© 2011 by Taylor & Francis Group, LLC
A policy is the key element in the engineering process, and there are orga-
nizational, soware planning, and control procedures to support these
key elements. e signicant activities are dened in this chapter. To con-
duct a successful soware development program, one should understand
the scope of the work to be accomplished.
4.1 POLICY UNDERSTANDING
A policy provides a mission statement of direction and guidance for so-
ware industries and military and aerospace programs. Policies are the
highest level of authority and are consistent with the vision one should use
to be successful.
In the past I have seen in many soware companies and military and
aerospace programs that policies are not reviewed, implemented, or even
considered in the work place. Why? I stated in the rst paragraph that a
policy is a mission statement and should be used as a starting point for
performing soware development and supporting soware engineering
reviews and audits. A very eective policy I like to review over and over is
a policy for soware quality. e soware quality policy states that we are
the dierence, such as
• I am personally responsible and accountable for the quality of my work.
• I acquire/use the necessary tools and skills needed to meet qual-
• I know my objectives (process improvement goals and produce
22 • Soware Engineering Reviews and Audits
© 2011 by Taylor & Francis Group, LLC
Do what you say (compliance): follow all procedures and instructions
that aect your work. You must say what you do (documentation): use
current plans, procedures, and work instructions.
Prove it (records): demonstrate your work in accordance with sound
processes/procedures and provide objective evidence.
Improve it: (process management/continual improvement): implement
change based on information/metrics.
4.1.1 Organization-Level Policy
I feel that process models and quality management provide the necessary
means for soware organizations to establish eective soware engineer-
ing review and audit processes to be implemented to support soware
development, modication, and soware procurement programs. e
number of processes and the extent of quality soware engineering review
and audit process implementation is based on the soware program or
project activities being performed each day. Soware Quality Assurance
(SQA) is an organization that will always ask audit questions concerning
soware development in order to support soware engineering reviews
and audit processes, because that is what soware quality is allowed to do.
At times this organization can be an annoyance to system, soware, and
test teams because of the many questions asked, including to subcontrac-
tors or supplier management.
e Soware Conguration Management (SCM) organization and so-
ware quality team work well together in soware activities such as audits,
tracking of changes, soware builds, loading of soware in labs/sites, so-
ware supplier audits, verication/validation of processes for compliance,
and soware product development. I have been on both sides, and these
organizations together make a very good team to ensure that soware orga-
nizations or programs are compliant with required soware standards.
Soware development activities are performed in accordance with
dened, repeatable, managed, and optimized policies. e soware qual-
ity disciplines and soware conguration principals ensure that soware
development processes are using a company or program standard, which
shows that cost parameters are established, documented, and maintained.
e peer review methods utilize that major soware defects are addressed
and will prevent future occurrences. In many soware industries and mili-
tary and aerospace programs, soware cost estimates are used for standard
estimation tools based on historical data and expert estimation techniques.