and objectives of the SQAP, which
typically include establishing the quality standards and processes that will be used to ensure
that the software product or system meets its specified requirements.

Quality Control Procedures: This component outlines the quality control procedures that will
be used to verify that the software product or system meets its specified requirements.
These procedures may include testing, inspections, reviews, and audits, among others.

Quality Assurance Procedures: This component defines the quality assurance procedures
that will be used to ensure that the quality control procedures are being followed
effectively. This may involve monitoring and measuring the quality of the software product
or system throughout the development process, as well as identifying and addressing any
process or quality issues that arise. It may also include training and education programs for
team members involved in the development process to ensure that they are aware of and
adhere to the quality standards and processes defined in the SQAP.

7. ISO 25010 standard for software product quality was published by the International
Organization for Standardization (ISO) as a successor of the ISO 9126 standard that has been
in use since 2001. The quality model of the Software Improvement Group, has been updated
to reflect the change from ISO 9126 to ISO 25010. Describe ONE (1) of the important
changes that have been made?
One important change that has been made in the transition from ISO 9126 to ISO 25010 is
the inclusion of new quality characteristics. While ISO 9126 defined six quality
characteristics, ISO 25010 expands on this to include eight main characteristics, which are
further subdivided into sub-characteristics.

One of the new quality characteristics introduced in ISO 25010 is "Security". This reflects the
growing importance of security in software development and the need to ensure that
software products and systems are secure from various types of threats, including cyber
attacks and data breaches. The "Security" characteristic in ISO 25010 includes several sub-
characteristics, such as confidentiality, integrity, and non-repudiation, among others.

By including the "Security" characteristic in the quality model, ISO 25010 provides a more
comprehensive framework for evaluating software product quality, reflecting the changing
needs and priorities of the software industry. This change highlights the importance of
security as a key quality characteristic in today's software products and systems, and
underscores the need for software development teams to prioritize security throughout the
development process.
8. Software certification is a procedure by which a third party gives written assurance that a
product, process or service conforms to specified characteristics. List pre-certification
activities involved in a general software certification exercise.

Here are some of the pre-certification activities involved in a general software certification
exercise:

1. Defining certification criteria: The first step in a software certification exercise is

to define the criteria against which the software product or system will be
evaluated. These criteria may include functional requirements, performance
requirements, security requirements, and other relevant quality characteristics.

2. Selecting a certification body: A certification body is a third-party organization

that will be responsible for evaluating the software product or system against
the defined criteria. The certification body should be selected based on its
experience and expertise in the relevant industry or domain.

3. Conducting a gap analysis: Before the software product or system can be

certified, a gap analysis should be conducted to identify any areas where the
software does not meet the defined certification criteria. This can help to
identify and address any issues before the certification process begins.

4. Preparing documentation: In order to support the certification process, various

documentation may be required, such as a quality assurance plan, test plans,
and user documentation. This documentation should be prepared in advance to
ensure that it is available when needed.

5. Conducting internal testing: Before submitting the software product or system

for certification, internal testing should be conducted to verify that it meets the
defined certification criteria. This can include functional testing, performance
testing, and security testing, among others.

6. Addressing issues: Any issues identified during the internal testing should be
addressed before the certification process begins. This may involve making
changes to the software product or system, or providing additional
documentation or evidence to support the certification.

By completing these pre-certification activities, software development teams can ensure

that their software product or system is ready for certification and is more likely to receive
certification on the first attempt.
9. Project progress control has one immediate objective: early detection of irregular events. In
order to achieve this objective, one of the main activities is to provide a control on project
resources. Briefly describe your understanding on project resource control.

Project resource control is the process of monitoring and managing the resources that are
allocated to a project. This includes personnel, equipment, materials, and other resources
that are needed to complete the project.

The main objective of project resource control is to ensure that the project is on track and
that resources are being used effectively and efficiently. This involves monitoring resource
utilization, identifying potential issues or bottlenecks, and taking corrective action when
necessary.

One important aspect of project resource control is resource allocation. This involves
assigning resources to specific tasks or activities based on their availability and skill sets.
Resource allocation should be done in a way that optimizes the use of resources and ensures
that tasks are completed on time and within budget.

Another important aspect of project resource control is resource leveling. This involves
balancing resource utilization across different tasks or activities to ensure that resources are
not over-allocated or under-utilized. Resource leveling can help to prevent delays and
ensure that the project progresses smoothly.

In addition to monitoring and managing resources, project resource control also involves
maintaining accurate records and documentation related to resource utilization. This can
help to identify trends and patterns in resource usage, as well as provide a historical record
for future reference.

Overall, project resource control is a critical activity for ensuring project success, as it helps
to ensure that resources are being used effectively and efficiently, and that the project is
progressing according to plan.
10. List THREE (3) top management's overall responsibilities for software quality.

Here are three top management's overall responsibilities for software quality:

Establishing a Quality Policy: Top management is responsible for establishing a quality policy
that outlines the organization's commitment to software quality. The quality policy should
be communicated to all employees and stakeholders, and should provide a framework for
the development and implementation of a software quality management system.

Providing Adequate Resources: Top management is responsible for providing the necessary
resources to support software quality, including funding, personnel, and equipment. This
includes ensuring that there is adequate training and development for employees involved
in software development and quality assurance.

Ensuring Compliance with Standards and Regulations: Top management is responsible for
ensuring that the organization complies with relevant standards and regulations related to
software quality. This may include international standards such as ISO 9001, as well as
industry-specific standards and regulations.

In addition to these responsibilities, top management is also responsible for monitoring and
reviewing the effectiveness of the software quality management system, and for making any
necessary improvements to ensure ongoing effectiveness and continuous improvement.
SECTION B

1. Quality software is reasonably bug-free, meets requirements and/or expectations, and is

maintainable. Testing the quality of the application software will be a two-step process of
independent verification and validation. Briefly describe your understanding on both
processes.

Independent verification and validation (IV&V) are two processes that are used to ensure
the quality of software applications.

Verification is the process of evaluating software to determine whether it meets specified

requirements and standards. This involves reviewing the software documentation and
design to ensure that it meets the expected functionality and performance requirements.
Verification also involves testing the software code to ensure that it works as intended.

Validation, on the other hand, is the process of evaluating software to determine whether it
meets the needs of the end-users and stakeholders. This involves testing the software in a
real-world environment to ensure that it meets the desired functionality and usability
requirements. Validation also involves evaluating the software for its maintainability,
reliability, and performance.

The purpose of IV&V is to ensure that the software is of high quality and meets the
expectations of the stakeholders. Independent verification and validation are critical to the
software development process because they help to identify defects and issues early in the
development cycle, which can help to reduce the cost and time required for software
development.

In summary, verification is focused on ensuring that the software meets its requirements,
while validation is focused on ensuring that the software meets the needs of its users. Both
of these processes are critical to ensuring the quality of software applications.

2. The primary objective of inspections is to remove defects as early as possible in the

development process. Give your explanations on how formal inspections achieve this
objective (you may relate your answer to the seven steps approach).

Formal inspections are a process for detecting and removing defects as early as possible in
the software development process. The seven-step approach for conducting formal
inspections is an effective method for achieving this objective. Here's how each step
contributes to removing defects early in the process:

1. Planning the Inspection: The first step in formal inspections is to plan the inspection
by selecting the documents to be inspected, scheduling the inspection, and selecting
the inspection team. By planning the inspection early in the development process,
defects can be identified and corrected before they become more expensive and
time-consuming to fix.

2. Overview Meeting: The overview meeting is an opportunity for the inspection team
to review the document to be inspected and to discuss any concerns or questions
 they have. This meeting helps to ensure that everyone is on the same page and
understands the purpose of the inspection.

3. Preparation: During the preparation phase, each team member individually reviews
the document and notes any potential defects. This step helps to ensure that defects
are identified early in the process and that the inspection team is prepared to
identify and address any issues during the inspection.

4. Inspection Meeting: The inspection meeting is where the inspection team comes
together to review the document and identify any defects. By conducting the
inspection meeting early in the development process, defects can be identified and
corrected before they become more expensive and time-consuming to fix.

5. Rework: Once defects have been identified, the author of the document makes the
necessary changes to correct the defects. By addressing the defects early in the
process, the author can make corrections before they become more difficult to fix.

6. Follow-up: The follow-up step ensures that all identified defects have been
corrected and that the document meets the required quality standards. This step
helps to ensure that the document is of high quality and free of defects.

7. Management: The final step in formal inspections is management. This step involves
tracking defects and ensuring that the inspection process is working effectively. By
tracking defects, the organization can identify areas for improvement in the
inspection process and take steps to address them.

In summary, formal inspections are an effective way to remove defects early in the
development process. By following the seven-step approach, defects can be identified and
corrected early, which helps to reduce costs and improve the quality of the final product.
3. The head of the SQA unit is responsible for all the quality assurance tasks performed by the
SQA and its sub-units. What are typical tasks that should be performed by this SQA unit head
to fulfill his or responsibilities?

As the head of the SQA unit, there are several typical tasks that should be performed to
fulfill their responsibilities. These tasks include:

1. Developing and implementing quality policies and procedures: The SQA unit head is
responsible for developing and implementing quality policies and procedures to
ensure that the organization's software development processes are standardized
and consistent across all projects.

2. Developing and implementing quality metrics: The SQA unit head is responsible for
developing and implementing quality metrics to measure the effectiveness of the
organization's software development processes. This includes identifying key
performance indicators (KPIs) and developing processes to track and analyze them.

3. Managing the SQA team: The SQA unit head is responsible for managing the SQA
team, which includes hiring and training staff, setting goals and objectives, and
evaluating performance.

4. Conducting quality audits: The SQA unit head is responsible for conducting quality
audits to ensure that the organization's software development processes are being
followed correctly and to identify areas for improvement.

5. Providing feedback and recommendations: The SQA unit head provides feedback
and recommendations to project teams and management based on the results of
quality audits and quality metrics. This includes identifying areas where processes
can be improved and recommending changes to improve software quality.

6. Ensuring compliance with quality standards: The SQA unit head is responsible for
ensuring that the organization is in compliance with relevant quality standards, such
as ISO 9001 or CMMI.

7. Reporting on quality metrics: The SQA unit head is responsible for reporting on
quality metrics to management and stakeholders. This includes providing regular
updates on KPIs and presenting findings from quality audits.

Overall, the head of the SQA unit plays a critical role in ensuring that the organization's
software development processes are of high quality and meet the required standards. The
SQA unit head should have a deep understanding of software quality assurance practices
and be able to lead and manage a team effectively.
SECTION C

1. Companies from various backgrounds are competing to produce software which are claimed
to be good and fulfill user's expectation. However, users and stakeholders are unsure and
uncertain on the quality status of the software products delivered by suppliers or developed
in-house. Therefore, it is a big challenge for software engineering community to find a
simple but practical software certification approaches to guarantee the delivered software is
of acceptable quality.
A. Define what is 'sofware certification".
B. Assuming that you are responsible to certify and quantify quality of the existing
eLearning software used by UMT, i.e ePembelajaran. Give your plan of action on how
you are going to complete this task. You may use any software certification model or
approaches.

A. Software certification is a process by which a third-party organization evaluates a

software product or service to determine if it meets pre-defined standards,
specifications, and requirements. The goal of software certification is to provide an
objective and independent assessment of the software's quality, reliability, and security
to give confidence to users and stakeholders.

B. To certify and quantify the quality of ePembelajaran, the following plan of action can
be taken:

1. Identify and define the certification requirements: The first step is to identify
and define the certification requirements for ePembelajaran. This includes
defining the standards, specifications, and requirements that the software
should meet to be considered of acceptable quality.

2. Conduct a gap analysis: The next step is to conduct a gap analysis to determine if
ePembelajaran meets the defined certification requirements. This includes
identifying any areas where the software falls short of the requirements and
creating an action plan to address these gaps.

3. Conduct a risk analysis: A risk analysis should be conducted to identify any

potential risks associated with ePembelajaran. This includes identifying potential
security vulnerabilities, reliability issues, and any other risks that could impact
the software's performance or user experience.

4. Conduct testing and evaluation: The software should be tested and evaluated to
determine its quality and reliability. This includes functional testing,
performance testing, security testing, and other types of testing to identify any
issues or areas for improvement.

5. Generate a certification report: Once testing and evaluation are complete, a

certification report should be generated. The report should include the results of
the testing and evaluation, any identified gaps or risks, and any actions taken to
address these issues.
 6. Issue a certificate: Based on the results of the certification report, a certificate
should be issued to indicate that ePembelajaran meets the defined certification
requirements and is of acceptable quality.

7. Maintain certification: To maintain certification, ongoing monitoring and

evaluation should be conducted to ensure that ePembelajaran continues to
meet the defined certification requirements over time.

In completing this task, a software certification model such as ISO 25000, CMMI, or
SPICE can be used to provide a structured and comprehensive approach to software
certification.

2. "PPIMG SOFTECH" is a software house specializing in financial executive information

systems, employing about 20 professionals. As no executive volunteered for the position of
"executive in charge in software quality", the general manager of PPIMG SOFTECH did not
insist on nominating an executive to this position. Moreover, he did not assign any great
importance to issuing a quality policy document because, as he claimed, "the company is
anyway committed to quality"; hence, there was no need for any written document. This
situation continued for about two years without any critical failure.
A. Suggest what unnoticed and undesired events may have resulted from this situation.
B. Suggest what an executive in charge of software quality, in addition to an adequate and
updated policy document, could contribute to company product quality.
C. Suppose you are given the position of executive in charge of quality. Give your plan of
action in implementing Software Quality Assurance (SQA) in the organisation within six
months.

A. Some unnoticed and undesired events that may have resulted from this situation are:

• Increased number of defects in the software product.

• Decreased customer satisfaction due to poor quality software.
• Higher maintenance costs due to defects discovered later in the software
development lifecycle.
• Lost business opportunities due to low-quality software products.
• Reduced productivity and efficiency of the development team due to lack of
quality standards and guidelines.
B. An executive in charge of software quality could contribute to the company product
quality in the following ways:

• Establishing and enforcing quality policies and guidelines throughout the

software development lifecycle.
• Providing leadership and guidance to the development team to ensure quality is
built into the software products from the beginning.
• Implementing quality control measures such as reviews, inspections, and testing
to detect and correct defects early in the development process.
• Ensuring that the software development process is well-documented,
monitored, and continuously improved.
• Collaborating with other stakeholders such as customers, business owners, and
other departments to ensure that their needs and expectations are met.

C. My plan of action in implementing Software Quality Assurance (SQA) in the

organization within six months would include the following steps:

1. Conduct a comprehensive assessment of the current state of the software

development process, including the quality standards, guidelines, and tools
being used.
2. Develop a quality policy document that clearly defines the organization's
commitment to quality and the key quality objectives to be achieved.
3. Establish a quality assurance team that will be responsible for implementing and
monitoring the SQA activities.
4. Develop a quality plan that outlines the specific quality control measures to be
implemented throughout the software development lifecycle.
5. Train the development team and other stakeholders on the quality policies,
guidelines, and tools being used.
6. Establish a quality metrics program that will measure and monitor the
effectiveness of the SQA activities.
7. Continuously monitor and improve the SQA process based on feedback from
stakeholders and the results of the quality metrics program.