Sir Syed University of Engineering & Technology, Karachi

CS-470
Software Quality Assurance & Testing
Week 12
Session 1

Batch - 2017 Department of Computer Science 1

 Introduction
• Software development and maintenance processes involve production and use of
a multitude of documents; some are vital immediately while others may become
vital for software quality assurance over the life cycle of the system. S
• Special procedures for documentation control (usually called documentation
procedures, documentation control procedures or control of documents
procedures) are therefore introduced to indicate which documents are indeed
expected to be vital at some point and to assure their appropriate preparation and
availability.
• Documents that display these characteristics and that are treated according to
these procedures are called controlled documents. One type of controlled
document – quality records – is aimed mainly to provide evidence that the
development and maintenance processes were performed in conformity to
requirements and that the software quality system is operating fully and
effectively.
• Documentation control, controlled documents and quality records are important
components of the SQA system, as indicated by the ISO 9000-3 standard
conception: see ISO (1997), ISO/IEC (2001) and IEEE/EIA

2
 Controlled documents and quality records …
Controlled document
• A document that is currently vital or may become vital for the development and
maintenance of software systems as well as for the management of current and
future relationships with the customer.
• Hence, its preparation, storage, retrieval and disposal are controlled by
documentation procedures.
• The main objectives for managing controlled documents are:
– ■ To assure the quality of the document.
– ■ To assure its technical completeness and compliance with document
structure procedures and instructions (use of templates, proper signing, etc.).
– ■ To assure the future availability of documents that may be required for
software system maintenance, further development, or responses to the
customer’s (tentative) future complaints.
– ■ To support investigation of software failure causes and to assign
responsibility as part of corrective and other actions.

3
 … Controlled documents and quality records …
Quality record
• A quality record is a special type of controlled document.
• It is a customer targeted document that may be required to demonstrate full
compliance with customer requirements and effective operation of the software
quality assurance system throughout the development and maintenance
processes.

4
… Controlled documents and quality records
• An examination of the document list reveals
that a good number of the controlled
documents may be classified as quality
records.
• The magnitude of the list and its composition
vary between organizations and depend on
the characteristics of the customers in
addition to those of the software packages.
• The document types listed are produced
during the implementation of a variety of SQA
processes, to mention but a few:
• ■ Contract and negotiation process
• ■ Development process
• ■ Software change process
• ■ Maintenance services
• ■ Software quality metrics
• ■ Internal quality audits.
• Many of the processes listed above are
readily recognized as SQA processes, while
many of the controlled documents listed in
Frame 19.2 are products of those processes.

5
 Documentation control procedures …
• The SQA tools that regulate the handling of a controlled document from its
creation to its final disposal are called documentation control procedures.
• Typical components of such procedures are:

6
 … Documentation control procedures …
• Naturally, documentation control procedures vary among organizations according
to the nature of their software products and maintenance services, their
customers, their structure and their size, among other characteristics.
• In other words, one organization’s procedures might be totally inadequate for a
different organization.
• Two documentation control tasks – namely, storage and retrieval – are included
among the organization’s software configuration management procedures and
performed with a variety of software configuration management tools.
• Yet, special efforts are still needed to coordinate documentation procedures with
those of software configuration management.
• It should be noted that documentation requirements are integral parts of most
SQA procedures.
• Therefore, coordination of these requirements with documentation control
procedure requirements is of utmost importance.

7
 … Documentation control procedures …
• The following sections are dedicated to the components of the documentation
control procedure, namely:
• ■ The controlled documents list
• ■ Controlled document preparation
• ■ Controlled document approval issues
• ■ Issues of controlled document storage and retrieval issues.

8
 The controlled documents list
• The key to management of controlled documents (including quality records) is the
controlled document types list.
• Proper construction of the list is based on the establishment of an authority to
implement the concept, whether embodied in a person or a committee.
• Specifically, this authority is responsible for:
– ■ Deciding which document type is to be categorized as a controlled document
and which controlled document types are to be classified as quality records.
– ■ Deciding whether the level of control is adequate for each document type
categorized as a controlled document.
– ■ Following up of compliance with the controlled document types list. This
subject can be incorporated in the internal quality audits plan
– ■ Analyzing follow-up findings and initiating the required updates, changes,
removals and additions to the controlled documents types list.
• Most controlled document types are documents created internally by the
organization itself.
• Nonetheless, a substantial number of external document types, such as contract
documents and minutes of joint committee meetings, also fall into this category. .

9
 Controlled document preparation …
• The documentation requirements involved in the creation of a new document or
the revision of an existing document focus on completeness, improved readability
and availability.
• These requirements are realized in the documents: ■ Structure ■ Identification
method ■ Standard orientation and reference information.
• The document’s structure may be free or defined by a template.
• Templates and their contribution to software quality are discussed.
• An identification method is devised to provide each document, version and
revision with a unique identity.
• The method usually entails notation of (a) the software system or product name or
number, (b) the document (type) code and (c) the version and revision number.
The method can vary for different types of documents.

10
 …Controlled document preparation
• The document’s orientation and reference information may be required as well.
• Orientation and reference information support future access of required
documents by supplying information about the content of the document and its
suitability to the needs of the future user.
• Depending on the document type, a greater or smaller proportion of the following
information items is commonly required: ■ The document’s author(s) ■ Date of
completion ■ Person(s) who approved the document, including position(s) held ■
Date of approval ■ Signature(s) of the author(s) and person(s) who approved it ■
Descriptions of the changes introduced in the new release ■ List of former versions
and revisions ■ Circulation list ■ Confidentiality restrictions.
• The relevant documentation procedures and work instructions pertain to paper as
well as electronic documents (e.g., e-mail and intranet applications).

11
 Issues of controlled document approval
• Certain documents require approval while others may be exempt from the
associated review. For those documents that must be approved, the relevant
procedures indicate the position of the person(s) authorized to do so for each type
of document and the details of the process implemented.
• Position of the person(s) who can approve a document or document type Approval
can be granted by a person, several persons, or a committee – such as a formal
design review (FDR) committee – according to the type of document and the
organization’s preferences.
• The holders of the positions authorized by the documentation control procedures
are expected to have the experience and technical expertise sufficient to the task
of document review.
• The approval process Approval of documents is required for reasons that go
beyond assuring the documents’ quality; approval is also aimed at detecting and
preventing professional inadequacies together with deviations from the document
template.
• In cases where FDR approval is required, the appropriate review procedures should
be applied

12
Issues of controlled document storage and retrieval…
• Requirements pertaining to controlled storage and retrieval of documents are set
mainly to assure a document’s security and its continued availability.
• The same requirements should apply to paper documents as well as electronic and
other media.
• They refer to: ■ Document storage per se ■ Circulation and retrieval of documents
■ Document security, including document disposal.
• Document storage requirements apply to (1) the number of copies to be stored, (2)
the unit responsible for storage of each copy, and (3) the storage medium. Storage
on electronic media is usually much more efficient and more economical than
storage on paper.
• Still, paper originals of certain documents are kept in compliance with legal
stipulations.

13
…Issues of controlled document storage and retrieval
• In these cases, an image processing copy is stored in addition to the paper original.
• Circulation and retrieval of documents requirements refer to (1) instructions for
circulating a new document, on time, to the designated recipients, and (2) efficient
and accurate retrieval of copies, in full compliance with security restrictions.
• The procedures should apply to the circulation of paper documents as well as use
of e-mail, intranet and the Internet.
• Document security, including document disposal requirements, (1) provide
restricted access to document types, (2) prevent unauthorized changes to stored
documents, (3) provide back-up for stored paper as well as electronic files, and (4)
determine the storage period.
• At the end of a specified storage period, documents may be discarded or removed
to lower-standard storage containers, a shift that usually reduces availability.
• While paper files are prone to fire and flood damage, modern electronic storage is
subject to electronic risks.
• The planned method for back-up storage reflects the level of these risks and the
relative importance of the documents.

14